Windows Azure SQL Database Marketplace
Roger Jennings is the owner of OakLeaf Systems, a software consulting firm in northern California. He is also a prolific blogger and author, including a book on Windows Azure. Roger is a graduate of the University of California, Berkeley.
In this interview we discuss:
Robert Duffner: Roger, tell us a little bit about yourself and your experience with cloud computing and development.
Roger Jennings: I've been consulting and writing articles, books, and what have you about databases for about the past 15 years. I was involved with Azure from the time it started as an alpha product a couple of years ago, before the first PDC 2008 presentation.
I wrote a book for Wrox called Cloud Computing with the Windows Azure Platform, which we got out in time for the 2009 PDC meeting.
Robert: You've seen a lot of technology come and go. What was it about Windows Azure that got your attention and made it something that you really wanted to stay on top of?
Roger: My work with Visual Studio made the concept of platform-as-a-service interesting to me. I had taken a look at Amazon web services; I had done some evaluations and simple test operations. I wasn't overwhelmed with AWS Simple DB because of its rather amorphous design characteristics, lack of schema, and so on, which was one of the reasons I wasn't very happy with Windows Azure's SQL Data Services (SDS) or SQL Server Data Services (SSDS), both of which were Entity-Attribute-Value (EAV) tables grafted to a modified version of SQL Server 2008.
I was one of those that were agitating in late 2008 for what ultimately became SQL Azure. And changing from SDS to SQL Azure was probably one of the best decisions the Windows Azure team ever made.
Robert: Well, clearly you're very well steeped in the cloud, but probably the majority of developers haven't worked hands-on with the cloud platform. So when you're talking about cloud development, what do you say that helps people have that "Aha!" moment where the light bulb turns on? How do you help people get that understanding?
Roger: The best way for people to understand the process is that, when I'm consulting with somebody on cloud computing, I'll do an actual port of a simple application to my cloud account. The simplicity of migrating an application to Windows Azure is what usually sells them.
Another useful approach is to show people how easily they can move between on-premises SQL Server and SQL Azure in the cloud. The effort typically consists mainly of just changing a connection string, and that simplicity really turns them on.
I do a lot of consulting for very large companies who are still using Access databases, and one of the things they like the feel of is migrating to SQL Azure instead of SQL Server as the back end to Access front ends.
Robert: It's one thing to move an application to the cloud, but it's another thing to architect an application for the cloud. How do you think that transition's going to occur?
Roger: I don't see a great deal of difference, in terms of a cloud-based architecture as discrete from a conventional, say, MVC or MVVM architecture. I don't think that the majority of apps being moved to the cloud are being moved because they need 50, 100 or more instances on order.
I think most of them will be moderate-sized applications that IT people do not want to maintain -- either the databases or the app infrastructure.
Robert: That's a good point, even though an awful lot of the industry buzz about the cloud is around the idea of scale-out.
Roger: I'm finding that my larger clients are business managers who are particularly interested in cloud for small, departmental apps. They don't want to have departmental DBAs, for example, nor do they want to write a multi-volume justification document for offshoring the project. They just want to get these things up and running in a reliable way without having to worry about maintaining them.
They can accomplish that by putting the SQL Azure back end up and connecting an Azure, SharePoint or Access front end to it, or else they can put a C# or VB Windows app on the front of SQL Azure.
Robert: According to the Gartner Hype Cycle, technologies go through inflated expectations, then disillusionment, and then finally enlightenment and productivity. They have described cloud computing as having already gone over the peak of inflated expectations, and they say it's currently plummeting to the trough of disillusionment.
Roger: I don't see it plummeting. If you take a look at where the two cloud dots are on the Gartner Hype Cycle, they're just over the cusp of the curve, just on the way down. I don't think there's going to be a trough of disillusionment of any magnitude for the cloud in general.
I think it's probably just going to simply maintain its current momentum. It's not going to get a heck of a lot more momentum in terms of the acceleration of acceptance, but I think it's going to have pretty consistent growth year over year.
The numbers I have seen suggest 35 percent growth, and something like compounded growth at an annual rate in the 30 to 40 percent range does not indicate to me running down into the trough of disillusionment. [laughs]
Robert: So how have Azure and cloud computing changed the conversations you have with your customers about consulting and development?
Roger: They haven't changed those conversations significantly, as far as development is concerned. In terms of consulting, most customers want recommendations as to what cloud they should use. I don't really get into that, because I'm prejudiced toward Azure, and I'm not really able to give them an unbiased opinion.
I'm really a Microsoft consultant. The Access book, for instance, has sold about a million copies overall in English, so that shows a lot of interest. Most of what I do in my consulting practice with these folks is make recommendations for basic design principles, and to some extent architecture, but very often just the nitty-gritty of getting the apps they've written up into the cloud.
