Simon May

Client and cloud

March, 2011

  • How will my career evolve with the cloud

    When you read all the wonderful marketing hyperbole around the cost savings that cloud can help your CIO make, you’d be forgiven for thinking that you were one of those cost savings. With a little thought, however, you’ll see that this technology change isn’t going to make you a pointless cost, but it will make you a valuable driver of efficiency and savings, and you’ll probably find that work becomes more fun .

    Most of us get into IT or Technology because we love technology. A big, big part of that for me has always been that it’s constantly changing. Unlike being, say, an accountant we get the rules thrown up in the air every few years. We have to learn a whole lot of new skills in order to make those adaptations and that’s always been the way that technology has worked. We are, however, just coming to the end of one of the longest periods of IT stagnancy we’ve arguably ever seen where a global economic crisis combined with “good enough” technology to deliver a period of stability few of us in technology have had before. A stable period like that leads to many things, one of which is the dulling of our learning skills. Time for a change.

    What are the top skills required as we move into the cloud era, how do you gain them and how will your job change?

    The number one skill you’ll need in the future is going to be business knowledge,  Just like everyone else in your business,you will need to know how it works. Many IT Professionals already do and please don’t take what I’m saying wrongly -  it’s not that I believe that IT Pros are out of touch with the business – that obviously depends on your individual circumstances. Broadly speaking, though, experience tells me that not many IT people know their business. I left financial services IT not so long ago (I think it’s 8 months) and I can handon- heart say that most of my colleagues didn’t know an option from a guilt or what shorting is (I’m not sure I do), but perhaps more applicable, lots of IT Pros don’t understand the pressures that marketers or sales people are under and how they can help. The best do understand this, and aligning with the business in this way is the best way to do more with the cloud.

    In terms of technical skills, though, here are my top 4.

    • Understand the technologies that power cloud. There are some fundamentals that you really need to grasp before you get the cloud in its entirety. Until you do “Do not pass go, do not collect £200”. As luck would have it, those technologies are ones that you are probably already familiar with, the cornerstone being virtualisation. Why do you need to understand that technology? Well, the answer is because everything in the cloud is virtual. Virtual storage, virtual computers, virtual networks – nothing is real, unless you work for a hoster. You don’t need to understand the specific technology, just what it means to divorce software from hardware – which really is that you can’t manage hardware, only software, so, for example, no network card hijinks to make something work.

    Second, you need to understand the idea of cost. You need to understand that doing anything in the cloud costs money, just as it does, in a hidden way, in your own data centre. I’ll give you an example. You have data stored in the cloud but it’s not been accessed for six months. You need to pay for that storage. The same on-premises you’ve already shelled out for the hard disk. That understanding of cost will soon make you realise that you need to store some stuff in the cloud and some stuff not. For example, event logs from a web role for today – yes, store them in the cloud. Event logs for last month – no, archive locally or delete all together. Gaining this level of understanding will revolutionise what you do and clear clutter.

    • Connection technologies for traditional models to the cloud. Moving to the cloud takes some time. You need to build up confidence in your own mind (and in the mind of the business) that it’s possible, safe and sometimes better to move to the cloud than keep something on premises but also that  it might not always be the right thing to do. There’s a much bigger hurdle in moving to the cloud versus putting in something new because there’s already a reliance on that infrastructure (insert good word) doing something, be it generating revenue or handling some business critical function. You need to understand how to link the two together.

    So which technology is that for the Microsoft cloud technologies? For Windows Azure you need to know about Active Directory Federation Services and Windows Azure Connect, with a little of Windows Azure Service Bus. If you’re thinking Windows Azure is just for devs then ask yourself this question: “Do the devs understand networking, Identity and all the rest of our infrastructure?” You also need to know PowerShell and System Center to be able to manage the cloud, but we’ll come to that in point 3 in more depth. You’ll find an understanding of SQL Azure DataSync will be seriously helpful if you want to use SQL Azure, too. If you’re making the move to Office 365 you’ll again need to understand ADFS, and you’ll also need to understand DirSync.

