No Silver Bullet III: Business and Software Engineering in the Cloud

lilactruckInternet και Εφαρμογές Web

4 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

67 εμφανίσεις

No Silver Bullet III: Business and
Software Engineering in the Cloud


Karl Geiger, Convergent Informatics, Inc.

IEEE BV Computer Chapter, 9 Sep 2009

The Virtual CIO

Today’s Talk


The Hosted Systems Challenge


Two Case Studies


eCompany
-
in
-
a
-
Box


eCommerce Company


What to Do and Look For


Business Plan


Definitions, Requirements, and Tests


Integration Tests


Vendor Questions


Where Geeks Can Have Fun


Summing Up

9/9/2009

2

www.convergentinformatics.com

The Virtual CIO

About the Speaker


One of four Founders and principals at Convergent
Informatics, Inc., “The Virtual CIO Company”




Former Director of Enterprise Architecture at Amgen, Inc.



Standards and practices


ERP, Clinical Information Systems, Library IR


University of Southern California


Libraries, Mainframe Systems




Education


BA in Classics (Latin and Greek) from USC


MS in Computer Science from California Lutheran University.




Member of IEEE, ACM, AAAS

9/9/2009

3

www.convergentinformatics.com

The Virtual CIO


Founded by four Amgen IT Alums, 2008


We make our clients bigger, nimbler, and more profitable


CICV™ Methodology


eCompany
-
in
-
a
-
Box™


Expertise in life sciences, sales systems, business
engineering, systems development

About Convergent Informatics, Inc.

9/9/2009

4

www.convergentinformatics.com

The Virtual CIO

The Hosted Systems/Services Challenge


Somebody else has bought the
hardware


Somebody else has
written/installed the software


Somebody else has designed the
business process


All You Do is Just Use It!

9/9/2009

5

www.convergentinformatics.com

The Virtual CIO

Word of Warning


I assume you’ve some familiarity with SWE Practices


Systems Development Life Cycle


Requirements Analysis and Management


Testing


Deployment


Methodologies (Waterfall, UP, XP, Scrum, Spiral)


If not …


Interrupt me to ask


It’s always good to expose the speaker’s ignorance


See IEEE Software Engineering Body Of Knowledge



http://www.swebok.org/

9/9/2009

6

www.convergentinformatics.com

The Virtual CIO

Two Case Studies


eCompany
-
in
-
a
-
Box


Integrated office suite


Hosted basic IT infrastructure


Targets startups and small businesses (< 100)


Introductory product offering


Speed + service + flexibility + low
-
cost


eCommerce Rescue


Bankrupted company’s assets


Warehouse and database of open orders


Re
-
load onto SaaS order management, fulfillment, call center


Biz Plan: “Turn it back on and hey
-
presto it makes money”

9/9/2009

7

www.convergentinformatics.com

The Virtual CIO

eCompany
-
in
-
a
-
Box


Business Plan


Serve an entry level
-
product for our customers


Focus on small / start
-
up company basic IT needs


Market to entrepreneurs, LLCs, single proprietors, small incs


Create a practice to let us hire resellers / installers


Product Offering


“Big Corp.” basic IT suite


Email, Voicemail, Calendaring, Backups, Web Presence, File Share,
Domain Plan


Fast

set
-
up, low month
-
to
-
month


Componentized, independent services


A
-
la
-
carte availability

9/9/2009

8

www.convergentinformatics.com

The Virtual CIO

eCompany
-
in
-
a
-
Box


The Developers’ Advantages


We’re experienced in the space


We’ve done this before


“Plan to throw one away”


Brooks


We use it ourselves


Product Development Cycle


6 Week Waterfall (BDUF)


350+ line
-
item features and requirements


“Practice” document (installation punch list)


30+ Cloud / SaaS vendors researched against requirements


Detail screening of 10 hosting, 6 voice, 5 mail, 2 backup vendors


We love “try before you buy”


