1 COMING TO (YOUR) TERMS WITH PLATFORM-AS-A- SERVICE (PAAS) BY MICHAEL BENEDICT Platform-as-a-Service (PaaS), which provides a complete development platform and solution stack in the cloud, is gaining widespread acceptance as a way to deploy packaged software or build new applications without the overhead of a development environment. Enterprise adoption of PaaS is growing, as is PaaS use by ISVs who want to create client-facing software offerings without having to invest in platform infrastructure. PaaS does offer many advantages, including speed, costeffectiveness and simplicity. As use of PaaS increases, a growing body of best practices has grown to guide IT departments, as well as the very important group of non-it users, in the optimal adoption of PaaS. This paper explores some of the practices most relevant to achieving success with PaaS, focusing on ways to identify how PaaS can be best utilized within the specifics of a given organization s overall IT needs. Practices include understanding scalability and infrastructure aspects of PaaS deployment, the need for coding wisdom in otherwise codeless environments, integration with on-premise systems and other cloud-based IT assets, security and more.
2 2 TABLE OF CONTENTS Introduction The Current State of PaaS Two Dominant Modes of PaaS Benefits of PaaS Challenges Faced with PaaS Scale and Availability Rapid Release Cycles Security and Compliance Integration with Other Systems Achieving Success with PaaS Setting Up Practices and Procedures for Rapid Software Releases Planning for Scalability Understanding Your Platform s Limitations Aligining the PaaS Application with Security Policy Following Corporate ITs Lead on PaaS Integration Conclusion About the Author
3 3 INTRODUCTION There s an old saying in business, mostly uttered by people who are nervous about change, which is that some proposed initiative will be like, changing a tire while the car is moving. Unfortunately, every business change ever contemplated is like changing a tire while the car is moving. The car is always moving, or at least it should be. If it s not, the company is going under. New IT paradigms present this type of challenge, the newest one being the evolving cloud computing technology known as Platformas-a-Service, or PaaS. You may already know what PaaS is, but to summarize, PaaS makes a complete software platform including infrastructure, application servers, development tools, databases and storage available over the Internet. It s one of the revolutions arising from the IT field s broader move to cloud computing. While Infrastructure-as-a- Service (IaaS) makes the foundation of cloud-computing available to those who know how to build their own platforms, PaaS delivers complex and highly laborintensive middleware technology patterns available as a service. Typically, PaaS allows self-service and selfprovisioning of resources to support cloud architectures. Through a browser, you can switch on a fully-configured cloud platform without having to worry about standing up hardware or installing software. PaaS scales elastically. There s a sort of everlasting gobstopper effect. Whatever platform resource you need, there s no practical limit to what you can get on demand, and pay for, as you require. The real question is what can, or should, you do with PaaS? Answering that question about PaaS cracks open two big issues facing IT professionals today. For one thing, the definition of PaaS has changed frequently over the past year as companies develop PaaS solutions For instance, PaaS is blending with IaaS. It s also evolving into new flavors, such as integration PaaS (ipaas), which offers a complete application integration capability in the cloud; business process management PaaS (bpmpaas) which makes possible business process execution in the cloud; and application PaaS (apaas), which gives developers the ability to fast-track application development. Then, there is the matter of users. Who will use PaaS in your organization, and for what purposes? Ready or not, PaaS opens up enterprise computing to a variety of new user groups. These include power-users outside the IT department who may want to create their own applications on the fly or even, as the IDC analyst Al Hilwa would put it, Citizen Developers who embrace PaaS to build programs you won t even know about. These two issues are at the heart of this paper. The intent here is to help you come to terms your terms with PaaS in your organization. PaaS can serve your specific business goals. As an ever-changing, new-user-friendly technology, PaaS is the ultimate tire to be changed on a fast moving car. This paper takes a look at several recommended practices that will help you make the best use of PaaS in your organization. THE CURRENT STATE OF PAAS The IT world is well out of the starting blocks with PaaS. Technavio, the research firm, projects that the global PaaS market will top $6 billion by The growth rate is projected to be over 48% per year for the next four years. 1 Gartner valued the worldwide PaaS market at $1.2 billion in 2012, up from $900 million in Though this may seem small considering that the global market for all hosted services, including SaaS, was $109 billion in Still, considering that it s a new technology, the size of the market and the projected growth rate speak to the potential of PaaS as a driver of business value. THE TWO DOMINANT MODES OF PAAS TODAY The constant evolution of PaaS notwithstanding, the consensus is that there are two dominant modes of PaaS now in use: Model-driven PaaS involves higher-level programming languages, or even template-based software building programs that enable users with little coding experience to create business applications. 3 Deployment PaaS is newer. It refers to platforms in the cloud that can host applications that were created with standard programming languages such as Java or PHP. The assumption is that the development is being done off of the PaaS solution on integrated development environments (IDEs) such as Eclipse. 4 This may sound a lot like IaaS, but it s different. With deployment PaaS, the developer does not have to worry about architecting, managing, or scaling the virtual machines that underlie the application. 1 Technavio, Global Platform-as-a-Service Market , April 3, Nancy Gohring, Platform as a service heats up, ComputerWorld, July 8, Al Hilwa, Analyst Watch: The Evolving State of PaaS, San Diego Times, October 1, Al Hilwa, Analyst Watch: The Evolving State of PaaS, San Diego Times, October 1, 2013
