Bio Jerry Cuomo is an IBM Fellow and the Chief Technology Officer of the WebSphere Division in IBM Software Group. He is one of the founding fathers of IBM WebSphere Software. Jerry has spent more than 20 years at IBM working in the areas of TCP/IP, real-time collaboration software, and high-performance transactional systems.
For the most part we are still looking at the taxonomy of the Cloud, the way we’ve been - infrastructure, services as the foundation and for the most part infrastructure services continue to move on. We have a number of things going on around the IBM Cloud. The IBM store is still resident at Amazon, so you can get a bunch of IBM middleware there. Platform services are kind of moving up the stack. We are starting to put a lot of focus on that and hopefully we can chat a little bit about that as well.
Software-as-a-Service is the third area of the taxonomy. Again, we have a number of things going on at that level as well. Certainly, we are looking at the Cloud as infrastructure services, platform services and Software-as-a-Service. As we talked about before, the thing that makes us a bit unique in IBM is we don’t discriminate about where they run. Running them on-premise (a lot of customers like to start with their services running in a safe place on-premise), off-premise in a public Cloud (I mentioned before to you some of our public offerings) and then interesting combinations or hybrid.
Public, private and hybrid is our focus. When we offer things across that taxonomy, we are always thinking about the variations of public, private and hybrid. I think that makes us a bit unique in how we’re going about our Cloud taxonomy.
Hybrid Cloud is using the best aspects of public cloud and also using capability that you have behind your data centered firewall. Examples that we see around infrastructure services, grow your infrastructure up to a certain point and then as you start to overflow, you overflow into the Public Cloud thinking about renting capacity on demand when you need it. That’s a very interesting use case. For example we, in IBM, do some of our scalability tests by renting machines either from other parts of the IBM using the IBM Cloud or Amazon to run scalability tests, client workload drivers.
When we’re done, we give them back. That’s an interesting use of Hybrid for testing. There is also Hybrid for use around building business applications. You have a lot of your services running resident in your company, perhaps your systems of record run resident. But then outsourcing across the internet for other capabilities - shipping services, even CRM services from companies like Salesforce - and building these hybrid applications that perhaps still use your system of record on site, but then venture out to use services on the public internet. It’s another form of building hybrid applications.
It’s absolutely another word for SOA. We certainly look at this as a Service Oriented Architecture, whether you are an administrator working on your infrastructure, you are interacting with your infrastructure as a set of services or if you are an application or services consumer creating composite application. You want to be able to choose from capabilities you have running behind your firewall and also capabilities that you have running outside your firewall.
But with this type of SOA you have to think about governing, you have to think about security in ways that you probably weren’t before it and certainly perhaps not as stringently when everything is running in your data center. Thinking about how you access services publicly and being able to audit the information being accessed in both directions, perhaps providing a secure tunnel between you and that Public Cloud, so that the data flowing is protected. These are the considerations when your SOA goes out beyond your corporate firewall. Yes, it’s absolutely a form of SOA.
With infrastructure services the image is the central piece. With platform services the application becomes the center piece. Let me explain to you a little bit more about what I mean by that. In infrastructure services you take an image and you deploy that image to your favorite Cloud service and within that image it’s kind of like a black box. The type of application, the type of platform, is all up to you. You’ve fertilized that black box with whatever you want to put in it.
With a platform service you really come to that platform with an idea about the type of application that you want to run. Most platform services have some kind of personality. For example, they run Java applications, they run .NET applications or they run some special variety of an application - think Force.com that will run an application that runs within the Saleforce ecosystem. Certainly, we have a large development community around IBM and WebSphere and Java.
Naturally, our platform services we want to focus on the things that we’re really strong at - being able to process applications in the vein of JEE, being able to not just offer the application runtime capabilities, but say you come to our platform with a WAR file. Not just bring the WAR file, but bring some level of QoS policy, some document that describes what your view of goodness is for this application. Does it have to be highly available? Does it have to be secured in a special way? What’s your policy around health? How much memory is it allowed to consume? etc.
