Five requirements for deploying an application in a public cloud

Cloud computing offers the promise of inexpensive, flexible infrastructure that can be created, dismantled, reconfigured, grown and shrunk on demand. But not all applications are designed for cloud architectures. In this tip, you will learn the characteristics of an application's design that can determine whether it is well-suited for cloud computing.

For the purposes of this document, we'll focus on using a public cloud, as defined by the National Institute of Standards and Technology:

The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Most companies and organizations that investigate using the cloud are driven by the desire to reduce costs or provide dynamic scalability. To make a successful deployment or migration to the cloud, the following five characteristics of an application are critical:

1. Licensing
First, you need to think about licensing. It is likely that your application is made up of many different components, most of which have some type of licensing agreement associated with them. You will need to review each of those agreements to determine if, or how, those licenses will be affected by deployment in a cloud.If your application uses a component that is licensed by CPU and you deploy it in a cloud environment designed to launch new instances and request more resources as load increases, for example, you could easily exceed your CPU license limit. You will need to understand how your licenses affect your ability to scale.

2. Processing requirements and memory locks
If dynamic scalability is your main reason for looking to the cloud, then your application should be designed to take advantage of a parallel architecture. If the application is designed with multi-threaded code that allows processing to be split into small chunks, it's well-suited for use within the cloud. An application that is designed around single monolithic thread processing, on the other hand, will find it difficult to take advantage of the cloud's distributed nature.

How your application handles sessions and locking will also be a factor in deployment and migration decisions. If your application uses system-centric locking or session mechanisms, which includes memory-based locks or memory-based session management, then it will most likely not be able to utilize the dynamic scalability of the cloud. Locks are tied to an individual system, which is contradictory to how cloud computing works. An application designed for the cloud should use a shared locking mechanism or have session management design features.

3. Bandwidth requirements
Because you access a public cloud via the Internet, bandwidth is significantly limited when compared to a private cloud. Given the public cloud's bandwidth limitation, you should only consider applications that have moderate client bandwidth requirements. If you have an application that uses extensive Microsoft File Sharing functions between the client and server, for example, it is likely that the user will find the application unacceptable, as the traffic between the client and server will overwhelm the client's Internet connection. It should be noted that this limitation is not the case for inter-cloud (server to server) communications within a single provider, as they typically use considerably more powerful connections within the cloud provider.

4. Communication protocol
The cloud is based on the Internet Protocol (IP), so for an application to be considered, it must use IP as its communication mechanism. While there are many protocols that can be run over IP, the use of Transport Control Protocol (TCP) is preferred.

5. Data security
The application will need to provide security at the data storage, processing and transmission stages. Three critical components of this are:

• Data in transit needs to be protected either at the application or the transmission level. You will find that most applications choose the transmission level for protection and the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are often used.
• Data at rest must be protected by the application. The application must provide a mechanism to protect the data stored in the cloud. Encrypting data at rest is the best option at this time, and a future technical tip will delve into the specifics of this area.
• Server to server communications are typically forgotten because they currently exist within the data center. You will need to ensure the security of server to server (cloud instance to cloud instance) communications, in addition to client to server communications.

Moving or deploying your application to the cloud can be a very smart business move, but you need to make sure you can do it successfully. We have discussed some of most important application design aspects when considering the cloud. To recap, here are the design attributes that will make it a "cloud-ready" application:

• Flexible licensing
• A parallel design
• Moderate client-server bandwidth requirements
• IP-based networking
• A securable application

For more detailed information on this subject, I recommend reading Mapping Applications to the Cloud and Cloud Application Architectures by George Reese.

ABOUT THE AUTHOR:

Phil Cox is a principal consultant of SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the areas of system integration and security.

His experience includes Windows, UNIX, and IP-based networks integration, firewall design and implementation and ISO 17799 and PCI compliance. Phil frequently writes and lectures on issues dealing with heterogeneous system integration and compliance with PCI-DSS. He is the lead author of Windows 2000 Security Handbook Second Edition (Osborne McGraw-Hill) and contributing author for Windows NT/2000 Network Security (Macmillan Technical Publishing).

Phil holds a BS in Computer Science from the College of Charleston