Windows Azure SQL Database Marketplace
Jared Wray is the CTO and architect of the Tier 3’s Enterprise Cloud Platform. Wray founded Tier 3 in 2006 to address the emerging need for enterprise on-demand services. Wray oversees the company’s development, support and operations teams and is responsible for the company’s intellectual property strategy and new product development. A serial entrepreneur, Wray previously founded Dual, an interactive development firm with clients such as Microsoft and Nintendo..
In this interview we cover:
ROBERT DUFFNER: Jared, please take a minute to introduce yourself and Tier 3.
JARED WRAY: I'm Jared Wray and I'm the CTO and a founder for Tier 3. Tier 3 has been around for the last six years. It is an enterprise cloud platform company that focuses on the mid-tier to enterprise, with the emphasis of moving back-office, production, mission-critical apps to the cloud in a very secure, compliant manner and with key features enterprises need like performance optimization and high availability -- stuff that really isn't there right now in other cloud products in the market.
Before Tier 3, my background was in architecting and managing large Web-scale computing environments for companies here in the Seattle area, focusing on the enterprise. I've worked three out of the four Gates’ companies including Microsoft on Microsoft.com and Corbis Corporation, where I ran their large Web environment, and Ascentium. I also founded a company called Dual, which was an interactive agency that focused on Flash when it started becoming hot. Some of our customers were Sony, Microsoft, and Nintendo.
ROBERT DUFFNER: Okay, so you recently wrote in your blog, Can You Build Profitable Public Clouds out of Enterprise Technology? , where you questioned Douglas Gourlay's main points on what it takes to build profitable clouds. Can you please expand your thoughts on that question?
JARED WRAY: While Gourlay made some interesting points, the article missed on two main areas of focus for building a profitable pubic cloud: Who you're going to be focusing on - what your market is, and how you build it -- how you architect it and how you scale it.
One of the things that Gourlay doesn't focus on at all is who the market is. Today most public clouds serve the developer -- or what we would call QA lab environment. These are low-cap cost focused. That audience doesn't care about uptime, they don't care about SLAs; they only care about getting the cheapest computing resources they can. And with that market the cloud provider can play the open source game with a lot of commodity or white label boxes trying to drive that infrastructure price down to zero. Since those customers are just looking to offload workloads that are not mission critical and doesn't need high performance, that approach is fine.
But let’s contrast that with when the market is enterprise. That market that needs high service-level agreements with guaranteed up time. These guys can't have three to four days’ worth of downtime as it would simply kill their business. With that type of market, the cloud provider needs to consider what that market requires and what the total architecture is. That's where you start bringing in enterprise-grade gear to do an enterprise-grade job.
So then two points to consider in serving these markets when looking at how you build it – the cost model and the architecture. If you're thinking about going open source, it is important to know the cost model tradeoffs. A lot of companies don't realize that when they're buying an appliance or licensed software, you're buying IP someone else has created it for them. That’s the trade off with open source. If you build a public cloud all on open source, you have to have that expertise in house. So you're going to pay for it one way – via IP given it to you at a licensed rate - or another – via expert manpower on staff. And that cost model is one thing that's really confusing for a lot of people.
On the architecture side it’s the same thing. Providers have to figure out what to do architecture-wise to expand and scale. Offer an open source-type quality service or something that's being white labeled with low-end cost efficiencies and lower SLAs or provide secure, mission critical environment for customers who care about the SLA? Most public loud providers these days don't play a very good SLA game, they really play it like a hosting company where they think “hey, we'll just plan on it going down and we'll just credit people back”. Providing a secure, mission critical environment for customers care about those SLA takes enterprise gear. You have to have an enterprise backbone, so you have to use one of the top three switch providers in the world, you have to build your backbone off of that, so you have to have an enterprise-grade storage platform. And so on.
Gourlay says for dev/qa the only way to build is open source and white-label boxes, that's the only way to scale. And my opinion is, yeah, that's not really the case for all cloud providers, and it won't be the case long term for most providers because the market is shifting now to the enterprise. Now the big enterprises are looking to use the cloud, which wasn't the case before and drastically changes the landscape of requirements.
ROBERT DUFFNER: Jay Heiser from Garter recently wrote in a blog post entitled, How long does it take to reboot a cloud?, where he talks about the relative ability of any cloud service provider to recover your data and restore your services. Heiser cites that it took Google 4 days to restore 0.02% of the users of a single service and it took Amazon 4 days to recover from a limited outage, and they were never able to get all the data back. How do you architect for data backup and disaster recovery?
