Cloud computing is a reality, and it’s a force that I believe IT professionals need to come to terms with quickly. The economic motivation for cloud is high; business need for speed and agility is like never before, and the technology has reached a level where it makes prudent investments in cloud services not only possible but fast and easy.
The cloud is here and it won’t go away, but what is it really, why should organisations use it and what are the risks? If you live in a corporate IT organisation, responsible for IT infrastructure, what factors do you need to consider?
What we really mean when we talk about cloud
“Cloud” has become a catch-all term for utility or on-demand compute, but there are a lot of things that cloud isn’t. Let’s start by establishing some common terminology:
- Cloud: generally IT as a Service (ITaaS)
- Cloud computing: a business model for delivering IT as a service
- Cloud services: the deliverable or what you actually get. This encompasses the following areas of ITaaS:
- Infrastructure as a Service (servers, network, storage, management, reporting)
- Platform as a Service (application building blocks and standards)
- Software as a Service (applications)
- Storage as a Service (primary, back-up, archive, DR)
In my experience the best way to define cloud is actually to look at the problem it is trying to solve. For instance, when customers ask me about cloud, most of the time what they are thinking about falls into three main areas:
- Decreased storage costs: achieved via storage efficiency
- Data centre efficiency: achieved via virtualisation and internal or private clouds
- Conversion of capital expenditure into operational expenditure: achieved via external or public clouds
Whether to create your own cloud, or use a third party
The big question behind cloud computing is whether a company should build or expand its own data centre (a private cloud), or whether it should outsource and access computing resources remotely over the Internet (a public cloud).
The solution is individual to every organisation; there is no single blueprint to apply and IT strategists and architects have to do their own homework. Organisational factors such as the need to balance opex with capex, attitude to risk, security, criticality of applications and the need for redundancy are unique to every organisation and demand a unique cloud analysis and definition.
How to define a cloud infrastructure and “cloud-safe” data management policy
There are two fundamentals to developing a robust cloud-based IT infrastructure:
- Governance and compliance for outsourced public cloud applications
- The creation of internal cloud services to drive down costs and time to market for in house applications
If your organisation is just beginning to explore the cloud, you need to identify which services can reside in the cloud and which should be internal. Determine what systems and services are core to your business or store your crucial intellectual property. These should be categorised as high risk and not considered cloud opportunities in the near term.
You also need to develop a sourcing strategy to achieve the low cost, scalability and flexibility your business is seeking. This should include all the necessary protections such as data ownership and mobility, compliance and other elements familiar from more traditional IT contracts.
Implementing an external / public cloud infrastructure
Since there are applications (CRM, ERP, messaging and collaboration) that are common to every company, outsourcing to an external cloud provider that can do a better job managing the application at a lower cost structure makes sense. Governance plays a central role in deciding which applications can be safely outsourced, and how to manage the processes. You will need to assess the applications and build policies based upon the type of data. Factors to consider include: how it is accessed and by whom, security and compliance aspects, and the strategic importance or competitive advantage the application or data offers.
Second, you need to assess the cloud service provider’s service offerings. Look at their capabilities, security, SLAs on availability and performance to see if they meet the levels required by the applications before agreeing to cloud-outsource the application.
What are the risks of using an external cloud?
You should pay careful attention to:
- Service Levels. Understand the service levels you can expect for transaction response times, data protection, and speed of data recovery.
- Privacy. If someone else hosts and serves your data they could be approached by the U.S. government to access and search that data without your knowledge or approval. Current indications are that they would be obligated to comply.
- Compliance. You are probably already aware of the regulations that apply to your business. In theory, providers of cloud services can provide the same level of compliance for data stored in the cloud, but, since most of these services are young, you’ll need to take extra care.
- Data Mobility. Can you share data between cloud services? If you terminate a cloud relationship can you get your data back? What format will it be in? How can you be sure all other copies are destroyed?
As with any service that’s going to be critical to your company, the best advice is to ask a lot of questions and get all commitments in writing.
Implementing internal / private cloud infrastructure
Internal clouds will help the business launch applications faster and at much lower cost. This is about building ITaaS capabilities in house, or building shared infrastructure that is offered as a service to the business. You’ll need pooled infrastructure, policy based automation to simplify provisioning, metrics and charge backs, service assurance and conformance to SLAs, as well as forward-looking capacity planning. Add a self-service portal to your internal cloud and now the applications teams are happy they can deploy faster and lower cost and the corporate IT governance guys will be happy too.
This space is evolving fast, so start with the basics; pool the infrastructure and use a vendor that offers dynamic virtualised infrastructure to quickly activate applications, or repurpose capacity and performance as loads from applications ramp up or down. For this you need unified storage, network, and servers that can cater for wide range of applications requirements and choose highly efficient infrastructure.
Internal cloud services drive down costs and time to market for in house applications is built on a pooled dynamic infrastructure with utilisation levels in excess of 75%. This is achieved through thin provisioning, deduplication, and cloning technologies (which can raise utilisation levels well in excess of 100%). The bottom line is that this approach yields big cost savings.
Cloud computing is n’t going away. It’s an IT concept we must all sign-up to.
- Provisioning an effective cloud infrastructure is individual to every business.
- In evaluating public versus private clouds—be aware of what you’re getting into and how to get out of it.
- For an external cloud, if there’s too much risk, don’t do it. Be selective about what you choose to put in an external cloud. No amount of IT cost-saving can justify breaking a business.
- For internal clouds, make sure you understand what your data centre is capable of and consider vendors that can offer greatest flexibility and real unified computing.