You are on page 1of 15


Founded in 1807, John Wiley & Sons is the oldest independent publishing
company in the United States. With offices in North America, Europe,
Asia, and Australia, Wiley is globally committed to developing and marketing
print and electronic products and services for our customers’ professional
and personal knowledge and understanding.
The Wiley CIO series provides information, tools, and insights to IT
executives and managers. The products in this series cover a wide range of
topics that supply strategic and implementation guidance on the latest tech-
nology trends, leadership, and emerging best practices.
Titles in the Wiley CIO series include:

The Agile Architecture Revolution: How Cloud Computing, REST-Based SOA,

and Mobile Computing Are Changing Enterprise IT by Jason Bloomberg
Big Data, Big Analytics: Emerging Business Intelligence and Analytic Trends
for Today’s Businesses by Michael Minelli, Michele Chambers, and Ambiga
The Chief Information Officer’s Body of Knowledge: People, Process, and Tech-
nology by Dean Lane
CIO Best Practices: Enabling Strategic Value with Information Technology
(Second Edition) by Joe Stenzel, Randy Betancourt, Gary Cokins, Alyssa
Farrell, Bill Flemming, Michael H. Hugos, Jonathan Hujsak, and Karl
The CIO Playbook: Strategies and Best Practices for IT Leaders to Deliver Value
by Nicholas R. Colisto
Enterprise Performance Management Done Right: An Operating System for
Your Organization by Ron Dimon
Executive’s Guide to Virtual Worlds: How Avatars Are Transforming Your Busi-
ness and Your Brand by Lonnie Benson
IT Leadership Manual: Roadmap to Becoming a Trusted Business Partner by
Alan R. Guibord
Managing Electronic Records: Methods, Best Practices, and Technologies by
Robert F. Smallwood
On Top of the Cloud: How CIOs Leverage New Technologies to Drive Change
and Build Value Across the Enterprise by Hunter Muller
Straight to the Top: CIO Leadership in a Mobile, Social, and Cloud-based World
(Second Edition) by Gregory S. Smith
Strategic IT: Best Practices for Managers and Executives by Arthur M. Langer
and Lyle Yorks
Transforming IT Culture: How to Use Social Intelligence, Human Factors,
and Collaboration to Create an IT Department That Outperforms by Frank
Unleashing the Power of IT: Bringing People, Business, and Technology Together
by Dan Roberts
The U.S. Technology Skills Gap: What Every Technology Executive Must Know
to Save America’s Future by Gary J. Beach
Architecting the Cloud: Design Decisions for Cloud Computing Service Models
(SaaS, PaaS, and IaaS) by Michael Kavis

Michael Kavis
Cover Image: © iStockphoto/Kalawin
Cover Design: Wiley

Copyright © 2014 by Michael Kavis. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in

any form or by any means, electronic, mechanical, photocopying, recording, scanning, or oth-
erwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act,
without either the prior written permission of the Publisher, or authorization through payment
of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive,
Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at
Requests to the Publisher for permission should be addressed to the Permissions Department,
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011,
fax (201) 748-6008, or online at

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their
best efforts in preparing this book, they make no representations or warranties with respect to
the accuracy or completeness of the contents of this book and specifically disclaim any implied
warranties of merchantability or fitness for a particular purpose. No warranty may be created or
extended by sales representatives or written sales materials. The advice and strategies contained
herein may not be suitable for your situation. You should consult with a professional where
appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other
commercial damages, including but not limited to special, incidental, consequential, or other

For general information on our other products and services or for technical support, please
contact our Customer Care Department within the United States at (800) 762-2974, outside
the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some
material included with standard print versions of this book may not be included in e-books or in
print-on-demand. If this book refers to media such as a CD or DVD that is not included in the
version you purchased, you may download this material at For
more information about Wiley products, visit
ISBN 978-1-118-61761-8 (cloth)
ISBN 978-1-118-82627-0 (epdf )
ISBN 978-1-118-82646-1 (epub)
ISBN 978-1-118-69177-9 (o-book)

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1
I dedicate this book to my parents, John and Deme, and
my brother, Bill, whose work ethic and drive to be the best
in their fields serve as inspiration for me to excel and fully
embrace my field of computer science.




CH A PT ER 1 Why Cloud, Why Now? 1

Evolution of Cloud Computing 3
Enter the Cloud 6
Start-Up Case Study: Instagram, from Zero to a Billion Overnight 8
Established Company Case Study: Netflix, Shifting from On-Premises to
the Cloud 9
Government Case Study: NOAA, E-mail, and Collaboration in the
Cloud 10
Not-for-Profit Case Study: Obama Campaign, Six-Month Shelf-Life with
One Big Peak 10
Summary 11

CH A PT ER 2 Cloud Service Models 13

Infrastructure as a Service 13
Platform as a Service 15
Software as a Service 17
Deployment Models 18
Summary 22

CH A PT ER 3 Cloud Computing Worst Practices 23

Avoiding Failure When Moving to the Cloud 23
Migrating Applications to the Cloud 23
Misguided Expectations 27
Misinformed about Cloud Security 29
Selecting a Favorite Vendor, Not an Appropriate Vendor 31
Outages and Out-of-Business Scenarios 31
Underestimating the Impacts of Organizational Change 33
Skills Shortage 35