JARED WRAY: The pretty amazing thing to think about is the data expansion. Even at Tier 3 we're-doubling our storage every single year. And that's becoming a common trend for a lot of companies. Storage expansion is growing so fast that you many providers can’t keep up with how to retain it or even maintain it overall.
Storage architecture failure happened with another cloud computing company recently also. Why? Because they built their own storage platform. They didn't go with a trusted enterprise grade storage product that's been around for ten years. They built it in house with their own devs so it's essentially on version one. Even though AWS has been around for quite a long time, this storage platform is theirs, it's internal, it's never had whole bunch of different customers poking at it and finding the bugs. That means that they have to have all the risk on their side.
Google also recently had a storage failure and lost email from their gmail service – again a custom storage architecture which they maintain internally. But, the best thing Google ever did was go to tape backups because that is how they restored all that data.
With that said, these companies have the resources to really invest in this approach and they will work to get it right. But I have a very hard time thinking they will not have more bumps along the way.
As an enterprise cloud provider, we have to think outside the box: instead of thinking about how are we going to reduce the data, we think about how are we going to have a recovery time that's optimal for everybody and also how are we going to maintain the storage in a realistic way, keeping it simplified. We asked ourselves early on, “Why are we building our own storage architecture and platform?” We knew we are about the storage management and how we manage that storage overall. So we still use enterprise hardware and leverage storage vendors who provide enterprise quality backup. We know that what they're providing is tried and true.
With data expansion growing and outpacing many of the technologies out there, many cloud providers really need to invest in a solid storage management approach and architecture. They need to quit thinking that data reduction is the key and just start to look at how to enable large data management.
ROBERT DUFFNER: Let’s talk about cloud computing for small and medium businesses. Clearly, software-as-a-service is a no-brainer, but what about infrastructure-as-a-service or even platform-as-a-service? When is it the right time to go to the cloud?
JARED WRAY: With the emergence of enterprise grade public clouds, small businesses have some critical thinking to do about how they manage their IT environments. Do they want to pay for the overall expertise of running a big back-end environment or can they move to a cloud to manage it and have that help and expertise built in? If they already have IT management services on site, they are paying a lot for very expensive engineers to just maintain their systems -- and those guys don’t have time to really focus on the core business. Most of the time, however, these small business don't really have the overall expertise of running a big environment, only enough to manage what they need -- mail services, file services, things like that. So the big opportunity right now is for those guys to move to the cloud and maintain it and get that extra expertise.
The greatest thing about the enterprise-grade public cloud is that it's taking enterprise-level services and slicing off a piece for everybody else -- these small to medium businesses are getting a little slice of enterprise grade heaven. They’re getting access to the type of enterprise environment they simply couldn’t build: the reliability is going to be there, the up time is going to be there, and the support is going to be there. The other side that's really great for these small companies is the management aspect. Many of these companies, they have extra staff right now doing backups, SAN administration, support on services that really have become commodity by moving to the cloud. By eliminating that, these teams now that are running at 200 percent can run at 100 percent and really focus on the application level and the software that runs the company. And that's going to be a huge relief for the IT team to offload so much of the infrastructure that really isn’t core to the business.
The most important thing for the IT team at that small company is to pick the right enterprise cloud provider. They can't just look for the cheapest price. These people need to move their back office, and that's the keys to the castle, it's everything that they have. And so what we've seen over the lifespan of our company in these cloud provider decisions, price is always a big point, but the deciding factor is the reliability of the system. We've seen multiple cloud providers in the past couple months have huge outages, three to four days, and then they've completely lost data. That is just not acceptable for a small company. That could put these companies out of business completely. Companies need to evaluate that risk and find a provider that's going to be able to give them the up time and support that they need. And even the recovery time, how do you recover from something like that?
I honestly think in the next two to three years we're going to see a large majority of small businesses just moving to the cloud because they can actually move everything, have it completely secure and maintainable. But the big thing is, find the right provider, find the right solution, and make sure that that risk is being evaluated. It's not really price, it's the risk that's being associated with it.
ROBERT DUFFNER: You know, so one of my favorite questions I ask on this Thought Leaders blog is on the subject of infrastructure, platform, and software-as-a-service (SaaS). This has definitely served as a good industry taxonomy for cloud computing. However, do you see these distinctions blurring? It sure does seem that way based on what's happening in the market with Amazon's Beanstalk, Salesforce.com’s push into platform-as-a-service, and Windows Azure offering more infrastructure-as-a-service capabilities.
