Today's blog post is an extended transcript of my presentation The Cloud Platform Play presented at JAX 2013 which deals with with three major topics:
- developers (as the primary users of PaaS),
- cloud platforms (as a means to make software development more agile and cost efficient),
- getting started (as a call to action to get familiar with PaaS).
Software engineering is a craft!
In his book "The New Kingmakers - How Developers Conquered the World" Stephen O'Grady from RedMonk explains why "developers are the most valuable resource in business." The rationale is simple: every business nowadays depends on software. Software has become a key enabler to do things in new ways or more efficiently in order to stay competitive. This will result in an increased demand for developers. In some locations, such as in the Silicon Valley, developers are already a scarce resource and it has become common practice to buy startups just to acquire the talent pool.
It's about time the business finally acknowledges this! In the conversations I have with fellow software engineers it sounds like this has not yet happened on a broader scale though. The opposite! Typically, the development team is the last element in a complex process; and the one which has to compensate for all the mistakes made along the way like exaggerated customer expectations, poor requirements engineering - not to mention the always challenging timeline.
Software development has never been trivial, yet today's inter-connected world has made it even more complex to develop great solutions that meet the market's needs. It takes experience to learn how-to develop good software and it requires both a wide and a deep skill set to do it properly. Few developers directly program in assembler anymore, they rather use modern programming languages. There's a whole stack of APIs, frameworks and libraries used on top.
As Joel Spolsky once wrote in a great article called Leaky abstractions:
All non-trivial abstractions, to some degree, are leaky.
Abstractions fail. Sometimes a little, sometimes a lot. There's leakage. Things go wrong. It happens all over the place when you have abstractions.
Consequently, software development requires a solid understanding of the complete stack of abstractions used in order to remain in control! At the same time, the need for software is steadily growing driven by the demand to develop and roll out new features in shorter cycles.
The new reality: Software is eating the world*
In the industrial age the rules were simple: the big players dominated the market. They were able to produce at lower costs and higher volumes. They had the biggest distribution networks and consequently the broadest outreach. Smaller companies hardly stood a chance to become competitive.
Times have changed! In today's world, it's not about size anymore, it's about agility. Those who are the quickest to adopt to changing market needs and who are first to roll out new, innovative products are the ones who will win market share. Take Nokia for example, or Blackberry/RIM: they were the global leaders in their respective fields just a few years back. These days they have to play catch-up to the ones of Apple and Android in a smartphone dominated mobile space. "Too big to fail!" has been replaced by "survival of the fittest!"
In a recent article titled "Software is eating the world" published in The Wall Street Journal, Marc Andreessen (co-founder of Netscape) states that more and more traditional businesses are transformed through software. The most prominent examples he provides are Amazon, Apple iTunes and Skype: the world's biggest (book)seller, biggest music retailer and fastest growing telecom company respectively. These companies leveraged web technologies and software to outperform the competition and established themselves as the new dominating players.
Even more astonishing though is the fact that all these innovations are coming from the outside. It wasn't a big publisher who re-invented the way we buy and read books. It wasn't a big music label that finally solved the problem with DRM-free digital music. And it wasn't a traditional telecommunication company that changed the way we communicate via the web. Why is that the case?
Scaling and innovation
Looking at the economy today we see two major challenges for companies small and large: scaling and innovation.
Small companies and start-ups are in need to scale their business. They have the need to reach out to the market and acquire new customers. What they lack in reputation they make up with a "whatever it takes" attitude. They are agile and hungry to succeed and willing to try out new ways of doing things and pursuing new ideas.
Large enterprises on the other hand struggle due to their size. Decision-making takes time. There are well-established processes and individual lines of business (LoB) have to adhere to long-term global IT roadmaps. They simply lack the agility needed to adapt to changing market needs and inter-company politics are dominating the daily business. Middle management is risk-averse resulting in a "business as usual" mentality.