Misunderstanding Customer Requirements 36

Unexpected Costs 37
Summary 39

CH A PT ER 4 It Starts with Architecture 41

The Importance of Why, Who, What, Where,
When, and How 41
Start with the Business Architecture 43
Identify the Problem Statement (Why) 47
Evaluate User Characteristics (Who) 48
Identify Business and Technical Requirements (What) 48
Visualize the Service Consumer Experience (Where) 49
Identify the Project Constraints (When and with What) 51
Understand Current State Constraints (How) 52
Summary 54

CH A PT ER 5 Choosing the Right Cloud Service Model 55

Considerations when Choosing a Cloud Service Model 56
When to Use SaaS 59
When to Use PaaS 62
When to Use IaaS 65
Common Cloud Use Cases 68
Summary 69

CH A PT ER 6 The Key to the Cloud: RESTful Services 71

Why REST? 72
The Challenges of Migrating Legacy Systems to
the Cloud 74
Summary 75

CH A PT ER 7 Auditing in the Cloud 77

Data and Cloud Security 78
Auditing Cloud Applications 78
Regulations in the Cloud 80
Audit Design Strategies 83
Summary 85

CH A PT ER 8 Data Considerations in the Cloud 87

Data Characteristics 87
Multitenant or Single Tenant 92
Choosing Data Store Types 95
Summary 98

CH A PT ER 9 Security Design in the Cloud 99

The Truth about Data in the Cloud 100
How Much Security Is Required 101
Responsibilities for Each Cloud Service Model 104
Security Strategies 108
Areas of Focus 110
Summary 118

CH A PT ER 10 Creating a Centralized Logging Strategy 119

Log File Uses 119
Logging Requirements 120
Summary 124

CH A PT ER 11 SLA Management 127

Factors That Impact SLAs 127
Defining SLAs 130
Managing Vendor SLAs 132
Summary 135

CH A PT ER 12 Monitoring Strategies 137

Proactive vs. Reactive Monitoring 137
What Needs to Be Monitored? 138
Monitoring Strategies by Category 139
Monitoring by Cloud Service Level 145
Summary 147

CH A PT ER 13 Disaster Recovery Planning 149

What Is the Cost of Downtime? 149
Disaster Recovery Strategies for IaaS 151
Recovering from a Disaster in the Primary Data Center 152
Disaster Recovery Strategies for PaaS 157

Disaster Recovery Strategies for SaaS 159

Disaster Recovery Hybrid Clouds 160
Summary 162

CH A PT ER14 Leveraging a DevOps Culture to Deliver

Software Faster and More Reliably 163
Developing the DevOps Mind-Set 163
Automate Infrastructure 165
Automate Deployments 166
Design Feature Flags 167
Measure, Monitor, and Experiment 167
Continuous Integration and Continuous Delivery 168
Summary 170

CH A PT ER15 Assessing the Organizational Impact of

the Cloud Model 171
Enterprise Model vs. Elastic Cloud Model 172
IT Impact 173
Business Impacts 174
Organization Change Planning 178
Change in the Real World 180
Summary 181

CH A PT ER 16 Final Thoughts 183

The Cloud Is Evolving Rapidly 183
Cloud Culture 185
New Business Models 186
PaaS Is the Game Changer 187
Summary 190


I first met Mike Kavis when he brought our Licensed ZapThink Architect SOA
course to his company in Florida several years ago. As the vice president of
architecture for this firm, Mike hoped to wrangle his group of developers to
help them think like architects. And while I couldn’t transform developers
into architects in four days, the thrust of the course was to help people think
like architects.
The book you have in your hands now has the same mission. Cloud com-
puting as an approach to IT infrastructure is still emerging, and thus the tech-
nical details are still in flux—but the architectural principles of the cloud are
now falling into place. But only by thinking like an architect will you be able
to take advantage of the full power of the cloud.
Architects are in a unique position in the IT shop, because they have one
foot in the business and the other squarely ensconced in the technology. They
must understand the nuts and bolts of what works and what doesn’t without
falling victim to the techie tunnel vision that inflicts so many IT people. But
they must also live and breathe the business: its strategy, its goals, and most
importantly, its problems.
Architecting the Cloud connects these dots. Mike Kavis has intentionally
avoided product- or vendor-specific details, focusing instead on the challenges
that architects, as well as stakeholders in the architecture, should address—in
other words, connecting the business problem with the appropriate solution.
A truism to be sure, but easier said than done in the cloud.
The reason that solving business challenges in the cloud is so difficult is
because the cloud is not just one thing. It is many diverse things: SaaS, PaaS,
and IaaS service models, public, private, and hybrid deployment models, not
to mention diverse value propositions. Some organizations seek to save money
with the cloud while others want to shift capital to operational expense. On
top of these benefits is elasticity: dealing better with unpredictable demand
for IT resources.
Never before has architecture mattered so much. Building working solu-
tions in the cloud that actually address the business need depends upon it. With
his hands-on experience architecting such cloud solutions, Mike Kavis has the
experience and insight to lead the way.
—Jason Bloomberg
President, ZapThink