Which applications should run in the cloud? It's a question asked by many customers today as they decide which workloads to keep in house and which to offload to a third-party service provider. One approach is to start with the apps that give IT headaches.
"Some of you may have thousands of them that have been around 10-plus years, and you can never kill them. Some people call them 'crapplications.' Why waste your own infrastructure and IT staff to support these things?"
That's what IDC analyst Frank Gens told an audience at this week's Cloud Leadership Forum, a conference hosted by IDC and IDG Enterprise. Gens defined this category of applications as ones that benefit only a small number of users, yet the need to support them never seems to go away.
"If you can't kill them," Gens says, you should try to "squeeze as many of them onto a low-cost infrastructure" as possible.While outsourcing "crapplications" to the cloud is a way to get started, Gens and other speakers said cloud computing is robust enough today that even mission-critical applications can be considered.
"I wouldn't say anything is off the table," said Capt. Nicholas Buck of the U.S. Navy, who played a key role in overhauling the IT infrastructure of the government's National Reconnaissance Office.
Certain complex legacy applications may be difficult to move into a cloud, whether the cloud be a public or private one, but anything that is running in a virtual machine may be easily migrated, he said. "If it's running in virtual machines and it's essentially a cloud already, why not put it in a cloud?" Buck said.
The idea of putting mission-critical applications into cloud computing services has worried some because of concerns about security, availability and vendor lock-in.
"We hear a lot about vendor lock-in in the cloud," said Brian Boruff, vice president of emerging technologies at CSC. "One of the services people are looking for is a broker. Pull me out of cloud A and put me into cloud B."
CIO Ken Harris of Shaklee Corp. in Pleasanton, Calif., which has outsourced roughly half of its IT services to cloud vendors, said he examines cloud-based alternatives for every type of application. Shaklee uses the cloud for finance, call center, human resources, business management and various other types of apps.
"We will consider a cloud-based solution for any and every business need," Harris said.
But in some cases, Harris has investigated cloud services and found them lacking. "You cannot give up stability, performance and availability just to go to the cloud," he said.
Speakers and attendees at the Cloud Leadership Forum raised various concerns, regarding identity and access management across multiple cloud vendors, ability to comply with government regulations, as well as integration of cloud services with existing business processes.
Security consistently tops the list of customer concerns about cloud computing, but Gens suggested that security risks have been overstated.
"I'm not sure [concern about security] should be as big as it is," Gens said. "Our internal systems have been at risk since we first connected to the Internet. Is the cloud risk that much greater?"
Security risks have compelled some organizations to build "private clouds" that are operated like cloud services but exist entirely within the firewall. But the definition of private clouds is broad, with some vendors now offering services that are labeled as private clouds, but which exist outside the customer's data center.
Amazon, for example, offers a Virtual Private Cloud that uses a VPN connection to provide businesses access to compute resources that within Amazon's data centers but isolated from the resources used by other customers.
The NASA Jet Propulsion Laboratory built a private cloud within its own firewall but uses Amazon's Virtual Private Cloud to gain additional capacity on an as-needed basis, explained CIO James Rinaldi.
With Amazon's Virtual Private Cloud, "the networking is yours, all the servers you provision look like your own," Rinaldi said. "They're on your IP address space, and you control them. It gives me that comfort that when I need the capacity, if I can't get it inside [the firewall], I have it at least near inside."
Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin
Read more about data center in Network World's Data Center section.