Cloud application developer Chris Moyer learned that speed is critical in cloud development the hard way. He once spent six months building a search application, only to watch a competing cloud vendor release similar software first.
“The lesson is to keep in the loop about what’s being developed and get usable iterations out quickly,” said Moyer, vice president of technology at content aggregator Newstex LLC, and author of the new book,
Building Applications in the Cloud.
SearchCloudApplications.com recently got on the phone with Moyers to get more of his advice for developing PaaS cloud applications. Moyers offered tips on how to choose the right development platform, talked about the challenges and security ramifications of developing applications for the cloud.
What advice do you have for organizations that need to choose a cloud platform for development?
Chris Moyer: It depends on what you value most. Do you want to do some modification of a Software as a Service (SaaS) app, build a SaaS app, or build your own app? Probably Platform as a Service(PaaS) is the most-used development cloud for building SaaS and custom apps. PaaS started out as an app development platform and has become the go-to cloud for producing apps quickly. PaaS also works well for apps that have special requirements. For example, Google App Engine works well for projects on specific languages and types of apps, like, say, Python Web apps. In App Engine, developers have all the tools for building software and getting each iteration out quickly then, the provider manages all the scaling for you.
What is the biggest drawback of developing in a PaaS cloud environment?
Moyer: Lock-in is a strong possibility with all [PaaS offerings]. Weigh that risk against PaaS giving development the platform and all the tools needed to get apps out quickly. PaaS provides speed. How important is that to your project? Want more control? Then, go for Infrastructure as a Service (IaaS) or hardware-as-a-service (HaaS), where lock-in isn’t so prevalent.
What problems do development-operations (DevOps) teams encounter in cloud development?
Moyer: Cloud’s big benefit is allowing businesses to offload the hardware infrastructure and systems management, but there is a problem. If a cloud server fails, a running application is probably not affected, but hardware failure can throw a wrench into development. With cloud applications, if a server dies, the provider kills it and starts a new one. There is a chance that code will be lost. Here’s an example from my experience. A code repository service provider outside the U.S. had all in-house IT. The business always had someone there to fix hardware problems like a server going down during a production-level test.
When this organization first moved to a PaaS cloud, developers had problems because their servers were dying or getting rebooted without real-time notification. Work in progress could be and sometimes was lost. Developers then had to do some rebuilding. This didn’t happen when development was done in-house. The DevOps team wasn’t prepared for this situation, blamed the cloud provider and switched away.
In what ways are you seeing PaaS cloud providers support application developers today?
Moyer: Development-focused PaaS providers have graphical user interfaces that make it easier to get started with projects and other tools for [taking the next steps] and problem-solving. My experience is mostly with Amazon, which has a strong developer support program. They have cloud experts who team up with developers and the development community. Other cloud providers are moving to similar programs; but Amazon is doing a better job of meeting the needs of the developer community. I’ve gotten quick answers to questions. The Amazon Management Console has an easy-to-use graphical user interface to help developers get started on projects. Amazon Marketplace lets you buy services from other organizations [and that] allows you to integrate your app directly with services. That really helps.
What can color a cloud application developer's choice of application programming interfaces (APIs)?
Moyer:Making API decisions is hard because no one can agree on a standard. All the cloud solution providers have their little proprietary API niches. The problem is that developers don’t want to make their own APIs. Then, obviously, the best choice for avoiding lock-in is an open API. [But] when is an open API really an open API? That’s the question the Oracle-Google lawsuit is raising. When choosing an open API or any API, developers have to trust the API provider. Not only do you have to worry that the API may contain something proprietary, as Oracle claims Google’s API does, you have to be sure the provider is stable, stable enough not to fail and to continue improving its APIs. Remember, your team is spending a lot of time integrating that API, so it had better be the right one.
Are security risks greater when developing applications in the cloud than on-premise?
Moyer: Absolutely. There are more chances of exposing the app to outside threats. Everyone knows the IP address hinges from these public clouds. Becoming a cloud user makes a company more visible and puts a bigger target on its back. Of course, evaluating all the cloud vendors’ security measures and getting everything needed in security in the SLA are important. But first, measure the app’s level of risk and the consequences if it is exposed. If you're pushing out a change that [could conceivably open up credit card data] to everyone accidentally, you’ve got to be really careful. Not every app should be developed in the cloud, despite the attractive economies of cloud development. It’s a buyer beware situation. PaaS providers offer security support, but it’s not always a complete package. The worst thing to do is think that the PaaS provider is handling all of the security and not worry about security at all yourself.
This was first published in May 2012