User guides, CD
-
installation


Marketing: web, handouts, phone answer msg, Brand™

9/9/2009

9

www.convergentinformatics.com

The Virtual CIO

eCompany
-
in
-
a
-
Box
-

Result

9/9/2009

10

www.convergentinformatics.com

The Virtual CIO

eCompany
-
in
-
a
-
Box
-

a 90+ Step Install Tool

9/9/2009

11

www.convergentinformatics.com

The Virtual CIO

eCompany
-
in
-
a
-
Box


Engineering and Testing was Simple


We’re engineers …


Bulk of effort (> 60%) went to


User documentation


Promotional website


Promotional brochures


Researching and acquiring trademarks


Creating pricing models


Finding a sales force (work in progress)


Marketing (work in progress)


9/9/2009

12

www.convergentinformatics.com

The Virtual CIO

eCommerce Company


Assets of a Defunct $20MM Web Business Sold for a Song


Warehouse of Goods and Fulfillment Vendor in Place


Existing Supplier Contracts


+3.3MM Customers in Database


Data warehouse representing last “state” of the business


1TB of web creative materials (pix, text, pages, etc.)


Brands and Domain Names


Key product line: high
-
value, branded cosmetics


7,058 unfulfilled orders


20,000 dedicated customers


US, US Territories, and Canada



9/9/2009

13

www.convergentinformatics.com

The Virtual CIO

eCommerce Business Plan


Business Plan


Set up new hosted services on Cloud /
SaaS

Providers


Order Management


Website Hosting


Call Center


Fulfill existing orders and sell to new and legacy customers


Profit!


Additional Cloud/
SaaS

Vendors Needed


Payment / Credit Card Fulfillment


Bank Relationships


Advertising / Marketing


9/9/2009

14

www.convergentinformatics.com

The Virtual CIO

What the Customer Thinks …

9/9/2009

15

www.convergentinformatics.com

The Virtual CIO

What the Vendor Talks About …

9/9/2009

16

www.convergentinformatics.com

The Virtual CIO

What the Customer Hears …

9/9/2009

17

www.convergentinformatics.com

The Virtual CIO

What It Looks Like After He Gets In …

9/9/2009

18

www.convergentinformatics.com

The Virtual CIO

What Happens Next …

9/9/2009

19

www.convergentinformatics.com

The Virtual CIO

eCommerce Co.’s Business Design

CPA / CPM

Network

Web

Site

Call

Center

Order
Mgmt

Payment

Risk Mgrs

Visa, MC,
AmEx, etc.

Banks

Fulfillment /
Warehouse

Order Mgmt

Web I/F

Dashboard

9/9/2009

20

www.convergentinformatics.com

The Virtual CIO

eCommerce Co.’s Plan


Weak Implementation Plan


Master “punch list” missing, and rejected


“We don’t have time to do that now.”


“We’re using the vendor’s plan.”


But his plan is useful only for his one SaaS component


Limited Business Plan


No marketing plan for domain purchases, mail campaigns


Discovery of other businesses inside the box leads to side work


“Oh hey, we can sell our 3.3MM name customer list for big bux!”


“Someday we’ll market the rest of the inventory.”


Huge Rush


“Doesn’t need to be right, just needs to work now.”


9/9/2009

21

www.convergentinformatics.com

The Virtual CIO

eCommerce Company


It’s
Kinda

Working


Order Management Implementation Delayed


Order catalog took two weeks to understand and set up


SaaS order
-
upload interface failed with Windows Vista users


Constant vendor contact required


no practice doc


Plan was 40 general items, e.g. “database creation and setup”


User interface docs, data format docs sketchy at best


No test harness


had to write one


Bank account and payment risk management delayed


Website Hosting Problem


Hosting company broke the connection to Order Manager


Five days worth of orders lost


Two
-
day crash project to move to new web host

9/9/2009

22

www.convergentinformatics.com

The Virtual CIO

eCommerce Company


It’s
Kinda

Working


Order Management is Manual


Company staffers constantly monitor the order stream


Inventory level management is manual


Fulfillment Company


Cycles are slow


shipping happens once a day via batch file


Inventory, customer reports are Excel


Special request to fulfillment company staff


Customer data are different everywhere


Three different points of truth


No single customer view

9/9/2009

23

www.convergentinformatics.com

The Virtual CIO

What To Do and Look For


Business Plan


Businesses are about making money. How does my business
use its hosted services to make money?


