Backend as a Service (BaaS) for mobile services, Internet of Things and devices

Backend as a service (BaaS), is making an appearance as a new "as a Service" cloud or SW development approach to give developers (mostly) a general way or an API into common application enabling infrastructure.  It gives web, mobile app and Internet of Things (IoT) developers a way to link their client services and applications to backend cloud processing and storage, as well as providing generic functionalities like user authentication and management, service management and logging, push notifications and integration with social networking services and more for their apps.

With all this going on with a BaaS, it might be easy think it's a mix of cloud IaaS, PaaS and SaaS geared towards mobile developers and clients, and gives developers a turn-key, if there ever was anything "turn-key", software modules needed to run the general backend services of mobile applications.

Kinvey has a great mobile dev and services ecosystem map, that shows were BaaS is generally positioned and residing.

Why would anyone use a BaaS kind of backend, and not develop their own to suit service specifics?  Main reasons seems to be that BaaS makes it

1. Easier to cover multiple terminals and form factor, different mobile operating systems and for instance multiple authentication, logging and payment schemas.
2. Easier to prototype, quicker to launch and both easier and quicker to scale the backend as an app or mobile service might take off or see seasonal capacity demands
3. Possible to outsource or transfer many of the security issues and worries associated with mobile apps, payment and general hacking.
4. Easier to also cover Internet of Things kind of devices as most of the mobile BaaS players have IoT enablement on their roadmap also.

This is a developing area, and merges and some big names VC investments are certain to come through the next 6-9 months.

Some BaaS players you might want to check out:

1. Firebase
2. Parse, recently bought by Facebook
3. Kinvey
4. Appcelerator
5. StackMob
6. AppliCasa
7. StrongLoop
8. Kumulos
9. BaasBox

Erik Jensen, 25.11.2013

Who are the cloud services buyers?

Already there are some stereotyping on who is buying, i.e. actually paying for, cloud IT services:

• Developers and upstarts buy Platform as a Service type of cloud services, i.e. development environments that can be tailored to meet developers needs or configurable platforms that upstarts can tailor to their needs
• CTOs and IT departments buy cloud infrastructure, Infrastructure as a Service, type of cloud IT services, i.e. compute, storage or networking as a service
• Everyone buys cloud app services and Software as a Service, but usually it's line of business units that buys a specific SaaS-service for their task or project deliverable at hand (and CTO or IT departement are out of the loop)

This is already seeing some change, for instance enterprise IT are increasingly looking at and buying PaaS kind of cloud IT services to cover business needs that can be met using "one size for all" SaaS applications and basic cloud IT infrastructure setups.  And for instance HR or finance departments that wanted that one, great, must-have SaaS application for their line of business, finds out that there are integration issues or data exchange issues once they have 2 or more SaaS apps up and running from 2 or more cloud providers.  Can the IT departement please help sort out this mess?

Bain and Company had a great break-down of cloud buyers in a 2011 report (The five faces of the cloud, by  Michael Heric, Ron Kermisch and Steve Bertrand), listing 5 CIO buyer categories according to cloud "adoption speed and willingness":

• Transformational: These early adopters already use cloud computing heavily to transform business IT and delivery to their business, with on average more than 40 percent of their IT environments relying on one or more cloud models.
• Heterogeneous: These companies are looking to evolve IT service delivery and capabilities and typically have an diverse mix of legacy systems and newer technologies like virtualization and cloud computing. Assumed to make up more than 40% of the buyers in 2013.
• Safety-conscious: Balancing security with growth, these buyers and companies are particularly concerned with the security and reliability of their IT environments. They understand the value that cloud computing offers, but are willing to compromise to ensure that their IT and business environment is safe and secure. Private cloud and hybrid public-private cloud models have the most appeal. Along with the transformational type of companies they are the biggest cloud IT spenders by 2013.
• Price-conscious: Have their TCO for IT services in place years ago, these bottom-line focused companies purchase cloud technologies and services primarily for cost savings and to deliver basic business functionality.
• Slow and Steady: This is by far the largest group of companies and IT buyers (some 44% of companies in 2011) and do not yet appear ready to adopt cloud computing in a progressive way, although they express interest in exploring offerings if a provider can slowly and steadily guide them.

