When last I spoke with Tony Kerrison, who today is CTO at Amsterdam-based banking giant ING ($1.6 trillion in assets), he was global head of IT at Merrill Lynch. Even way back in 2008, he was building a cloud-like infrastructure for the Thundering Herd, creating a "stateless infrastructure" for data center servers and rolling out virtual workstations. Three years later, he is implementing his cloud-computing vision at ING and developing cloud computing standards within the TM Forum's Enterprise Cloud Leadership Council. He spent time with us this week sharing information about the cloud computing projects he's started at ING, how cloud computing is changing the working lives of bank technology leaders and how the industry can and should be creating standards and requirements for cloud computing providers.
Bank Systems & Technology: To what extent has ING adopted cloud computing?
Kerrison: For the last year, we've been building our own private cloud, which is helping us understand how a cloud infrastructure can work in our environment and how to apply the resources to support it and put more and more applications in our cloud environment.
At same time, although we don't use any public cloud infrastructure at this point, we're watching it carefully, in particular utility applications such as email-as-a-service. We're also looking at how we can develop cloud testing services, because we've built an internal center of excellence around testing.
BS&T: What is the scope of your private cloud, and what types of applications are you running in it?
Kerrison: The infrastructure we've created is x86 based and we're using self-provisioning tools on top of that. We're restricted from talking about specific vendors. Our application groups are able to spin up their own environments for testing and development in the cloud. We've also built a grid on the same infrastructure and we're deploying some of our commercial banking applications there. We're being cautious, we're focused on low priority and low criticality apps at this stage, but the results so far indicate we can push ahead.
BS&T: Can you share what percent of your applications today are running on some kind of cloud, and where you see that one to five years from now?
Kerrison: Somewhere around 5% of our application portfolio today are on our private cloud. We expect that to grow significantly in 2011 and we could be up to around 20% at the end of the year. We're going to learn as we go forward and reexamine the complexity of the environment we have, which apps it makes sense to cloud-enable, and how do we invest the time and money to make them cloud enabled. This will definitely be a year of deployment -- in 2010 we built the foundation to deploy in 2011.
We also spend a fair amount of time implementing virtual desktop infrastructure at ING that could evolve into an external cloud service, which might be called desktop as a service. All our remote access comes through our VDI environment, as well as about 10% of the population of ING. That's growing exponentially.
BS&T: When you say remote access, do you mean people who work from home or in remote offices?
Kerrison: It's both, actually. It gives ING more mobility, it opens lots of opportunities for us. People are able to do all their daily work from another location, such as an office on an ING campus or from home. It's a very good, flexible way for people to do their work.
BS&T: Do you see rolling VDI out throughout the bank, with eventually all desktops being virtual?
Kerrison: We offer four different types of desktops. There are still laptop users who need to work on planes, trains, and such. There are some high-power users who don't use virtual desktops. But the majority of ING users will be on VDI base as we head into 2012, we think that will just grow over time.
We do VDI not only on standardized thin clients at offices and home, but we're also rolling it out through mobile devices such as the iPad.
BS&T: Does ING have a desktop instance or apps that run on the iPad already?
Kerrison: We've got some applications, such as email, in test right now.
BS&T: What would you say are the main benefits for banks of VDI; is it the flexibility, is it less expensive?
Kerrison: It's a number of dimensions. The underlying infrastructure will be less expensive, although the cost of PCs and laptops is coming down. But over time, you get the flexibility and independence that goes with the ability to have any device connected as the desktop. It also drives down real estate costs as people can work from home or desk sharing.
BS&T: Does that parallel some of the benefits of your private cloud?
Kerrison: The private cloud helps us optimize the equipment in the back end; virtualization and consolidation provide significant benefits for us. The provisioning capability and the standards we're setting will create more productivity for the application teams, starting with testing and into production.
BS&T: At what point would you say you crossed the line from large-scale virtualization to cloud?