What is my cost per SaaS unit/transaction and how does it add
to my total cost?


How do I monitor my consumption of SaaS vendor resources?


What are my cloud vendors’ risks (viability, security, support)?


Market and Customer Plans


How do I use these services to reach my customers?


Does this cloud service deal with my kind of customer?


What does this service do when my customers have problems?


9/9/2009

24

www.convergentinformatics.com

The Virtual CIO

What to Do and Look For
-

Definitions


Case I: “FAX Services”


What services are provided? Single fax, fax campaigns, …?


How do customers send and receive faxes?


On what devices can customers read faxed documents?


Case II: “Shipping and Handling”


What does this charge include?


Who or what software engine computes it?


Call Center, Web site, Order Manager, Fulfillment, or … ?


Is it per unit or per whole order?


Is it discounted or waived (
FREE SHIPPING
) ever? Under what
conditions and when?


Is there a shipping program,
eg
, Amazon Prime?

9/9/2009

25

www.convergentinformatics.com

The Virtual CIO

What to Do and Look For
-

Requirements


Case I: “Fax Email”


The system must receive a fax transmission and send a PDF image of it
to the email address associated with the incoming fax call’s extension
number. If no extension number is present, the fax PDF image goes to
the email box of the account administrator.


Case II: “Shipping and Handling”


Order Management must compute S&H.


S&H costs are per unit. Multiple units of the same item incur multiple
S&H charges up until five of the same units appear in a single order
(most S&H charged is for 5 units).


The OM system must enable promotions to waive S&H charges based on
SKU, promotion schedule.


This is really a feature set with multiple requirements under it.


This feature should be tied to the Marketing Plan for promotions.

9/9/2009

26

www.convergentinformatics.com

The Virtual CIO

What to Do and Look For


Unit Tests


Case I: “Fax Email”


Do: send a multipage fax to a configured phone number.


Expect: all pages arrive in PDF at email address.


Case II: “Shipping and Handling”


Do: send dummy orders with 0, 1, 3, 5, 6, 10 items


Expect:
error
, $6.95, $20.85, $34.75, $34.75, $34.75


Do: send dummy promo orders with 0, 1, 3, 5, 6, 10 items


Expect:
error
, $0, $0, $0, $0, $0

9/9/2009

27

www.convergentinformatics.com

The Virtual CIO

What to Do and Look For


Integration Tests


Case II: “Promotional Order from Web”


Do: Create a shopping cart, enter items A, B, and 2 of C, submit
using live credit card number.


Expect:


Correct items A, B, C and qtys recorded in order system


Payment and charge address information to match


Phone and email are correct


Payment computed correctly, including taxes, S&H


Payment clearance notification received from CC processor


Inventory levels updated


Outbound record for Fulfillment generated with correct
shipping, items, qty


Email to customer generated w/expected ship date

9/9/2009

28

www.convergentinformatics.com

The Virtual CIO

Vendor Questions


Never ask “Can your system do
X
?”


Of course it can!


Ask “How does it do
X
?” Be specific, using requirements.


Does the vendor have a implementation
practice
?


It’s a repeatable process, it’s been done before, and they’ve taken the
time to work out the kinks


Hallmarks:


Solid project plan, clear specifications, clear responsibilities


Full documentation, including semantic definitions


Complete execution “punch list”


What risks does the cloud service take on?


e.g. Payment Card Initiative risks


E&O Insurance for sales losses


who bears it?