JARED WRAY: Yeah, I completely agree. The analysts have tried to label all the cloud providers in this rigid service matrix where one company is just infrastructure. The discussion should really be what service they're offering and how does that affect the customer. With most cloud providers when they start becoming more and more successful, they have to blend. They can't really offer just infrastructure as a service and maintain it long-term because the technology is going to roadmap itself up into the application layer. It's going to start blending beyond what we're thinking now. Even software as a service need partners who are doing infrastructure as a service and platform as a service, all combined into one thing to make that software as a service more functional.
So when you think about going up the stack, those lines going to blur really quickly. At Tier 3 we are actually the perfect hybrid: we literally offer a platform-as-a-service type functionality, and yet it's still infrastructure as a service when you think about it in a holistic way. We're still offering CPU, memory, storage, but we're offering intelligence and bundling of those services into a single enterprise platform. And that's really where the key of platform-as-a-service is going to be.
I honestly think infrastructure-as-a-service and platform-as-a-service is going to merge together. The only time you're going to see pure platform-as-a-service is when it's vertical based -- one programming language or maybe a couple of languages. Long term these services will be taken over by cloud providers that are running up the application stack and will be able to support much more.
ROBERT DUFFNER: James Staten of Forrester Research recently wrote a great blog post entitled: Getting Private Cloud Right Takes Unconventional Thinking, where he addresses the confusion amongst enterprise IT professionals between infrastructure-as-a-service, private clouds, and server virtualization environments. He basically states that few enterprises, about 6 percent, operate at the level of sophistication required to getting a private cloud right. Do you have any thoughts on this, and can you expand more on what you're seeing in the market?
JARED WRAY: I would actually completely agree with him on that front. One of the things we've noticed is for those customers are running any private-cloud-type system using industry hypervisors, it is unbelievably hard to maintain, even if they have the expertise in house. It is extremely hard to get keep IT staff up to date, being able to maintain the cloud, being able to handle the system as a big resource engine instead of just a couple applications that you're running in your environment.
The real change with private cloud is in the IT support model. Before every single app had its own dedicated servers and IT supports the server and the applications. With cloud IT supports a pool of resources. That's a huge shift with big ramifications. Instead of knowing what's going on, they have to give any user in their environment control – they have to go to some business owner and say, okay, have your developers use this resource and you can do whatever you want. That's really a painful common scenario because now in this private cloud, they have to figure out how to make that resource pool very flexible. The only way they could do that in house is spend a lot of cap-ex to have extra resources available for when that business unit doesn't calculate or forecast correctly so they can handle that excess load. Or when the business unit takes off, they start using all the system, and suddenly they start affecting everybody in the environment because now they're running hotter than the entire environment can handle. Not ideal and a common private cloud scenario.
The other scenario we're seeing when companies turn to infrastructure-as-a-service. When a company decides not to build their own private cloud because it is too hard or costly and then turn to infrastructure-as-a-service, they're having a completely different set of challenges. While they can enable business owners to tap into whatever IaaS service they want, IT is not control of the environment those apps land on -- they can't control it, they don't know what's going on, and suddenly they have compliance or business continuity problems, without even simpler backups. Tons of resources, huge cowboy-ish environment! Think about the ramifications for this and the company. Who is in charge of security reviews, compliance, backups, or even patch management? They're not the castle anymore and they don’t have the expertise or experience to handle those IT requirements.
The single biggest challenge that we've seen in our company with customers coming on is how they control the ramp up of cloud services and enablement for the business. It's basically releasing the valve for most of these companies. We'll have companies come on and literally double their infrastructure within 30 days, and that's just amazing! But there is also the other side where these companies need to think outside of the box on how to keep the processes in place for compliance, security, and even overall application structure.
ROBERT DUFFNER: In another blog post you wrote, What You Think You Need vs. What You Really Need, you talk about how cloud computing changing the way people think about their IT infrastructure. Please expand on that.
JARED WRAY: This gets back to the old school way of doing planning for infrastructure - thinking back five to ten years - and some companies still do it this way today. When you're dealing with physical infrastructure, the average IT guy always does the same thing, which is they talk to the business owner, the business owner says “this is going to be huge, this project is going to grow beyond what you can even imagine, it's going to be massive! ” And so the IT infrastructure guy in charge of planning is thinking “how is it going to run on our infrastructure and what type of hardware does this new product/feature need to be able to support that type of scale?” So they create a plan over three to five year cycles of hardware: what to start out with and what hardware to run this application for the next three to five years with the new expected growth pattern that was explained. It's a lot of guesswork, and really just not an easy way to handle scale with statistics showing over 70% of projects fail or do not meet expectation. That is a major capital risk the business is taking on.