The key thing in the report is the observation that "... early adopters generate ~50% of cloud spending today (i.e. in 2011), but ~90% of growth through 2013 will come from other companies".

Assuming, for many reasons, that Europe and the Nordics lags some 2-3 years behind the US in cloud adoption and uptake, a lot of the stories and hybris we are seeing in the Nordics for cloud take-up and usage today are coming from these transformational and heterogenous early adopters, but the real big money are on hold until the larger companies and enterprise IT starts adopting cloud IT in a forceful way. Which should be 2014 - 2016 in the Nordics approximately.  

A finishing note on the role of the CTO and IT departments, that in many cases are being bypassed by the CFO, CIO or CMO or developers buying cloud services directly themselves - what are they left with?  In many cases being very or too much focused on their on-prem IT platforms and services, they will be forced to take on on-prem and cloud based IT service delivery as well, evolving into an IT broker of physical or virtual application services for their organisation once the CFO or CMO realize that handling 2 or more cloud services and applications aren't that straightforward anyways when it comes to user support, login hazzles, performance variations, billing and security across different cloud providers.

Erik Jensen, 20.11.2013

Internet of Things ecosystems and balkanisation risks

Like Big Data, Internet of Things (or IoT for short) has been talked about for years, and seems on the verge of making it big the next 1-36 months or so.  Just as real-life management intelligence and business value from Big Data logging and analytics.

Just as Big Data solutions and systems has to deal with tons of different/proprietary log formats and data sources within an enterprise or from public data sources on the Internet or other places, then applying application or vendor specific data collection and log normalisation, and doing application specific mapping to business KPIs, reports and analytics, so IoT faces a number of non-standardized or vendor-proprietary challenges to become a true interconnected web of things, things to humans, humans to things etc.

There are numerous non-standardised issues and management in the areas of IoT security (service access to things by other things and humans, authentication and authorisation, management and reporting of denial of service and hi-jacking of devices, device upgrades, logging), identification and naming schemas for things, common IoT metrics, real-time control and communication protocols, subscription models and reporting.

A recent IETF Internet report draft, "Security Considerations in the IP-based Internet of Things,               draft-garcia-core-security-06") seemingly puts a lot of faith in IPv6 and web services in general to facilitate IoT developments ("The introduction of IPv6 and web services as fundamental building blocks for IoT applications [RFC6568] promises to bring a number of basic advantages including: (i) a homogeneous protocol ecosystem that allows simple integration with Internet hosts; (ii) simplified development of very different appliances; (iii) an unified interface for applications, removing the need for application-level proxies."), but also adds "Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting".

On a general level this is of course quite all right but of one looks at the developments of for instance, and quite relevant, mobile ecosystems where some key players control their entire ecosystem (clients and device OS, programming APIs and SDKs, backend for authentication and billing, app stores, ad networks integration etc), homogeneous protocol ecosystem for IoT and unified interface for IoT devices, clients and services, looks a long way of.   And so far, in my opinion, most IoT devices and services for home automation and IoT, in-car or transport IoT, M2M payment arrangements and more are proprietary and vendor specific.

For instance for home automation, it's not easy or doable at all to get Belkin WeMo units to talk to or interact with Nest units or Telldus units.  Or reach them through a common programming interface or backend. (although I should backtrack slightly here - the great IFTTT scripting service is starting to emerge as a common way for end-users to program their devices, and is supported bu Belkin WeMo and Philips for their Hue range for instance).

With that backgrounder, are there risks of IoT being balkanized, and that IoT devices and services will become vendor or ecosystem proprietary?  Or are there standardisation efforts underway to overcome this risk and 2-3 vendors dominating this field over time as we have seen in the mobile area, Internet video or social media area for instance.

Currently the IETF doesn't seem to have a RFC track for IoT comms and networking standards, but the IEEE standards organization are now finally are gearing up (or, they had their first IoT report out in 2005), and are meeting for their initial IoT standardisation tracks.  Will probably take some years and in the meantime it's not hard to predict that this developing and promising business area will see most gadget, cloud and Internet OTT players getting involved (why not Facebook for home automation and control, Microsoft Xbox with Kinect for same and as automation hub, Android and Google Glass for an Google approach, Apple TV or iOS-devices for same etc).