    • Know what your business needs to measure and monitor it. Knowing what’s important to your business and how the technology marries up to that is critically important. You need to be fully aware of what’s required and what’s important so that you can ensure it happens. You need to make sure that services are available to the business when they need them and not when they aren’t (or at least dialled down). There’s a misconception that the cloud has this automatic elasticity that scales things up and down as it sees fit. It doesn’t really work that way.

    OK, it can work that way if the designers and developers built-in intelligence that really delivers that. With Azure they have use of an API to control scale based on the needs of the application. They need to have enabled that functionality and it’s not always the right thing to do. The classic example is pizza demand in the super bowl ad break - more orders = more capacity instantly added. That’s the reality but it doesn’t cover every eventuality. Imagine for a moment said pizza experts also know that the super bowl is happening, if they prepare for those additional instances then they have a better chance of hitting the demand at the right time, especially if the devs did something complicated too that meant that each additional role took 10 minutes to become live. Yes, it’s possible to code around that, but easier to work with an IT Pro to smooth those obvious peaks and use code to work for the unexpected.

    Measurement and monitoring tied to business knowledge will allow you to deliver higher levels of value and be more of a hero. The reality is that you don’t need that deep an insight into the business to deliver exceptional value, and you can do this better with cloud because you’re no longer spending time keeping it running. Instead, you’re now helping them generate more money by matching demand curves.

    • Understand how to govern the cloud. You’re going to get into serious trouble if you don’t look after customer data and the like. You need to know when employing cloud technology is the right thing to do and when it’s the wrong thing to do. You also need to understand what it takes to trust a cloud provider. Here are some questions that you might like to pose or research:
      • Can I get an assurance of where my data is held?
      • Can I get an assurance around uptime?
      • Can I get an assurance about the practices that the provider uses in their data centre?
      • Can I find out about who’s auditing a provider?
      • Can I found out what testing and certification a provider has provided and what it supports?
      • Can I find out how the provider is trying to move the industry and regulation forward for its customers?
      • Can I found out how I exit the contract?
      • Do they give me time to read the contract?
      • Wait - there was a contract?!
      • Have we built applications that adhere to our own practices?
      • Have we deployed the application in a compliant way?
      • What's the update process, where are the patches, what’s the security like?

    You need to have an understanding of all this stuff to protect your customers and your company, and I can assure you that you can find all the above information for all Microsoft products. You’ll find most of it on the web or by asking your Microsoft team – I’m not going to point you to it because you won’t believe it if a company man tells you. OK, that’s not entirely fair - take a look at my blog and you’ll find the start of the breadcrumb trail.

    So now you’re reading that list and thinking that’s not technical. You’re right, it’s a ruse.

    Actually it’s all technical because all technical knowledge is knowledge about how things work. Most of this knowledge requires a technical expert to relate it clearly back to the business. It leverages your understanding of how things work and builds your intuition and intelligence to trust or distrust. Go forth and change the world of IT.

    This article was originally posted on the Cloud Power Blog at ITpro.co.uk

     

  • What does Microsoft have to offer in the cloud?

    There is a simple way to answer that, Microsoft has “lots” to offer in the cloud, arguably a more complete and coherent set of products than anyone else but then I would say that I’m an employee.  From a product viewpoint there are a myriad of offerings like Windows Azure, SQL Azure, Office 365 (currently BPOS) and Windows Intune is the newest into the stable of public cloud offerings not to mention Microsoft Dynamics.  Microsoft also has a full spectrum offering in the private cloud space too with Hyper-V Cloud (the combination of Hyper-V 2008 R2, System Center and a Self Service Portal).  Throughout the rest of this article I’ll outline what we mean by cloud and how we think about it and provide a window into each of these technologies.