9/9/2009

29

www.convergentinformatics.com

The Virtual CIO

Vendor Questions


the Missing Hairballs


What are the administrative tasks?


Role and responsibility delegation


Business process management, eg,
can sales reports be automated?


What training is offered to my team?


How much training is required for
each team member and when is it
available?


Is there an SLA?


When is the help desk open?

The business’s operational plan identifies these roles and needs. In turn, they
are non
-
functional requirements the hosting vendors must meet.

9/9/2009

30

www.convergentinformatics.com

The Virtual CIO

Biz/Tech Questions
-

Details Matter


Banks and Payment


Required for Order Manager to set up catalog / promotions


Accounts and encumbrances needed at
every

bank


Security


SSL certs required for web site or banks won’t sign on


Banks want security testing before opening up accounts


Every

hosting company installs certs differently


Web Services


Where’s the scripting engine and what features does it have?


Who’s got control of .htaccess?


Why does MySQL suck so much wind on this cloud?

9/9/2009

31

www.convergentinformatics.com

The Virtual CIO

Biz/Tech Questions


“Little” Contingencies


Is there a Plan “B”?


When the vendor flops


When the vendor cannot support you


When the vendor tells you to take a hike


Who’s on First?


Resolve vendor
-
vendor, vendor
-
business finger pointing


Ensure admin access AND responsibilities are clear


Oh, and logins issued, too. Before trouble breaks out.


What company officers are accountable?


Banks, PCI audit, legal, …


Customer feedback, returns, inventory, fraud and loss
management, …


9/9/2009

32

www.convergentinformatics.com

The Virtual CIO

Where Geeks Can Have Fun


Data Definition


A glossary would be nice


Exact

data specifications needed


SaaS vendor docs may be
sloppy (“We update our system faster than we can our docs”)


Data Cleanup and Reporting


Dust off your text munging and SQL skills


No vendor’s “custom reports” are ever as custom as desired


Glue Code


Every vendor
-
vendor interface has hooks or needs help


Web Code


LAMP or Microsoft suites


Opportunities abound in RIAs


nearly all are custom

9/9/2009

33

www.convergentinformatics.com

The Virtual CIO

Where Geeks Can Have Fun


Writing Unit and Integration Test Suites


Working with Cloud / SaaS Provider’s Geeks


No interpersonal skills required


they’re geeks, too


Interviewing the other geeks as part of vendor evals


Developing Migration Plans, Processes and Tool Suites


Developing New Products and Services


Review and add functionality


Develop processes the SaaS service won’t/can’t do


Build out derivative / integrated business reporting


Build Services Unavailable in the Cloud

9/9/2009

34

www.convergentinformatics.com

The Virtual CIO

Summing Up


The pieces and services are out there


Never write what’s there and never compete with the Internet


Know what the business is, does, and needs


Map that onto processes


Map process needs onto requirements


Review and select services based on processes/requirement


Plan backup vendors / services


Write contracts so you can get your data out!


If your process is wholly at the SaaS vendor, so is your business


Complexity is the enemy


Simplify to the interface level

9/9/2009

35

www.convergentinformatics.com

The Virtual CIO

Summing Up


There’s no silver bullet.


The cloud’s silver lining, however, is lower
implementation and operational costs and faster time to
market by sharing infrastructure, using pre
-
existing
processes and practices, and leveraging vendor expertise.


You must plan before you can mine the silver lining.


Focus more on implementation and deployment and less
on coding and set
-
up. Remember Brook’s 1/6 estimate.


Software engineering practice is now, in part, business
engineering practice.


The rules for success remain the same.