And getting involved here means each vendor building and securing their IoT ecosystem on both client and backend/cloud side, extending device OS (iOS, Android) to cover IoT functionality and attract developers and påartners into their IoT ecosystem.  I would put my own money on one or two of this, even though it means IoT balkanisation.

Looking to read up on IoT developments and work? Here are some pointers and vendor samples (in no particular order):

1. Wikipedia on IoT
2. McKinsey Quarterly report, The Internet of Things
3. Dark reading, Identity management in the cloud by Ericka Chickowski
4. IFTTT. And an article on how to get started with IFTTT from ReadWrite
5. OpenIoT - Open Source Solution for the Internet of Things into the Cloud
6. CastleOS for home automation
7. You are most likely a IoT service provider - Google Maps gets real-time traffic, crowdsources Android GPS data
8. Postscapes - tracking the Internet of Things
9. IoT cloud specialist - Arrayent
10. IoT developments environment and tools, IoT cloud - Xively
11. Device relationship and ID management - Forgerock IRM

BTW, what are the Balkans and Balkanisation?


Erik Jensen, 14.11.2013

Cloud security and surveilance - what are the non-US alternatives?

GigaOM is quoting a new survey by PriceWaterhouseCoopers (PWC) released last week, saying that some " 22 percent of German companies now see the risk of using cloud services as “very high,”... 54 percent say risk is high or very high.  ...while 15 percent want to switch to European tech providers that won’t cooperate with American or British intelligence services."

I haven't found the PWC survey on question, but it mirrors findings in the "How Much will PRISM cost the U.S. Cloud Computing Industry?" report from the Information Technology & Innovation Foundation earlier this summer finding that "10 per cent of respondents outside the US had cancelled a cloud project with an American firm because of PRISM, while 56 per cent said they're less likely to use a provider based in the US."

OK, let's say you are tasked with finding a secure cloud provider outside the usual US ones and that doesn't have US offices, subsidiaries or business units that would be covered by FISA/NSA or US National Security Letters that will impact non-US operations or locations as well, and need to come up with a cloud infrastructure provider that covers processing, storage and networking at competitive prices and that have feature-parity more or less with the leading players, i.e. Amazon AWS.

What are the options?

One could start looking at German and Swiss providers that have some track record legally, nationally and culturally for safe-keeping and data privacy.  UK and Swedish ones would be out because of GCHQ and FRA impacts, France with their equal, same thing with Norwegian providers as 99% of Norwegian Internet connectivity goes through Sweden.  One place that's often overlooked is Finland, but they have some players as well.

With that in mind, some cloud infrastructure players that have the basics covered for IaaS, an extended feature set for IaaS and self-serve IaaS at competitive prices. It's not an extensive list and I haven't checked all the way if they have US units or not, that would be impacted by FISA or US National Security Letters. Also, remember, it's very hard at most times to say a cloud provider are Swiss or Finnish or is located in a particular country - many DCs and servers for IaaS might be located in one country, but management and ops are done remotely, Internet infrastructure for the service (DNS, SSL certificates, L3-7 global load balancing, service logging etc) are done from a remote location, that might have data or data control for a remote DC running through them.

Some German cloud infrastructure providers worth a look:

1. Profitbricks: I thought of them from the start, but now see they have a US unit, and they would be covered by FISA or National Security Letters just as any US company.  Still gives a good indication of service and feature levels available from leading European cloud providers.
2. Internet4YOU: Servers, storage and DCs in Germany, covers most IaaS-areas
3. dynaCloud: OnApp based cloud provider. Also CDN-services.
4. The unbelievable Machine Company: Name alone makes them worth a check

Some Swiss cloud providers

1. Exoscale: Cloud infra offering. See also "In Switzerland your data is safe" section.
2. Safe Swiss Cloud: Focus on security and privacy
3. Swisscom dynamic computing: Covers IaaS basic, has online configurator and more.
4. Incloudibly
5. Cloudcom: Cloud servers with DDOS-protection and more

Alternatives in Finland:

1. Tieto cloud services: Also has a Swedish, FRA-impacted counterpart
2. Nebula
3. Hostingservice.fi: Another OnApp based contender

OK, this is by no means a comprehensive list, and a closer review might find that some of these providers do indeed have US affiliates or hosting of some sort, from their own router at US IX or using some back-up facility of sort.  But main thing is that there are lots of alternative cloud providers in the IaaS-space and that one isn't necessarily forced to go with NSA-compatible ones to get business or developer requirements fulfilled.


