The New Age of Cloud Computing and GIS

By Victoria Kouyoumjian, Esri IT Strategy Architect

Cloud computing is rapidly emerging as a technology trend almost every industry that provides or consumes software, hardware, and infrastructure can leverage. The technology and architecture that cloud service and deployment models offer are a key area of research and development for Esri in current and future iterations of the ArcGIS product platform solutions.

Although there are several variations on the definition of cloud computing, some basic tenets characterize this emerging environment. Cloud computing furnishes technological capabilities—commonly maintained off-premise—that are delivered on demand as a service via the Internet. Since a third party owns and manages public cloud services, consumers of these services do not own assets in the cloud model but pay for them on a per-use basis. In essence, they are renting the physical infrastructure and applications within a shared architecture. Cloud offerings can range from data storage to end-user Web applications to other focused computing services.

One critical difference between traditional and cloud computing is the scalable and elastic nature cloud computing provides. Instead of a static system architecture, cloud computing supports the ability to dynamically scale up and quickly scale down, offering cloud consumers high reliability, quick response times, and the flexibility to handle traffic fluctuations and demand. Cloud computing also supports multitenancy, providing systems configured in such a way that they can be pooled to be shared by many organizations or individuals. Virtualization technology allows cloud vendors to convert one server into many virtual machines, thereby eliminating client-server computing with single-purpose systems. This maximizes hardware capacity and allows customers to leverage economies of scale.

Three core options comprise the service model within the cloud computing environment.

• Software as a Service (SaaS) comprises end-user applications delivered as a service, rather than as traditional, on-premises software. The most commonly referenced example of SaaS is Salesforce.com, which provides a customer relationship management (CRM) system accessible via the Internet.
• Platform as a Service (PaaS) provides an application platform or middleware as a service on which developers can build and deploy custom applications. Common solutions provided in this tier range from APIs and tools to database and business process management systems, to security integration, allowing developers to build applications and run them on the infrastructure that the cloud vendor owns and maintains. Microsoft's Windows Azure platform services are often referenced as PaaS solutions at this middleware tier.
• Infrastructure as a Service (IaaS) primarily encompasses the hardware and technology for computing power, storage, operating systems, or other infrastructure, delivered as off-premises, on-demand services rather than as dedicated, on-site resources such as the Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Simple Storage Service (Amazon S3).

Each service category can be leveraged independently or consumed in combination with other service tiers.

The Cloud's Benefits

Cloud computing provides opportunities for organizations to become more cost-effective, productive, and flexible in order to rapidly deliver new capabilities.

The pay-as-you-go pricing model is often quite flexible when renting cloud applications or infrastructure, allowing prospective cloud clients to "try before they buy," while existing cloud consumers can pay in advance to take advantage of volume discounts and satisfy budget forecasting requirements. Renting assets shifts the duty of maintaining on-premises data centers to the cloud vendor, alleviating the customer's responsibility for software and hardware maintenance, ongoing operation, and support.

Ideally, cloud clients should be confident they are consuming state-of-the-art systems that are highly reliable and flexible enough to handle large traffic fluctuations. The burden, then, is on the vendor to scale and continually reinvest in the on-demand IT architecture and service so that consumers are consistently provided with a robust, updated solution.

Moving parts of the corporate data and computing center to the cloud also reduces the amount of fragmented infrastructure, driving down up-front capital spending. As monies are reallocated to be invested in core business, other initiatives could be launched to provide direct value to customers and employees, giving the organization a competitive advantage.

With outsourcing and offshoring growing, leading to creation of a global workforce, team productivity depends on the power of networks and the Internet as a common platform. As such, cloud services are available 24/7, accessible from any browser on any device regardless of time zone. This provides faster, easier access for workers to do their jobs, allowing competitive differentiation for the organization and, likewise, retaining and attracting valuable and talented staff.

Some Benefits in the Cloud

Cloud computing speeds delivery of applications and can reduce costs.

Risks in the Cloud

IT professionals' top concerns when considering moving to the cloud: Security and privacy.

Despite cloud computing's many benefits, it's important to be aware of the risks and concerns when doing business in a cloud architecture.

Security and privacy are two of IT professionals' top concerns when considering moving to the cloud, either as a vendor, broker, or consumer. There have been instances of security breaches with Salesforce.com¹, epic.org², and Google Docs³, to name a few, and should serve as reminders to be vigilant and cautious in the on-demand marketplace. Typical security and privacy examples include data storage and data transfer protection; vulnerability management and remediation; personnel and physical security; application security; data privacy; and identity management.

Depending on your industry, customer base, or public or private organization, compliance requirements exist that must be met and secured. Some compliance concerns include business continuity and disaster recovery; security standards (ISO 27001); logs and audit trails (eDiscovery); and specific standards and governmental compliance requirements such as Sarbanes Oxley, Payment Card Industry (PCI), and the Health Insurance Portability and Accountability Act (HIPAA).

