It's fast. It's cheap. It's easy. It works.

What could possibly go wrong?

The CRN Test Center has reviewed hosted applications and services in the past, including the likes of Google Apps, Data Deposit Box hosted storage and hosted security. This month, we focus on several more: Amazon.com's Elastic Cloud Computing (EC2), Salesforce.com and Trend Micro's hosted security. Overall, we believe hosted applications, when deployed where it fits with a customer's needs, can be a powerful solution to vault an enterprise into high levels of operation in short order at a limited cost.

But let's be clear: Don't expect "the cloud" to provide five-nines of availability and don't expect it to be the default solution for those wanting cost-competitiveness. Expect the unexpected.

Before stopping to count all the profit you or a customer could make by deploying a cloud-based solution, consider that just one outage for the span of a few hours could eat up a measurable piece of a company's profit for a quarter. Could never happen, right? It did, though. On July 20, 2008, Amazon.com suffered a catastrophic outage in its S3-hosted storage business. While Amazon managed to get the service up and running in several hours, and the event is now just a blur to many, it impacted thousands of businesses and individuals who had gone to S3 as a convenient, cost-effective way to store lots of data easily.

And, over the past several months, search and online advertising giant Google has suffered notable outages in its Gmail and Google News offerings -- outages that the company has left largely unexplained.

The health of the broader, global Internet should also be on your regular checklist.

Since the days of dial-up connectivity passed into the history books, the relative health of the Internet has become little more than a passing, occasional thought in the U.S. and developed world. Fiber cables that telecoms dropped in places around the world from the late '80s to mid-'90s have provided bandwidth that has given us the Internet economy. Never mind that much of that fiber buildout has slowed, that higher levels of bandwidth are eaten every day for multimedia and voice applications over the Internet, and that the transformation of the Web into a mobile lifestyle is taxing infrastructure to the nth degree.

For now, experts and data demonstrate that the Internet -- with its many, global backbones -- is running smoothly. Even when taxed by historic events, like this year's inauguration of President Obama that caused massive, historic levels of bandwidth to be eaten by those watching the event's streaming video over the Web, global network performance only registers a passing blip.

Based on our review, which includes examining Internet performance, cloud product performance and discussions with experts including executives of Keynote Systems (see below), when considering whether a cloud application or service is the right approach, these practices should be deployed:

A complete audit and forecast of the business involved to develop a cost-benefit-risk analysis, on an application by application basis for a move to a hosted computing model vs. traditional client/server-data center models. An audit of the cloud service with a focus on issues including geographic redundancy, latency, packet transport performance and uptime guarantees. An audit of the business' own ISPs, including performance at connecting points between carriers including AT&T, Verizon, Savvis, NTT and others to determine potential future performance issues. A determination of whether the cloud-based application or service shares bandwidth with other companies that are "resource hogs." While most cloud services imply shared resource (that's what makes many of them economical), having a small bicycle shop share resources with a Wall Street brokerage might have negative consequences for the bicycle shop. Constant monitoring of those performance issues, once hosted solutions are up and running.

Using monitoring software and services (which are outlined below), we found areas of the Internet that ran continuously with little to no latency or packet loss and other points that routinely saw packet loss of 5 percent to 10 percent at least once or twice a day, as well as latency that could have significant—and negative—business implications if a hosted application depended on it for performance. These are the types of issues that are critical to keep in focus.

With that in mind, we think there's a lot of potential in taking a hybrid approach in many cases: keeping some or many computing and applications at a customer's, solution provider's or MSP's site while taking advantage of hosted applications where the technology and risk make sense.

Here are several solutions we've looked at and believe could fit in well in a nascent, cloud buildout.

Keynote's Keynote Internet Testing Environment (KITE) and Internet Health Report

Keynote Systems Inc., San Mateo, Calif., was among the earliest adopters of Internet benchmarking technology and remains a force in this space today. While researching this story, we turned to Keynote's free, over-the-Web Internet Health Report at internetpulse. net. This report is a real-time look at the health and performance of several Internet backbones in the U.S. and, importantly, backbone-to-backbone connecting points.

Keynote maintains more than 3,000 servers and PCs at 200 sites in 59 countries to monitor real-world Internet performance based on actual Web traffic and performance. The Internet Health Report monitors and reports on uptime, latency and packet loss throughout the U.S.

