430 likes | 581 Views
No Silver Bullet III: Business and Software Engineering in the Cloud. Karl Geiger, Convergent Informatics, Inc. IEEE BV Computer Chapter, 9 Sep 2009. Today’s Talk. The Hosted Systems Challenge Two Case Studies eCompany-in-a-Box eCommerce Company What to Do and Look For Business Plan
E N D
No Silver Bullet III: Business and Software Engineering in the Cloud Karl Geiger, Convergent Informatics, Inc. IEEE BV Computer Chapter, 9 Sep 2009
Today’s Talk • The Hosted Systems Challenge • Two Case Studies • eCompany-in-a-Box • eCommerce Company • What to Do and Look For • Business Plan • Definitions, Requirements, and Tests • Integration Tests • Vendor Questions • Where Geeks Can Have Fun • Summing Up www.convergentinformatics.com
About the Speaker • One of four Founders and principals at Convergent Informatics, Inc., “The Virtual CIO Company” • Former Director of Enterprise Architecture at Amgen, Inc. • Standards and practices • ERP, Clinical Information Systems, Library IR • University of Southern California • Libraries, Mainframe Systems • Education • BA in Classics (Latin and Greek) from USC • MS in Computer Science from California Lutheran University. • Member of IEEE, ACM, AAAS www.convergentinformatics.com
About Convergent Informatics, Inc. • Founded by four Amgen IT Alums, 2008 • We make our clients bigger, nimbler, and more profitable • CICV™ Methodology • eCompany-in-a-Box™ • Expertise in life sciences, sales systems, business engineering, systems development www.convergentinformatics.com
The Hosted Systems/Services Challenge • Somebody else has bought the hardware • Somebody else has written/installed the software • Somebody else has designed the business process • All You Do is Just Use It! www.convergentinformatics.com
Word of Warning • I assume you’ve some familiarity with SWE Practices • Systems Development Life Cycle • Requirements Analysis and Management • Testing • Deployment • Methodologies (Waterfall, UP, XP, Scrum, Spiral) • If not … • Interrupt me to ask • It’s always good to expose the speaker’s ignorance • See IEEE Software Engineering Body Of Knowledge • http://www.swebok.org/ www.convergentinformatics.com
Two Case Studies • eCompany-in-a-Box • Integrated office suite • Hosted basic IT infrastructure • Targets startups and small businesses (< 100) • Introductory product offering • Speed + service + flexibility + low-cost • eCommerce Rescue • Bankrupted company’s assets • Warehouse and database of open orders • Re-load onto SaaS order management, fulfillment, call center • Biz Plan: “Turn it back on and hey-presto it makes money” www.convergentinformatics.com
eCompany-in-a-Box • Business Plan • Serve an entry level-product for our customers • Focus on small / start-up company basic IT needs • Market to entrepreneurs, LLCs, single proprietors, small incs • Create a practice to let us hire resellers / installers • Product Offering • “Big Corp.” basic IT suite • Email, Voicemail, Calendaring, Backups, Web Presence, File Share, Domain Plan • Fast set-up, low month-to-month • Componentized, independent services • A-la-carte availability www.convergentinformatics.com
eCompany-in-a-Box • The Developers’ Advantages • We’re experienced in the space • We’ve done this before – “Plan to throw one away” – Brooks • We use it ourselves • Product Development Cycle – 6 Week Waterfall (BDUF) • 350+ line-item features and requirements • “Practice” document (installation punch list) • 30+ Cloud / SaaS vendors researched against requirements • Detail screening of 10 hosting, 6 voice, 5 mail, 2 backup vendors • We love “try before you buy” • User guides, CD-installation • Marketing: web, handouts, phone answer msg, Brand™ www.convergentinformatics.com
eCompany-in-a-Box - Result www.convergentinformatics.com
eCompany-in-a-Box - a 90+ Step Install Tool www.convergentinformatics.com
eCompany-in-a-Box • Engineering and Testing was Simple • We’re engineers … • Bulk of effort (> 60%) went to • User documentation • Promotional website • Promotional brochures • Researching and acquiring trademarks • Creating pricing models • Finding a sales force (work in progress) • Marketing (work in progress) www.convergentinformatics.com
eCommerce Company • Assets of a Defunct $20MM Web Business Sold for a Song • Warehouse of Goods and Fulfillment Vendor in Place • Existing Supplier Contracts • +3.3MM Customers in Database • Data warehouse representing last “state” of the business • 1TB of web creative materials (pix, text, pages, etc.) • Brands and Domain Names • Key product line: high-value, branded cosmetics • 7,058 unfulfilled orders • 20,000 dedicated customers • US, US Territories, and Canada www.convergentinformatics.com