4 4 BENEFITS OF PAAS PaaS confers several business and IT management benefits. Though it s not a silver bullet, PaaS can be a huge source of advantage for certain types of in-house corporate projects and ISV commercial products. Organizations that write their own software can delegate infrastructure and platform management to specialists while concentrating on their core competency of developing applications. PaaS can facilitate cuts in IT overhead and capital expense by eliminating the conventional processes of acquiring and installing physical hardware, establishing or renting data center facilities, setting up servers, configuring, patching, maintaining, and so on. For early-stage companies, being able to operate on a lean basis can be an essential element of business viability. HIGH Level of PaaS software development automation LOW LOW Line of Business Users w/ Model-Driven PaaS Line of Business Users w/ Deployment PaaS IT Pro Users w/ Model-Driven PaaS IT Pro Users w/ Deployment PaaS Level of users technical sophistication HIGH CHALLENGES YOU FACE WITH PAAS Like all new technologies, PaaS brings challenges along with its many benefits. Getting to PaaS success requires understanding what can get in the way of its fullest realization. Some PaaS challenges are organizational. Others are technical in nature. None are fatal. PaaS challenges do not exist in a vacuum. They exist in your specific organizational setting. Depending on your potential PaaS users and choice of PaaS technology, you will face different versions of the major PaaS challenges. Figure 1 provides a perspective. While there is obviously a continuum of users technical sophistication and platform automation, the four groupings in the figure can be instructive. For instance, Line-of-Business (LOB) users may find themselves using either a model-based PaaS or a deployment PaaS, depending on which technology is available in the organization. LOB users can take advantage of each platform choice in different ways. With model-based PaaS, the LOB users might be able to build and launch their own application without much IT department involvement. With deployment PaaS they will need professional developers to build an app for them. What is your PaaS use case, or use cases? The way that you envision PaaS being used will inform how you deal with PaaS challenges. It s possible that you don t know all of your potential PaaS use cases, and that s okay. In fact, the adaptability of PaaS is one of its strengths. There will be uses that people in your organization will invent for PaaS that might not have occurred to you. The trick is to think through how PaaS might fit with your existing IT Figure 1 PaaS usage scenarios based on levels of user sophistication and software automation. landscape and be prepared to handle potentially difficult PaaS use cases as they arise. SCALE AND AVAILABILITY Availability should be addressed early with PaaS, especially if you ve built an application that can go viral. The asa-service trend is part of the broader cloud computing and mobile device revolutions. You have to think through the implications of the new world of IT as you adopt PaaS. Application load levels can be difficult to predict, both for your application and others that are hosted at the PaaS provider. With social media and mobile apps, your PaaS creation could be hit with requests from a huge crowd of new users overnight. That could be an amazing thing or it could cause outages and all kinds of disruptions. You must ensure that your PaaS solution can scale easily in response to demand. If your PaaS application is integrated with back-end systems behind the firewall, an ungoverned runaway success could disrupt your business. The problem doesn t even have to be with your application. Bad Neighbor Syndrome occurs with some PaaS providers. Bad neighbors are other PaaS customers who share cloud infrastructure with your application. Even though all PaaS tenants are isolated from each other, tenants who consume more than their fair share of IaaS resources can cause your application to perform poorly.
5 5 RAPID RELEASE CYCLES Compared to traditional software development, the release cycle for PaaS is like playing a movie on fast forward. This is especially true for model-based PaaS but it also applies to deployment PaaS. In both situations, code can be pushed into production more quickly than in the conventional developer-to-operations cycle. In traditional software development, a new feature request involves multiple stakeholders in a clumsy, partially manual review process. A series of handoffs ensues as the feature goes from request to development, test, security review, and installation. The process can take a long time. The new feature would be developed and tested, then put into production in an overall application update. The whole process might last several months or at very minimum, a couple of weeks. Model-based PaaS can make the creation of a new feature possible within a couple of hours. Generally speaking, this a good thing. Business ideas can be quickly translated into working software. Agile methodology and new streamlining techniques such as continuous integration of new code help provide a disciplined framework for aligning business and IT stakeholders with PaaS rapid development tooling. Yet, these methods cannot create this alignment on their own. The organization has to be ready and willing to change its approach to software development. The reality is that most organizations will have software projects moving at different speeds. As PaaS becomes one of the accepted modes of development, there has to be a parallel organizational commitment to keeping up with the new speed levels in the processes of requirements gathering, development, review, test, approval and release. SECURITY AND COMPLIANCE Concerns about cloud security are not new, but PaaS can bring risk exposure to a whole new level. The cloud tends to blur the security perimeter in general. In the old days, you had a good idea of where your infrastructure ended and the rest of the universe began. With PaaS, your business extends to multi-tenant servers in vague geographical areas. The ability for non-technologists to set up software on their own, as might be the case with LOB users on model-based PaaS, can wreak havoc on controls over data access, authentication and authorization. If the PaaS application connects to other enterprise systems, it can become an inadvertent conduit for improper access and potential mischief. Responsibility and accountability are major factors to consider when making the move to PaaS, especially if there is a shadow IT effort in the works. Business stakeholders tend to complain about all the red tape and slow-moving processes in IT, but those processes exist for a reason. Anyone who has ever been asked to find an subpoenaed in a lawsuit will know the value of rigorous controls and data governance. A shadow IT project hastily thrown together with PaaS can accidentally create a security and compliance minefield. INTEGRATION WITH OTHER SYSTEMS Connections between cloud-based applications built on PaaS and other enterprise systems present security, operational and governance challenges. PaaS-based software is inherently service-oriented. It has the ability to call on application programming interfaces (APIs) exposed on numerous systems. These include APIs that use Simple Object Access Protocol (SOAP) as well as the increasingly popular Representational State Transfer (REST). Without adequate controls, systems can be exposed through APIs along with the business processes they