No Silver Bullet III: Business and Software Engineering in

No Silver Bullet III: Business and Software Engineering in the

CloudKarl Geiger, Convergent Informatics, Inc.IEEE BV Computer Chapter, 9 Sep 2009

The Virtual CIO

Today’s Talk The Hosted Systems Challenge Two Case Studies

eCompany-in-a-Box eCommerce Company

What to Do and Look For Business Plan Definitions, Requirements, and Tests Integration Tests Vendor Questions

Where Geeks Can Have Fun Summing Up

9/9/20092 www.convergentinformatics.com

The Virtual CIO

About the Speaker One of four Founders and principals at Convergent

Informatics, Inc., “The Virtual CIO Company” Former Director of Enterprise Architecture at Amgen, Inc.

Standards and practices ERP, Clinical Information Systems, Library IR

University of Southern California Libraries, Mainframe Systems

Education BA in Classics (Latin and Greek) from USC MS in Computer Science from California Lutheran University.

Member of IEEE, ACM, AAAS


The Virtual CIO

Founded by four Amgen IT Alums, 2008 We make our clients bigger, nimbler, and more profitable

CICV™ Methodology eCompany-in-a-Box™

Expertise in life sciences, sales systems, business engineering, systems development

About Convergent Informatics, Inc.


The Virtual CIO

The Hosted Systems/Services Challenge

Somebody else has bought the hardware

Somebody else has written/installed the software

Somebody else has designed the business process

All You Do is Just Use It!


The Virtual CIO

Word of Warning I assume you’ve some familiarity with SWE Practices

Systems Development Life Cycle Requirements Analysis and Management Testing Deployment Methodologies (Waterfall, UP, XP, Scrum, Spiral)

If not … Interrupt me to ask It’s always good to expose the speaker’s ignorance

See IEEE Software Engineering Body Of Knowledge http://www.swebok.org/


The Virtual CIO

Two Case Studies eCompany-in-a-Box

Integrated office suite Hosted basic IT infrastructure Targets startups and small businesses (< 100)

Introductory product offering Speed + service + flexibility + low-cost

eCommerce Rescue Bankrupted company’s assets Warehouse and database of open orders Re-load onto SaaS order management, fulfillment, call center Biz Plan: “Turn it back on and hey-presto it makes money”


The Virtual CIO

eCompany-in-a-Box Business Plan

Serve an entry level-product for our customers Focus on small / start-up company basic IT needs Market to entrepreneurs, LLCs, single proprietors, small incs Create a practice to let us hire resellers / installers

Product Offering “Big Corp.” basic IT suite

Email, Voicemail, Calendaring, Backups, Web Presence, File Share, Domain Plan

Fast set-up, low month-to-month Componentized, independent services A-la-carte availability


The Virtual CIO

eCompany-in-a-Box The Developers’ Advantages

We’re experienced in the space We’ve done this before – “Plan to throw one away” – Brooks We use it ourselves

Product Development Cycle – 6 Week Waterfall (BDUF) 350+ line-item features and requirements “Practice” document (installation punch list) 30+ Cloud / SaaS vendors researched against requirements

Detail screening of 10 hosting, 6 voice, 5 mail, 2 backup vendors We love “try before you buy”

User guides, CD-installation Marketing: web, handouts, phone answer msg, Brand™


The Virtual CIO

eCompany-in-a-Box - Result


The Virtual CIO

eCompany-in-a-Box - a 90+ Step Install Tool


The Virtual CIO

eCompany-in-a-Box Engineering and Testing was Simple

We’re engineers … Bulk of effort (> 60%) went to

User documentation Promotional website Promotional brochures Researching and acquiring trademarks Creating pricing models Finding a sales force (work in progress) Marketing (work in progress)


The Virtual CIO

eCommerce Company Assets of a Defunct $20MM Web Business Sold for a Song

Warehouse of Goods and Fulfillment Vendor in Place Existing Supplier Contracts +3.3MM Customers in Database Data warehouse representing last “state” of the business 1TB of web creative materials (pix, text, pages, etc.) Brands and Domain Names

Key product line: high-value, branded cosmetics 7,058 unfulfilled orders 20,000 dedicated customers US, US Territories, and Canada


The Virtual CIO

eCommerce Business Plan Business Plan

Set up new hosted services on Cloud / SaaS Providers Order Management Website Hosting Call Center

Fulfill existing orders and sell to new and legacy customers Profit!