Most of these companies, even going to the cloud, we've seen the same thing: They're trying to plan for three years, even though flexibility is completely inherent and they can just grow on the fly. That's really a big benefit. When companies come to us to quote an environment for cloud they often start with a baseline of the hardware that they have now. This infrastructure has been planned for three years on a guesstimate and is usually over provisioned on most systems. Being in the infrastructure for 15 years, I have probably 15% percent of the time been right in guessing what the infrastructure is going to be required to run the application over the next three years. It's literally impossible. Business has become so agile that you have no idea in the next three years what you're going to need for infrastructure. Our job is to help them think about this in a new way – what they need vs. what they think they need.
ROBERT DUFFNER: Building apps from scratch for the cloud is definitely easier than migrating existing apps to the cloud. Should enterprises be migrating mission-critical apps to the public cloud?
JARED WRAY: Mission-critical apps can easily move to an enterprise cloud provider. What matters is who the provider is and how they set it up. Most cloud providers have focused on developers or getting that easy project live. But, companies like us, Tier 3, we do full migrations of mission critical production apps right into the cloud. It is literally like it's just an extended network for our IT customers and most of their customers don't even realize that they're now running in the cloud.
Most modern applications are very good at migrating to cloud environments now, especially in the back office. Microsoft's done an amazing job with that and the right enterprise cloud enables it to be easy to migrate. Most of our customers we see are fully migrated within 60 days to the cloud.
ROBERT DUFFNER: From what I've been seen as I talk to our enterprise customers is that the hybrid cloud is really going to be the way enterprises adopt the cloud, in other words, the ability to federate internal and external resources. It sounds great, but how do you make this work?
JARED WRAY: I think hybrid is going to be the biggest approach, especially for the big corporations. They already have internal infrastructure, most of them are starting to build their own private clouds or already have a private cloud that they're managing internally. You've have to realize, with big corporations, that data secure is paramount, so trusting a third-party provider, that's going to take a while, and the cloud's still young. If we're in a baseball game, and social media was in, the eighth inning, cloud right now is probably in the second inning, and a lot of things are still happening. Providers like Tier 3, Microsoft, and AWS are on the same page where we have to address and prove that the cloud is going to be more reliable, have better security, and be a better solution overall for their company.
But when you go to hybrid, it's nice because you're putting a toe in the water, which is good for them. All they have to do is put a toe in the water, they hook up a provider that they trust. They can have all the security checks, and compliance items addressed with the provider and then they can use the provider to offload resources that are lower risk and help the company at the same time.
It's the same thing like we talked about before about what you think you need versus what you really need, right? Most companies are building for excess of three years, so they're at least 30 percent over-provisioned all the time.
When you add a cloud provider, big projects that ramp up and ramp down, you can use those cloud providers for those resources so you're not taking the cap-ex burn on your side. This is a huge consideration for these companies if you think about the total cost of purchasing hardware, putting it into the lab. With the cloud you use the resources and then a year later, it's all gone and there is no waste. The project's done, it's now moved to production. That gear, most of the time probably half of it only gets reused, so it's a complete waste. Whereas if they have a good cloud provider and they're running a hybrid-type solution where the company’s network is extended to the cloud provider in a secure manner, they can use these resources, be enabled, IT is not the bottleneck, and now they can get everything up and running and even stuff that's non-mission-critical or some things that they don't want to manage anymore can be put in that hybrid environment and really put that toe in the water and eventually put the whole foot in.
I honestly think that hybrid is basically the two- to three-year stepping stone for companies. You're going to see a lot of corporations just saying, we're going to get out of the cap-ex game, we don't need to be into it anymore.
ROBERT DUFFNER: Late last year Ray Wang wrote in Forbes his predictions in 2011 for cloud computing. One of his predictions stated that development-as-a-service (DaaS), or the creation layer will be the primary way in which advanced customers will shift custom app development to the cloud. What are your thoughts on this?
JARED WRAY: I agree with him that custom app development is going to shift to the cloud and that's going to be the primary approach moving forward, just because it's the easiest, fastest way of doing things. If you think about development teams, one of the big bottlenecks they have is how do we to build and spin up an environment for this project and then take it down whenever we want?
What's interesting about this is when you think about development as a whole, everybody in the cloud is really focusing on what's the future. How are we going to get custom app development or even development as a service really moving forward? The problem with that is that 80 percent of the applications in the world are all in the back office, and everybody's forgotten about those. If you think about when Windows came out it was a mainframe world. Everything was owned by mainframes, and now it's taken, you know, 20 to 30 years for us to even get to the point where it's all client-server, right? We still have some mainframes around; big banks still use them, things like that. And it's taken 20 to 30 years.