9/9/2009

www.convergentinformatics.com


36

The Virtual CIO

Useful Stuff

1.
Mark
Prothero
, “
No Silver Bullet II
”, 1995 Mar 26

2.
John Mullins, “
Why Business Plans Don’t Deliver
”,
The
Wall Street Journal
, 2009 Jun 23

3.
Richard Oppenheim, “
SaaS
: Back to the Time Sharing
Future
”,
Progressive Accountant
, 2009 Jun 22

4.
N J Hoover, “
GSA Outlines U.S. Government's Cloud
Computing Requirements
”,
InformationWeek
Gov’t
,
2009 Aug 6

5.
Amazon Inc., “
Creating HIPAA
-
Compliant Medical
Applications with Amazon Web Services
”, 2009 April

6.
Fred Brooks,
The Mythical Man
-
Month
, 1975, 2/e 1995


9/9/2009

37

www.convergentinformatics.com

The Virtual CIO

Audience Follow
-
ups

Q: In eCompany in a Box, what do you do about the hosting
company’s terms and conditions?

A: We act as system integrators. We don’t assume any risk.
Our clients own the hosting accounts and contracts. They
are bound by the terms and conditions, and get billed
directly. Our job is to set them up then step back so they
have the lowest overhead possible. If they get stuck
after deployment, we’ll step in again to right things at a
time and materials rate.


9/9/2009

www.convergentinformatics.com


38

The Virtual CIO

Audience Follow
-
ups

Q: Which term do you prefer: Web 3.0? Cloud Computing?
SaaS? Application Service Provider?

A: We refer to the entire class as “hosted services”. They’re
essentially “time sharing” (Useful Stuff #3). In many
regards, ordinary services are “SaaS” or “Cloud
Computing”. To borrow a quip from our friends at
Terrosa
Technologies
, isn’t your bank a “hosted service”, now with
a nifty web front end? What about your financial
manager, lawyer, accountant, etc.? Google Mail is clearly
a hosted service, it just seems more “computer
-
ish” than
your checking accounts and credit cards.

9/9/2009

www.convergentinformatics.com


39

The Virtual CIO

Audience Follow
-
ups

Q: What do you do when you cross international
boundaries and come under the jurisdiction of other
countries?

A: Pick your vendors well and know where they host your
data and services. Most countries claim jurisdiction over
resources that are physically housed within their borders,
a problem if a SaaS vendor in one country actually runs
on infrastructure services in another. Some are more
stringent. Germany’s privacy laws enforce controls over
information about German citizens regardless of where
the data reside. It’s a legal mess that’s going to take 200
years to iron out.

9/9/2009

www.convergentinformatics.com


40

The Virtual CIO

Audience Follow
-
ups

Q: What about security?

A: That’s a very, very broad question. Instead of trying to
cover every jurisdiction and contingency let’s turn it
around: what do you need to do to earn the trust of your
customers? Write down those actions and services as
requirements, then ensure the hosting service helps you
meet them. Example: to grow customer good will, your
company wants to refund money electronically upon
receipt of returned, undamaged goods (think
zappos.com). Your requirements are for a bank/CC
company that can handle this type of transaction securely
while guarding against embezzlement by your employees.

9/9/2009

www.convergentinformatics.com


41

The Virtual CIO

Audience Follow
-
ups

Q: When a service goes down and you move it, how do you
force the DNS record change to ensure it keeps running?

A: Realistically, most businesses aren’t running nuclear
reactors or air traffic control systems. Fail over/fail back
and high availability are not requirements because the
business’s revenue cannot support the expense. Our
experience is that the normal 3
-
4 hour DNS propagation
time is more than adequate. We move our customers
starting in the evening, local time, and everything is back
in place by morning.

9/9/2009

www.convergentinformatics.com


42

The Virtual CIO

Audience Follow
-
ups

Q: I thought [the following link] was an interesting
viewpoint of the ‘cloud’ albeit from a non
-
technical
managerial person’s view.


http://www.oulixeus.com/your
-
own
-
cloud/


A: Thanks!

9/9/2009

www.convergentinformatics.com


43