Key Factors to Consider When Implementing Your Clou Computing Solution
White Paper: Key Factors to Consider When Implementing Your Cloud Computing Solution
Cloud is a fact of life in government today, and its use is growing quickly. According to INPUT, half of federal agencies today use the cloud to run applications, nearly 30% to provide storage capacity and about 20% to provide computing capacity. The reasons are sound: it’s cost-effective, scalable and provides on-demand access. Demonstrating its effectiveness in 2010, federal CIO Vivek Kundra announced the “Cloud First” plan, requiring federal agencies to consider cloud computing for information technology initiatives before other options. But moving to the cloud and making the cloud work for you are two different things. It all comes down to this: all clouds, and all cloud providers, aren’t created equally. Choosing the right vendor, the right features and the right scenario is a complex undertaking, but one that can yield very positive benefits when done correctly. all related data. The ability to standby a virtual machine can be especially important when quick scalability is required. This allows a virtual machine to be available to process requests or data within seconds instead of the typical several minutes it would take for a typical virtual machine and operating system to boot. There are many other potential unique features that cloud providers may offer. What’s important is knowing what you need and what’s out there, which will help ensure that the chosen cloud provider meets your needs. That’s where a trusted integrator partner can be invaluable.
Putting price into context
Price is always an important factor, but comparing price between different cloud providers is tougher than it might seem on the surface. The temptation is to evaluate cloud providers based on total cost for a specific period of time or for a specific project. But that often leads to huge miscalculations, because each vendor has a different way of pricing its services. For example, some may charge very little for the compute, but storage charges are relatively much higher. Initially it may seem like a great deal, but as the amount of data grows, the money spent can quickly become more than expected. For example, if the requirement is for many virtual machines to process a lot of information but not store that information (in the cloud), it might be beneficial to go with a provider that offers low-cost servers with higher storage fees. If the requirement is to store a lot of information, it makes more sense to go with a vendor that charges less for storage. Organizations should decide exactly what services—and in what quantities—are needed before seeking a provider and then to ask vendors to bid on that specific set of services. By taking the time, asking the right questions and insisting on an apples-to-apples comparison, the right vendor will soon become clear.
Finding the right partner
Finding the right partner for a cloud solution is difficult considering the myriad of options. It might be tempting to think that all infrastructure clouds are basically the same, but there are often key differentiators in terms of features and price. The feature set and general approach one infrastructure cloud provider offers may be very different from another. Organizations must itemize the features or functions that are critical to the enterprise, and make sure the providers being considered can support them.
What are some of the unique qualifiers that cloud providers offer?
Some clouds may be dedicated government clouds, where only government organizations can use the platform. Some may provide advanced security features, such as adding role-based access to cloud portals above the standard role-based security offered on servers. Another cloud provider might provide a firewall in front of every virtual machine that is provisioned. Service Level Agreements (SLAs) and their associated penalties are critical to making sure that the cloud provider meets the business needs of your users. Some are more flexible in terms of how long data remains on a virtual machine. With some cloud providers, data is wiped out every time a virtual machine is stopped. With others, users have a choice of saving the data, putting the virtual machine in standby mode, or completely deleting the virtual machine and
Consider future migration strategies and avoid vendor lock-in
Another thing to watch out for is vendor lock-in. Some cloud vendors have very useful and unique features that provide a value-add, but can become difficult or very expensive to leave if the need arises. For example, some vendors will allow users to write data to their storage systems and replicate it across data centers, simplifying the approach for disaster recovery.
But if the time comes when the organization wants to employ a different IT strategy, it might require changing the storage or disaster recovery model to make the change. Organizations should evaluate prior to implementation what steps vendors take to ensure that users can extricate themselves from the provided solution fairly easily. It is also important to ask the vendor how easy it will be to retrieve data and images.
Security in the Cloud
Another item to consider as organizations rely more and more on cloud-based services, is that it can become easy to lose track of which provider is actually providing the service. In other words, a primary cloud provider might depend on other clouds for certain services. This is especially important as agencies look more at the Software as a Service procurements. In general, organizations are only as secure as their weakest link. That means asking the right questions up front about what other organizations are getting access to data, what other vendors are providing services to the primary cloud vendor and whether there are other data centers involved in storing the data. Ensuring physical data locality within U.S. jurisdiction is an absolute priority for any agency wanting to use cloud services for internal business services such as collaboration and office automation. Service providers with highly distributed infrastructures that may include offshore data centers must be required to demonstrate that agency data cannot leave U.S. borders, thereby leaving it vulnerable to laws and regulations of foreign governments. Overall, security in the cloud must be considered early in the evaluation cycle and at every level of the system architecture. Understanding the cloud service provider’s operational and security practices and how those satisfy Federal requirements and align with an agency’s security policies is absolutely essential. Evaluating how the provider integrates an agency’s access control method with the cloud infrastructure to manage policy enforcement and auditing is as important to cloud deployments as any other system capability. Moreover, potential consumers of cloud services need to ensure that the provider maintains service level isolation with other cloud tenants, as well as confidentiality of data on the wire (in transit) and on disk (at rest) through the use of strong encryption methods.
Cloud will bring many changes
The benefits of cloud are so pervasive that the model is bound to be adopted in greater numbers for the next several years. But with change comes new complexities, and the only way to meet them is head on.
The evolving role of the IT department
The role for the IT department will evolve with the adoption of cloud. IT departments that embrace their role as the enterprises’ trusted advisor and enable the change will thrive. The ability of self service is allowing businesses to dynamically acquire IT services when they want – and herein lies the crucial role for IT. The IT department’s role should not be to retain its grip on the organization as the single IT provider, but instead to make sure the enterprise gets the best services, at the best price, while meeting agency objectives and complying with policies. The IT department should work with its agency customers to help them leverage the best aspects of cloud and advise for its adoption. If IT can find a way to support the enterprise instead of creating barriers to its adoption for fear of competition, then it will find a new role and further align itself to the stakeholders, end users and mission objectives.
What Can Be Learned from Agencies Already “In the Cloud”
There are agencies that are already adopting cloud successfully, today. One such agency is developing a hybrid cloud model featuring a minimal internal cloud infrastructure with ability to burst to various external providers as needed. That means the agency can dynamically deploy internal software applications or resources to a public cloud to address a spike in demand. So, for example, when a department within the agency needs infrastructure, it can self-provision through the agency portal or still contact the IT department. At provision time, the user or IT decides if the computing resources should be provisioned within the agency data center or be connected to one of the external cloud providers to provision those assets. Some of the key questions when deciding to use the internal cloud vs. external partner cloud include security, price and performance. With this configuration, the IT department provides the group with the infrastructure it needs while retaining the ability to ensure that things are running smoothly.
Cloud provides a myriad benefits, but it pays to evaluate the situation carefully and decide what makes sense to move to the cloud and what should remain in-house. Along with that should come a careful quantitative analysis to find the best vendor for the job—one that will provide all requested services and keep the organization’s best interests in mind. Finally, as use of the cloud grows exponentially for the next five years, organizations should keep an eye on issues that can confuse cloud adoption, such as vendors that rely on secondary vendors and the changing role of the IT department.