Another free Keynote product, the Keynote Internet Testing Environment (KITE), is a separate, rich desktop application that can also be used to monitor the performance of individual Web sites. The CRN Test Center likes, and recommends it, for use by solution providers working with customers in the earliest stages of evaluating a move to cloud-based services or solutions.

We monitored the Internet Health Report continuously for several weeks. What was impressive and valuable about this service, even as it's free and Web-based, is that it let us begin to see some performance patterns among carriers such as Savvis, NTT, Qwest, Level3 and Verizon. We were able to spot patterns of latency, for example, in areas where one carrier's network met another's at similar hours of the day and during different days of the week. If a particular business uses an ISP that deploys those two carriers, it could be a yellow or red flag to search for an alternative.

KITE, as a free application, is more of a taste of Keynote's paid applications and services. It's downloadable and works on Windows XP SP1 or later, or Windows Vista. KITE allows for the measuring of a Web site's performance from various locations around the world. In testing CNN.com's performance using KITE, the service performed an analysis in less than a minute that showed the site had about a 1-second response time at all of Keynote's measurement sites around the world—except for Hong Kong, which turned in a painfully slow 23-second response time.

Smart decisions require good information and good data. Smart decisions about cloud computing require good data about Internet-based performance. Keynote provides that in free applications and offers custom-tailored, pay services for even deeper, richer detail.

Keynote's Internet Health Report is a free, Web-based service that examines performance of the global network.

Amazon.com's EC2

Amazon.com has been among the most aggressive companies in building out a cloud computing offering, beginning with its S3 storage service and building out several more offerings including its Elastic Cloud Computing—a pay-as-you-go, Web-based hosted server solution.

Like most Amazon Web Services (AWS), EC2 is turnkey-simple. Within minutes, we were able to take a prewritten image (an Amazon Machine Image, or AMI), upload it to Amazon hardware, and turn on a server running Windows 2003 Server with Eclipse 3.4, Tomcat Server 6 and Java 6. However, Amazon makes scores of other images available in the same turnkey fashion, ranging from servers running IBM's DB2 to servers running Linux or OpenSolaris and a variety of different databases, including Sybase and Oracle.

Amazon also connects EC2 to other services, including its S3 storage service. For example, you can customize one of its system images, take a snapshot and store the snapshot and other data on S3. Amazon charges for storage space and for data transfer, in rates ranging from 12 and a half cents per hour for some AMIs based on Windows, to about 10 cents an hour for some systems using open source.

When we tested our server, we noticed no latency or performance issues; however, we didn't run anything that could be considered an intensive workload for many companies. Generally speaking, Amazon.com is given credit by many for the "geographic redundancy" of its infrastructure in that it maintains high-performance data centers in geographies around the world. That not only provides for redundancy in the event one site suffers an outage or performance issues, but it ensures that if a catastrophic event hits one geography (such as an earthquake or natural disaster), it won't take a week to get fuel to a location for even backup generators to run so basic service can be restored.

NEXT : Salesforce.com and Trend Micro Salesforce.com

Salesforce.com proudly displays a graphical image of the word "software" behind a red circle and slash on its Web site. The image represents the company's mantra of "No Software." Indeed, this CRM giant has made good with the offering of cloud-based CRM. Nothing needs to be installed.

Salesforce.com offers several hosted products. The most widely used is Salesforce CRM Sales. Another product is Salesforce CRM Service, tailored for customer-service-based industries, and a third is the Force.com platform. Force.com can run ERP and other modules from human resources to asset tracking. Developers can use the platform for running their custom applications, or customers can opt to install or test the more than 800 applications readily available from Force.com's online marketplace.

There are also products designed for marketing and partners. Salesforce.com offers a 30-day trial with all of the features and functionality. Signing up for the trial is a snap; you can also add more users to get them involved in the testing.

We opted to test-drive the CRM Sales product. Logging on as an administrator, the site opens up to a dashboard displaying information about the users logged in, the number of completed activities in the past 30 days and any information added, such as new records or accounts. All of this information pertains to the organization.

The dashboard page is customizable. For instance, it can be set to display company information, such as closed sales to date or marketing leads. Some may find handy the Google AdWord view, which displays leads generated from Google AdWords as well as Top 10 AdWord keywords.

