Programming for Cloud Computing: What's Different
Web developers who want to (or must) embrace cloud computing need to learn more than a few new tools. Experts explain the skills you need to hone.
The "cloud computing" label is applied to several technologies, and is laden with vendor and industry hype. Yet underneath it all, most of us acknowledge that there's something to all this stuff about utility computing and whatever-as-a-service.
The distinction is especially important to software developers, who know that the next-big-thing is apt to have an impact on their employability. Savvy, career-minded programmers are always trying to improve their skill sets, preparing for the next must-have technology.
What's different about cloud computing, compared to "regular" web development? If a programmer wants to equip herself to take advantage of the cloud in any of its myriad forms -- Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (Iaas) -- to what technologies should she pay attention? If your company has traditionally done web development but is planning to adopt the cloud in a big way, what unique skill sets should you look for? The learning curve can be even more bewildering because the concerns of a SaaS developer may be very different from one who's using a virtual development environment, yet the industry treats "the cloud" as if it's one monolithic technology.
"Developing applications in the cloud is a little like visiting Canada from America. Most everything is the same, but there are small differences that you notice and need to accommodate."
For advice, I turned to experienced developers and vendors (the techies who lie awake at night agonizing about these issues, not the marketing people).
Here, therefore, is an overview of the things to pay attention to as you explore the cloud, including tools, scalability, security, architecture design, and expanding infrastructure knowledge.
Know Your Tools
Let's get the easy item out of the way first. Moving to the cloud probably requires you to learn new APIs, such as those for the Google App Engine, SalesForce.com, or whichever software your application will depend on. For most developers, learning a new API, poking at a new database tool, or exploring a new open source platform is a regular occurrence, though you do need to budget time for it.
And, while some development tools have extensions to permit deployment in the cloud, programmers have to learn those features. "In the case of Microsoft SQL Azure, there are technical challenges beyond a 'regular' web development environment," says Alpesh Patel, director of engineering at Ektron. You might have to come up to speed on sparse columns, extended stored procedures, Service Broker, or Common Language Runtime (CLR) and CLR User-Defined Types.
Many of these tools or upgrades are relatively new, so you may need to deal with their limitations. "In my own experience, the Microsoft Windows Azure Platform does not allow mixed languages in a web site. Site templates, controls, app_code, and several other components need to be run as a single language. We had to convert our SQL Service Broker based queuing technology to a custom queuing solution," says Patel.
Design for Scalability
"Cloud services are only as scalable as the underlying web application. If the web application has inherent programming bottlenecks, moving the application into the cloud will not help."
One promise of cloud computing is the ease by which its infrastructure can scale. Some developers interpret this as, "...So a developer doesn't have to think about it anymore," but experienced techies see the situation differently.
"The cloud isn't the equivalent of more hardware to throw at the problem. Yes, it provides seemingly limitless scalability, but only if the system is architected in such a way as to make use of it," explains Marc LaFleur, chief architect for Parlance Corporation, managed service provider of speech-enabled communication applications. "If your application relies on session data stored in memory, you will quickly discover a major bottleneck."
Designing applications for more scalability requires you to know more, not less. "In working with many start-up SaaS providers and social networking type sites, I've often run into programmers that do not grasp scalability concepts," says Jeffrey Huckaby, rackAID CEO. "Cloud services are only as scalable as the underlying web application. If the web application has inherent programming bottlenecks, moving the application into the cloud will not help."
Learn to distribute workloads correctly between functional units, he advises, and properly profile your code. "When you are writing an application for relative low loads or growing your user base slowly, you have time to work in improvements. However, when you are launching a Facebook application, you may not have time to work out kinks. Using a code profiler, such as XDebug, can work wonders," says Huckaby.
Don't assume that your code is scalable any more than you'd assume it's inherently secure. "Your app will be bigger than anything you did before," says Jan Aleman, CEO of Servoy. "Your app really has to scale. Talk to some people that have done it before; tech people love to talk."
Another obvious concern is the security of cloud applications and the data on which they rely.
With the cloud, your in-house security techniques are suddenly used outside the company firewall. "You can often get away with a relatively simple security scheme when you're dealing with a line-of-business application within your organization," says Parlance's LaFleur. Your in-house systems typically have some integrated security baked-in, perhaps leveraging Active Directory. "Once in the cloud, however, things are quite different," he says. "Developers need to think about both authentication ('I am who I say I am') and authorization ('what data/systems I have access to') early on in the process. It is also important to brush up on what laws may govern your data (HIPPA and SOX for example)."
"Cloud development by itself isn't any different than traditional development. What it is, however, is less tolerant of poor development practices."
"These problems are not inherent to cloud development but can be magnified in a cloud environment as an unintended consequence," says Kevin McDonald, senior analyst at ICF International and author of Above the Clouds: Managing Risk in the World of Cloud Computing. He recommends that developers become familiar with organizations like the Department of Homeland Security's National Cyber Security Division, which is promoting Build Security In and identifying the Top 25 Common Weakness Enumerations.
Cloud security for developers also means thinking about data security and choosing providers that suit your business requirements as well as technical needs. In the experience of Bienvenido David III, CEO of consulting firm TeamEXtension, "The issues were more of configuration and policies than software development." For instance, TeamEXtension stores credit card numbers AES-encrypted in its database. If a security breach happens, PCI DSS auditors need access to the servers, which Amazon EC2 does not permit. "We cannot be PCI level 1 compliant with Amazon EC2. We can store the card numbers elsewhere, but this opens a lot more security issues. Rackspace Cloud had the same PCI issues as Amazon EC2, so they were out of the running," he says.