Additional Cloud/SaaS Vendors Needed Payment / Credit Card Fulfillment Bank Relationships Advertising / Marketing


The Virtual CIO

What the Customer Thinks …


The Virtual CIO

What the Vendor Talks About …


The Virtual CIO

What the Customer Hears …


The Virtual CIO

What It Looks Like After He Gets In …


The Virtual CIO

What Happens Next …


The Virtual CIO

eCommerce Co.’s Business Design

CPA / CPMNetworkWeb SiteCall Center

Order Mgmt

PaymentRisk Mgrs

Visa, MC, AmEx, etc.

BanksFulfillment / Warehouse

Order MgmtWeb I/F

Dashboard


The Virtual CIO

eCommerce Co.’s Plan Weak Implementation Plan

Master “punch list” missing, and rejected “We don’t have time to do that now.” “We’re using the vendor’s plan.”

But his plan is useful only for his one SaaS component Limited Business Plan

No marketing plan for domain purchases, mail campaigns Discovery of other businesses inside the box leads to side work

“Oh hey, we can sell our 3.3MM name customer list for big bux!” “Someday we’ll market the rest of the inventory.”

Huge Rush “Doesn’t need to be right, just needs to work now.”


The Virtual CIO

eCommerce Company – It’s Kinda Working Order Management Implementation Delayed

Order catalog took two weeks to understand and set up SaaS order-upload interface failed with Windows Vista users Constant vendor contact required – no practice doc

Plan was 40 general items, e.g. “database creation and setup” User interface docs, data format docs sketchy at best No test harness – had to write one

Bank account and payment risk management delayed Website Hosting Problem

Hosting company broke the connection to Order Manager Five days worth of orders lost Two-day crash project to move to new web host


The Virtual CIO

eCommerce Company – It’s Kinda Working Order Management is Manual

Company staffers constantly monitor the order stream Inventory level management is manual

Fulfillment Company Cycles are slow – shipping happens once a day via batch file Inventory, customer reports are Excel

Special request to fulfillment company staff Customer data are different everywhere

Three different points of truth No single customer view


The Virtual CIO

What To Do and Look For Business Plan

Businesses are about making money. How does my business use its hosted services to make money?

What is my cost per SaaS unit/transaction and how does it add to my total cost?

How do I monitor my consumption of SaaS vendor resources? What are my cloud vendors’ risks (viability, security, support)?

Market and Customer Plans How do I use these services to reach my customers? Does this cloud service deal with my kind of customer? What does this service do when my customers have problems?


The Virtual CIO

What to Do and Look For - Definitions Case I: “FAX Services”

What services are provided? Single fax, fax campaigns, …? How do customers send and receive faxes? On what devices can customers read faxed documents?

Case II: “Shipping and Handling” What does this charge include? Who or what software engine computes it?

Call Center, Web site, Order Manager, Fulfillment, or … ? Is it per unit or per whole order? Is it discounted or waived (FREE SHIPPING) ever? Under what

conditions and when? Is there a shipping program, eg, Amazon Prime?


The Virtual CIO

What to Do and Look For - Requirements Case I: “Fax Email”

The system must receive a fax transmission and send a PDF image of it to the email address associated with the incoming fax call’s extension number. If no extension number is present, the fax PDF image goes to the email box of the account administrator.

Case II: “Shipping and Handling” Order Management must compute S&H. S&H costs are per unit. Multiple units of the same item incur multiple

S&H charges up until five of the same units appear in a single order (most S&H charged is for 5 units).

The OM system must enable promotions to waive S&H charges based on SKU, promotion schedule. This is really a feature set with multiple requirements under it. This feature should be tied to the Marketing Plan for promotions.