    What’s a cloud

    When you engineer products you can’t  have some esoteric definition of a cloud you need some specific characteristics to engineer against and latch onto.  For this reason we use this definition of the cloud that provides some solid underpinnings and was created by the US Government National Institute of Standards and Technology.  The definition provides us a solid engineering foundation, I suggest a 5 minute read of the full document but the first paragraph is an interesting read, I’ve highlighted my favourite terms:

    Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

    If you feel that definition is still a bit woolly then we will come to more detail in a moment, but those key words should be set into your mind when thinking about the cloud.  This is how of them:

    On-Demand = always available
    Shared = reduced cost per use
    Rapidly provisioned and released = Little management needed to add more capacity for use and to free it up again for someone else to use
    Promotes availability = it’s available when and where you need it and easy to make use of

    Part of the NSIT definition goes into service models too and lists Software as a Service (SaaS), Platform as a Service (PaaS),  Infrastructure as a Service (IaaS) as ways of providing what users need.  Again this is a model that we follow and we’ve aligned our products and services around these.  It’s important too to understand the differences between the service models.

    SaaS is a finished bit of software that an end user can just use.  This is where Office365 with it’s cloud based email and collaboration workloads sits and where other email services sit.  We’re very used to consumer facing SaaS solutions with Hotmail being a prime example.  Windows Intune and Microsoft Dynamics are our other public cloud based SaaS solutions, highly scalable, available, on demand applications.

    PaaS is the foundation for building applications in the cloud and it’s where Windows Azure and SQL Azure sit.  The function of any platform is to provide a solid base upon which anything can be built but you don’t necessarily need to know how it’s underpinnings work.  For example to write a Windows application you don’t necessarily have to know the ins and outs of memory management.  With Windows Azure you don’t need to know that the platform manages a whole load of network components, servers and racks to get the job done.  Simply put platforms provide a level of abstraction.

    IaaS is most akin to what we’ve seen for some time with virtualisation.  A lift and shift of workloads into an implementation that has the characteristics of a cloud.  It provides a simple slip road to the cloud but without the abstraction level of a platform, so it’s still necessarily to build a solution around the infrastructure itself.  One of the major signposts that should make you aware that something is an IaaS solution is if you need to place management around the solution to provide the characteristics of a cloud.  This is where Hyper-V Cloud lives.

    Now that we’ve framed the general idea of a cloud lets look at Microsoft’s products.

    Windows Azure

    I’ve taken to starting with Windows Azure whenever I enter a discussion about cloud because so many people don’t get what Windows Azure is.  As above it’s platform that lets you build pretty much whatever you like and as such you’ll need some developers and an architect to design and build an application to sit on Windows Azure.  When they do that they’ll be able to create an application that has enough understanding about the role it’s performing to be able to take advantage of self scaling. 

    Some people are beginning to think that Windows Azure is some sort of IaaS solution.  It’s not.  You can’t just place an existing workload into Windows Azure and take advantage of the cloudiness without architecting the solution to take that advantage.  I guess part of the idea that Windows Azure has some IaaS characteristics is that we’ve made some solid improvements like the ability to RDP into a Windows Azure role or that they web roles run a fully functional IIS (Internet Information Services) server exposing a bit more of the roles Windowsyness.  However Windows Azure roles are stateless and that takes some getting used to.   I think it’s enough of a mind shift (that nothing persists on the role between reboots that’s not in the original image) that you can see you need to design specifically for Windows Azure.

    Windows Azure is the place for new stuff.

    SQL Azure

    SQL Azure is a highly scalable SQL infrastructure.  A database on SQL Azure is to all intents and purposes just the same as a data base on SQL Server which means that all those existing DBA skills are still valid and valuable.  The secret sauce of SQL Azure is that it’s got failure built in (just like Windows Azure).  Hang on! It’s build to go wrong!  Are you MAD?  Nope, it’s built so that when something fails it keeps on going; every bit of data is stored 3 times in the data centre in a fully redundant way.  When something does go wrong the live copy is switched and the second copy is used to build a 3rd live copy a little like a RAID5 array of SQL Servers (but obviously it doesn’t use RAID).  SQL Azure is a superb highly available SQL environment and you could pop almost any existing SQL database onto it, you could place your existing customer database there now if you’d like.