With that policy, we can take off your hands a lot of the cumbersome activities around managing that application - managing its scale, managing its performance, managing its health. The interesting thing when we think about Platform-as-a-Service. We think about the application first. You come in perhaps as a developer to the platform service with an application and some intentions about how well that application should run.
We then process that and we make the application run to meet the needs of that contract. It’s a very effective kind of environment for developers to run existing applications and perhaps to build new styles of applications.
Given our come at the WebSphere, the answer is absolutely yes. We’re well on our way of building that, even testing it with a select set of customers. You can watch the space coming to an IBM Cloud near you soon. We’ll be our Platform-as-a-Service. What environments, you ask? Of course Java centered environments is a good place to start across. We have a lot of expertise in that area so we’ll certainly be bringing that at the core of the platform, although we believe that we can offer a platform environment that can offer multiple runtime selections, multiple dialects of Java and APIs around Java, so JEE.
Think about the hundreds of thousands if not millions of applications that are in today around that API set. We certainly want to be a little leverage the skills and people’s competency in that area. We want to be able to take your JEE application to the IBM PaaS and run it. But we also believe that there is other emerging programming models that complement JEE very well, whether it’s data centric models that allow you to do things like data analytics, map reduce kinds of things, operations on data grids. All of these kinds of workloads we’d like to be able to support as well within our PaaS.
You somehow want architects to continue to think about the basic aspects of application design, because at some level that really hasn’t changed. The model-view-controller paradigm of architecture is still very much the application architecture of choice. We want people to bring that forward and incrementally consume some of the newer capabilities that we’re bringing around Cloud and its notion of elastic scale and the like.
One of the things that you should think about is how you bind to your services. One of the things that we’re looking to offer as we look at our platform for architecture and design is to start lifting out core services that are typically part of your application runtime and making those shared services at the platform level. Queuing, data access, some of the core functional services, but also I’d say non-functional services if people subscribe to that including workload management, how you manage your logs, security even.
Lifting those out and providing those as more global capabilities around the Cloud server, being able to declare what your application truly depends on, what services. You may have a web application that requires data services so you want to be able to bring up the mappings of your database schema. You may have requirements around publish and subscribe so you want to think about the services you need around your queuing capabilities.
You may have security requirements, perhaps single sign-on. Being able to declare those services upfront gives you some flexibility within your application not to have that embedded, but to utilize some of the external services. The cool part about utilizing the external services is those services are managed for you. They already stood up; you don’t have to worry about the provisioning of those capabilities, the quality of service of those capabilities. You can pretty much assume they are there and that’s pretty powerful. Now you can just focus on the substance of your application.
We actually have products in the marketplace that have years and years of notoriety - DB 2 for data, WebSphere Application Server, MQ for queuing. We’re using those products as the underpinnings for our shared services. They are not at some level black boxes. When you look at some of the competitors out there in this space, you don’t know how those things are implemented. Perhaps you don’t have to know, at some level.
But the interesting part (remember the early part of this discussion) is that our customers seem to want to be able to run these services behind their firewall. They like the Cloud notion, they like the notion of a self-help portal to go and to help yourself to a dose of some runtime environment. They like the ability to be able to manage those environments elastically and to specify their requirements through QoS documents. That goes whether they are running it on-premise or off-premise.
The cool part is when we’re backing that with capability that your IT shop may already be aware of. Taking a DB 2, taking a WebSphere and now running it in, you probably have organizational capability around those tools. Believe it or not, in a Cloud environment you’ll have middleware powering the Cloud, then the middleware will have logs, they’ll have command lines and someone has to go and manage those things.
While we’re putting facades on top of these and we’re making them for example more friendly about working in multitenant environments, etc., people will have to operate these things. When you are operating the IBM Cloud, the piece powering the data is going to be DB 2. There are many tens of thousands of administrators for DB 2 out there. So you want to have to skill up on that and the same thing about the runtime environments.