Re-Think Your Software Architecture
Despite developers' expectations that deploying to the cloud is "just like" any type of web development, you do need to be cognizant of architecture differences. Explains Standing Cloud CEO David J. Jilk, "Developing applications in the cloud is a little like visiting Canada from America. Most everything is the same, but there are small differences that you notice and need to accommodate." Most differences relate to the infrastructure and technology stack layers rather than to the application code itself, he says.
Internal hosting environments tend to be stable with little impact from outside forces, says Anthony Eden, lead developer at Heavy Water Software. But cloud computing environments (and all virtualized environments to some extent) are messy because of resource sharing. "The behavior of the system as a whole can be, and often is, influenced by things completely outside of your control," Eden points out. His solution: practice gorilla engineering (the practice of dealing with rapidly changing environments).
Don't mistake scalability for system performance, cautions LaFleur. Design applications with latency in mind. Scalable systems are more reliable under load and maintain relatively consistent performance; but do acknowledge the performance hit incurred by moving to the cloud as well as its intermittent failures. Your application should handle disconnections gracefully.
"To really implement web services in the cloud properly developers have to think 'functionally' not 'object-ly'."
"A database in the cloud may be able to grab data out of storage at a fantastic rate, but that data still has to reach the client application," LaFleur says. Often, he's found, minimizing the amount of data moved can have a substantial performance impact. If you only need three fields from 100 records, make sure that is all you grab; even better, he says, grab and display those records in batches of 25.
This may require a different mindset. Says Limewire VP of engineering, John Pavley, "To really implement web services in the cloud properly developers have to think 'functionally' not 'object-ly.' Functional programming means defining functions dynamically that act on data without state and can be evenly distributed to any number of cloud servers as needed. Unfortunately most, if not all, developers are trained to think in terms of objects: stateful entities that bind data inside a single Java or C# class. It's hard to load balance objects and they end up creating artificial limits in your cloud."
Design for a Dynamic Infrastructure
For many web developers, anything to do with servers is left to the operations department. Yet, as you move into the cloud, expect to learn more about sysadmin issues than you ever did before. There's even a new term for data-center-conscious programmers: dev-op. (See The New Type of Programmer: Dev-Op.)
"In the case of Amazon EC2, you'll be charged based on bandwidth, memory, and CPU, so a developer needs to build applications with these factors in mind."
One way in which the infrastructure informs your software design and coding is how cloud platform vendors get paid. Points out Chip Childers, chief architect of SunGard Availability Services' Enterprise Cloud Infrastructure Services, "Each piece of infrastructure you use in cloud computing is something you are charged for."
To keep costs down, says Childers, "Developers should sharpen their skills in 'less is more' development, in areas such as reducing memory and CPU consumption. Profile your application performance, check for resource leaks, and build a model for how many users you can support at each server instance size."
This applies to most cloud platforms. Ektron's Patel says, "In the case of Amazon EC2, you'll be charged based on bandwidth, memory, and CPU, so a developer needs to build applications with these factors in mind." Similarly, Microsoft Windows Azure charges based on compute instances and resource usage. "These are measured; and if they detect an application consuming extensive resources the application will be put into an isolation mode," Patel explains. "We did extensive testing on memory and CPU usage to avoid isolation mode and unnecessary charges."
According to Huckaby, novice cloud developers also struggle with the idea of data consistency. "When you start having multiple application servers and cloud instances that can spin up and down based on load, you have to assure the application can send and retrieve data properly," he says. "You don't want application instances deprived of data or losing data when they close."
Some of these activities are technical and design oriented, but serious cloud computing also requires developers to give more attention to process, procedure, and policies. Solutionary's Vice President of Industry Solutions, Pamela Fusco, is also the founding member of the Cloud Security Alliance. She advises developers to identify the level of application criticality (critical, high, medium, or low) to ensure the cloud service providers meet the required service level agreements (SLAs).
This isn't only a data-center-dude issue, though many developers are used to thinking that way. Where will your application reside on the network? Custom apps require custom support and diligence, Fusco says, hence too much of a special sauce in a cloud environment may contribute to SLA issues. "It's not only about knowing how and what to program," she says, "but also understanding basic business requirements and cloud service provider support contracts and SLAs. You need to gain a bit more insight about the business and the cloud tenant environment."
The Key Word is Service
A "regular" web developer may be able to ignore Web services to some degree, but cloud computing development will make you far more familiar with these concepts.
"It's not only about knowing how and what to program, but also understanding basic business requirements and cloud service provider support contracts and SLAs. You need to gain a bit more insight about the business and the cloud tenant environment."
This is one area in which enterprise developers may have an advantage over their start-up colleagues. According to LaFleur, "Developers with a solid understanding of [service oriented architecture] will fare much better in the cloud. Breaking up your monolithic application into discrete services does more than just facilitate reuse (the typical drum beat by the SOA proponents). A good SOA implementation will allow you to leverage the scalability of the cloud."
"The biggest difference between a web application and any enterprise application (including in the cloud) is the strict separation of the business logic layer and the web services layer," says Java enterprise architect Alexander Katrompas. "A typical web application is more concerned with delivering content while an enterprise application is concerned with processing and persistence." Moving from enterprise to cloud requires an understanding of widely distributed computing and load balancing, he says, and requires a strict enterprise architecture. "While most people consider cloud computing a 'revolution,' that is just marketing hype. Cloud computing is an evolution of the enterprise model which itself is an extension of the web application model," Katrompas adds.
Ultimately, says LaFleur, "Cloud development by itself isn't any different than traditional development. What it is, however, is less tolerant of poor development practices." For years, developers have been told to pay attention to things like scalability and security. "The reality is that most developers have relied on improving hardware and security through obscurity. Cloud computing exposes these bad practices for what they are," he says.
What differences have you found in writing software to run in the cloud? Share your experiences in the comments.