eCommerce Business Plan • Business Plan • Set up new hosted services on Cloud / SaaS Providers • Order Management • Website Hosting • Call Center • Fulfill existing orders and sell to new and legacy customers • Profit! • Additional Cloud/SaaS Vendors Needed • Payment / Credit Card Fulfillment • Bank Relationships • Advertising / Marketing www.convergentinformatics.com
What the Customer Thinks … www.convergentinformatics.com
What the Vendor Talks About … www.convergentinformatics.com
What the Customer Hears … www.convergentinformatics.com
What It Looks Like After He Gets In … www.convergentinformatics.com
What Happens Next … www.convergentinformatics.com
eCommerce Co.’s Business Design CPA / CPM Network WebSite CallCenter Order Mgmt Web I/F Order Mgmt Payment Risk Mgrs Visa, MC, AmEx, etc. Fulfillment / Warehouse Dashboard Banks www.convergentinformatics.com
eCommerce Co.’s Plan • Weak Implementation Plan • Master “punch list” missing, and rejected • “We don’t have time to do that now.” • “We’re using the vendor’s plan.” • But his plan is useful only for his one SaaS component • Limited Business Plan • No marketing plan for domain purchases, mail campaigns • Discovery of other businesses inside the box leads to side work • “Oh hey, we can sell our 3.3MM name customer list for big bux!” • “Someday we’ll market the rest of the inventory.” • Huge Rush • “Doesn’t need to be right, just needs to work now.” www.convergentinformatics.com
eCommerce Company – It’s Kinda Working • Order Management Implementation Delayed • Order catalog took two weeks to understand and set up • SaaS order-upload interface failed with Windows Vista users • Constant vendor contact required – no practice doc • Plan was 40 general items, e.g. “database creation and setup” • User interface docs, data format docs sketchy at best • No test harness – had to write one • Bank account and payment risk management delayed • Website Hosting Problem • Hosting company broke the connection to Order Manager • Five days worth of orders lost • Two-day crash project to move to new web host www.convergentinformatics.com
eCommerce Company – It’s Kinda Working • Order Management is Manual • Company staffers constantly monitor the order stream • Inventory level management is manual • Fulfillment Company • Cycles are slow – shipping happens once a day via batch file • Inventory, customer reports are Excel • Special request to fulfillment company staff • Customer data are different everywhere • Three different points of truth • No single customer view www.convergentinformatics.com
What To Do and Look For • Business Plan • Businesses are about making money. How does my business use its hosted services to make money? • What is my cost per SaaS unit/transaction and how does it add to my total cost? • How do I monitor my consumption of SaaS vendor resources? • What are my cloud vendors’ risks (viability, security, support)? • Market and Customer Plans • How do I use these services to reach my customers? • Does this cloud service deal with my kind of customer? • What does this service do when my customers have problems? www.convergentinformatics.com
What to Do and Look For - Definitions • Case I: “FAX Services” • What services are provided? Single fax, fax campaigns, …? • How do customers send and receive faxes? • On what devices can customers read faxed documents? • Case II: “Shipping and Handling” • What does this charge include? • Who or what software engine computes it? • Call Center, Web site, Order Manager, Fulfillment, or … ? • Is it per unit or per whole order? • Is it discounted or waived (FREE SHIPPING) ever? Under what conditions and when? • Is there a shipping program, eg, Amazon Prime? www.convergentinformatics.com
What to Do and Look For - Requirements • Case I: “Fax Email” • The system must receive a fax transmission and send a PDF image of it to the email address associated with the incoming fax call’s extension number. If no extension number is present, the fax PDF image goes to the email box of the account administrator. • Case II: “Shipping and Handling” • Order Management must compute S&H. • S&H costs are per unit. Multiple units of the same item incur multiple S&H charges up until five of the same units appear in a single order (most S&H charged is for 5 units). • The OM system must enable promotions to waive S&H charges based on SKU, promotion schedule. • This is really a feature set with multiple requirements under it. • This feature should be tied to the Marketing Plan for promotions. www.convergentinformatics.com