You’ll recognize the runtime environments, how you interact with it, command line interfaces and all of the garnishes that we have around WebSphere. Being able to do logging services, JMX and all of the capabilities that we’ve known to well and love will be part of that ecosystem. While it could be made to be a black box, you can also look into that black box and what you see you’ll recognize.
Absolutely spot on. One of the things that I’m really surprised of is that the very same customers that were very vocal back in the day and still are about JEE, about wanting this environment where there is like a level thing playing field from an API’s perspective where we have community processes, where we have the likes of Sun and IBM and others coming to the table, they’ve kind of gotten quiet around the whole Cloud space.
I believe standards are every bit as important. The right ones run anywhere standards are still with us, are still a key point. We want to be able to give that customer the right to build a set of assets and run it on vendor A’s cloud, and if vendor A lets it down in any way, move it to vendor B’s cloud without having to start from scratch. The level of standards around APIs for Cloud interoperability, to be able to deploy, to be able to run, to be able to debug and manage, that is key, that hasn’t gone away.
When we look at how we’re bringing our Platform-as-a-Service and our infrastructure into focus as I said earlier, we’re doing it in such a way that doesn’t lock you in, to either running on public or private. We want to be able to allow you to choose what’s right for your business (even hybrid combinations), but also we want to continue to work with others from the industry that we worked with for years on one of those standards. Because, let’s put it this way, JEE and the standards around Java are putting my kids through school.
I want the next generation of APIs to allow us to compete the same way, because I think that’s that freedom of action that really sold our customer on us as vendors. We could dream it up with the best of them, for sure. I know our competitors can too, but I’d like to hear from our users and I like them to be as hard on us as they were when they were when demanding all us to sit at the table, the JEE table, the JSE table for standards and currency of those Cloud standards, etc. It’s a good question and I hope our customers still ask those good questions because they are good questions.
I think there would be different APIs that would address different areas of the Cloud. At the intersection of the platform and the infrastructure there is the need for an API. There are open source projects like Eucalyptus, as an example, that try to abstract the provisioning of an environment. I think ensuring that we’re not locked in at the API level from our provisioning perspective so that your PaaS could sit on top of the IBM Cloud, the Amazon Cloud or whatever else Cloud out there is important.
That’s one level. I mentioned earlier that within a PaaS environment you want to register services, you want your database service or your messaging service, etc. The contracts between the PaaS and those services are very important to get right. Let’s say the Cloud registry that registered these services - What is the format of that registry? What does it take to be a plug-in into that registry? That’s another example at the application service level of what that would all be and how you plug in with that.
Perhaps even the containers, the different support for let’s say programming APIs, whether it’s JEE, whether it’s scripting or it’s some other dialect of API, to be able to register those with the platform service as well. Those would be some examples and I think from the edge of the IaaS to the PaaS there are APIs. Within the PaaS there are APIs and probably around the admin system there are a variety of APIs for doing things like receiving your logging information alerts, etc. the more we can standardize the shape of it.
I don’t want to imply that there aren’t activities going out in the industry; there absolutely are. But we want to hear back from the user community around which ones are resonating with them and we’d like to give you that feedback too on which ones are resonating with us.
One of the things that’s enticing about the public SaaS services out there is their price, their availability. There is more and more of them every day and of course if you could go global, you would see this n-dimensional thing. If you go to China, there is a whole set of commerce services there, is a whole set of business services there. How is best to consume these services? How do you build these composite applications? Exactly what you said - Where do you put the data? How do you access the data?
What we’re seeing is that our customers and especially customers coming from a heritage of bigger enterprise can’t have multiple systems of record. To think that they are going to be using off-premise services and putting their customer databases out there isn’t a good thought. We’re introducing environments, like our Cast Iron environment, we’re putting process governance in place to allow you to do things like create workflows.