The Virtual CIO

What to Do and Look For – Unit Tests Case I: “Fax Email”

Do: send a multipage fax to a configured phone number. Expect: all pages arrive in PDF at email address.

Case II: “Shipping and Handling” Do: send dummy orders with 0, 1, 3, 5, 6, 10 items Expect: error, $6.95, $20.85, $34.75, $34.75, $34.75 Do: send dummy promo orders with 0, 1, 3, 5, 6, 10 items Expect: error, $0, $0, $0, $0, $0


The Virtual CIO

What to Do and Look For – Integration Tests Case II: “Promotional Order from Web”

Do: Create a shopping cart, enter items A, B, and 2 of C, submit using live credit card number.

Expect: Correct items A, B, C and qtys recorded in order system Payment and charge address information to match Phone and email are correct Payment computed correctly, including taxes, S&H Payment clearance notification received from CC processor Inventory levels updated Outbound record for Fulfillment generated with correct shipping,

items, qty Email to customer generated w/expected ship date


The Virtual CIO

Vendor Questions Never ask “Can your system do X?”

Of course it can! Ask “How does it do X?” Be specific, using requirements.

Does the vendor have a implementation practice? It’s a repeatable process, it’s been done before, and they’ve taken the

time to work out the kinks Hallmarks:

Solid project plan, clear specifications, clear responsibilities Full documentation, including semantic definitions Complete execution “punch list”

What risks does the cloud service take on? e.g. Payment Card Initiative risks E&O Insurance for sales losses – who bears it?


The Virtual CIO

Vendor Questions – the Missing Hairballs

What are the administrative tasks? Role and responsibility delegation Business process management, eg,

can sales reports be automated? What training is offered to my team? How much training is required for

each team member and when is it available?

Is there an SLA? When is the help desk open?

The business’s operational plan identifies these roles and needs. In turn, they are non-functional requirements the hosting vendors must meet.


The Virtual CIO

Biz/Tech Questions - Details Matter Banks and Payment

Required for Order Manager to set up catalog / promotions Accounts and encumbrances needed at every bank

Security SSL certs required for web site or banks won’t sign on Banks want security testing before opening up accounts Every hosting company installs certs differently

Web Services Where’s the scripting engine and what features does it have? Who’s got control of .htaccess? Why does MySQL suck so much wind on this cloud?


The Virtual CIO

Biz/Tech Questions – “Little” Contingencies Is there a Plan “B”?

When the vendor flops When the vendor cannot support you When the vendor tells you to take a hike

Who’s on First? Resolve vendor-vendor, vendor-business finger pointing Ensure admin access AND responsibilities are clear

Oh, and logins issued, too. Before trouble breaks out. What company officers are accountable?

Banks, PCI audit, legal, … Customer feedback, returns, inventory, fraud and loss

management, …9/9/200932 www.convergentinformatics.com

The Virtual CIO

Where Geeks Can Have Fun Data Definition

A glossary would be nice Exact data specifications needed – SaaS vendor docs may be

sloppy (“We update our system faster than we can our docs”) Data Cleanup and Reporting

Dust off your text munging and SQL skills No vendor’s “custom reports” are ever as custom as desired

Glue Code Every vendor-vendor interface has hooks or needs help

Web Code LAMP or Microsoft suites Opportunities abound in RIAs – nearly all are custom


The Virtual CIO

Where Geeks Can Have Fun

Writing Unit and Integration Test Suites Working with Cloud / SaaS Provider’s Geeks

No interpersonal skills required – they’re geeks, too Interviewing the other geeks as part of vendor evals

Developing Migration Plans, Processes and Tool Suites Developing New Products and Services

Review and add functionality Develop processes the SaaS service won’t/can’t do Build out derivative / integrated business reporting

Build Services Unavailable in the Cloud


The Virtual CIO

Summing Up

The pieces and services are out there Never write what’s there and never compete with the Internet

Know what the business is, does, and needs Map that onto processes Map process needs onto requirements Review and select services based on processes/requirement

Plan backup vendors / services Write contracts so you can get your data out! If your process is wholly at the SaaS vendor, so is your business

Complexity is the enemy Simplify to the interface level


The Virtual CIO

Summing Up There’s no silver bullet. The cloud’s silver lining, however, is lower

implementation and operational costs and faster time to market by sharing infrastructure, using pre-existing processes and practices, and leveraging vendor expertise.