support. Of course, few organizations simply leave an API totally open to the world. However, the difference in development and change cycles between legacy systems and PaaS software can lead to a Tortoise and Hare syndrome where the legacy system cannot keep up with new PaaS features. If external users can access internal business process through APIs that are out of sync, that can cause operational and compliance difficulties. Alternatively, if an API is not available because a change in the PaaS solution has broken the connection, that is also bad for business. ACHIEVING SUCCESS WITH PAAS Best practices for PaaS are new and evolving. There is not yet a single, mature set of practices for the technology. That being said, it is possible to frame your IT department s approach to PaaS in the context of both the targeted user groups and choice of platform. Figure 2 revisits the usage grid from Figure 1 and adds some possible approaches to managing software projects on PaaS with optimal outcomes. The main point of Figure 2 is that there is no such thing as PaaS in a monolithic sense. There is always PaaS in a specific organizational and technology context your context. Although PaaS is a technology, the best practices for PaaS need to be developed from the perspectives of both business and technology. Yes, we ve all heard this before. IT is about business. Software development on PaaS is potentially so fast and easy, however, that is requires a rethinking of the business- IT relationship. Success with PaaS will flow from a PaaS culture that unites business, IT managers and developers.
6 6 The following suggested practices, therefore, blend business and IT agendas. Each can be adjusted to the scenario depicted in Figure 2 that best represents your specific situation. SETTING UP PRACTICES AND PROCEDURES FOR RAPID SOFTWARE RELEASES To make the most of the development speed inherent in PaaS, there has to be cohesion between PaaS software development practices, procedures, and the tools that are employed to manage the process and create the software itself. Fundamentally, this is a people issue. The more quickly software stakeholders can collaborate and communicate about the software they are developing or updating the more effective the PaaS solution will be. The way this is done will vary depending on the interplay between users and platform, as suggested in Figure 2: When LOB users use model-driven PaaS, they can theoretically create applications all by themselves. But they shouldn t. IT should facilitate the development process to ensure that the end product adhere to corporate standards and doesn t create data management or security problems. When the organization has deployment PaaS, LOB stakeholders need to have input on the application but IT should be responsible for development. IT pros using model-driven PaaS have a choice of executing the project on behalf of LOB stakeholders or facilitating the process. If IT pros are using deployment PaaS, it s an IT-centric process that will resemble a conventional software development project, just one that deploys on PaaS. One solution to the speed of PaaS that is gaining traction is known as DevOps, which is the merging of software development and IT operations. Using specialized management tooling, DevOps can effect a process of continuous development and integration of new code into production. As depicted in Figure 3, the DevOps work cycle assumes neverending iterations of new software development. It is possible to do DevOps without PaaS but the two concepts were made for each other. The DevOps pattern, which can be implemented in varying levels of intensity with different tooling options, provides a framework for uniting the varied stakeholders who must collaborate on PaaS. Figure 3 shows how PaaS and DevOps can fit together to form a fast-moving, continuous software development process that brings the speed and agility advantages of PaaS to life. Stakeholders HIGH Level of PaaS software development automation LOW LOW Figure 2 Possible approaches to managing software development with different user and PaaS scenarios Continuous, Automated Deployment Line of Business Users w/ Model-Driven PaaS IT should facilitate the development process. Line of Business Users w/ Deployment PaaS IT should be responsible for deliverable, based on LOB input. Monitor, Assess, Recommend Improvements Continuous integration IT Pro Users w/ Model-Driven PaaS IT drives the process, either executing the project or facilitating the development process. IT Pro Users w/ Deployment PaaS IT manages process and project. Level of users technical sophistication Agile Development Continuous, Automated QA Figure 3 The DevOps cycle, which involves continuous iterations of agile software development, review, integration and deployment. are continuously notified of software development activities that affect them. People involved in various stages of the application lifecycle have a view of what others are doing. There are fewer blind handoffs. HIGH
7 7 PLANNING FOR SCALABILITY PaaS introduces a number of new elements to the scale planning process. The ability for systems to be connected with relative ease in the cloud makes for great agility, but it disrupts the conventional notion of scalability. When you factor in the potential for exponential scaling that can arise with viral app adoption, it s an altogether different conversation. The best practice is to think through the ramifications of increased demand at the outset, rather than waiting until scale becomes an issue. Modeling future load may actually affect the selection of PaaS tools, because not all PaaS offerings handle scale the same way. Scale challenges with PaaS can be sorted into ordinary and extraordinary scenarios. In the ordinary case, it is necessary to plan for orderly expansion of an application as it expands from pilot to adoption by a single business division, then the entire organization, and so forth. An application might have 500 users at launch, be released to 5,000 users according to plan after one year, and then to 20,000 users after the second year. Each planned growth period is met with a well-planned increase in server compute capacity, storage, network, database instances, and so forth. IT managers who are planning the ordinary, orderly scaling of a PaaS application should adopt a practice of modeling their future usage predictions with distinctive PaaS characteristics, including: User seat license costs Cost and performance impact of increase PaaS solution usage: > > Server units (VMs) > > Databases > > Storage > > Network Cost and impact of downtime These factors are universal for any scale planning. Indeed, they should look quite familiar to anyone who has had to model the way that growth of application usage will affect IT resources. What s different with PaaS is that increase in demand can produce some unpredictable results. Take them one at a time: Seat licenses can be a big deal with PaaS. If you are using a solution with a high annual fee per user, you could get walloped with licensing