One of the early deliverables I was asked for was a discussion paper highlighting what Cloud was, what it meant to the organisation I worked for and how it could be adopted. This fed into the RFP discussed in an earlier post. I’ve added a redacted version here as it helps create some context around what we are trying to deliver. Apologies for the verbose nature of it. I tend to get a bit wordy – something I’m working on!
As a financial services company the products are built and provided through its IT systems. The IT area is effectively the factory that builds and hosts the services being consumed and sold. If an analogy is drawn to changes made in manufacturing businesses over the last 30 years, there have been drives to improve processes and efficiencies through programs like Lean, Six Sigma and Kaisen. In manufacturing the process improvements these initiatives led to were then further enhanced through the implementation of technology to automate processes through the use of robotised production plants.
These kind of concepts have made their way into the global IT providers who have embraced automation to deliver repeatable pieces of software or IT service to their customers. Modern IT users have their expectations of service set by the speed of delivery and availability of services they consume at home, such as watching movies on Netflix, setting up and using a Hotmail account or simply shopping on Amazon.com.
It is inconceivable to the end users of these services that it should take internal IT departments as long as it does to provision new services to them. A developer could go home and spin up a new server on AWS or Azure in 10 minutes, yet it takes the It function weeks to provide one ourselves. Enterprise grade IT is no longer sufficiently good enough to meet our user’s needs; we need to start think in terms of, and offering, a consumer grade service.
It seems inexplicable that IT departments, which would typically be seen as being at the vanguard of technology adoption, are on the whole guilty of using manual processes to deliver technology services. This would not matter if the business consumers of the IT service were satisfied with the more manual service offered, however this is typically not the case. IT departments need to start to behave more like modern factories or IT Service providers and embrace process rationalisation and automation to deliver consistent, automated services directly out to our end users with minimal IT department involvement.
This is not an uncommon state to be in, in fact every vendor spoken to has echoed the sentiment that the majority of customers they speak to are in the same position.
Each of the services highlighted above (AWS, Hotmail, Netflix) are classed as Cloud services, and companies across every industry sector and size are looking to leverage cloud services to inject the agility and flexibility into the IT services that the businesses demand. Indeed when we have worked with third parties to assess the current challenges and capability gaps, the message that was repeated again and again was that agility was the key gap that needed addressing.
What is Cloud?
The word cloud suffers from overuse therefore it is useful to define what Cloud means within the scope of this paper.
Starting with what cloud is not:
• Cloud is not outsourcing to a web based IT provider like Amazon, Microsoft or Google
• Cloud is not the same as managed services
• Cloud does not mean moving all our data onto the internet or to someone else’s data centre
In terms of what cloud is we look to the National Institute of Standards and Technology in the US to provide us with the most widely accepted definition:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.”
The key word to pick up here is model. The Netflix service can be described as a cloud service due to the model it uses to provide a service to its end customers, however the user is not consuming a cloud, they are consuming (watching) a movie or TV show, cloud is just the delivery mechanism.
So if you take the view that the word cloud describes how a service is provided and consumed, rather than being the item of consumption itself, then it is easier to understand how this could apply to services provisioned internally by the IT Dept.
There are several different terms used to categorise the different Cloud model types or the services models which are described below. Starting with the five essential characteristics:
Self Service – services can be provisioned by the end user, typically from a web based portal, and this is accommodated via a series of rules and automation routines.
Pooled Resource – typically enabled through the use of virtualisation this allows for services to be operated at scale and to be scaled up or down dynamically.
Broad network access – typically means that the service is able to be consumed from the network and across multiple device types.
Rapid Elasticity – the ability to scale the service up and down in response to change business demands.
Measured Service – to track and measure the use of the system and resources.
The three deployment models typically describe where the service is being consumed from:
Private Cloud – a Cloud consumed by a single organisation, hosted on premise or at a trusted third party data centre. The key here is that the service is dedicated to that organisation so the security and data governance boundaries are clearer and more explicit. It is usually more expensive to stand up as there is an up front investment, but the longer term costs over 3-5 years are typically on par with Public cloud service.