Kerrison: Over the last couple of years, we've been pushing hard on virtualization. In 2010, we began further improving our use of server virtualization for productivity and efficiency. As we set standards around self provisioning and educated people on what virtualization and cloud services were, it became clear we were moving toward a cloud environment rather than straight virtualization. I don't think one day we woke up and said today it's virtualization, tomorrow it's cloud, but the things we were doing were leading us to become a service-based IT organization, which moved us toward a cloud infrastructure. Over time, although we've currently focused on our private cloud, the goal is to look for more opportunity to migrate certain utility applications from the private cloud through a hybrid environment to the public cloud. As the regulations, standards and service levels become clear, we should be trying to exploit those low-cost environments.
BS&T: Some bankers feel that they'll never put their most sensitive data or highest speed apps on a cloud. Where do you stand on that? Do you feel this is where IT is heading and it's only a matter of time, or are there any apps you would never put on a public cloud?
Kerrison: I would say, never say never. The reality is all of us have to manage a portfolio of different applications that have different attributes and requirements. Once you determine the technical capabilities and requirements of your apps, you then need to understand the regulatory requirements with regard to where data is being stored and how much control you have over that data.
Our job in running technology in banks in the future will be all about managing the portfolio. I see my role as managing a portfolio of apps across four segments: our legacy environment, a high availability infrastructure that's not even potentially cloud-like; a private cloud infrastructure that provides flexibility, efficiency, scalability and control, managed in such a way that we can completely understand the implications of the data; hybrid computing environments (that use a mix of internal and external cloud services); and public clouds. IT's role fundamentally changes to become one of figuring out where the optimal place is to run an application with a specific set of data, and I think even a lot of traditional outsourcing dissolves. As you move closer to the public cloud, you're getting a lower cost point. Our job is to balance all those aspects of running that portfolio to optimize it as much as we can. Even now, you can see tools and software technology emerging that's enabling us to do that analysis, to think through the different services out there.
BS&T: Are you referring to tools like business service management software that can show you the performance of each alternative -- this one has a five second response time, that one has a five microsecond response time?
Kerrison: Exactly. Our job is to broker what's available in the marketplace to be able to use the optimal service solution. It's no different than comparing a Salesforce.com to apps you run yourself. Our job is to weave all these solutions together. If you don't want to use 150 of these services, you may end up going to larger service providers.
BS&T: How has being in the TM Forum's Enterprise Cloud Leadership Council helped you define your strategy and determine where you're going to experiment and move ahead with cloud?
Kerrison: First, the ECLC is a community of people who are in the same situation I'm in, trying to evaluate these opportunities in the same way, so it's a great forum to work collaboratively. Second, the group is trying to add more clarity to cloud computing by setting standards and creating real life examples of how to make these services work in a way that benefits everyone. The other thing that's important about ECLC is that we all contribute to it. For example, within ING we're contributing information about processes for cloud environments, for instance, what's the cloud version of ITIL? We have some IT staff who are very expert at ITIL and we're using that expertise to help us along. Another thing we've worked on and are bringing to ECLC is training, we've worked with all our major technology providers to come up with a training course that we can offer to ING staff and as a foundation for members of ECLC to make that standardized training.
The establishment of standards is so critical to being able to evolve cloud services -- without standards we'll never be able to exploit the marketplace in the right way.
BS&T: Is it possible to force the vendors to make their offerings interoperable, so you're not stuck on one cloud, unable to work with any other?
Kerrison: Absolutely. In developing the training, for one example, we've had collaboration from IBM, HP, Cisco, EMC, Microsoft, vmWare, Virtual Clarity and other vendors to help develop the courses and the book that supports the training.
BS&T: It seems critical for competitors to work together, otherwise what vendors call "cloud" or "open" is really not.
Kerrison: I agree. It's not easy to get vendors to work together, most have their own IP they're trying to protect. But we've found that it's in everybody's interest to drive to these standards, and after a while make sure people are working together. This is also true within ECLC -- there are competitors of ours that are also members, but we don't let that get in the way because ultimately what we're trying to do is drive toward the bigger picture.
When you think about it, the future of the cloud marketplace relies on collaboration, which typically isn't natural for vendors. I see the role of ECLC to help them see the benefits they can gain through creating these standards.