In fact you can do this with a set of visual tools that we offer that allow you to do things like keep your data behind your firewall, but do things like synchronize out for example to a Salesforce. You can copy records, but the workflows know what records are being copied and how they’re being moved and you can put audit checkpoints in there as you go along that. You could run it over HTTP, HTTPS or even VPN tunnels for the levels of secure connectivity that you get when you talk to these external services, can be ratchet up depending on the sensitivity of the data, etc.
From a programming perspective, what we hope is that to you all this looks like your network. In your program you can open a socket to a service that’s off-premise. But based on the infrastructure you have, the infrastructure knows that that zone is really an off-premises zone and we’ll handle it accordingly. Being able to manage your systems of record in a way that keeps you in control but allows to utilize services is a key aspect of hybrid computing.
We are seeing that customers are starting maybe in SMB land a little bit more aggressively than big enterprise land, but I talk to customers more and more about how tempting what they call "internet outsourcing" is. Typically you are buying packaged applications and you are building applications around SAP on-premise. You are building applications around Oracle on-premise, IBM on-premise, but there are also many other capabilities out there on the internet.
Being able to create these business mashups that utilize your core systems on-premise and services off-premise is very tempting, provided you have the right tooling. Tooling like the Cast Iron capabilities help you do that and build these applications in a very robust and responsible way.
Let’s say that you are working in an insurance company and let’s say the insurance company focuses on ways to generate more revenue and they get this idea for selling snowmobile insurance. They want to target the North-East of the US. To run a sales campaign typically would require you building your application around your customer database. That may be running in some kind of on-premise ERP system.
I don’t know how many of you out there work very closely with the folks managing your ERP systems, but if you want to do this opportunistically, like "Winter is coming up right now", your company is probably not agile enough to turn that application around. We see some people wanting to turn to outside services, like "Let’s build the application around Salesforce." In this scenario, just for this snowmobile campaign we want to gather leads using Salesforce. That’s good, but now again, as I imagine before, you have 2 systems of record.
The new customer lead is going into Salesforce for your snowmobile insurance and then all your other stuff on-premise. This is an example of "I’d love to do it, Salesforce has a good price, they are available quickly. I can get my mobile Salesforce up and running. Building the applications is predominantly template driven so I don’t have to do a lot of deep application coding. A lot of it is templates and configuration against a big set of assets.
But then, how do I do this responsibly so that I don’t have now 2 systems of record - one out on the Salesforce cloud and one perhaps on my SAP system. Now this is kind of where this hybrid application will come in to play, where you can start to get alerts from Salesforce that trigger workflows that start doing things around data synchronization, synchronizing when a new customer gets inserted into your Salesforce system.
That triggers an event that will have the customer information copied back into your system of record, thereby allowing you to do this responsibly, still taking advantage of this sales opportunity or not troubling your internal apps team to have to create a new application out of band against their current system of record. This is just an example of internet outsourcing for an opportunity. It may be a temporal opportunity, because you are not going to be selling the snowmobile insurance in the summer, doing it in a responsible way through synchronization and then events, process through the system.
(Again, I’m outlining how our Cast Iron system works.) In the end, having control points so that you can monitor the activity that’s happening between your public activity and your on-premise activity.
12. What about portability of application code in this environment? Is it important for someone to be able to deploy an app in a private and then possibly moving it out to a public? How does that work?
Portability is key. It goes back to some of the standard discussions that we had earlier. Model portability is important. There are some things when you look at the portability of today’s on-premise applications, because many times an on-premise application will make bold assumptions about how state is managed, how data is accessed that may prevent the application from easily scaling in generic ways. This is why sometimes you’ll see in a Cloud or a Platform-as-a-Service runtime APIs are restricted and constrained in certain ways, which gives the underpinnings the ability to scale it out.