Public Cloud – Hosted by a cloud service provider, this describes a multi tenanted cloud that is shared with other organisations. It is usually less expensive to provision initially as it is taken on a ‘pay as you go’ type of charging model meaning that the barrier to entry / adoption is far lower than the upfront cost associated with private. However the nature of it being a shared / multi-tenanted solution typically means levels of performance are not guaranteed due to the economics of fitting as many different customers on the same infrastructure as reasonably possible and the subsequent inability to predict workloads or usage patterns.
It is typically seen as being more risky in terms of security and data governance due to sharing infrastructure with other organisations; however Cloud service providers are working hard to get accreditation such as ISO 27001 etc. to alleviate these concerns.
It is typically better suited to short terms workloads and ‘bursting’ whereby you compliment your internal IT capacity with the ability to burst to a third party datacentre to alleviate peaks in demand. The other very common scenario is to take a software as a service (SaaS) solution such as Salesforce.com. It lets users adopt new technologies quickly without worrying about provisioning infrastructure to support it. These are typically the solutions that are aimed and sold at business users outside of IT involvement.
Community Cloud – These are usually cloud environments shared between a limited numbers of like minded organisations. Good examples include Universities sharing Clouds for research and developments, or the Community Cloud deployed in Wall Street and shared by financial institutions there to reduce the latency between their banking platforms when it comes to trading activities.
Hybrid Cloud – A Hybrid is any combination of the three cloud types above but typically refers to a Private Cloud with extensions to Public Cloud providers. This model allows organisation to hold sensitive workloads within the confines of a trusted private cloud, whilst giving low risk, low value or ‘bursty’ workloads access to Public Cloud providers where it is economic to do so.
In addition to the five essential characteristics and four deployment models are the three ‘as a Service’ Service models.
IaaS ‘Infrastructure as a Service’: This refers to the provision of virtualised hardware, provisioned from a pool, without any additional services or software configured. This is broadly comparable to buying a server. In this scenario the provider is responsible for making sure the hardware is available and performing to an agreed level and the consumer is responsible for everything from the operating systems upwards. Examples here include Amazon AWS and RackSpace.
PaaS ‘Platform as a Service’: This usually includes the virtual hardware, operating system and the software platform, whether a data base engine, web server etc. The user is then responsible for deploying the application code or data onto the solution. The advantage of this model is that the consumer does not care about hardware maintenance, OS patching or software upgrades to the system that underpin the application containing their business logic. An example here might include Microsoft SQL Azure.
SaaS ‘Software as a Service’: This usually refers to a service that is simply consumed and the user is not responsible for maintaining any of it any of the software or infrastructure underneath it. Examples include Netflix, Hotmail, Salesforce, Facebook, MS Office 365 etc.
The diagram above illustrates where the tenant and provider responsibilities start and finish.
It is proposed that all of the deployment and service models are adopted in some form or another, dependent on factors including suitability of workloads, security and data compliance requirements. The strategy is to approach the adoption of cloud service models and technologies in a phased manner.
Phase 1 – Private Cloud
As a first phase the creation of a Private Cloud hosting Infrastructure and Platform as a Service (IaaS & PaaS) capabilities will be developed to address the key issue which is that of a lack of agility within the IT Dept. These services will be aimed at Operational and Development users to facilitate the creation of Development and Test systems and to accelerate the deployment of production systems.
The advantage of this approach is that it allows the organisation to gain the greatest benefit in terms of agility for the least amount of risk due to all capability residing within the confines of our data centres. It lets the organisation start to build out the processes and frameworks and get to a point where we are comfortable managing and deploying in the new solution.
Having completed Cloud Readiness assessments with Cisco and EMC to baseline the current state and to understand the gaps that need addressing to get to private or public cloud adoption. Both the EMC and the Cisco workshops highlighted gaps in the same areas. Focusing on the Cisco workshop specifically the recommended areas to address to deliver the Private Cloud IaaS and PaaS were:
Infrastructure Standardisation: the rationale being that this makes automation more straightforward. This compliments other initiatives such as the server refresh project, so the intention is to provision the Private cloud on the SSCs new target server architecture.