costs if you want to grow your user base. A good planning practice is to research your PaaS provider s pricing policies and see if they offer an enterprise option or special contract terms for high numbers of users. Server unit expansion, as well as database, storage and network can affect both cost and performance. Not all PaaS solutions scale out well. Those that offer more IaaS-type services can be better in this regard. There are two things that can go wrong. The amount of additional VM, database, storage and network capacity you provision may not be linear. You might have to over-provision to ensure the same level of service that you have at smaller scale. This is a potential side effect of multi-tenancy. In addition, increasing the scale of the application can result in more downtime. This difficulty is related to the unpredictable nature of multi-tenant applications. Server failures will happen in any environment. The difference with PaaS is that you need to know how outages will be remediated. Assessing the server failover process is an essential practice to engage in when planning for scale. Extraordinary scaling scenarios require a little more planning. The first step is to think though the potential causes of an extraordinary scaling situation. That is, a scenario where demand for an application might rise by an order of magnitude with little warning. For instance, with the relative speed and ease of connecting applications to one another in the cloud, an organization might want to enter into partnerships that require systemic integration. There is nothing new about this, but the cloud means that the integration could be pushed on a fast track that outpaces planning for PaaS scaling. The best practice is to plan for when such alliances will lead to big increase in scale, not if. Seasonal spikes are another driver of extraordinary scale. A web retailer, for example, might experience a 10-20X jump in site traffic on Cyber Monday, the huge online holiday shopping day that comes right after Thanksgiving. This can be anticipated, so the best practice is to simulate the load on the specific PaaS solution you are using. The failover architecture should also be tested prior to the big day. This kind of planning and testing is standard for on-premise systems as well as IaaS-based solutions. Application PaaS should be subject to the same requirements. Indeed, as IaaS and PaaS merge in certain solution offerings, capacity management is a standard feature. However, it is not a good practice to assume that the PaaS solution will scale properly during a seasonal spike just because a comparable IaaS-based solution functions well at scale. Some PaaS solutions are built on top of Amazon Web Services (AWS) IaaS. There is no reason to doubt that AWS scales well, but it s necessary to test the specific PaaS software that s running on top of it because of the idiosyncrasies of PaaS. For example, a seasonal spike might cause an increase in data IO calls that overloads the database servers as they are deployed in PaaS. That database performance has to be measured in specific terms in order for the failover to be calibrated properly. The worst extraordinary scale event is one that comes without warning. Massive bursts in demand can occur as a product
8 8 becomes a hot seller or a story attracts global attention. The proliferation of mobile devices compounds the problem through sheer force of numbers. And, this is definitely an enterprise computing issue even if it seems to be somewhat consumer-oriented in nature. For one thing, corporatedeveloped, customer-facing apps are growing in popularity. It might be a high-quality problem to have your business app downloaded by a 1,000,000 people, but it s still a problem if you can t handle the traffic. Then, there are dependencies. Your PaaS application might connect to a few harmless partners, who in turn expose it to processes in their own mobile apps which can go viral. The resulting traffic can throw you into a scaling crisis. The best practices for handling extraordinary scale events involve defining service levels and throttling access if certain thresholds of demand are reached. Practices should include tooling for access limits that are measured in terms of known PaaS capabilities, i.e., if you know that your PaaS solution can handle 10,000 simultaneous users in a spike, that is your access ceiling. You should not assume that it can handle 20,000 users because a comparable on-premise system can manage that level of load. UNDERSTANDING YOUR PLATFORM S LIMITATIONS Every application development platform has its limitations. If you own your application platform and manage it on-premise, you can do whatever you want to it, making adjustments to virtually any aspect of it as conditions change. This is the case with deployment PaaS. With model-based PaaS, your ability to exert control over the platform can be limited. It s best to think through future use cases and compare them to the PaaS solution s capabilities. You might plan to create a small-scale internal application with a well-defined feature set and user base. For this type of use case, a simple, modelbased PaaS solution that is low cost, but affords very little control, might be a good solution. However, given the rapid release cycle potentially available in PaaS, especially when teamed with DevOps, you might start with one incarnation of an application today and be in possession of something quite different a year later. A good practice is to map out where you might need flexibility in deployment and levels of support and control, including the following important factors: Automation levels. Most PaaS solutions enable selfservice provisioning of platform elements. However, the ease of use for the automated self-service options, and the actual range of processes that are automated, can vary widely. Customization. Does the PaaS solution enable you to customize your stack, assuming you want to? For example, if you want to use Postgre SQL instead of Microsoft SQL Server, can you make the change? And, if you can make the change, can you do it on a self-service basis? If making a change like that requires a special support request, which must be overseen by a person on your end, you may be increasing the IT overhead required to manage PaaS. Platform templating. Some model-based PaaS solutions make it possible to set up a reusable application platform template. For example, your application needs a specific application server, database, and storage array, each with numerous custom settings. Building it from scratch over and over might not be the best use of your IT resources time. Again, this may or may not be relevant, but if you are contemplating setting up multiple instances of a PaaS application, it could be a driver of efficiency. Hands on service, vs. self-help. Support quality levels differ between different PaaS providers. Some are completely self-help oriented, or nearly so, requiring you to consult a knowledge database to solve problems. Or, they require written tickets that get answered