Regardless, from an IBM perspective we want to give you the portability of your existing apps running in these hosted environments. But we also want to start introducing APIs whether it’s through shared services like database services, cache services to allow the underpinnings to easily manage scale, while providing portability, whether it’s portability between running this in the IBM cloud and deciding you want to bring it on-premise to test it and perhaps run it in production. Or vice versa, starting with an on-premise application and then saying "You know, there is no real value for me to run this on-premise. Let me move it off to an off-premise."
Portability of APIs is paramount. The one who is going to really take leadership in this space is the company that’s going to help drive the standards for portability. Not just the API level portability, but also the interfacing to the underpinning infrastructure and the portability around there and to have a set of interesting offerings with payment options and models. That will allow you today to run on-premise, tomorrow outsource that to an off-premise provider.
That’s the way it’s stacking out for sure.
I think we too, in IBM software group (if you’ve seen recently our acquisitions of CoreMatrix and of Sterling Commerce), are very much in that boat. I really appreciate that question because they do operate their own data centers to power the capabilities that those companies provide and that we provide in IBM. I think the characteristics of those companies tend to be more focused around a smaller set of applications that have heavy demand. Whether it’s CoreMatrix or Twitter or Facebook, you see that characteristic.
There is not a lot of application variability, but there is high demand and high scale. Often, we’ll see that the company who builds that application truly understands the principles of how multi-tendency is going to work, how elasticity is going to work and could tune it to the n- degree because they own the application, versus the other side, which is I have a large number of applications. Now I’m tuning for some level of average behavior and it’s really the law of large numbers.
I’m making a bet that not every single application running on my platform or in my hosted environment is going to be hot all at once. I’m making that based on averages that some apps will be hot, some apps won’t be hot. I can trade off the resource underpinnings for that. I’ll start to optimize the behavior of my Cloud for that. If you are more to decide it’s an app, it’s a modest amount of volume, maybe a generic Cloud can handle your QoS responsibilities, your scale, and your multi-tendency requirements.
But if you have a specialized app that is in high demand, you may have to get in there and tailor the underpinnings for multi-tendency, for elasticity, for QoS and for other dimensions as well - security, etc., it keeps going on. The Cloud isn’t for everyone. There are specialized Clouds for certain types of applications.
Clearly, as you put it. We have a very strong focus on our current customer base and certainly learning while we work with them is important to our overall Cloud offerings and strategy. But through some organic growth but also through some acquisitions we’ve been growing through the use of Public Clouds to reach out to folks that we really haven’t been capturing their hearts and minds. The two areas, specifically that I can give examples are the work that we’re doing by bringing on Cast Iron.
Typically, Cast Iron has on-premise offerings that resonate of course with the usual cast of characters that we work with, but they also have a way to host in a third party IBM hosted environment integrations between on-premise and off-premise or off-premise and off-premise to allow you to build composite applications. We’re really cutting our teeth on some of that with and through Cast Iron offerings. Also, through our acquisition of Lombardi, we have a set of Cloud-based offering now that’ll provide business analysts and business leaders with a set of tools.
And offering it not through traditional software, but Cloud-based hosted tools and hosted offerings. That’s getting a lot of traction with a set of customers that we’re increasingly trying to win over; in this case not necessarily the IT specific customers, but the business leaders. As we expand our Cloud offerings, certainly looking out not just to get the attention of the people we currently have the attention of, but get the attention of others, and not just others in the standard geographies. I mean we also hope that some of these Cloud offerings will help us get the attention of others in other geographies in the emerging markets, etc.
We have some work going on. For example in China we have a commerce Cloud with other sorts of offerings like that that is helping us establish ourselves in some of these new areas as we decide whether we want to make that a worldwide offering. From a deployment model’s perspective the Cloud, especially if we look at the Public Cloud, helps us at IBM get our arms around some of these opportunities. We’ll always cater to the Enterprise, but I think we have lots of opportunities to cater to many other folks across industry.