Automation / Orchestration: Where orchestration is the creation of run books mirroring business processes, calling automation routines based on defined business logic. There is currently very little of this deployed or used, so the intention is to investigate tooling options and select tools to provide the automation and orchestration capabilities.
User Portal: There is currently no web portal that the users can visit to request IT Services from the IT Dept, it is currently all made via calls or emails to the IT Service Desk. Given the requirement to push the provisioning process for servers out to the end user and automate a much as possible the current model does not support the cloud initiative and portal options need to be investigated.
Service Catalogue and Management: This section focuses on the definition of the services being offered via the portal. For example, with Development and Test services in might include the hardware specification of the virtual machine, the operating system, the protection levels in terms of high availability and Disaster recovery, the associated back up policy etc.
Service Financial Management: Each of these options in the previous paragraph represents a choice and an associated cost. For example if a user wants a VM available in the event of a disaster it will cost you double the amount of disk as it needs replicating to the DR site and it also costs you VMware Site Recovery Manager licence to manage the failover process. If a user wants it backing up daily then that is more expensive than weekly as it consumes more disk capacity. Once the organisation start to understand and illustrate these costs back to the users then it allows them to make informed decisions.
This is sometimes referred to as the coffee shop model i.e. three type of coffee – Americano, Cappuccino or Latte, three sizes small, medium or large, take in or take out etc. It allows the coffee shop owners the ability to standardise components but offer a more bespoke service as the different options can be taken together in different combinations, with the cost reflecting the combination provided.
One area that the EMC report covered that the Cisco report did not was Transformation. This specifically covered some of the areas, both conceptual and people related, that may need to change to make a cloud adoption project successful. It advocated the creation of a ‘Cloud Community’ or ‘Centre of Excellence’ in order to promote Cloud as a concept and to help educate people new to the concepts. A quote from the report:
Adoption of Cloud Computing incorporating virtualization, orchestration, automation and its transparent consumption via a dynamic service catalogue integrated with the ITSM and DEVops tools represents a major shift for IT, which substantially improves the provisioning, and management of services. Organization’s roles, responsibilities and processes are often required to change with the introduction of Cloud/Virtual Infrastructure technology. Implementing a Centre of Excellence model can facilitate this transformation.
This represents an early deliverable for any Cloud adoption project. Other deliverables that were highlighted included the creation of appropriate governance models for the creation and adoption of cloud services, the suggestion being a Cloud Governance board.
• Private Cloud implementation is the lowest risk approach initially as everything remains within the confines of the data centre whilst processes are matured.
• Mirrors the approach of other organisations in the sector – leading edge rather than bleeding edge.
• By concentrating on an internal capability, this allows the organisation to build out the toolsets, processes and skillset to not only deliver the IaaS and PaaS piece for the dev teams, but also immediately reap the benefits of automation and provisioning of production services within our data centre.
• Deploying private cloud has a higher upfront cost.
• Selecting the right toolset so that functionality can be extended to a hybrid cloud in a later phase.
• Time to value is longer than jumping straight to Public cloud.
• The result of deploying a Private Cloud is that the IT dept will transform the way IT Services are delivered to its end customers. The services will be customer aligned and provisioned directly via self service portal, with the service being delivered in a matter or minutes or hours rather than days or weeks.
Phase 2 – Hybrid Cloud
The second phase of the Cloud adoption Strategy is to develop the gaps around security and compliance and governance that will facilitate the extension of the private cloud to public cloud providers, the result being a Hybrid cloud capability. The advantage of this is that it will let the organisation use third party data centres to flex capacity and to host workloads that fit within the risk / performance / cost profile defined by the Cloud Governance Board (once created).
The public cloud consumption would be deployed, monitored and managed via the same toolsets, processes and portals used to deploy services internally were feasible, therefore giving the impression of a single cloud capability that leverages resources internally or externally that fit the particular work profile.
In their paper highlighting the top ten strategic technology trends for 2014 Gartner suggests that enterprises should design private cloud services with a hybrid future in mind and make sure future integration/interoperability is possible (Hybrid Cloud and IT as a Service Broker).
The focus at this stage is still around provisioning IaaS and PaaS services across a Hybrid Cloud deployment model to support the project process (development and testing) and the deployment of production services on the most appropriately hosted platform.