What to Do and Look For – Unit Tests • Case I: “Fax Email” • Do: send a multipage fax to a configured phone number. • Expect: all pages arrive in PDF at email address. • Case II: “Shipping and Handling” • Do: send dummy orders with 0, 1, 3, 5, 6, 10 items • Expect: error, $6.95, $20.85, $34.75, $34.75, $34.75 • Do: send dummy promo orders with 0, 1, 3, 5, 6, 10 items • Expect: error, $0, $0, $0, $0, $0 www.convergentinformatics.com
What to Do and Look For – Integration Tests • Case II: “Promotional Order from Web” • Do: Create a shopping cart, enter items A, B, and 2 of C, submit using live credit card number. • Expect: • Correct items A, B, C and qtys recorded in order system • Payment and charge address information to match • Phone and email are correct • Payment computed correctly, including taxes, S&H • Payment clearance notification received from CC processor • Inventory levels updated • Outbound record for Fulfillment generated with correct shipping, items, qty • Email to customer generated w/expected ship date www.convergentinformatics.com
Vendor Questions • Never ask “Can your system do X?” • Of course it can! • Ask “How does it do X?” Be specific, using requirements. • Does the vendor have a implementation practice? • It’s a repeatable process, it’s been done before, and they’ve taken the time to work out the kinks • Hallmarks: • Solid project plan, clear specifications, clear responsibilities • Full documentation, including semantic definitions • Complete execution “punch list” • What risks does the cloud service take on? • e.g. Payment Card Initiative risks • E&O Insurance for sales losses – who bears it? www.convergentinformatics.com
Vendor Questions – the Missing Hairballs • What are the administrative tasks? • Role and responsibility delegation • Business process management, eg, can sales reports be automated? • What training is offered to my team? • How much training is required for each team member and when is it available? • Is there an SLA? • When is the help desk open? The business’s operational plan identifies these roles and needs. In turn, they are non-functional requirements the hosting vendors must meet. www.convergentinformatics.com
Biz/Tech Questions - Details Matter • Banks and Payment • Required for Order Manager to set up catalog / promotions • Accounts and encumbrances needed at every bank • Security • SSL certs required for web site or banks won’t sign on • Banks want security testing before opening up accounts • Every hosting company installs certs differently • Web Services • Where’s the scripting engine and what features does it have? • Who’s got control of .htaccess? • Why does MySQL suck so much wind on this cloud? www.convergentinformatics.com
Biz/Tech Questions – “Little” Contingencies • Is there a Plan “B”? • When the vendor flops • When the vendor cannot support you • When the vendor tells you to take a hike • Who’s on First? • Resolve vendor-vendor, vendor-business finger pointing • Ensure admin access AND responsibilities are clear • Oh, and logins issued, too. Before trouble breaks out. • What company officers are accountable? • Banks, PCI audit, legal, … • Customer feedback, returns, inventory, fraud and loss management, … www.convergentinformatics.com
Where Geeks Can Have Fun • Data Definition • A glossary would be nice • Exact data specifications needed – SaaS vendor docs may be sloppy (“We update our system faster than we can our docs”) • Data Cleanup and Reporting • Dust off your text munging and SQL skills • No vendor’s “custom reports” are ever as custom as desired • Glue Code • Every vendor-vendor interface has hooks or needs help • Web Code • LAMP or Microsoft suites • Opportunities abound in RIAs – nearly all are custom www.convergentinformatics.com
Where Geeks Can Have Fun • Writing Unit and Integration Test Suites • Working with Cloud / SaaS Provider’s Geeks • No interpersonal skills required – they’re geeks, too • Interviewing the other geeks as part of vendor evals • Developing Migration Plans, Processes and Tool Suites • Developing New Products and Services • Review and add functionality • Develop processes the SaaS service won’t/can’t do • Build out derivative / integrated business reporting • Build Services Unavailable in the Cloud www.convergentinformatics.com