Small companies are looking for ways that help them go-to-market and scale on demand. Big enterprises are looking for ways to leverage innovate solutions without being subordinated to a global IT strategy.
Platform as a Service addresses both needs! Cloud platforms (such as SAP HANA Cloud) provides both the design and the runtime environment to build scalable solutions and it greatly simplifies the deployment, which results in unprecedented time-to-market time-to-impact.
Before we dig deeper and discuss the value proposition of PaaS in more detail, let's have a closer look at the needs of all involved stakeholders of software: users, developers and the business.
Users want solutions that are easy to use (who reads a manual these days?) They want care-free applications: solutions they can access on-demand, on-the-go. Traditional software is getting a bad reputation due to the constant hassle it takes to keep it up-to-date via patches and upgrades. This is just one of the reasons why Software as a Service is gaining traction.
Developers are in need of better tooling and more efficient ways to develop software (see The Way of the Developer). They want tools that are easy to learn/master and support them in building solutions that are both maintainable and extensible. The last thing they want is an environment or tools that restrict them in any way or enforces a particular way of doing things. In short: they want a platform that supports them in their daily tasks yet allows them to use the programming languages, tools and the development environment they choose.
We already addressed the business's needs: being able to deliver innovative solutions in shorter timeframes, and make money.
PaaS to the rescue
So, what to do? How-to enable software engineers to build quality software in less time and with less costs?
This is the problem space that PaaS is addressing: to make software development more agile and cost-efficient. This is achieved by utilizing a standardized runtime environment sitting on cloud infrastructure (IaaS), which provides services and APIs for commonly required features such as persistence and connectivity. This approach allows developers to concentrate on app-specific topics instead of worrying about lower-level non-functional requirements such as scalability, security, high-availability, backups etc.
Usually PaaS offerings support more than just one programming language. Java is a very common option as are other JVM-based languages such as JRuby, Clojure or Scala. Server-side JavaScript runtimes like node.js are becoming more popular as well. Some PaaS providers also support more proprietary programming languages like ASP.NET. In general, the guiding principle is to support more than just one programming model in order to appeal to the broader developer community (this concept is sometimes referred to as BYOL: bring your own language.)
A runtime platform by itself is of little value and hence all the cloud platforms provide a set of core services and APIs that help to speed up the implementation of recurring patterns like database access, secure connectivity to other (on-premise) systems, identity management and messaging infrastructure (just to state a few).
These core services are considered basic platform capabilities and the feature-set offered by PaaS providers are very similar in this regard. Hence, most platforms also provide higher-level services and features to differentiate themselves from the competition. The SAP HANA Cloud for example provides additional portal capabilities and support for mobile scenarios via the SAP Mobile Platform Cloud Edition. There are more capabilities currently in development such as SAP HANA Cloud Integration services (middleware functionality in the cloud), Gateway as a Service and others in the area of analytics and social.
To make it easy to develop cloud applications PaaS vendors provide plug-ins for popular IDEs such as Eclipse, some also support cloud-based IDEs such as Orion or Cloud9. Command line support is a must-have in order to allow integration in DevOps scripts (we'll get back to this topic later-on!)
Last, but not least is the area of life-cycle management like source code management (e.g. integration with github) and continuous delivery (CD), which is a very important aspect of cloud computing. Some platforms also provide services that help with metering and billing customers or provide means to sell solutions directly via a central online store. In short, it is very similar to what we've seen happening in the mobile space (e.g. Apple's App Store or Google Play.)
Why choose Java?
With all those cool programming languages around, why choose Java? Critics say that Java has peaked long ago!
Be it as it may, I believe that Java is (still) a great choice for PaaS. First, there's a very active community of 10 million developers using Java and well, yes, it has been around for 18 years now.
I read a very interesting blog post from Zef Hemel called "Pick your battles", in which he describes Cloud9's approach to developing their cloud IDE based on "the hottest thing at the time: node.js" and the challenges they faced in doing so. I'd rather not spoiler here, but instead recommend reading his blog! However, let me share one of his findings:
"Build amazing apps with the most boring technology you can find. The stuff that has been in use for years and years."
