IT

,

SPOF (Single Point of Failure) Analysis

,
When planning a system or taking on the analysis of a system that is already in place to begin preparations for scaling there are a few key things one must do.  One of those tasks is to perform a Single Point of Failure (SPOF) analysis.  SPOF’s are the enemy of availability for any system.  This is an exercises done with the input of a cross functional team of key persons from operations, business, and development.  The goal of this analysis is not to actually do the work but to identify the work that needs to be done in the context of the business goals.

Doing this analysis goes through phases similar to many technology projects.  They are usually something such as:
  • Define the Goals of the Analysis
  • Design the Plan to Achieve the Goals
  • Execute the Plan
  • Analyze the Data
  • Produce Report of Results

These steps may vary a bit depending on the organization size, team, available resources, and the size of the environment.  But, in general, SPOF analysis will follow that pattern.

Some other important points to consider when thinking about SPOFs:

It’s can be better to have SPOF analysis done by a 3rd party who is actually less familiar with the systems but has proper relevant experience.  Those that are very close to a system have a tendancy not to see things because they are too near.

Having SPOF’s does not necessarily mean that someone made a mistake.  It is not a weapon.  If you treat it this way you can be sure people will not report SPOF’s when they find them.  Often times we live with SPOF’s on purpose due to resource limitations or opportunity costs reasons.  If fixing an SPOF problem will cost a million dollars it might be better to accept that potential down time is the better outcome if something goes wrong.  Weather this is or is not true in any given situation is complex business question much more than it is a technical matter.

The report that is produced as the output result of an SPOF audit should be reviewed by the entire technology and business team to determine the potential impact to the business and then entered into whatever passes for a backlog and technology architectural review board so that they can be properly analyzed, ranked, and put in line to be fixed.

SPOF analysis should be done periodically throughout a product/service life cycle.  Things change every single day.  Last years SPOF analysis is probably no longer valid.  Comparing SPOF analysis’ over time can be very enlightening as well toward finding endemic problems that consistently get swept under the rug.

SPOF analysis does not just apply to technology.  It also applies toward business organizations.  One of the people that I’ve noted understands this far better than most is Warren Buffet.  I think he had a clearly articulated (albeit secretive) planned succession strategy when I was still in diapers.  Even at Berkshire-Hathaway Warren Buffet himself has made sure that he is not a single point of failure;  a true visionary.
, , , ,

Some Cloud Thoughts on a Clear and Sunny Day

, , , ,
Cloud Computing is a deployment model and cloud computing is a business model.  Cloud computing is not some silver bullet magical thing.  It's not even easy *gasp* sometimes.

As a deployment model cloud computing can it is simply summed up as on-demand, self-service, reliable, and low to no capital costs services for the consumer.

As a business model it is summed up as, again, low to no long term capital costs (and the associated depreciation) and pay as you go service provider pricing models.  In reality these are mountains of micro transactions aggregated into monthly and yearly billing cycles.  For example, I spent $0.015 for a small compute instance w/ a cloud infrastructure provider because I just needed an hour of an Ubuntu 10.04 linux machine to test a quick software install combination and update a piece of documentation.  I'll get a bill for that at the end of the month.  Get this...

An hour of compute time costs me 3.3 times LESS than a piece of hubba bubba chewing gum cost me at $0.05 (one time use only) over 30 years ago. #cloud

Enterprises and service providers are learning very quickly from the how the early public cloud vendors how to do things differently and often more efficiently.  It was well summed up in the Federal CTO's announcement of the government application cloud.  Basically, that we saw that consumers could get IT services for orders of magnitude less than we could.  So, we're fixing that by emulating what the companies that service the consumers are doing. Smart.  Bechtel did this exact same thing years ago when analyzing that the cost per GB of storage for Amazon was orders of magnitude less than Bechtel could and asked the very important question why and then answered it very well.
A couple of years ago now I helped found a company called nScaled.   nScaled does, business continuity as a service.  It is only possible with the resources, at the price, and at the speed we have moved because of following cloud computing deployment and business models.  It would not have been possible for us to build this business when we did and the way we have without these models.  
In March 2008 I called cloud computing a renaissance.

It is my opinion that Cloud Computing is a technology architecture evolution that, when properly applied to business problems, can enable a business revolution. I've been saying this for a while but in recent weeks I have actually come to prefer the term renaissance over revolution.

Today, two years into a startup that uses the raw power of cloud computing deployment and business models across the board to enable new ways for companies to consume disaster recovery and business continuity solutions I can say without a doubt that I believe that cloud computing is a renaissance more than ever before!

 

,

LegalCloud in the context of the NIST Cloud Computing Definition

,

The NIST model of cloud computing is composed of five essential characteristics, three service models, and four deployment models. I thought it would be interesting to do a quick write up of how LegalCloud.net fits into the v15 NIST definition of cloud computing.  It's a model I certainly support, but do find a bit inaccessible to newcommers to the cloud at times.  But, that will change over time.  What follows is some information about how LegalCloud.net, a real life cloud computing service, fits into the NIST model.