within some preset period of time. This may or may not be suitable for your needs. Other PaaS providers make specialized, dedicated support staff available to you. Of course, this latter option is going to be more costly, but might be worth the expense if your application is critical to your business. Public vs. private cloud. Some PaaS providers force you to use a public, multi-tenant cloud infrastructure. This might be fine. It might be a big problem. The challenge is that it can be hard to predict where you need to be in a year or two, so the best practice is to work with a provider that at least gives you the option to change from public to private cloud at a later date. At issue are performance, security and scalability. A private cloud can mean one of two things. It can mean being able to run your PaaS software in a dedicated VM that is not sharing infrastructure with other clients of the PaaS vendor. It can also mean having the ability to place your PaaS wherever you want it, including your own on-premise data center. This may seem puzzling. If it s cloud-based, how can it be run onpremise? The answer is that the cloud and PaaS refer to software architectures, not location, per se. You can set up a cloud architecture in a private datacenter. The only difference will be the finite nature of your private data center, versus the infinite capacity of the cloud provider. There are hybrid alternatives as well, such as bare metal hosting providers that will manage your cloud-based application completely on dedicated hardware that is provisioned exclusively to you. Portability. Vendor lock-in is a risk facing developers who work with PaaS. It is a good practice to figure out in advance if you will be able to move your PaaS application
9 9 onto another PaaS solution or on-premise infrastructure if necessary. Making this kind of move is a great option to have. In some cases, it is possible to migrate an application off of PaaS through a replication process, while not moving the actual application itself. For example, Progress Pacific gives you the ability to replicate the data architecture and application logic of software developed on Force.com and run it on Pacific. ALIGNING THE PAAS APPLICATION WITH SECURITY POLICY Cloud computing can still raise the hackles of information security specialists. As the industry evolves, though, security concerns about cloud-based software and data are shifting from shrill panic to practical embrace. It is essential to work through security issues in a PaaS application carefully. The first step needs to be engaging with the information security people in your organization. If you are looking at PaaS from the business unit, non-it level, it may be tempting to go shadow IT all the way and keep it secret from InfoSec. This is not a recommended practice. The security conversation needs to start at an appropriate level of risk assessment. That is, if you re planning to use PaaS to plan the company softball league, you probably don t need a major security audit and exhaustive risk mitigation plan. If your PaaS application contains confidential information or touches financial transactions, in contrast, you will want to do a pretty thorough risk and business impact assessment. Based on the amount of risk your PaaS application is exposing the organization to, security best practices suggest that you work through the following issues at a suitable level of seriousness: Who owns the code and the data? The answer to this question may at once be obvious and far from it. Your contract with the PaaS provider likely states it clearly. However, a good practice is to go get a legal review of your PaaS agreement to ensure that your organization will be protected if there is a legal conflict with the provider, a bankruptcy or other types of legal incidents, such as third party subpoenas. There are also theoretical-versuspractical aspects to this issue. For instance, you may own the PaaS code, but if you re locked into the platform and cannot get off it, that code ownership will be meaningless. Segregation of Development/Test/Production environments. In the fast-moving cycle of PaaS software delivery, it might be possible to overlook, or at least blur, the classic dev/test/run separations. For a critical application, the best practice is to enforce the strict separation of environments no matter how inconvenient it might be. Segregation of duties. This is relevant to financial systems where compliance is an issue. Most transactional systems require that certain financial actions be made by more than one person. For example, it should not be possible for a single user to generate a purchase order, approve the purchase and authorize the writing of a check. That is a formula for fraud. However, if you re taking a shadow IT approach and doing PaaS off the books, so to speak, you might accidentally create just that kind of problem for yourself. Threat protection. Most PaaS providers have robust defenses against viruses, malware, breach of confidential information, Denial of Service attacks and so forth. That shouldn t be an issue. If it is, you re working with the wrong provider. What s significant, though, is how they handle security incidents and how an incident might affect your application. A best practice is to undertake due diligence on the PaaS provider s internal failover architecture, recovery time objectives (RTOs) and disaster recovery architecture and procedures. Security is a massive topic that cannot be completely covered in a paper such as this. The best practices takeaways are: Security is a high-priority with PaaS It s a matter that involves both personnel and policy Some PaaS security risks can be mitigated with software tools For example, application-level security concerns can be addressed with a new generation of API security platforms. Under-secured APIs can expose a PaaS application to risk. API security tools can take care of authentication and authorization of PaaS application users. They can throttle API access and enforce service-level agreements. They can manage the OAuth protocol to authorize access to data by third and fourth parties. FOLLOWING CORPORATE IT S LEAD ON PAAS INTEGRATION PaaS needs to be part of the IT department s purview, even if it s a model-based PaaS solution with its primary use driven by a business unit. While it may be tempting to take the shadow IT route, there are many good reasons to treat PaaS just like any other corporate software development platform managed by IT. If the PaaS application is going to connect with systems at third parties, it is imperative that the IT department be involved. Now, you might think, of course, if there s integration with other systems, there has to be an IT project. That s not as true today as you might imagine. With Web APIs and cloud computing, it is easy to picture a scenario where a third party, such as a distributor or customer, simply asks for your API information and integrates right into your PaaS application without anyone in IT even knowing about it. This is a very unwise practice.
