Last week, I was on a panel at the CompTIA Breakaway conference in DC, with Scott Crenshaw from RedHat and Ron Culler from Secure Designs. Scott made an interesting comment about the three types of applications out there: (1) new apps that are being architected from scratch for the cloud; (2) legacy apps that are being re-architected for the cloud; and (3) everything else. It was a useful framework for our discussion about cloud migration and security, but it also made me think a bit about the issue of legacy apps and why these remain so controversial for the cloud industry.
If I had a dime for every panel discussion that led to a heated debate around whether or not to re-architect for the cloud… I think the heat around this issue reflects some underlying confusion about how to handle all those “annoying” legacy apps. It’s an area of particular interest to us here at CloudSwitch, so I’d like to share our thoughts and hopefully generate some additional productive discussion in the industry.
Let’s start with (1) new apps. High-profile customer stories from companies like Netflix are creating momentum around the idea of building enterprise apps – even mission-critical ones – to run specifically in the cloud. Of course, start-ups and SMB’s have been doing this for years, since they quickly realized that the cloud provides a low-capital way to get their businesses started and frees them from long-term expensive contracts with hosters and colos. But the idea of building greenfield enterprise apps that take advantage of the cloud’s agility & scalability is only slowly gaining traction.
This is due to several concerns of enterprise stakeholders. While individual developers love the idea of coding directly for the cool new platform of the cloud (without fighting corporate IT for access to servers), corporate IT often feels threatened by a new process/platform that may make them less relevant or able to set policies and standards. Corporate IT also recognizes that as the cloud apps go into production, all the serious issues around reliability, performance and integration will fall on them and may be extremely complex and difficult to manage. Security and networking teams have the expected concerns about changes to existing policies and access, and overall loss of control. And all groups share a fear of cloud lock-in since you’ve essentially built your app to run in a specific cloud.
Next there’s (2) teaching old legacy apps new tricks by re-architecting them for the cloud. This is appealing because it allows enterprises to move off outdated (and often costly) OS’s and hardware. It also allows the app to get true benefit from the scalability, geographic distribution and rapid provisioning of the cloud—and to run better in an environment where server performance and availability can be highly variable. Traditional legacy apps are often limited to scaling up vs out, and have requirements for network and storage configurations that may not exist in the cloud.
So why not re-architect? Most of the legacy apps we see at enterprise customers are either non-mission-critical (tier II, III) or less frequently used, with occasional bursts during peak periods. It’s not always economical to re-architect these or to spend precious developer resources on building/testing/supporting the new apps. Plus, the apps themselves may have some inherent limitations due to the age of their architectures (think SAP, SAS, Oracle Apps, etc. – apps that were designed long before the cloud gained attention, and that may not behave well if re-architected or may pose licensing challenges).
And finally, there’s (3) the “everything else” category – legacy apps that include all sorts of custom apps designed for specific purposes and business uses that may or may not still be important to the enterprise. You’d be amazed at how many of these there are. A typical F1000 enterprise can have hundred or even thousands of apps, and very few are mission-critical or worth the effort to re-architect. But there they are, sitting in your data center, still important for some particular group or maybe for compliance reasons, so you don’t want to get rid of them, either. The cloud is a great place to relocate these apps, and provides options for closer geographic proximity to the actual users, as well as the cost benefits of shutting down apps when not in use.
I find that among the “clouderati” there’s often a lack of interest in this last category of apps, mainly because they’re not very sexy or high profile. Enterprises, on the other hand, are pretty interested in them since they represent a large plurality (if not majority) of the apps that need to be considered in a broader cloud strategy. Also, since by definition these are not the critical apps that the enterprise depends on, they’re the easiest to try first in the cloud to show a low-risk success story to potential cloud users.
Large cloud providers and cloud enablement vendors are starting to take greater notice of legacy apps (both the kinds that should be re-architected as well as those that should be left alone). Amazon’s VPC strategy and VM migration tool reflect a growing recognition of legacy app requirements, as does VMware’s vCloud Director strategy, and Citrix’s CloudStack/CloudBridge. The industry as a whole has begun to focus on making it easier to migrate legacy apps and keeping them integrated with the enterprise environment they rely on.
This is good news for enterprise customers, and no surprise to us at CloudSwitch, where legacy apps have always been part of the vision. We believe that unless legacy apps can be safely and seamlessly run in any cloud environment with full enterprise control, enterprises will hold off adopting cloud in a major way. For every Netflix out there, there are hundreds of enterprises that will not build apps specifically for the cloud, or will only do this for a tiny percent of their application portfolios. And regardless of which category of app we’re discussing, you still need these apps to tie into enterprise management/monitoring systems, data, networking and security. Legacy apps are the proving ground for the cloud’s enterprise-readiness and maturity, and the industry should embrace this challenge head-on.