You must plan before you can mine the silver lining. Focus more on implementation and deployment and less

on coding and set-up. Remember Brook’s 1/6 estimate. Software engineering practice is now, in part, business

engineering practice. The rules for success remain the same.

9/9/2009www.convergentinformatics.com 36

The Virtual CIO

Useful Stuff1. Mark Prothero, “No Silver Bullet II”, 1995 Mar 262. John Mullins, “Why Business Plans Don’t Deliver”, The

Wall Street Journal, 2009 Jun 233. Richard Oppenheim, “SaaS: Back to the Time Sharing

Future”, Progressive Accountant, 2009 Jun 224. N J Hoover, “GSA Outlines U.S. Government's Cloud

Computing Requirements”, InformationWeek Gov’t, 2009 Aug 6

5. Amazon Inc., “Creating HIPAA-Compliant Medical Applications with Amazon Web Services”, 2009 April

6. Fred Brooks, The Mythical Man-Month, 1975, 2/e 1995


The Virtual CIO

Audience Follow-upsQ: In eCompany in a Box, what do you do about the hosting

company’s terms and conditions?A: We act as system integrators. We don’t assume any risk.

Our clients own the hosting accounts and contracts. They are bound by the terms and conditions, and get billed directly. Our job is to set them up then step back so they have the lowest overhead possible. If they get stuck after deployment, we’ll step in again to right things at a time and materials rate.


The Virtual CIO

Audience Follow-upsQ: Which term do you prefer: Web 3.0? Cloud Computing?

SaaS? Application Service Provider?A: We refer to the entire class as “hosted services”.

They’re essentially “time sharing” (Useful Stuff #3). In many regards, ordinary services are “SaaS” or “Cloud Computing”. To borrow a quip from our friends at Terrosa Technologies, isn’t your bank a “hosted service”, now with a nifty web front end? What about your financial manager, lawyer, accountant, etc.? Google Mail is clearly a hosted service, it just seems more “computer-ish” than your checking accounts and credit cards.


The Virtual CIO

Audience Follow-upsQ: What do you do when you cross international

boundaries and come under the jurisdiction of other countries?

A: Pick your vendors well and know where they host your data and services. Most countries claim jurisdiction over resources that are physically housed within their borders, a problem if a SaaS vendor in one country actually runs on infrastructure services in another. Some are more stringent. Germany’s privacy laws enforce controls over information about German citizens regardless of where the data reside. It’s a legal mess that’s going to take 200 years to iron out.


The Virtual CIO

Audience Follow-upsQ: What about security?A: That’s a very, very broad question. Instead of trying to

cover every jurisdiction and contingency let’s turn it around: what do you need to do to earn the trust of your customers? Write down those actions and services as requirements, then ensure the hosting service helps you meet them. Example: to grow customer good will, your company wants to refund money electronically upon receipt of returned, undamaged goods (think zappos.com). Your requirements are for a bank/CC company that can handle this type of transaction securely while guarding against embezzlement by your employees.


The Virtual CIO

Audience Follow-upsQ: When a service goes down and you move it, how do you

force the DNS record change to ensure it keeps running?A: Realistically, most businesses aren’t running nuclear

reactors or air traffic control systems. Fail over/fail back and high availability are not requirements because the business’s revenue cannot support the expense. Our experience is that the normal 3-4 hour DNS propagation time is more than adequate. We move our customers starting in the evening, local time, and everything is back in place by morning.


The Virtual CIO

Audience Follow-upsQ: I thought [the following link] was an interesting

viewpoint of the ‘cloud’ albeit from a non-technical managerial person’s view.

http://www.oulixeus.com/your-own-cloud/

A: Thanks!


Documents

No Silver Bullet III: Business and Software Engineering in