This phase will introduce concepts such as federated authentication and access, service portability, right sourcing of workload placements based on risk and cost appetite etc.
A suggested strategy here is to work with providers and technologies that support open standards for virtual machines that will aid the migration and portability of workloads from private to public clouds or public A to public B. This may not be achievable in the short term due to the proprietary nature of most the public cloud providers virtual machine implementations. Work towards open standard adoption, OVF specifically, are on-going within the industry.
• Free Microsoft Azure hours with MSDN subscriptions that developers would like to take advantage of.
• Some workloads may suit public cloud hosting.
• Provisioning Hybrid Cloud capability after Private affords the organisation the ability scale their automated build, management and monitoring to the public cloud, reduces the risk of having two cloud deployments, each with different virtual machine builds, monitoring or management.
• Public Cloud will most likely not just be for Dev and test builds, so that above point is vitally important to ensure consistency.
• The security and governance models need to be water tight to protect the organisation not just from security risks but also abuses that might breach corporate governance.
• Public cloud is provisioned without a robust management wrap or is provisioned as a shadow or stealth capability.
• Provides the greatest degree of flexibility for the hosting of services.
Phase 3 – IT as a Service Broker
The third phase is where the use of public cloud is extended and starts to manage and broker the connections to, and authentication of, access to applications hosted as SaaS (Software as a Service) solutions. Building on the federated access models (and potentially tools such as Ping Identity) and security and governance models deployed in phase 2, the IT Dept can now act as the service broker for the consumption of third party hosted applications such as SalesForce.
This has the advantage that IT procurement, management and security is managed though existing IT Management and governance frameworks, rather than being fractured out into business areas. It ensures IT spend is held against a centrally held IT budget. It is envisaged that this should address some of the issues whereby ownership of a solution is not clear, the support model of a solution is not clear and alignment of a solution to architectural, security or governance policies is not clear.
It is envisaged that IT Deot becomes a trusted advisor to business units looking to adopt SaaS services, to ensure the smooth adoption and transition of the services, rather than IT Dept wanting to own or hold veto for example.
By this phase the IT Dept is able to offer IaaS, PaaS and SaaS solutions hosted internally or by external providers, all federated though the same IT security models, IT governance models and IT Operational models.
• All IT provision comes through a central source.
• Consume software applications as a service where they are not core to the business.
• Having frameworks and the Cloud Governance Board in place should speed through the acquisition and deployment of SaaS solutions.
• IT Dept does not want to own or veto the provision of SaaS but do want to be involved in the process rather than an after thought to make the connectivity work.
• The idea of a central IT budget may not match the practicalities of business units buying and consuming SaaS services. This may need some revaluation to understand what services are funded central and which are divested out.
• IT Dept can focus on being a value add partner, helping the business address requirements through the deployment of SaaS based solutions within a corporate governed framework.
Phase 4 – Sweeping the Floor
Having built out a cloud capability that is capable of deploying, managing and monitoring IT Services to public or private cloud hosting, whether SaaS, IaaS or PaaS service models, there is now an opportunity to look at those IT provisioning processes that would benefit from automation and potentially pushing out the provisioning mechanism to the end users. This could mean requests for hardware such as mobile phones, laptops or desktop pcs. It could mean offering a corporate application store, or even offering a mechanism for a team manager to on board a new employee with all the associated user creation etc.
At this point there is a very mature service catalogue with a swath of service offerings that are presented to a user. Provision is automated based on a series of rules and approvals and the general aim is remove the time gaps where people lag is still a concern.
• There are plenty of services that fall outside of PaaS, IaaS or SaaS that the IT Dept offers its customer that would benefit through the use of automation and pushing the provisioning task out to the users.
• This is likely to require a larger degree of process mapping, rationalisation and automation than the server builds for example. It is therefore more important to ensure that effort expended does not outweigh the benefit when we are looking at the various tasks to automate.
• At this stage more and more of the services offered through the service catalogue are published to the portal and provisioning pushed out to users. This will have a major impact on the way day to day IT services are delivered to our customers and it will free up time otherwise spent on provisioning services for other more value add tasks.