Service Models:

LegalCloud is an IaaS model cloud. We are specifically delivering data center infrastructure to law firms on a globally.

In the not so distant future there will be PaaS and even possibly SaaS opportunities associated with and deployed by LegalCloud and it's partners.  There are many possibilities.

Deployment Model:

LegalCloud is a Hybrid Cloud composed of both community and private types.

Our Community is Law Firms and only law firms. This focus allows us to uniquely and completely address the needs of our clients.

As a Hybrid cloud, we provide both on-premise and off-premise services for our customers that bridge the gap between their own facilities and the cloud facilities we manage as is appropriate and necessary.

Essential Characteristics

The LegalCloud console (1.1), which is in Alpha at the time of this writing, is the tool that our clients use to 1.0 LegalCloud Console Default Viewself-provision servers in any of our globally distributed data centers. For the first time publically I’ve included a couple of small screen shots from our staging environment. The things they provision are networking, compute, storage, and a few other related things. The storage components in particular are interesting because they can be further dynamically provisioned and grown (or shrunk) on-demand.

The resources that clients provision via our console are from pools of resources. In our case they are not truly location independent as we must provide a certain amount of auditability. But, they are deployable in various geographies.

Rapid elasticity is primarily a function of programmatic interaction w/ API based controls. We will not have API access for our first release. But, we most certainly will layer it in over time. Now, which one to pick?

Our console in association with something we call a pod manager is essentially a part of a distributed monitoring tool that allows our clients to keep an eye on what’s going on for key metrics in their pod.1.1 LegalCloud Global Servers View

LegalCloud has an currently uncommon “broad network access” model. It’s production environments are only available to clients via secure VPN technologies or private lines (point to point or MPLS). We do not allow general access via the internet at large. Period. Within legal cloud all clients, while they do share some infrastructure, they do not co-mingle their data/networks.

That wraps up my comparison of how LegalCloud can be fitted to the NIST cloud computing model.

What’s next?

What is missing from the NIST model today, if it belongs there at all, are the security aspects. I have seen what is likely to be important and solid work going on around an initiative called A6. It discusses Audit, Assertion, Assessment, and Assurance API. This is also now known as A6. There is a great amount of discussion going on in this arena and I’m looking forward to analyzing LegalCloud relative to the A6 API as it matures.

So,  as soon as possible, I will write about the other issues around security related concerns and some of the issues that matter to our clients around varous A6 stated concepts.

 

, ,

LegalCloud.net Update: Enterprise Cloud Computing for Law Firms

, ,

Today Mark and I ran a webinar on Total Data Protection for Law Firms and have posted it to our video stream.

I wanted to do a quick post this morning to discuss this since it is almost entirely my focus these last few months.

Total Data Protection is the name of our Enterprise Class Hybrid Cloud Computing service that provides the ability for any Law Firm to provide business continuity for their enterprise compute workloads no matter where they are by leveraging our software stack and Private/Community Cloud deployments throughout the world.

In that definition of Total Data Protection I used some deployment model terms from the NIST definition of Cloud Computing; draft v14.  To review, those deployment models are:

Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.

Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).

LegalCloud.net is a true Hybrid Cloud as it is a combination of Private and Community and provides services both on-premise and off-premise.  It is shared by an organization, that organization is the aggregate of all Law Firms.  If you are not a law firm, you can't use LegalCloud.net.  Period.

We are working very hard to address all the common concerns about enterprise cloud computing.  We specifically address things like auditing, compliance, network security, data security, transparency, data location and the legal Issues surrounding it.

We have other products related to or complimentary to Total Data Protection on the way and in testing.  We'll be deploying our client facing console, a really cool distributed Rails (on the front) and Java (in part of the backend) application, in a very short few weeks to the first clients.  Clients will be able to deploy Total Data Protection, Active Servers, and Provision storage in our globally distributed data centers through this interface.  Our first release will not have a clent facing API unfortunately, but we're trying not to boil the ocean you know.  However, I have started working on this by studying the best of the available API's out there and expect to move forward on specification and early development stages soon.  Of course, the API will not be public, it'll only be available to members of our cloud commnity; law firms.  But, that is the point in our case.

When I started nScaled I never imagined I'd be building a cloud quite like this one.  But, it's exciting to be sure.  My blogging certainly has taken a hit but that's okay I suppose.  Over time I'll be able to blog more and more about the various things we've been doing.

Kent now returns to his usual daily program of coffee, phone calls, infrastructure, and sales calls... 

---Kent Langley, CTO, www.legalcloud.net by nScaled, Inc.

, ,

What's up in my Cloud? Private Enterprise Cloud Computing is what!

, ,
My business partner Mark and I started a cloud computing services company called nScaled right at the end of 2008. A few months into it we found an opportunity to launch our own cloud service; legalcloud.net. We've been working hard and have made much progress in a short period of time. It's been a wild and crazy ride to be a part of thus far. It is also the reason I haven't been blogging quite as much. So, what have I been working on?