Public Cloud: The Next Frontier for Enterprise Architecture
By Peter Heller, Senior Director, Enterprise Architecture Marketing, Oracle
January 2015
Establishing an Effective Architecture for Cloud Deployments
Part of the Oracle Experiences in Enterprise Architecture article series
The public cloud has typically been outside of the domain of enterprise architects. On the surface, it is considered an external silo where procurement decisions have been driven by line of business executives. For example, software as a service (SaaS) applications are often procured by a particular department or line of business, not always with the involvement of the IT department. Similarly, infrastructure as a service (IaaS) and platform as a service (PaaS) solutions may be acquired by a small development group and used independently from other IT infrastructure and platforms. Because these cloud assets are typically chosen to serve a single purpose and decisions were driven largely outside the IT department, they have historically not been deemed worthy of an enterprise architect's attention.
However, this state of affairs is changing rapidly as customers increasingly embrace cloud computing. Enterprise architects are called on not only to review public cloud implementations but also to understand how best to integrate new cloud offerings with existing on-premises information systems. Most companies will have a combination of assets combining public cloud SaaS, PaaS and IaaS with their existing on-premises systems. Enterprise architects therefore face a new set of challenges as they figure out how to integrate these systems with each other.
Attendees at the 2014 Oracle Enterprise Architecture Summit were pleased to have Thomas Kurian discuss these issues. As Executive Vice President of Product Development at Oracle Corporation, Kurian is responsible for leading all aspects of Oracle's product strategy and has been deeply involved in the development of Oracle's public cloud offerings: Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service.
Today's enterprise architects face a shifting set of circumstances, Kurian explained. In the next two years, a growing number of companies plan to move key parts of their computing workloads to public clouds to take advantage of lights-out automated software provisioning and management, rapid project implementation, elastic scalability, and subscription-based pricing models. To keep up with consumer demand, IT has become an external service broker. In some cases IT pros have been forced to support heterogeneous cloud "silos" that may have proprietary methods of security, integration, management, and governance. These trends are forcing core IT departments to formalize enterprise governance and enterprise architecture to mitigate risk.
Challenges in integrating On-premises Systems with Public Cloud SaaS
Kurian went on to talk about the SaaS market, which has seen enormous growth. Oracle added 22,000 Oracle Cloud customers in about three years, which adds up to 62 million users. Oracle Cloud processes 23 billion transactions per day and handles 450 PB of data. The most popular cloud apps include CRM and HR. ERP apps in the cloud are also growing fast: 20 of Oracle's 30 largest ERP customers are moving their corporate systems to the cloud, Kurian said.
Most of these customers deploy these apps very quickly: from the time they purchase the SaaS licenses until the time they go live averages eight weeks for CRM installations. "Many Fortune companies run their enterprise applications in Oracle Cloud because of this rapid ramp-up and the proven flexibility to migrate application users between public and private environments," he added.
The enterprise architects attending the summit were quick to recognize the value of Oracle's cloud strategy due to its adherence to open standards. In general there are four key considerations that enterprise architects will need to keep in mind when integrating on-premises systems with public cloud software-as-a-service offerings:
- Integrating Data – Enterprise Architects need to understand how to move data to and from their public cloud software-as-a-service applications and their on-premises systems. They need to understand which tools to use to extract data from these systems, what technologies can be used to transfer data securely, and how to handle differences in business rules and validation constraints between the two types of systems.
- Integrating Business Processes – Enterprise Architects need to understand which business processes will extend across cloud and on-premises systems, what integration technology to use to best automate business processes across the two types of environments, and how best to test business processes when cloud SaaS offerings are upgraded.
- Integrating User Identity and Security – Enterprise Architects need to understand how best to manage user identity and access control between on-premises systems and cloud SaaS offerings to ensure that users are only allowed to access the systems that they are authorized to access. Within those cloud systems they should only be able to execute transactions and view data that they are authorized to see. These permissions should be enforced via their existing corporate security credentials such as single sign-on usernames and passwords.
- Integrating Business Intelligence – Enterprise Architects need to understand how best to blend data between cloud systems and on-premises systems to provide their lines of business with a consistent view of business intelligence across these sources.
Oracle offers clear capability and design patterns to help Enterprise Architects address each of these challenges and also provides best-in-class technology to enable them to solve these challenges. Furthermore, since Oracle Public Cloud SaaS offerings are designed on a common architecture, users obtain an integrated view of business intelligence assets, which avoids fragmented data and business processes. Finally, because the Oracle Cloud SaaS offerings are built on a common architecture and standards-based technology platform, they provide a consistent way for Enterprise Architects to solve challenges across ERP, HCM, and CRM domains rather than requiring distinct architectural and technological approaches for each of these offerings.
Challenges in integrating On-premises Systems with Public Cloud IaaS and PaaS
Customers are rapidly adopting public cloud IaaS and PaaS offerings for a variety of reasons, especially the following:
- For test-development environments
- For departmental applications
- For business critical applications
- To store and archive data in a cost-effective manner
- For "spill-over" capacity to enable elastic scalability
- To modernize hardware infrastructure
Next Kurian spoke about the challenges that Enterprise Architects must consider when integrating on-premises systems with public cloud PaaS and IaaS. There are four key factors to keep in mind:
- Moving Data – Enterprise Architects need to understand how to move data to and from their public cloud PaaS offerings and their on-premises systems. Oracle recommends using Oracle Data Pump to securely extract and transfer data, both to and from these systems. This utility is familiar to all Oracle DBAs thereby ensuring that they do not have to learn a different set of skills to use Oracle PaaS systems.
