By Bill Moran, Rich Ptak
Once again Amazon is in the public media, this time for outages
in AWS, their public cloud.[1] Our earlier blog[2] commented
on the GAO issued report[3] about
the CIA awarding a contract for cloud services to Amazon and IBM’s subsequent
protest of the award. The GAO accepted IBM’s protest but disallowed IBM’s attempt
to point out the AWS’ history of significant outages as reported in the NY
Times and other media during last year.
In that blog, we did not accept the government’s
rejection of this part of IBM's protest. Since the CIA planned to move the
vendor’s public cloud into a government datacenter, we thought that the track
record of the vendor’s cloud offering to the marketplace was clearly
germane. We recommended that the government
require vendors to provide data on their cloud’s marketplace performance[4]. One reason the government
gave for rejecting IBM’s protest was that no information was available about
Amazon SLAs (service level agreements). We suggested the government require
Amazon and any other bidder to supply such information.
Frankly, we don’t know whether or not the Amazon cloud
has the reliability and security necessary to satisfy the intelligence
community’s requirements. However, a failure to make a proper assessment of
these issues could be very costly for the buyer. Based on the published evidence
in the GAO report, it does not appear that any such assessment was made. In
fact, little detail about the assessment itself has been released.
Let’s explore this a bit further. Some years ago, we heard
Scott McNealy, Sun’s CEO at the time discuss a conversation with an early purchaser
of a new large Sun server. Sun had just entered the server business. The
customer said they were planning to host a 911 service on the server. Scott
admitted he was stunned as the customer described the significance and variety
of potential problems if the system went down. Until then, Sun was a
workstation company selling most of their products to engineers. It took Sun
some time to adjust to the enterprise marketplace and the realities of enterprise
reliability requirements.
Whatever else one might say about IBM, one has to admit
that, as a company, they understand enterprise requirements. They have produced
many successful products targeted at the enterprise.
Amazon, on the other hand, has almost no track record in
producing enterprise products. Of course, this does not prove that the Amazon
cloud will not meet the intelligence community’s needs. However, it does indicate
that the burden of proof is clearly on the CIA to require Amazon to demonstrate
their cloud can do the job. It should be an Amazon responsibility to provide the
necessary data on the operation of their public cloud.
Also significant is that it is no easy matter to
re-architect a large and complex hardware/ software product. There are many
examples of such costly occurrences that could be named, including some within
the US government. At times, vendors struggle for years with these systems to meet
customer requirements. In other cases, the projects have been abandoned. Generally,
the problems do not really surface until after customer delivery and
implementation begins. It seems reasonable to us that the CIA should take extra
care to assure their cloud project does not add to this unfortunate list.
All-in-all, the final outcome of this bid is still
unclear. It does appear that there are some serious weaknesses in the process
that need to be addressed. We do think that one lesson to be learned is that
the overall process is severely lacking in transparency. No one, not the
tax-paying public, not the vendors not the government are being well-served by
the secrecy that appears to be integral to the existing process. We suggest
that the GAO and agencies consider a more transparent process.
[4]
The project was rebid but there is an Amazon court case pending. Because of the
secrecy we do not know what requirements that the CIA put on the bidders
concerning the reliability of their public cloud.
Dot Net Interview Questions | JavaScript Certification | Java Training Institutes
ReplyDelete