And if not for the programming language Java itself, then there's still a lot of value in using the JVM as a runtime engine for a cloud platform as it allows developers to choose from a variety of (JVM-based) programming languages.
What are the concerns?
With all the benefits of PaaS at hand, how come that many companies still hesitate? What are the concerns? From the discussions I have with developers and IT decision makers alike I came to the understanding that the main concerns are threefold:
- security and data privacy,
- loss of control (aka vendor lock-in) and
- inter-company politics.
Security and Data Protection
It's a very important topic indeed, and a complex one as well! As such, I can barely scratch the surface here and instead have to refer you to some additional reading material. At the end of the day though it all boils down to trust. Whom do you trust with your data? Would you rather trust your own IT department or a company whose core business is to operate a secure cloud platform? Do you have your own data center or have you outsourced it already? Is it safer to put some of your systems into a DMZ yourself rather than running it in the cloud?
Fact is, running a data center is a very regulated business and there is a plethora of standards, guidelines and certificates that operators need to adhere to in order to ensure a maximum level of security. Same is true for data privacy. Here we face a much more fragmented field as the laws and regulations differ from region to region making it a non-trivial exercise to roll out a global solution dealing with personal data. Yet, initiatives like Safe Harbor and the planned reform of the EU's 1995 data protection rules are aiming to improve the status quo. Within the European economic area the German "Bundesdatenschutzgesetz" (Federal Data Protection Act) is one of the most extensive laws about data protection and regarded as a solid reference for an EU-wide regulation [Source].
Before we continue, let me recommend a good starting point for individuals and organizations thinking about adopting cloud computing provided by the European Network and Information Security Agency (enisa): a paper titled "Cloud Computing Risk Assesment".
Loss of Control
Another concern that is commonly expressed is the fear to loss control. People are not only worried about getting into the cloud, but also about what happens once they are in the cloud. What if they want to move from one platform to another? How easy is it to move the data? What happens to all those applications developed - are they portable? In short, they are afraid of vendor lock-in!
Here, the most important aspects to consider are open standards and open source. Companies are well-advised to carefully judge cloud platform providers from that point of view. The more proprietary a platform is the higher the total cost of ownership and the cost of development. Especially within the Java space there are a lot of standards for common features like persistence, security etc. and adhering to those ensures maximum portability while at the same time lowering the entry barrier for developers.
Open source-based platforms are especially appealing in this regard as they are backed by a huge community. De-facto standards (like Hibernate or the Spring framework for example) have gotten mass-adoption and hence have become very mature (= enterprise-ready). Thanks to great documentations and plenty of samples it is very easy to get started. And if one should face any issues there's a huge community willing to help (see stackoverflow.) All of these factors dramatically reduce the cost of development, as you no longer need special expertise to develop great software.
Internal politics
As we techies know it's hardly ever technology that makes things complicated. Usually it's processes or politics. Same here!
At first glance it seems natural that some parties within a company are skeptical when it comes to cloud computing - especially IT departments. Of course they are not eager to lose influence and they may even be afraid to become obsolete. But nothing could be farther from the truth!
Matter of fact, operations are more important than ever and the skill set typically residing within IT departments nowadays is in higher demand than ever. The keyword here is: DevOps. While traditionally development and operations have been two separate entities with contradicting KPIs (the former measured by the number of new features being rolled out and the later measured by the stability of productive systems) the line becomes blurry in the context of cloud computing.
Developing cloud applications comes with the requirement to always be able to fix bugs and roll out new features. The development becomes much more agile and consequently the delivery process needs to be automated. Topics such as unit tests, integration tests, load tests, regression tests etc. (see continuous delivery) are essential to ensure that new features can be rolled out without jeopardizing the stability of the application or causing unnecessary downtimes. On the development sides there's the need to provision development landscapes on the fly based on pre-defined configurations. Because of all of these reasons it makes a lot of sense to combine development and operation into cross-topic teams that take ownership of a product throughout its whole lifecycle. Those interested in the topic may want to check out the DevOps series hosted on IBM's developerWorks website.