10 10 Connecting a PaaS application to external systems exposes it, as well as any internal system it is integrated with, to many of the risks discussed in this paper. Security, performance, reliability, availability, and scalability are all at risk if the integration is not implemented correctly. The IT department will know how to handle the integration process. Integration should be treated as just another development cycle, managed by IT but subject to review and input by all participants in the development process. The pace may be slower than business stakeholders want it to be, but if the PaaS/DevOps model is in use, the integration can move a lot faster than a conventional application integration project. CONCLUSION PaaS technologies have the potential to accelerate software development while reinventing how IT supports the development process. Best practices for PaaS are evolving, but three major themes should emerge from this brief review: balance, people, and alignment. With PaaS, it s tempting to take shortcuts and release applications without considering important security and performance factors. There has to be a balance between the need for speed and sensible planning and controls. Many software tools are available to coordinate and control the PaaS development process. People are a big part of making PaaS work for you on your terms. PaaS success is an organizational issue because the technology throws stakeholders together in rapid development cycles. However, the technology itself can only do so much to bring about the kind of collaboration that will make PaaS an effective mode of software development. Best practices should pay attention to the human side of the equation. Finally, PaaS practices will deliver best results when they foster alignment between multiple agendas in the ITbusiness relationship. Strategic objectives have to align with PaaS development practices. Operational plans have to align with security and infrastructure policies, and so forth. Balance, people focus and alignment are the key ingredients to getting the results that you want from PaaS.
11 11 ABOUT THE AUTHOR Michael Benedict is the vice president and general manager of the Progress Pacific cloud platform and Progress OpenEdge product line and is responsible for leading the company s platform-as-a-service (PaaS) and application development businesses. He has previously held other senior leadership roles at Progress in product management, operations, strategy and sales. Prior to joining Progress, Benedict served as director of product management and marketing for online products at Engage Technologies, where he helped grow its market capitalization to more than $3 billion and launched the first cloud-to-on-premise advertising campaign distribution network, Engage AudienceNet. Benedict was also a cofounder and operating manager of NV Company. Benedict received his Masters in Business Administration from the Kenan-Flagler Business School at the University of North Carolina and holds a Bachelor of Science in Civil Engineering from the State University of New York. PROGRESS SOFTWARE Progress Software Corporation (NASDAQ: PRGS) is a global software company that simplifies the development, deployment and management of business applications onpremise or in the cloud, on any platform or device, to any data source, with enhanced performance, minimal IT complexity and low total cost of ownership. WORLDWIDE HEADQUARTERS Progress Software Corporation, 14 Oak Park, Bedford, MA USA Tel: Fax: On the Web at: Find us on facebook.com/progresssw twitter.com/progresssw youtube.com/progresssw For regional international office locations and contact information, please go to /worldwide Progress, OpenEdge and Pacific are trademarks or registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and other countries. Any other marks contained herein may be trademarks of their respective owners. Specifications subject to change without notice Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved. Rev. 11/
THE FUTURE OF BUSINESS SOFTWARE Platform-as-a-Service (PaaS) technology offers numerous potential advantages to business by enabling users to create new business applications quickly, without the hassle
INTERSYSTEMS WHITE PAPER Why You Should Consider the Cloud In 2014, we ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities, and fiercely battle for the hearts
Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....
Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction
Achieve Economic Synergies by Managing Your Human Capital In The Cloud By Orblogic, March 12, 2014 KEY POINTS TO CONSIDER C LOUD S OLUTIONS A RE P RACTICAL AND E ASY TO I MPLEMENT Time to market and rapid
Introduction to Cloud Computing Srinath Beldona firstname.lastname@example.org Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?