Robert: There was a recent article, I think back in September in "Network World," titled "When Data Compliance and Cloud Computing Collide." The author, a CIO named Bernard Golden, notes that the current laws haven't kept up with cloud computing.
Specifically, if a company stores data in the cloud, the company is still liable for the data, even though the cloud provider completely controls it. What are your thoughts on those issues?
Roger: Well, I've been running a campaign on that issue with the SQL Azure guys to get transparent data encryption (TDE) features implemented. The biggest problem is, of course, the ability of a cloud provider's employees to snoop the data, which presents a serious compliance issue for some clients.
The people I'm dealing with are not even thinking about putting anything that is subject to HIPAA or PCI requirements in a public cloud computing environment until TDE is proven by SQL Azure. Shared secret security for symmetrical encryption of Azure tables and blobs is another issue that must be resolved.
Robert: The article says that SaaS providers should likely have to bear more of the compliance load that cloud providers provide, because SaaS operates in a specific vertical with specific regulatory requirements, whereas a service like Azure, Amazon, or even Google can't know the specific regulations that may govern every possible user. What are your thoughts on that?
Roger: I would say that the only well-known requirements are HIPAA and PCI. You can't physically inspect the servers that store specific users' data, so PCI audit compliance is an issue. These things are going to need to be worked out.
I don't foresee substantial movement of that type of data to the cloud immediately. The type of data that I have seen being moved up there is basically departmental or divisional sales and BI data. Presumably, if somebody worked at it hard enough, they could intercept it. But it would require some very specific expertise to be an effective snooper of that data.
Robert: In your book, you start off by talking about some of the advantages of the cloud, such as the ability for a startup to greatly reduce the time and cost of launching a product. Do you think that services like Azure lower the barrier to entrepreneurship and invention?
Roger: Definitely for entrepreneurship, although not necessarily for invention. It eliminates that terrible hit you take from buying conventional data center-grade hardware, and it also dramatically reduces the cost of IT management of those assets. You don't want to spend your seed capital on hardware; you need to spend it on employees.
Robert: You've probably seen an IT disaster or two. Just recently there was a story where a cloud failure was blamed for disrupting travel for 50,000 Virgin Blue airline customers.
Roger: I've read that it was a problem with data replication on a noSQL database.
Robert: What are some things you recommend that organizations should keep in mind as they develop for the cloud, to ensure that their applications are available and resilient?
Roger: Automated testing is a key, because the cloud is obviously going to be good for load testing and automated functional testing. I'm currently in the midst of a series of blog posts about Windows Azure load testing and diagnostics.
Robert: What do you see as the biggest barriers to the adoption of cloud computing?
Roger: Data privacy concerns. Organizations want their employees to have physical possession of the source data. Now, if they could encrypt it, if they could do transparent data encryption, for instance, they would use it, because people seem to have faith in that technology, even though not a lot of people are using it. Cloud computing can eliminate, or at least reduce, the substantial percentage of privacy breaches resulting from lost or stolen laptops, as well as employee misappropriation.
Robert: That's all of the questions I had for you, but are there some interesting things you're working on or thinking about that we haven't discussed?
Roger: I've been wrapped up in finishing an Access 2010 book for the past three to four months, so other than writing this blog and trying to keep up with what's going on in the business, I haven't really had a lot of chance to work with Azure recently as much as I'd like. But my real long-term interest is the synergy between mobile devices and the cloud, and particularly Windows Phone 7 and Azure.
I'm going to be concentrating my effort and attention for at least the next six months on getting up to speed on mobile development, at least far enough that I can provide guidance with regard to mobile interactions with Azure.
Robert: People think a lot about cloud in terms of the opportunity for the data center. You mentioned moving a lot of the departmental applications to the cloud as kind of the low hanging fruit, but you also talked about Windows Phone. Unpack that for us a little bit, because I think that's a use case that you don't hear the pundits talking about all the time.
Roger: IBM has been the one really promoting this, and they've got a study out saying that within five years, I think it's sixty percent of all development expenditures will be for cloud-to-mobile operations. And it looked to me as if they had done their homework on that survey.
Robert: There are a lot of people using Google App Engine as kind of a back-end for iPhone apps and things like that. It seems like people think a lot about websites and these department-level apps running in the cloud. Whether it's for consumers or corporate users, though, they are all trying to get access to data through these devices that people carry around in their pockets. Is that the opportunity that you're seeing?
Roger: Yes; I think that's a key opportunity but it's for all IaaS and Paas providers, not just Google. A Spanish developer said "Goodbye Google App Engine" in a November 22, 2010 blog post about his problems with the service that received 89,000 visits and more than 120 comments in a single day.
Robert: Well, I want to thank you for taking the time to talk today.
Roger: It was my pleasure.