    Office 365 and BPOS

    And now we segway into Software as a Service Solutions which unlike Windows Azure and SQL Azure are ready to use no development required.  BPOS (uncommonly known as Business Productivity Online Suite) is the currently available public cloud productivity service which provides Exchange and SharePoint features.  Office 365, which will be released later this year, is the new generation of productivity and differs because provides Exchange 2010, SharePoint 2010 and Lync 2010 provided as public cloud services and in some licensing scenarios, that we expect to be the most common, the full Office 2010 Professional Plus application suite to install locally.  It doesn’t end there though because the SharePoint 2010 collaboration features include Office Web Apps that allow documents to be editied in the browser without the need to have Office installed locally.  Essentially it does everything for productivity.

    For me though the killer feature, being an IT Pro, is that Office 365 integrates with what you already have.  You don’t need to create a whole bunch of new user accounts and manage passwords and the hassle that entails because it can be safely integrated with Active Directory for authentication and to provide that ever so useful Global Address List for your company.

    Probably the major reason people will go for Office 365 is the dramatic cost savings and ease of migration.

    Windows Intune

    Wouldn’t it be awesome to be able to manage all the client computers in your organisation without having to deploy a server infrastructure to look after them?  That’s what Windows Intune does, cloud based management of client computers.  If provides the ability to manage Windows Updates, Firewalls, to do remote control, to inventory to understand software in the organisation and to ensure license compliance for Microsoft products.  Oh yes it also comes with malware based on award winning, enterprise scale and consumer loved technology out of the box and to be able to manage that malware defence across the whole organisation from the web.

    Hyper-V Cloud

    And we’re into the home strait with IaaS for which Microsoft provide the Hyper-V tool set.  Microsoft don’t host a public Hyper-V Cloud that you can place your workload into, instead you can take the Hyper-V Cloud guidance and implement your own private cloud (one that’s for the sole use of one organisation) or select a hoster that provides a hosted Hyper-V Cloud and offload to them.  Why doesn’t Microsoft do this?  Hosters are able to better meet the bespoke requirements of those seeking to use IaaS today, you can have a more bespoke service provided by a hoster.

    Hyper-V Cloud is the combination of a couple of technologies because virtualisation alone (Hyper-V) does not create a cloud – anyone trying to tell you it does hasn’t RTFM recently.  To meet the definition of a cloud there must be some automation and intelligence so System Center is added to the mix to provide that (System Center can successfully manage VMware by the way as part of cloud without the need to convert the VM to Hyper-V).  That covers the shared and rapidly provisioned and released parts of the NSIT definition but a 3rd component is required to cover on-demand: a self service portal.

    The self service portal is the friendly face to the Hyper-V Cloud, it’s what the users (er) use to access the clouds resources when they need them.  Need a HR workload, turn it on.  Need a Finance work load, turn it on.  The Self Service Portal is created by the Administration team in conjunction with the owners of those applications from HR and Finance (or any other arbitrary team that has a function) so that people within those departments never need know about networking and hard drives and servers and bits and bites and ip addresses and … they just need to know they need a HR Application.  Back to a level of abstraction.

    Si-sml_thumb1

     

     

    This article was originally posted on the Cloud Power Blog at ITpro.co.uk

  • IT Professionals and the cloud infographic

    We’ve just released the results of a study of 1,979 IT Professionals and their opinion about the cloud and I decided to take the numbers and turn them into an infographic, you can get the full report and more here but the number of organisations using IaaS (48%) jumped right out at me.

    What IT Professionals think about the Cloud
  • Managing from the cloud with Windows Intune

    Securing and managing the devices that users take for granted when accessing the cloud is top of mind for IT Professionals everywhere and there are lots of solutions to make things more secure. What about desktops PCs? Everyone in the desktop world is accustomed to managing, patching, remote controlling and securing computers but are there new opportunities presented by the cloud? The answer is of course yes. Windows Intune is a new Microsoft product that allows you to manage Windows computers from the cloud, without the back end infrastructure normally associated with endpoint management.