Overview The purpose of this paper is to introduce the reader to the basics of cloud computing or the cloud with the aim of introducing the following aspects: Characteristics and usage of the cloud Realities
I D C A N A L Y S T C O N N E C T I O N Gary Chen Research Manager, Enterprise Virtualization Software C a p i t a l iz i n g on the Cloud Revo l u t i o n w ith OpenStack March 2014 OpenStack was a project
Platform-as-a-Service: Powering the development and deployment of new applications August 2014 A Vanson Bourne survey Contents Aims of the research 3 Summary of key findings 4 PaaS defined 5 Current state
Demystifying Platform as a Service The dividing lines between PaaS and IaaS may be blurring, but it s important for outsourcers of IT infrastructure to understand what sets Private PaaS apart from commodity
White Paper Elastic Private Clouds Agile, Efficient and Under Your Control 1 Introduction Most businesses want to spend less time and money building and managing IT infrastructure to focus resources on
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT APRIL 27-29, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) email@example.com www.technologytransfer.it
PLATFORM-AS-A-SERVICE, DEVOPS, AND APPLICATION INTEGRATION An introduction to delivering applications faster CONTENTS 2 Introduction to PaaS 4 Private, public, and hybrid PaaS 6 Who uses PaaS? 8 DevOps
Creative Shorts: Twelve lifecycle management principles for world-class cloud development Foundations for optimal development on and for the cloud A Creative Intellect Consulting Shorts Report Series (ALM)
WHITE PAPER Elastic Cloud Infrastructure: Agile, Efficient and Under Your Control - 1 - INTRODUCTION Most businesses want to spend less time and money building and managing infrastructure to focus resources
I N T E R S Y S T E M S D I S C U S S I O N P A P E R Why you should ConsIder The Cloud "In 2014, we' ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities,
World Leading Directory Technology White Paper: Cloud Identity is Different Three approaches to identity management for cloud services Published: March 2015 ViewDS Identity Solutions A Changing Landscape
4 Critical Risks Facing Microsoft Office 365 Implementation So, your organization has chosen to move to Office 365. Good choice. But how do you implement it AND deal with the following issues: Keep email
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
ericsson White paper Uen 284 23-3263 February 2015 A new era of PaaS speed and safety for the hybrid cloud This white paper presents the benefits for operators and large enterprises of adopting a policydriven
BACKUP IS DEAD: Introducing the Data Protection Lifecycle, a new paradigm for data protection and recovery Despite decades of research and development into backup and data protection, enterprise customers
Cloud vs. On Premise: Is there a Middle Ground? Building Multi Channel Business Applications without Re Coding Magic Software March 2010 Magic Software is a trademark of Magic Software Enterprises Ltd.
Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings
The Business Case for the Enterprise Cloud ISSUE I INSIDE THIS ISSUE Welcome 3 Enterprise vs. Commodity Cloud Use Cases 5 Baseline Infrastructure Services and Support 6 Automation 7 Management & Role-Based
Implementing Hybrid Cloud at Microsoft Published September 2013 The following content may no longer reflect Microsoft s current position or infrastructure. This content should be viewed as reference documentation
WHITE PAPER Five Steps to Successful Integrated Cloud Management Sponsored by: HP Mary Johnston Turner May 2011 Robert P. Mahowald IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to
IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many
Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
Chapter 1 Cloud Computing Defined In This Chapter Examining the reasons for cloud Understanding cloud types Defining the elements of cloud computing Comparing private and public clouds In a dynamic economic
Making the Transition From ISV to SaaS with Xterity Wholesale Cloud CONTENTS: 1 The New Business Model...Page 3 2 Business Challenges...Page 5 3 Technology Challenges...Page 7 4 Xterity Wholesale Cloud...Page
IBM Academy of Technology Thought Leadership White Paper October 2010 Cloud computing insights from 110 implementation projects IBM Academy of Technology Survey 2 Cloud computing insights from 110 implementation
Oracle Cloud Platform For Application Development Cloud computing is now broadly accepted as an economical way to share a pool of configurable computing resources. 87 percent of the businesses that participated
The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud
Architecting the Cloud Sumanth Tarigopula Director, India Center, Best Shore Applications Services 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration Part I of an ebook series of cloud infrastructure and platform fundamentals not to be avoided when preparing
The Role of the Operating System in Cloud Environments Judith Hurwitz, President Marcia Kaufman, COO Sponsored by Red Hat Cloud computing is a technology deployment approach that has the potential to help
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
I D C T E C H N O L O G Y S P O T L I G H T U n i fied Cloud Management Increases IT- as- a - S e r vi c e Ag i l i t y November 2013 Adapted from VMware Unifies Cloud Management Portfolio with a Focus
CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical
SOFTWARE-DEFINED ARCHITECTURE TAKING WEB SCALE TO THE NEXT LEVEL IN THE CLOUD A WHITEPAPER BY MODULUS WHITEPAPER / SOFTWARE-DEFINED ARCHITECTURE 1 SUMMARY Software-Defined Architecture (SDA) is a new style
Benefits of Software as a Service (SaaS) Software as a Service (SaaS) may be defined simply as software applications deployed over the Internet. With SaaS, a third-party provider licenses an application
Managing Public Cloud Workloads CHALLENGES AND BEST PRACTICES Page 1 of 10 Large companies are shifting more aggressively to the public cloud today for running a variety of production applications at scale.
