Let me start by saying, I hate the marketing term “Cloud.” Cloud is a nebulous term specifically meant to obfuscate what the service you are buying does. The term “cloud” used to describe devices connected to a network (e.g. MPLS), we now use the term for Infrastructure as a Service, Software as a Service or Platform as a Service. Even IaaS, SaaS, and PaaS are nebulous terms as they don’t specifically denote where a service starts and stops. For example, does IaaS also mean management of the Servers and Applications? Does PaaS mean management of the Platform or does it simply mean providing said platform? Customers looking to move to the cloud have to determine what their applications need and how they work, which services can be combined, and shift their ITIL framework towards greater visibility to begin the process.
Note I am a Senior Solutions Architect who helps large multi-nationals design their Colocation, Managed Hosting, Cloud and other architecture globally. The most frequent set of questions and assumptions fall around management of the servers and applications. I have often written about the gap between Infrastructure teams and the Application teams who rely on the infrastructure. In the world of “Cloud” the line of sight into those applications can be more distant and obscure specifically if the Infrastructure group are the ones requesting Cloud Services. Many Infrastructure groups do not know what the Application
teams are doing due to lack of documentation and do not know accordingly the needs of said Applications. So, without this knowledge, trying to determine the best place for management to start/stop can be grey area. We have processes to overcome these typically seen gaps starting with Discovery.
Now in theory, there are plenty of applications you can use to do a proper Discovery. Applications like network scanners, infrastructure auditors, etc, can be used to discover workloads and in the case of network scanners, the connections can be seen coming from one Application to another Application, CIFS share, DB etc. We always know the servers(s) are using this port connecting between these servers(s) but don’t know what it is or why and who owns it. ITIL is a great framework for building relationships between Infrastructure Configuration Items and Application Configuration Items, but many companies are years behind in developing their own mature CMDB (Configuration Management Database). These tools only give you a glimpse beyond common apps.
So, we are also frequently asked if we can simply P2V or V2V the lot of physical servers or existing VMs into our Cloud and then manage. The phrase used in the outsourcing industry is “Manage our Mess for Less.” A CIO, or CFO isn’t happy with his IT spend, lack of transparency on costs, lack of SLAs and SLA credits and thinks…”why don’t we send it all to the magic Cloud.” I try to highlight this immediately as this is a recipe for the exact same issues the client experiences today. There will be a recommendation for a deep discovery including working with the Application teams and Business Units. The cost of this is not cheap, but necessary. What we typically find: orphaned Applications, unmanaged costly applications which a few people use, poorly coded or redundant services which can be combined with another application or share Infrastructure Resources. Remember, if the internal team couldn’t manage or a vendor which did management couldn’t manage, chances are the risk to the next vendor is equally as high as the customer who wishes to offload. Without discovery, documentation and process improvement, history will be repeated. Hence, we recommend Discovery and ITIL work.
Typically you get a much better long term spend by reducing your footprint and fixing processes. ITIL processes can be defined (I have a large set written which can fold into the ITIL tool of choice). Internal costs can be set and IT bill-back to the business units can be setup. Once in place you can also implement a robust approval process for spend on applications which can head off duplicitous services and a vetting process for new applications for their supportability, security, Business Continuity and Disaster Recovery options, etc.
Many customers see the cost mentioned above and believe they can do the work themselves. Some customers can do this work, but the majority can’t. The customers who can’t do Rationalization work tend to fall into the same situation, their IT staff are overworked keeping the lights on, overburdened, and lack the experience, manpower and skillset to run large scale Rationalization and Migration projects.
This brings me back to “The Cloud.” Everyone assumes a few more items with the Cloud. 1. They assume Cloud will be cheap. 2. They assume Cloud is not secure. 3. They assume the Cloud is one magic place in the…well Cloud. Let me dispel some of those items.
1. The Cloud is cheap: Maybe. Some Cloud providers are “Cheap.” They provide pricing which shows a very small server to start with no Load Balancing, Firewalls, guaranteed exclusivity of RAM, Processor, or I/O. You are in a completely shared environment where your workloads are at the mercy of the workloads next door. Your performance is predicated on the hope that the next door neighbour isn’t using more resources at the moment than you. If you want redundant Load Balancing and Firewalls…that is extra. If you want your VMs to be running on a cluster…that is extra. If you want dedicated I/O…well…build your own cloud. But hey, it’s cheap.
Our Cloud products take a different approach. We have redundant clusters running our Hypervisor behind redundant Firewalls and Load Balancers. Your servers (physical or virtual) have dedicated RAM, CPU and Disk. No stealing of resources by your neighbour. No Thin Provisioning of Disk. Is it cheap? When you add up the defaults of our service vs. the extra costs to the cheap service we are roughly the same. Plus you can use our Colocation, Managed Hosting, Network and Security Products too.
So, are you looking for a cheap replacement to your existing infrastructure or are you really looking for transparency in costs, real SLAs, and speed to create new services? The reality is cloud services give you all of this and flexibility.
2. Cloud is not Secure: This is my favourite. Why would a large Cloud provider not secure their crown jewel? With a centralized target for hackers, why wouldn’t the IaaS provider secure their cloud? All Cloud providers are not secure, so ask for their certifications. Our Cloud products are certified for PCI, SOX, SSAE16, FISMA, etc.
Simply b/c you may have equipment sitting in your Datacenter doesn’t mean it is secure. Chances you don’t have hundreds of security team members working on security, 24/7, with a worldwide network; we do. Check out the DBIR report
As mentioned above you must keep in mind the Infrastructure Security only goes so far. If the Applications aren’t secure, you aren’t secure. Other measures can be put into place to protect the business from poor code such as Web Application Firewalls, but that is for another post.
3. The Cloud is one magic place in…The Cloud: “The Cloud” is exactly what I noted above Infrastructure as a Service, or Software running on it. You will have different services, in different locations due to different laws in the different countries in which they reside. Most countries try to protect their indigenous vendors by requiring data to stay in country (or minimally region). Some countries require management of networks to reside in country. That said, we have multiple Cloud Nodes in multiple datacenters and multiple NOCs throughout the world.
So, because of our multiple locations, we are also frequently asked how we handle DR. My answer is YMMV (Your Mileage May Vary). We have backup products, BCP Products, connectivity options to replicate applications, etc. Really no one cares about the infrastructure; they do care about the applications running on them. The application teams and associated business units need to define the RTOs and RPOs but frequently don’t. Important applications should be written or developed in a way that they are location agnostic and they replicate, and even can be globally load balanced. The reality is, IT groups have to divine DR plans and frequently ask us to do the same. We have the options for short or long RPOs….just pick based upon the application demands.
So should you go to “The Cloud?” Yes, you should if you want a more secure, more robust, more flexible, more nimble Infrastructure with SLAs. New services are easier to put in the cloud as they can be newly built. Existing services will benefit from experienced Rationalization and Migration teams who use ITIL processes to help IT realize efficiencies and bill-back mechanisms. Defining DR/BCP and how far you want management to be pushed up the stack or to a vendor is also key, but defining support matrices internally is also a great exercise. Most customers are surprised to find out the lack of clarity their own organization has into support. These decision processes will easily identify the type of “Cloud” to use (IaaS, SaaS, or PaaS) for their various Applications. All together the Rationalization exercise will greatly enhance service offerings back to the business.