Erik Jensen, 11.11.2013

Mobile apps and services development tools

In an earlier post, I promised to come back with an overview of development tools for mobile apps and services, geared towards the "drag&drop" developer, or developer who doesn't want to work directly with, let's say, the SDKs and APIs for Android and iOS.

Most of these tools now support cross-OS publishing or builds, so one can get apps done in one go for Android, Apple iOS and MS Windows Phone. Or mostly, some tweaking to adopt to user interface and conventions per OS might be needed, but for single-task apps, that apps was all about in the beginning, and to tip the toe in mobile development waters, they are a great help and introduction.

OK, the list!

1. Mobincube: Template based development, free for basic features, publishing to app-stores, add integration and really seems to be evolving very well.  Great pish on HTML 5 side as well, so should be useable towards Firefox OS as well. The one I tried myself for some basic apps. recommended!
2. Appery.io: Supports the usual OS suspects, drag and drop development environment, DB and cloud backend integration and more.  Also has free edition for basic features.
3. Conduit: Positions itself as the quick and easy alternative for cross-platform app development and has many great demos and use cases on their site.  
4. Widgetbox: Supports iOS and Android, another template and widget based approach to get apps "done in minutes".  
5. MobileNation: A senior in the market with a good track record, drag& drop approach, free option to get started

Any of these is a good choice to get started and acquainted with mobile apps and services development.

One important thing, besides ad networks integration, is to make sure you have full tracking on number of downloads, usually from app-store, and access to usage and traffic statistics for your app or mobile service as it reaches thousands and millions of users.

Some candidates for app usage and traffic logging, statistics (avoided the Big Data thing there):

1. Keen IO: Extended app, or most anything else, service logging and statistics
2. Google Analytics: Hard to avoid this one, now enhanced with mobile app and services tracking as well
3. Good Data: Analytics-as-a-Service, and makes it easy to come up with good looking and useful service usage reports.
4. Mixpanel
5. KISSmetrics
6. And to make your statistics look good on the big screen - Gecoboard

Erik Jensen, 08.11.2013

Venice, the direct route to Calcutta and business transformation

I recently went on a trip to Venice - recommended for all! - and wanted to read up a bit on the history of Venice before I went.  "City of Fortune. How Venice won and lost a naval empire" by Roger Crowley turned out to be a very good read for the golden years of Venice, let's say from year 1000, when newly elected Doge Orseolo II turned the sea and ports of the Adriatic into their own shipping lanes and safe havens for trade until around year 1500, when the Ottomans all but controlled the East of the Mediterranean and the main trading routes East-West on land and on sea.

And, just as importantly, the Portuguese with Vasco da Gama in 1499 finally found a direct route to Calcutta and India, meaning that many many middlemen and tax increases along the historical Silk Route or through the many ports of Alexandria, Beirut, Constantinople and others in the Mediterranean, could be bypassed, and other nations and kings could take over the lucrative trade in spices, glas and minerals that the venetians had controlled for hundreds of years with great margins and profit.  News of the direct route to India reached Venice in 1500, and most traders and sailors understood the implications right away.  Venice was based on controlling the trades from the East through many middlemen, bribes, taxes and being the best, or most greedy, traders over years and years - this business model was now going away rapidly.

What's this to do with cloud IT?

Not trying to stretch the point to far here, but one can make the point that just as the venetians were very good at managing and controlling their ships, their sourcing for trade of all kind, middlemen and taxes along the way to get goods and material into Venice, and then moved on to the rest of Italy or northern-Europe, corporate IT has become fairly good at managing and controlling their

• servers, storage and network infrastructure
• sourcing of licenses and IT services
• re-sellers, channel partners and suppliers for hardware or software
• enterprise budgets, cost centers and TCO activities
• distribution of IT-resources, applications, services and access to their users/customers

And this has been how corporate IT has functioned and worked for a number of years, to the benefit of the IT department, their suppliers and mostly to their customers.

But customers always want more, or the ones being on the road and being mobile certainly are, as are developers who hate dealing with the IT department and corporate IT frameworks.  And, it turns out, so does the CFO (or he wants less...) and increasingly the CIO.  Once these guys get the "no way" or the "we don't support that" once too many, they will start scouting for alternatives that meets their business needs better than corporate IT can.  And many of these has found the direct path without too many middlemen to cloud based services for their processing or storage need, for the development and test environment they seek or for more flexible big data analytics logging and visualization services than they get from their "always 2 releases behind" internal IT business intelligence solution. 

