In this opening blog entry I want to spotlight Infrastructure Cloud providers as they have received a lot of attention of late.
My own CIO organisation estimates significant annual cost savings if they were to relocate a single seasonal application to an Infrastructure in the Cloud provider Savings were calculated based on the server landscape and servers sizes (development and test, staging and production).
Infrastructure Clouds will happen incrementally and eventually be the new normal. Substantial savings are possible and you can minimise your dependency on a static infrastructure. Many providers now offer extremely flexible pricing models that flex well with a variable usage of resources.
However ... opting for an external Infrastructure Cloud route is more than a state of mind - it’s about building a concrete business case and buy-in from stake-holders. Here are 8 (they were 10 at some-point but two are now resolved!) issues and considerations to ponder:
1. Calculating "hosting” costs of an Infrastructure Cloud is misleading. A total cost of ownership is mandatory for an honest to goodness cost/ benefit analysis. Switching to any new computing paradigm introduces complexity across the board. Ongoing run-time and operational costs do not magically disappear. "Linux (or Windows) boxes don't manage themselves". The costs and savings must be calculated down bottom-up and not merely on the back of the envelope.
2. Hidden constraints and technical Cloud Technical Architectures. Memory hogging applications will frown upon standard virtual machine settings. Relational databases may require expensive (effort and cost) to re-partition on a distributed compute and storage grid. There are new data management formulas in town that maybe better suited. NimbusDB, Hadoop to name a few. To capture the benefits of elasticity (scale-at-will) you may have to reconsider your application technical architecture’s to better leverage parallelism.
3. Cloudy Performance. Testing and benchmarking is needed to validate that your applications will run without loss of characteristics and won't drift the user-experience or service-levels away from expectations. By running an application on a virtual machine owned and operated by an Infrastructure Cloud provider will introduce latency and “jitter” that will impact the behavior of time-sensitive transactions and calculations. On the other hand, there will be plenty of reason to look at Infrastructure Clouds for scalability reasons.
4. Understand liability of outsourcing the handling and processing of data. Uncertainty, fear and the veritable "not-invented here syndrome" can short-circuit an Infrastructure Cloud feasibility study. Early input from security teams and legal is a must. Do you know your security requirements? You’re your Application Service Provider/External Hosting provider assessment may need to be reworked. A risk assessment will be the only sure-fire method to reveal vendor limitations, show-stoppers and strategies to overcome concerns of storing and handling Personally Identifiable Information and ensure on-going regulatory compliance.
5. Your bridge over troubled waters. Sorting out the options to connect cloud-hosted applications with core enterprise systems can be a dizzying exercise. Software licensing will not vanish in a public cloud. Some might argue that licensing issues are more complex in the cloud and are still being debated amongst several software vendors. Data integration and enterprise connectivity in general will be a non-trivial discussion. Appliance-based Virtual Private Network, software-based Virtual Private Clouds and other secure or dedicated network solutions will be options to compare and contrast.
7. Control & Governance. Sand-boxes, code promotion, deployment, service provisioning, service commissioning/de-commissioning, service monitoring, backup, Disaster Recovery, charge backs are just a smattering of some of the ITIL processes that must be managed in an Infrastructure Cloud. Private Clouds (or a cloud-like internal data-center) will likely predominant for certain government agencies or a highly regulated industry.
8. Security, Privacy and Compliance. Security, privacy and compliance will have assertive voice in any decision cloud computing dialogue. Willingness to trust the vendor will get you to the starting gate. Standards and requirements will factor into risk tolerance and dictate if safeguards exist that can limit your exposure. Cyber threats “from the wild” have a larger attack surface - lots of servers that are concentrated in few locations and by a single vendor. The computer-based attacks are getting more sophisticated and to just peer into the rear-view mirror will be insufficient. Organisations will need to deploy capabilities that can anticipate threats and avoid damaging outcomes in the first-place.
Our experience shows embracing an Infrastructure Cloud model is substantially different than executing traditional data center models, from planning and acquisition through management and operations. It is generally counterproductive to re-engineer cloud infrastructure models to directly mirror traditional data center structures. While executing and integrating traditional management elements is essential, sourcing an external cloud computing model means ceding some architecture and infrastructure control. However, significant financial and flexibility benefits can be achieved by effectively harnessing and integrating the strongest aspects of traditional and cloud operation models.