There are specific legal concerns when providing cloud services and, subsequently, consuming them. These revolve around liability and recourse, intellectual property issues and terms, as well as vendor transparency regarding location of recovery data centers. When relying on an Internet service, there is always a question of availability and the peak-load capacity that the vendor can carry. For example, current and prospective customers can scrutinize the uptime (and downtime) of Amazon Web Services and Google App Engine through CloudStatus.com to determine how healthy the services have been, monitoring their track record of service failures, latency, and throughput.

And finally, as of yet, there are no standards to ensure interoperability or free movement between cloud providers. As such, cloud consumers should also be aware of vendor lock in when moving forward in the cloud ecosystem.

When consuming cloud services, clearly, it's important to recognize the potential hazards and risks ahead, as with any new or existing IT investment. Concerns about security, inquiries around the provider's maturation in an incubating industry, reliability, and regulatory issues are all topics for discussion and clarification in a service-level agreement (SLA). Although not a guarantee, to better ensure delivery of best practices in the cloud, SLAs with the cloud vendor are recommended when consuming cloud services. Realistically, these concerns are not too different from those that one would have choosing any third-party provider or service. As barriers to entry into cloud computing continue to fall away, confidence in cloud vendors will be established through repeated successful experiences, testimonials, and proven reliability with respect to operating procedures and performance.

Cloud Computing Deployment Models

There are several types of cloud computing deployment scenarios. The National Institute of Standards and Technology (NIST) is emerging as the preferred provider of the de facto definition of cloud computing and the distribution models, seen here with some Esri examples.

Some organizations, concerned about security, may opt for a private cloud or a hybrid deployment model.

The public cloud is the most commonly referenced regarding the topic of cloud computing, where the infrastructure and applications are owned by the organization selling cloud services. However, since many traditional vendors and users are not quite ready to jump into public cloud computing or are restricted from doing so, the cloud service tiers are replicated within a private cloud environment, behind the firewall, and maintained within the parameters of the host organization. Many believe that the sweet spot for cost optimization in an organization will rely on a delicate balance of public, or community, and private clouds. However, since this hybrid cloud solution is commonly bound together by proprietary technology, it will only be embraced by enterprise computing in the future as standards are developed.

On-Demand GIS and Mapping: Esri and the Cloud

Esri considers cloud computing and technology important in the development and vision of the ArcGIS platform. Several options are available for companies that want to improve productivity and efficiency while reducing expenses and freeing up valuable IT resources to concentrate on newer business initiatives.

ArcGIS Server is a viable candidate in an on-demand architecture. Cached map tiles can be uploaded to cloud computing vendors, such as Amazon Simple Storage Service (S3), to create a data center in the cloud. (See Tiles on a Cloud: Cloud computing and ArcGIS Server deliver a thrifty solution, ArcUser, Fall 2009.)

Esri's current SaaS offering is Esri Business Analyst Online, which allows the consumer to combine GIS technology with extensive demographic, consumer, and business data for the entire United States. This enables the delivery of on-demand analysis, boardroom-ready reports, and maps over the Web. Because Esri hosts Business Analyst Online, consumers need not worry about managing data or technology updates. Furthermore, Esri developers can leverage Esri's PaaS offerings via the ArcGIS Web mapping APIs, such as JavaScript, Flex, and Silverlight/WPF, hosted by Esri on ArcGIS Online.

Esri has been providing software plus services (S+S) for some time, allowing customers to leverage their on-premises solutions with on-demand services. Esri's ArcGIS Online map and GIS services provide S+S users immediate access to cartographically designed, seamless basemaps to which they can easily add their own data in an Esri on-premises product. MapIt is another implementation of software plus services, allowing business information to be displayed and more accurately analyzed through access to online data, basemaps, and task services from Esri and Bing Maps, as well as through support for the Windows Azure Platform and Microsoft's SQL Azure. As a community cloud, the ArcGIS Online Content Sharing Program enables users and organizations to contribute geographic data content. Leveraging Amazon's EC2 and S3 compute and storage services allows Esri to host the content and provide access 24/7. ArcGIS Explorer users can consume ready-to-use basemaps and layers from ArcGIS Online Services in the S+S model. And ArcLogistics provides software and access to online services that help you create optimal vehicle routes and schedules.

As cloud computing continues to move farther into mainstream IT to become a convention in business, Esri will continue to offer solutions to allow customers and prospects success in the cloud.

Victoria Kouyoumjian is an IT Strategy Architect at Esri focusing on emerging technologies and trends, such as open source, social media, and cloud computing, to name a few. For questions or comments, contact her at vkouyoumjian@esri.com and follow her on Twitter @VKouyoumjian.

1 http://news.zdnet.co.uk/security/0,1000000189,39290616,00.htm
2 http://privacy.org/archives/2009_03.html
3 http://www.techcrunch.com/2009/03/07/huge-google-privacy-blunder-shares-your-docs-without-permission/