They find the direct path to Calcutta.

Now, the story isn't that corporate IT will be left in the backwaters like Venice was some years ago, but that corporate IT needs to understand and adopt to that users will always look for better, cheaper and more flexible ways to get their work done.  And that corporate IT needs to develop their own cloud IT services story, get to Calcutta before their users and put up safe working conditions for their users no matter where they might be or end up.

Erik Jensen, 06.11.2013

Cloud IT billing - or getting to IT costs transparency

There are a number of elements and parameters that goes into cloud billing, or billing all the IT service elements that goes into a cloud IaaS or PaaS IT delivery, be it in private, public or hybrid fashion.
Cloud SaaS delivery and billing appears to be a much easier set-up and process, as most SaaS services are billed per licensed seat or per user.

For cloud IaaS service delivery, some of the main elements are listed in the overview below, and centers around the three main IaaS service elements of processing or virtual machines, storage and networking.

1. Processing: 
• # Cpu cores per sec, min, hour etc or fixed number of VM cores per month
• Dedicated, reserved/assigned or pool CPU cores
  
2. Storage: 
• Storage volume
• File type: Local HDD storage (persistent or non-persistent for VM), SAN or object storage
• Storage types: Processing/VM storage, data storage and back-up, off-site back-up, disaster recovery
• Number of IOPS (input/output operations per second, i.e. reads and writes from/to a storage domain): This one can get quite tricky with the number of IOPS parameters involved and hard to determine up front before actual, real-life production levels has been reached for a storage-based service.  Many providers balance cheap storage volumes with steep IOPS levels, so if an application or web-service has any significant storage traffic or transactions, then that cheap storage isn't that cheap anymore if one factors in IOPS and storage network traffic volumes.  Be aware!  IPS usually comes in different IOPS classes, for instance x-thousand per VM/month, or x-thousand per disk-volume per month.
  
3. Networking: 
• VM networking capacities/volumes: Traffic volume per billing period, and/or speed (Mbps/Gbps) thresholds
• Internet access capacities or volumes, per region (i.e. Europe, North-America, SE Asia etc)
• Firewall services, per VM, for the IaaS/DC server farm in question
• Load balancing (between VMs, DCs, regions)
• Cache, proxy, reverse proxy services
• Virus control
• Denial of service protection, basic or extended, for VMs, between VMs, for DC in question or at operator backbone perimeter
• Distribution services, object or dynamic caching, web acceleration or CDN services

Besides the "basic" billing units and parameters for cloud IT services, there are a number of other factors that needs to be covered as well to provide meaningful, transparent IT billing for companies and customers.  Some of them are

1. Overview of the the logging, correlation, mediation and aggregation set-up. Customers needs to understand how IT service activities and usage are logged, correlated across VMs, server farms, DCs or service delivery regions (i.e. that one log entry means the same across different production units), how some log entries are transformed or mediated into different billing units and how all the activity/usage entries that has been logged, correlated or meditated, are aggregated into high-level billing units.  Cloud IT billing, or any IT billing, IT TCO or ROI exercise needs full transparency in this area, or one is left with black-box IT billing.
   
2. It must be possible to collect cloud IT billing automatically or per self-serve interface into a main customer account, or split the cloud IT billing on several parties, be it across different enterprise unis or departments, projects or delegated service account.  It must also be possible to have different entries or receivers for service owner, legal owner ad billing recipient for a cloud IT service.
   
3. All the billing data should be available in defined format to open API or DB access for 3rd party billing analytics, so that customers can look into how their cloud IT utilization and costs are coming together over time and where service utilization can be optimized.  Als customers needs the cloud IT cost side to come together with their revenue side and establish historical overview of margins, cash-flow, ARPU and customer developments (good, bad) and put a weight as well as cost/performance goals on VM and storage utilization, cost of on-demand campaigns/periodic offers etc.

These billing elements and parameters have been included in the cloud IaaS checklist that I wrote about in an earlier post, and goes into the overall service requirements for an cloud IT service and delivery.


Erik Jensen, 4.11.2013