W H I T E P A P E R E n a b l i n g D a t a c e n t e r A u t o mation with Virtualized Infrastructure Sponsored by: VMware Tim Grieser August 2008 IDC OPINION Global Headquarters: 5 Speen Street Framingham,
Services Overview Cisco Cloud Enablement Services for Education Bringing the Cloud to the Campus In today s higher education environment, IT organizations must keep pace with a long list of competing demands:
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
Table of Contents Abstract Cloud computing basics The app economy The API platform for the app economy Your API platform: in the cloud or on premises? The cloud deployment model Cloud characteristics The
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
I D C M A R K E T S P O T L I G H T P r i va t e a n d H yb r i d C l o u d s E n a b l e New L e ve l s o f B u s i n e s s and IT Collaboration September 2013 Adapted from IDC Maturity Model: Cloud A
Private and Public Clouds Powered by SimpliVity Solution Brief SimpliVity s OmniCube is the market-leading hyperconverged infrastructure platform, delivering the best of both worlds: x86 cloud economics
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
PHP in the Cloud Running Business-Critical PHP Applications in the Cloud Abstract Cloud computing is exponentially growing as a viable way for businesses and organizations to deliver content and services
WHITEPAPER Beyond Infrastructure Virtualization Platform Virtualization, PaaS and DevOps Table of Contents 3 Business Demands and IT Challenges 6 State of the Art 6 Use Case: Large Bank 7 Use Case: Large
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES APRIL 2-4, 2014 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) firstname.lastname@example.org
Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled HEXAWARE Q & A E-BOOK ON CLOUD BI Layers Applications Databases Security IaaS Self-managed
White paper Private cloud computing Increase agility and reduce cost Increasing agility and reducing cost with cloud computing Table of contents 2 A time of big IT trends 3 As if IT needed more challenges
PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION White Paper May 2012 Abstract Whether enterprises choose to use private, public or hybrid clouds, the availability of a broad range
Top five lessons learned from enterprise hybrid cloud projects Top performer highlights More than half of top performers give users access to selfservice provisioning across both private and public cloud
THE MOBlLE APP REVOLUTlON 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD People use hand-held devices for everything from communicating and playing games to shopping and surfing the Internet. In fact,
1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing
CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service Open Data Center Alliance, Inc. 3855 SW 153 rd Dr. Beaverton, OR 97003 USA Phone +1 503-619-2368 Fax: +1 503-644-6708 Email:
Everything You Need To Know About Cloud Computing What Every Business Owner Should Consider When Choosing Cloud Hosted Versus Internally Hosted Software 1 INTRODUCTION Cloud computing is the current information
Using a Java Platform as a Service to Speed Development and Deployment Cycles Dan Kirsch Senior Analyst Sponsored by CloudBees Using a Java Platform as a Service to Speed Development and Deployment Cycles
STRATEGIC WHITE PAPER The next step in server virtualization: How containers are changing the cloud and application landscape Abstract Container-based server virtualization is gaining in popularity, due
Transformation of IT Operations Realizing IT as a Service through Comprehensive Cloud Services W H I T E P A P E R INTRODUCTION Cloud computing technologies such as Infrastructure-as-a-Service (IaaS) and
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
Taking the cloud to your datacenter Microsoft Azure Stack Version 1.0 1/29/2016 CONTENTS Cloud is a paradigm, not a place... 2 Cloud computing on your terms... 3 Microsoft Azure Stack vision... 4 Reinventing
TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW Abstract Software-defined networking, or SDN, is a relatively new technology that is already having a major impact on companies in the
Cloud Service Model Selecting a cloud service model Different cloud service models within the enterprise Single cloud provider AWS for IaaS Azure for PaaS Force fit all solutions into the cloud service
Learning Cloud Computing: What IT Professionals Need to Know Cloud computing promises new career opportunities for IT professionals. In many cases, existing core skill sets transfer directly to cloud technologies.
Accenture Cloud Platform Unlocks Agility and Control 2 Accenture Cloud Platform Unlocks Agility and Control The Accenture Cloud Platform is at the heart of today s leading-edge, enterprise cloud solutions.
EMC PERSPECTIVE The Private Cloud for Healthcare Enables Coordinated Patient Care Table of Contents A paradigm shift for Healthcare IT...................................................... 3 Cloud computing
Ensuring High Service Levels for Public Cloud Deployments Keys to Effective Service Management Table of Contents Executive Summary... 3 Introduction: Cloud Deployment Models... 3 Private Clouds...3 Public
HRG Assessment: Cloud Computing Provider Perspective In the fall of 2009 Harvard Research Group (HRG) interviewed selected Cloud Computing companies including SaaS (software as a service), PaaS (platform
5 Reasons CIOs are Adopting Cloud Computing in 2010 Application Development that s 5 Times Faster at 1/2 the Cost WHITE PAPER Contents Introduction... 2 Why choose cloud computing?... 2 1. Delivers faster
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
Solution White Paper Build the Right Cloud, Quickly BMC Express Cloud Table of Contents 1 THE PROMISE OF CLOUD COMPUTING Getting Started 2 SUCCEEDING WITH CLOUD COMPUTING 3 INTRODUCING BMC EXPRESS CLOUD
I D C E X E C U T I V E I N S I G H T S Cloud Computing: The Need for Portability and Interoperability August 2010 By Jean Bozman, Research Vice President, Enterprise Servers and Gary Chen, Research Manager,
A UBM TECH WHITE PAPER MAY 2013 Communications in the Cloud: Why It Makes Sense for Today s Business Unified communications delivered in the cloud can help businesses of all sizes address many collaboration
Your consent to our cookies if you continue to use this website.