    One of the most striking benefits and one that resonates very strongly with those responsible for paying for business IT is the potential cost savings that come from not having to intensively manage infrastructure. Windows Intune is a pretty cool product because it allows for management of corporate PCs without the need to deploy costly servers and spend time engineering that back end infrastructure normally required in a corporate environment. Not only that but some interesting license benefits make Windows Intune exceptionally valuable for some organisations. First off lets understand what this new offering does.

    Manage Windows Update

    Windows Update is one of Microsoft’s largest publically available cloud services providing patches and updates to millions of computers around the world each day absorbing the scale required on busy days like patch Tuesday (the 2nd Tuesday of every month when Microsoft releases patches). In fact if you every try to update a computer from Windows Update you’ll find that the service is out there, ready to serve. Contrast that to the “traditional” approach whereby you have a Windows Server Update Services (WSUS) server installed in your business to achieve control over the patches applied to corporate computers and you’ll see that, whilst its and essential service, it’s another server to run, another server to manage and another server buy. WSUS is perfect for some circumstances but increasingly whilst WSUS provides both local caching of updates and control over which are applied the caching is a reducing requirement with increased bandwidth.

    With Windows Intune you have control over which updates are applied to which computers and when within your organisation. All updates are pulled from the highly available public Windows Update service though reducing the need for a local WSUS server. Why this need for control? Occasionally an update can cause issue with an incompatible line of business (LOB) application. Windows Intune allows you to group computers together to apply updates or to reject them so you can create a scenario just like I have in my test lab: I have a “testing” group that applies all Windows Updates automatically, when I’m sure they’ve not caused any issues with the applications running on those machines I allow my “corporate” group to apply the updates but I have a group of special machines “CXO office” that only allow updates to be installed when manually approved. This scenario allows me to retain control, something that some people fear the loss of with cloud.

    Malware protection

    Windows Intune comes with anti-malware software built in that uses the Microsoft Forefront Endpoint Protection and Microsoft Security Essentials technology to provide a highly reliable yet simple to use solution. The testing I’ve done found every test virus in seconds as you’d expect but the notifications to the end user are simple, elegant, unobtrusive and easy to understand. The centralised management that’s built in lets administrators know that malware was detected and what action was taken to resolve the issue or if there was a reason that the issue wouldn’t be resolved lets the admin know what to do next. When it’s a known malware problem the admin is given detailed information from the Microsoft security response centre which makes their workflow even easier by giving them useful follow up hints.

    Updates to the malware protection features are handled through Windows Update so as long as you’ve got an internet connection updates area available and they’re controlled in the same way as Windows Update. That makes it simple to introduce testing or validation if your business needs it.

    Manage Windows Firewall

    Increasingly with laptops and devices being more mobile a device firewall is essential and increasingly so within the corporate environment. Two examples for you of why they’re necessary. Firstly you need to defend those devices when they are used in less secure locations, like a coffee shop when your sales guys are having a meeting. Secondly within the corporate network you are likely having (lets call them) uncontrolled devices coming in, someone brings their mobile in and connects to the corporate WiFi network or the like. You don’t know what could be on that device so better to protect all your devices to some degree and one way is with device firewalls. Windows includes one as standard in all versions from XP to Windows 7 and Windows Intune allows you to centralise that management, to be able to push out policies to devices and even to be able to open or close firewall ports on those devices.

    Inventory

    Knowing what hardware and software you’ve got in your organisation is a critical task for most administrators and one that introduces enough pain that most hate the task: I know I once had to write a script that used WMI to interrogate more than 5000 devices! Windows Intune includes hardware and software inventory that reports back on what software is deployed to which computers and will simply tell you what hardware each computer has. The information can be used to populate spread sheets or create HTML based reports but critically it can be used to understand what you need to do to upgrade to Windows 7.

    I’ll do licensing in a but every Windows Intune license includes Windows 7 Enterprise for the life of the Windows Intune license.