Summing Up • The pieces and services are out there • Never write what’s there and never compete with the Internet • Know what the business is, does, and needs • Map that onto processes • Map process needs onto requirements • Review and select services based on processes/requirement • Plan backup vendors / services • Write contracts so you can get your data out! • If your process is wholly at the SaaS vendor, so is your business • Complexity is the enemy • Simplify to the interface level www.convergentinformatics.com
Summing Up • There’s no silver bullet. • The cloud’s silver lining, however, is lower implementation and operational costs and faster time to market by sharing infrastructure, using pre-existing processes and practices, and leveraging vendor expertise. • You must plan before you can mine the silver lining. • Focus more on implementation and deployment and less on coding and set-up. Remember Brook’s 1/6 estimate. • Software engineering practice is now, in part, business engineering practice. • The rules for success remain the same. www.convergentinformatics.com
Useful Stuff • Mark Prothero, “No Silver Bullet II”, 1995 Mar 26 • John Mullins, “Why Business Plans Don’t Deliver”, The Wall Street Journal, 2009 Jun 23 • Richard Oppenheim, “SaaS: Back to the Time Sharing Future”, Progressive Accountant, 2009 Jun 22 • N J Hoover, “GSA Outlines U.S. Government's Cloud Computing Requirements”, InformationWeek Gov’t, 2009 Aug 6 • Amazon Inc., “Creating HIPAA-Compliant Medical Applications with Amazon Web Services”, 2009 April • Fred Brooks, The Mythical Man-Month, 1975, 2/e 1995 www.convergentinformatics.com
Audience Follow-ups Q: In eCompany in a Box, what do you do about the hosting company’s terms and conditions? A: We act as system integrators. We don’t assume any risk. Our clients own the hosting accounts and contracts. They are bound by the terms and conditions, and get billed directly. Our job is to set them up then step back so they have the lowest overhead possible. If they get stuck after deployment, we’ll step in again to right things at a time and materials rate. www.convergentinformatics.com
Audience Follow-ups Q: Which term do you prefer: Web 3.0? Cloud Computing? SaaS? Application Service Provider? A: We refer to the entire class as “hosted services”. They’re essentially “time sharing” (Useful Stuff #3). In many regards, ordinary services are “SaaS” or “Cloud Computing”. To borrow a quip from our friends at Terrosa Technologies, isn’t your bank a “hosted service”, now with a nifty web front end? What about your financial manager, lawyer, accountant, etc.? Google Mail is clearly a hosted service, it just seems more “computer-ish” than your checking accounts and credit cards. www.convergentinformatics.com
Audience Follow-ups Q: What do you do when you cross international boundaries and come under the jurisdiction of other countries? A: Pick your vendors well and know where they host your data and services. Most countries claim jurisdiction over resources that are physically housed within their borders, a problem if a SaaS vendor in one country actually runs on infrastructure services in another. Some are more stringent. Germany’s privacy laws enforce controls over information about German citizens regardless of where the data reside. It’s a legal mess that’s going to take 200 years to iron out. www.convergentinformatics.com
Audience Follow-ups Q: What about security? A: That’s a very, very broad question. Instead of trying to cover every jurisdiction and contingency let’s turn it around: what do you need to do to earn the trust of your customers? Write down those actions and services as requirements, then ensure the hosting service helps you meet them. Example: to grow customer good will, your company wants to refund money electronically upon receipt of returned, undamaged goods (think zappos.com). Your requirements are for a bank/CC company that can handle this type of transaction securely while guarding against embezzlement by your employees. www.convergentinformatics.com
Audience Follow-ups Q: When a service goes down and you move it, how do you force the DNS record change to ensure it keeps running? A: Realistically, most businesses aren’t running nuclear reactors or air traffic control systems. Fail over/fail back and high availability are not requirements because the business’s revenue cannot support the expense. Our experience is that the normal 3-4 hour DNS propagation time is more than adequate. We move our customers starting in the evening, local time, and everything is back in place by morning. www.convergentinformatics.com
Audience Follow-ups Q: I thought [the following link] was an interesting viewpoint of the ‘cloud’ albeit from a non-technical managerial person’s view. http://www.oulixeus.com/your-own-cloud/ A: Thanks! www.convergentinformatics.com