- Moving Enterprise Applications – Enterprise Architects need to also understand how to move be-spoke and packaged applications between their on-premises systems and the public cloud. Oracle Public Cloud PaaS supports important standards such as Javascript, Java SE, and Java EE, allowing developers to use Eclipse, NetBeans, or Oracle JDeveloper to move applications between their on-premises systems and Oracle Public Cloud PaaS simply by changing a few configuration parameters--without modifying any source code.
- Integrating User Identity and Security – Enterprise Architects need to understand how best to manage user identities and enforce access control constraints between on-premises systems and cloud PaaS offerings. Having a cohesive set of identity management practices will ensure that users are only allowed to access the cloud systems for which they have been authorized. Within those cloud systems they should only be able to execute transactions and view data that they are authorized to see. These permissions should be enforced via their existing corporate security credentials such as single sign-on usernames and passwords. Oracle Public Cloud PaaS is based on industry standards such as SAML2.0 and OAuth4.0 to enable users to federate identity and single-sign on between their on-premises systems and Public Cloud PaaS. Furthermore, because Oracle's on-premises and public cloud PaaS offerings are governed by a centralized identity management system, organizations can use the same directory to authorize users within both types of systems. When employees leave the company an administrator simply removes them from the on-premises directory and their rights to access public cloud assets will be revoked as well.
- Integrating Monitoring and DevOps Tools – Enterprise Architects need a unified set of monitoring tools that lets them manage on-premises systems and cloud offerings from a single pane of glass. Oracle Enterprise Manager enables this portability between on-premises and public cloud environments. In addition, Oracle's support for standards such as Openstack, Chef and Puppet allows system administrators to use popular DevOps tools, recipes, and APIs to create information systems that span on-premises and public cloud IaaS and PaaS environments. Oracle customers can learn one set of technologies and train one unified team to develop, deploy, and manage technology assets both on-premises and in Oracle Cloud.
"Oracle's platform services target developers, IT organizations, and line of business people with a common set of offerings built on a common infrastructure," Kurian confirmed. "For example there is a single place to manage identity in the cloud. There is a single set of operational SLAs that guarantee it. And there is a single place to determine how to handle data residency. IT organizations will see consistency from one service to the next. These are all integrated solutions."
By providing a broad and integrated suite of cloud offerings covering IaaS, PaaS, and SaaS that is based on a common architecture, Oracle simplifies many challenges for line of business users and for Enterprise Architects. For example if the marketing department wants a data mart to analyze campaign results, and the IT department is too busy to provision it, the marketing manager can simply go to Oracle Cloud, enter a purchase order, and Oracle database and business intelligence tools will be provisioned within half an hour. Business users can immediately load and analyze the data. Enterprise Architects do not have to learn two different sets of technologies to provision users, and these people will enjoy single sign-on access to business intelligence applications and data, no matter where these assets reside.
A Need for Long Term Foresight
The new architecture frontier includes an intersection of public and private clouds. On-premises information systems are not going away although they are becoming more "cloud like": they often are configured in a private cloud architecture that consists of pooled, clustered resources that are virtualized and shared. Public cloud providers are also part of this enterprise ecosystem. Like all IT investments, cloud investments need to have the right ROI over the long and short term. In that sense, meeting enterprise requirements involves much more than just "turning on" a public service. These services must support seamless business processes that mitigate risk. They require organizational, operational, and architectural foresight. Enterprise architects can help their organizations avoid the point-to-point integration nightmares that many organizations faced 5 to 10 years ago when they were struggling to integrate best-of-breed applications within the data center.
Whether customers choose a private, public, or hybrid cloud, when they work with Oracle they get the same architecture, the same standards, the same products, the same development tools, the same management utilities, and the same set of enterprise-grade services for security, mobility, integration, data storage, collaboration, and document exchange. This integrated portfolio is perfect for organizations that wish to blend public and private clouds.
Oracle has spent many years creating a unified, standards-based platform that encourages interoperability among public cloud offerings and private clouds housed in traditional datacenters. Enterprise architects can help their organizations establish a holistic cloud strategy that ensures flexibility across all cloud computing tiers. Enterprise architects will continue to play an important role as they help their organizations establish these hybrid environments.
Third-Party Validation
Many enterprise architects are turning to Oracle because its cloud strategy is the best integrated and most complete. As Wikibon contributor David Vellante said, "Oracle and IBM own much of their own stack and will likely continue to command premium margins. While very similar, of the two, we find Oracle more intriguing for three reasons: Its integration between the database, SOA and Fusion middleware technology looks to be very tight; Its database has a much wider spread popularity, and it has integrated further up the "Red Stack" into the application layer. While IBM has DB2 and numerous SaaS applications in its portfolio, we believe Oracle's integration is more complete. IBM's offerings are historically more services-led and its cloud strategy is still evolving.
"On paper, Oracle's cloud offering is compelling, with a clean story around IaaS, PaaS, and SaaS. On its earnings calls, Oracle's co-CEO Safra Catz is very clear on how much business is derived from each sector with go-forward guidance on the three cloud businesses within Oracle. IBM's cloud guidance is nowhere nearly as crisp, which we believe is a symptom of its less evolved strategy."