How-to get started?
At this point of the discussion I frequently get asked "so, how-to get started?" or "What are scenarios particular suited for the cloud?" Great question (as it indicates that the person asking it may be willing to try it out!)
Instead of giving a direct answer let me share a story. A while back I had the unique opportunity to witness Gunther Dueck (former CTO of IBM) give a presentation about innovation in large enterprises. One of the things that stuck with me was that he compared large enterprises to cruise ships: once set in motion it's hard to turn them around and it takes time to change course! There will always be people fighting new ideas and holding on to the good old way of doing things (= naysayers to progress, or "Fortschrittsverweigerer" as we say in German.) Instead of hoping/waiting for a top-down movement it may be better to send out a few speedboats that explore new lands detached from the mothership and only come back once they have found something fruitful. In some cases it may even be necessary to send out sub-marines that explore new territories without even being noticed by skeptics.
This approach makes a lot of sense to me personally and matches my own experiences made while developing solutions on emerging technologies. In fact, one of my former managers once told me: "Manchmal ist es leichter, um Verzeihung zu bitten, als um Erlaubnis zu fragen!" ("Sometimes it's easier to seek forgiveness not permission!") Especially when it comes to the adoption of PaaS - being a developer-centric topic - I tend to believe that the revolution has to be started bottom-up (see Billy Marshall's post "The CIO is the last to know!")
Consequently, my advice to such questions is to carefully choose a pilot project and then look for an executive sponsor to get started. "Think big, start small!" should be the guiding motto. Once you have developed a cloud application, show it to the business people and then things get rolling. (You'd still have to hold them back and explain that it's a mere prototype and not something to be set live the next day, but we all know that drill, right?)
Typical cloud scenarios
To be frank, I don't think there's such a thing as the killer app for cloud. In general, every scenario that requires having to deal with large volumes of users or data is a great fit for cloud. Same is true for applications that need to be accessible from all around the globe. Prominent examples are shop floor systems dealing with thousands of sensors or broad-reach apps connecting thousands of users. Usually mobile solutions are connected to backend systems in the cloud. It could literally be anything...
One of the easiest use-cases to get started with are so called employee self-services like time-recording or absence management solutions. This type of applications is not mission-critical and hence well suited to gather experience with developing cloud solutions. On the other hand, such self-services reach a lot of users and solve a classical pain point - eventually helping to win your co-workers for your cause. If you just use the cloud as a vehicle to access the respective functionality (e.g. via mobile devices) keeping the data in the corresponding on-premise system(s) you can even work-around some of the data protection aspects mentioned earlier.
Cloud - A new gold rush?
Analysts and IT influencers alike predict enormous growth in the PaaS sector and "suggest that now is the time to begin evaluating how PaaS offerings can fit into your overall IT strategy." [Source] As we all know too well though developers are resistant to marketing and can only be convinced to give something a try by their peers. Fortunately this is easy to do. Most of the PaaS vendors provide developers with free trial accounts or even developer licenses, which makes it very easy to test-drive and evaluate them. The time is now!
Looking at the stats of the last gold rush the numbers may not sound too convincing: 100,000 left for Klondike, 40,000 made it to Dawson City and only 4,000 found gold!
I interprete these numbers differently though: those that well prepare for the road ahead and who are the first on the road will also be the first to stake their claim and make a fortune. PaaS is still in its infancy and as such all cloud platform providers are looking for great show-cases and reference customers that help in marketing, making it the perfect time to get started as the platform vendor of your choice will support you by amplifying your message and advertising your solution.
So, what are you waiting for?
Related:
PS: The typical disclaimers apply... all my personal point of view ... yada, yada, yada!