So let's just say at the fast pace that we're going now, it takes 10 to 15 years. All those custom apps that are behind the firewall in these corporations, they're not going to be on a new development platform. They're going to still be around. So as cloud providers we need to figure out how to move those into the environment. You know, that's one of the things that we specialize at Tier 3. We literally take those custom apps that are behind the firewall -- that 80 percent that everybody still is using -- and move them into the enterprise cloud. Another big focus point is how we maintain them better in the cloud than internal infrastructure? That's going to be what everybody needs to focus on in the next ten years. Yeah, custom apps going to be huge, and it's going to be huge for the future, but remember development cycle -- the development cycle is one thing, right, releasing a product, but then getting all your customers to upgrade, that's a two- to five-year plan, at least.
Of course, engineering for the future, that's what we're supposed to be doing, but also how do we maintain the past and be able to migrate them into the cloud and get all the features and the things that they want right now?
ROBERT DUFFNER: In your recent article on TechRepublic, 10 things software vendors should consider when going SaaS, you talk about the need for independent software vendors (ISVs) to make architectural and platform decisions to ensure they deliver the best customer experience. Can you highlight some of the important considerations?
JARED WRAY: I'll focus on two main ones that we've seen over time that really pop up.
First is what are they trying to achieve for their own customers and their business model. Are customers asking for a “SaaS” model? Are they saying “I don't want to manage the software anymore”? They could also be saying “You guys are the experts, you know what's going on, you know the patches, and we want you to maintain it”. This is all about the service contract staying with the ISV instead of the customer. This is really a big services play.
First let’s deal with the moving the software to a service. ISVs have written this program, they've probably had it around for five to ten years, and they have a good installed base. Moving that installed base is very hard. It starts with changing their software to a multi-tenant architecture model where multiple customers can now use the same software platform. This is very hard and sometimes impossible. It's a lot of development, a lot of scoping of the application and figuring out what you can salvage in the current code base. It requires evolving from an architecture where every customer gets their own install to one where every customer connects to one big platform and it takes care of all the customer. That's a big, multi-tenancy architecture and it is hard – it could be two to three years of rewriting code.
So what we're talking about with a lot of our customers is what they are trying to achieve -- multi-tenancy and security. Our answer is for ISVs to give every single customer their own instantiation and use the cloud to do the multi-tenancy of that software layer with the scale and flexibility the cloud is known for. They have their customers connect privately over a secured VPN or a direct connection and be able to access that software that they would run locally in the cloud just like an extended network. They don't have to worry about it, and the main focus with this is how do they maintain support? ISVs need to be able to spin up the environment, have it online without rewriting the software, but really engage on a service level with their customer. This monthly service arrangement gives a recurring model that all ISV’s would love to have.
The second thing that they always have to consider is really how are they going to handle security long-term? It's great to build software that can handle multiple different customers at the same time, but remember one thing: If you are going from a model where you're installing that software down in their office or even data center, that's a secure model for them, it's on-premises, they're dealing with their own security, and sometimes that private information is too great to even think about going into a multi-tenant environment where it's an entire platform. Think about places who are doing credit card processing or online-type capabilities or they're keeping customer records, even though your software could go into a multi-tenancy architecture, most of the time you're going to want to have physical security splitting every single customer up.
So sometimes that architecture can work for you where you could go and do the Salesforce model where everybody's connecting and all that data is now in a big database somewhere, but it's basically split by customer. That's a big security concern that you have to realize. You will also have to consider how you are going to have your customers connect? If you're dealing with big corporations, they're not going to like the approach where it's public on the Internet. They're going to want a private VPN or a direct connection to just the servers that are dedicated to that customer.
Cloud companies like us at Tier 3 who have built-in ways of doing multi-tenancy really easily and spinning up environments on the fly can gives you this kind of approach - and with not as much development involvement as you would building an entire new platform for SaaS.
ROBERT DUFFNER: Jared, that's all the prepared questions that I had. Did you have any closing thoughts before we wrap up?
JARED WRAY: The cloud is ready for the enterprise as long as you find the right provider and really think about the entire solution. What you're seeing now in the market is that development have adopted cloud, and there have been a couple bumps in the road, but they're still adopting it at a pretty fast rate.
The real key is when we're going to see the big companies really start adopting cloud through a hybrid solution like we've talked about or even how we are going to have the small to medium businesses start adopting it at a very fast rate. The security is there in an enterprise cloud, the maintenance is there, and what we can do in the cloud is better than what can be done onsite.
ROBERT DUFFNER: Jared this is great. I appreciate your time.
JARED WRAY: Yes, thank you.