Reach for the Clouds
advertisement
Download updates from pixeldyne.org GNU Free Documentation License Copyright © 2011-2013 Maciek Plewa (maciek.plewa@gmail.com) Download updates from pixeldyne.org WHAT'S IN A CLOUD • Any technology, software or devices made available as services over the Internet, consumed clients. • Three most common models: Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service: • IaaS: a lower level offering full control to automatically or manually allocate servers, install operating systems, etc. • PaaS: level up (usually on top of IaaS), some loss of control, aimed at application design and development. • SaaS: high level, very specialised, provision of traditional applications for Internet and Mobile access. WHAT'S IN A CLOUD :: COMMON MODELS Software Testing Data Platform Infrastructure Development Desktop API Database Network Integration Backend Security Storage RECIPE FOR ADEQUATE SUCCESS? • State your objectives. • Research and avoid common pitfalls. • Obtain advice on legal issues involved. • Choose Cloud models that fit the organisation. • Make your case and evaluate the Cloud services. • Choose: Microsoft, Google, Amazon or someone else? • Begin change management processes in advance and prepare PPPs for the adoption. STATE YOUR OBJECTIVES • Cost reduction: • How much can you save by exploiting economies of scale? • Less maintenance: • You will need experienced staff for setup, integration, development and some maintenance. • Business agility: • If your current architecture and platforms are not delivering the agility you want on-premise, why would propagating the same kind of technology in the cloud give you greater agility? DO YOUR RESEARCH :: PLAN • Take your time: Allow yourself sufficient time for planning and transitioning to the Cloud. Moving too fast increases the risk of oversight or failure. • Ensure that you have staff on hand to perform testing • Look ahead: Consider future growth requirements. Will you be adding new software? Expanding your business? How much will your storage requirements increase? DO YOUR RESEARCH :: THE BASICS • Established leaders: research the provider’s financial outlook, past performance and reputation, and how long they have been in the game. • Inside out: Know all of the provider’s equipment, vendors and solutions the provider uses - especially if you plan to use their services for the long term. • Like-minded: a provider should have the same change management best practices that you would demand. • Iron clad contracts: review and compare the contracts and SLAs from different providers. Tailor the SLA to your needs. DO YOUR RESEARCH :: COST • Some basics: I. Define requirements: services and applications that will be used, analyse current utilisation including the number of users, storage capacity, bandwidth, and other needs. II. Compare: pricing models (subscription or utilitybased) between providers, and actual prices for bandwidth, storage, computing hours or server instances. III. Calculate ROI and TCO. Budget for the risk, anticipate growth, but avoid paying for more than is needed. DO YOUR RESEARCH :: FIT FOR PURPOSE • Location: determines the usability and how quickly you can access your information, transfer data, and use the applications and services. • Performance: carefully evaluate the performance of your cloud solution. It needs to meet or exceed your existing infrastructure performance. • Integration: analyse the Cloud service’s compatibility with your applications and processes, and all available integration options. • Scalability: what scalability solutions does the provider offer? DO YOUR RESEARCH :: SECURITY • Encryption: are transfers encrypted? Do you control the encryption keys for stored data? Does the provider use the same encryption key for everyone else you share the cloud with? • You may need to implement own encryption for the data. • Firewall: are firewalls provided as part of the service, what level of control and protection can they provide? • Only in some cases you will have enough control to roll out own firewall. DO YOUR RESEARCH :: ACCREDITATIONS • ISO certifications, independent auditing: ensure that the provider has been audited for security and legal compliance by independent auditors. Look for ISO certifications to backup provider’s claims and marketing literature. • You cannot completely outsource risk, accountability and compliance obligations, but some level of trust is important. DO YOUR RESEARCH :: RELIABILITY • High availability and redundancy: some providers don’t include redundancy, increasing the risk of Cloudbased businesses going offline for days or weeks. • You may need to purchase load balancing or load sharing, and additional standby redundant services. • Backups: some providers don’t provide backups at all. • Similar to the above, you may need to purchase additional storage for backups, perhaps even implement custom backup solution. • SLAs: can the provider meet your availability, backup frequency, and disaster plan requirements? DO YOUR RESEARCH :: GETTING HELP • Support: • Look for a provider offering dedicated phone and email support 24/7/365. • Trial and error: • Some providers offer either 30 days or more evaluations or free Cloud services (feature-limited). • Get help with auditing, benchmarking, and testing the services, and a pilot deployment before committing to a contract. DO YOUR RESEARCH :: COMMON PITFALLS • Vendor Lock-in 2.0: Is the provider using open technologies? Can they move the data if the business’ owners change? • Analyse the feasibility and plan for moving your data to another provider. • Contract Lock-in: Don’t sign long term initial contracts (over 12-24 months), especially if you haven’t completed the hands-on evaluation. • Middle man: Is the provider simply a reseller of services without added value? LEGAL ISSUES :: A FEW EXAMPLES • Jurisdiction: processing or storing information in another country may be subject to the legislation of that jurisdiction. • Trans border dataflow: You may not host customer data solely overseas. • Data access and retention: can the provider access and refer your data to foreign law enforcement? How long is the data is stored by the provider, and when/if is it deleted once the contract ends? LEGAL ISSUES :: PROTECT THE INVESTMENT • Obtain legal advice: can legal issues impact or prevent the move to the cloud? • Safeguard: educate users, create bulletproof terms, comply with legislation. • Don’t make the regulators your adversaries: • improper disclosure, data breaches leading to reputational damage, litigation by third parties or even prosecution by Information Commissioner; other surprises? LEADERS :: AT A GLANCE Provider Amazon Google Microsoft IaaS PaaS PaaS Use / Subscription Use Use / Subscription 2 months 6 months 3 months Free/Limited Service Yes Yes No Australian Hosting Yes No No Web, API API Only Web, API Windows OS Yes No Yes GNU/Linux OS Yes Yes Yes Microsoft .NET No No Yes Enterprise Java Yes Limited Yes Node.js Yes No Yes Cloud Model Focus Pricing Models Free Trial Period Management UI Technology Support LEADERS :: FEATURES COMPARISON Provider Amazon Google Microsoft Analytics Yes Yes Yes Archiving Yes No No Backups No Yes Yes Encryption No No Yes Firewall Yes Yes Yes Load Balancing Yes Yes Yes Monitoring Yes No Yes Relational DB Yes Limited Yes Limited No Limited Yes Yes Yes Features Service Bus Virtual Machines Download updates from pixeldyne.org Q&A What else: private/public/hybrid Clouds, sovereignty issues, technologies, concepts and business processes? For comments or questions about how/why/when/where just email Mac: maciek.plewa@gmail.com Copyright © 2011-2013 Maciek Plewa (maciek.plewa@gmail.com)