From this home page are links to quickly create new objects. For testing, we created a new contact. The page opens up to a form; a user can populate fields on the form with data pertaining to the contact. The workflow between fields and forms is set up well. We were able to create a new account to associate with the new contact—all from the same area of the interface. This efficient workflow saves on typing and clicking through multiple pages.

Contacts must be associated with accounts to be shared among Salesforce.com users within an organization. Of course, no privileges are set in stone. Salesforce.com has very granular mechanisms to grant permissions and roles throughout an organization. Users designated as system administrators can establish a role hierarchy. This determines how an organization reports on and accesses data. There are sample role hierarchies, including territory-based, which places executive-level staff at the topmost role level and then breaks down sales staff according to the region for which each staff member is responsible.

We created our own role hierarchy. Users can be given rights to view or edit all opportunities associated with accounts they own, regardless of who owns the opportunity. Opportunities are the sales and pending deals that you want to track. Once a role hierarchy is established, users can be assigned to those roles.

Reporting, document creation and tools for companies to do forecasting are all included. CRM, as a hosted solution, saves on the sheer amount of infrastructure and internal resources that would otherwise be needed to add a complete CRM system to an existing network. Salesforce.com employs SSL encryption to aid in keeping your access and communications between its network and yours secure.

Trend Micro's Worry-Free Business Security Advanced 6.0

Security is another market to embrace cloud computing. It seems almost contradictory: Why would anyone trust the security of their data to an off-premise network that they may really have not much control over?

Trend Micro offers a cloud-based security solution that still places the customer in control. Trend Micro's Worry-Free Business Security Advanced (WFBS-A) 6.0 with InterScan Messaging Hosted Security (IMHS) Standard is a cloud client/server security solution that offers Web, e-mail and malware protection for laptops, desktops, servers and SMTP/Exchange servers.

WFBS-A combines the power of Trend Micro's hosted Security Server with agents that are deployed locally in an organization. The power of this product, however, lies in the cloud. Trend Micro's in-the-cloud Reputation Services stops Web threats before they reach an organization's network. The File Reputation Services is another Trend Micro cloud-based technology and is a cloud-client antimalware solution.

The Security Server installs and hosts the centralized WFBS Web Console, the interface from which the solution is managed. The Security Server also installs the security agents to the client computers on an organization's network. These agents establish the client/server relationship. The Security Server provides a centralized location to view security status information, downloading and updating components and for storing log files.

IMHS is a component that redirects a client's e-mail to Trend Micro's network. Spam is stripped away from e-mail messages and then sent back to the client's SMTP or Exchange server. Trend Micro claims a 99 percent detection rate of spam using IMHS. WFBS-A is a straightforward install. The install wizard automatically detects the domain name and IP address of the target server.

The Web Console is crisp-looking and easy to navigate. It was simple to add machines to be protected and to remotely install the required agent to each of them.

The management interface has several key menus: Live Status, which displays the current security health of an organization; Security Settings, the area in which actions and responses to security threats are configured; Outbreak Defense, where users can set up a Vulnerability Assessment; Scans, where manual or scheduled scans are initiated; and Updates, where users can configure the update schedule as well as roll back Security Server agents and components to previous versions.

WFBS-A is an innovative way of harnessing the power of the cloud with on-premise software. Although the heart of the technology is cloud-based, a solution provider or network security administrator is still given the reins of control to ensure safety.

The Bottom Line

Between basic server and storage infrastructure (Amazon.com), business application (Salesforce.com) and security (Trend Micro), these three vendors provide cloud-based services and solutions we can recommend. Add to that the services that Keynote provides, and we believe solution providers are set up to begin talking to customers about moving IT to the hosted model in areas where it can bring measurable ROI with acceptable levels of risk.

As with managed services, it's important to build in realistic expectations on both the savings side as well as the performance side for those running an enterprise that moves to hosted technology.

If a company's sales team finds itself routinely frustrated with how long it takes to call up a customer's data (remember the old days of the Windows hourglass?) that will have implications for that company's overall performance. On the flip side, a smooth, well-performing cloud-based application can save a business money and aggravation, while providing nice performance and a competitive advantage.

The difference maker, we believe, will be well-informed and well-trained solution providers that follow best practices with an eye toward the reality that even pretty clouds can turn gray and threatening in the right conditions.