    Monitoring

    Not only do administrators get alerted about updates that have been missed or malware that’s been detected by they find out about all sorts of computer specific stuff that could be causing users concern. For example hard drive space shortages can be spotted and addressed by admins with a phone call explaining how to clean up some space, or by ordering a new drive. That’s the kind of shift in customer service that users love but that cloud represents, IT being able to add more value and do more with less.

    Remote Assistance

    One of the best tools for helping users is to be able to take control of their computer or even just to watch it whilst they explain a problem. For me that traditionally meant knowing some kind of information about the computer and obtaining that from the user was like pulling teeth… “I need your hostname”… “my hostname?”… “the name of your PC” … “where do I find that” … “right click Computer and select properties” … it says “Local Disk:C: , Devices with removable storage” … “no, right click” … etc. etc. sound familiar?

    Windows Intune doesn’t need any of that, the user clicks a link in the Windows Intune client software and the administrator is sent a link to start a remote session. No back and forth or preamble, it just works.

    Client software

    The only software required for Windows Intune is a client application which when downloaded from the Windows Intune administrators console is unique to your organisation. From then on as soon as it communicates with the Windows Intune cloud service the computer is identified as your organisation and off you go. Zero client configuration required, just Next, Next, Next.

    The back end

    It’s a cloud service, there is no back end infrastructure to deploy. It’s that simple.

    How much does it cost?

    Ah now onto the always very worrisome licensing conversation. Except that it’s not a worrisome conversation and in this case I think you’ll like it. Licensing for the UK is £7.25 per month, per PC and included into that you get Windows 7 Enterprise installation rights for any PC that is licensed with Windows Intune. That means that for £7.25 per month per PC you can finally get them all to the same version of Windows and get the best possible Windows 7 experience. On top of that pay a little more 60p per PC and you’ll get the rights for MDOP…so you get App-V, Med-V, DaRT etc.

    And to answer your question yes, if you have an EA it does get cheaper, and yes the more machines you have it does get cheaper, go over 250 machines and the price drops then again at other levels.

    Is it right for you?

    If all the above sounds fantastic then you’re probably thinking you’d like to investigate you can get a trial for 30 days free, have a look at http://windowsintune.com for details. Who are Microsoft aiming this at though? Well it’s perfect for smaller businesses that lack an existing solution and for larger businesses that don’t have the need for Operating System Deployement (OSD) or Enterprise Software Deployement (ESD) those are the two things that Windows Intune can’t yet do. It has however been tested up to 20,000 devices in an organisation, which will do most people I think.

    And finally

    I like when there’s an and finally part to a post, a couple of things that I think are brilliant about Windows Intune but that don’t get a lot of air time. It’s the cloud; that means that the infrastructure is run for you, so upgrades happen for you, when there’s a new version of Windows Intune there will be a smooth way to upgrade and Microsoft will do it for you.

    Also because it’s the cloud the second the computer can see the internet it can see Windows Intune and the Windows Update service and that means that wherever that computer is you can manage it. You can deploy updates, update malware definitions, update anything else needed and provide remote assistance. That for me is the biggest advantage of Windows Intune, it could mean an end to devices brining in malware and such just because they’ve not been connected to a VPN for a while and not hit the antimalware and patch servers that are available only inside the traditional corporate environment.

    What to do now

    Get the 30 day trial to give Windows Intune a go yourself and don’t forget to download the trial guide to get the most out of the trial. You might also want to take a look at this video to see Windows Intune in action. Finally to get some support you’ll want to take a look at the Windows Intune Tech Center

  • Optimized Desktop unplugged Slides

    Just a quick one to provide people access to the slides from todays OD unplugged session in London.  I can’t share my demo just now but I will record it…here are the slides for OD unplugged.  But also embedded in the post here courtesy of Windows Live and don’t forget to checkout Springboard and the Windows 7 Evaluation I mentioned.

    And also here’s the productivity video from my session.

    Get Microsoft Silverlight