Embed Size (px)
Citation preview
1
June 16, 2011
Financial Executives InternationalPortland Chapter
Cloud Definitions and Risks
2
AustinAustin
DallasDallas
Las VegasLas VegasDenverDenver
Salt Lake CitySalt Lake City
PortlandPortland
21 Data Centers in 6 Markets
CO - 140K TX - 170K UT - 120K NV - 13K OR - 37K Total = 480K
Usable Raised Floor (Sq Ft)
Super-Regional Coverage
3
ViaWest Clientele
4
Gartner Hype Cycle
5
Gartner Hype Cycle
6
On demand self-service that allows consumers to unilaterally provision computing capabilities without human interaction with the service provider.
Broad network access, meaning that capabilities are available over a network and can be accessed by heterogeneous platforms, i.e., not just a dedicated thin client.
Resource pooling such that different physical and virtual resources get dynamically assigned and reassigned according to consumer demand in a multi-tenant model.
Rapid elasticity so that to the consumer, available capabilities often appear to be unlimited and can be purchased in any quantity at any time.
Measured service allowing usage it be monitored, controlled and reported and automatically controlled and optimized.
* National Institute of Standards of Technology definition of Cloud Computing
What defines a Cloud
7
A private cloud in which the cloud infrastructure is utilized by just one organization, though not necessarily operated by that one organization.
A community cloud whereby several organizations with common concerns share a cloud.
The public cloud provided by the private sector for all comers.
A hybrid cloud in which two or more cloud types are discrete but networked together such that a burst of activity beyond the capabilities of one cloud is shifted for processing to another.
* National Institute of Standards of Technology definition of Cloud Computing
Types of Clouds
8
Software as a Service (SaaS) - In which applications run on a cloud but the user doesn't provision or modify the cloud service, or even application capabilities, apart from limited user-specific configuration settings.
Platform as a service (PaaS) - In which users can utilize cloud-provided programming tools to deploy applications without controlling most of the underlying infrastructure, with the possible exception of the application hosting environment configuration.
Infrastructure as a service (IaaS) - Consumer has control over the operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls) of the cloud environment available to the user via the network.
* National Institute of Standards of Technology definition of Cloud Computing
Types of Cloud Offerings
9
Colocation - Enterprise with custom application base and large scale hardware investments. Supporting legacy investments, proprietary hardware and/or do-it yourself customers with CapEx budget focus.
Dedicated Hosting - SaaS/Software company with limited infrastructure requiring high availability and high audit/security standards. Supporting dedicated outsourced solutions that require one or more of the following; highly proprietary design and/or applications, high availability, high security, high audit and/or compliance requirements with OpEx budget focus.
Cloud “Reserved” - Enterprise with traditional application base looking for cost competitive service delivery with high service delivery continuity. Supporting standardized (OS, DB and applications) dedicated workload needs with less stringent availability and security requirements than Dedicated Hosting and an OpEx budget focus.
Cloud “Allocated” - Enterprise with traditional application base looking for cost competitive service delivery for less critical applications. Supporting standardized workload needs that have lower business impact and less stringent availability and security requirements including test and development projects with OpEx budget focus.
IT Outsourcing Use Cases
10
Cloud “Best Efforts” - Enterprise looking for test and sandbox environments for development organization allowing them to operate via the same platform as their production applications. Supporting low priority test, development and sandbox efforts.
Hybrid Solutions - Enterprise with custom application base and large scale hardware investments but that requires individual application to be highly available and meet high audit/security standards. Supporting customers ability to purchase the best infrastructure for each use/application and integrate them into a cohesive and interconnected architecture.
“Public” Cloud - Enterprise looking for test and sandbox environments for development purposes supporting low cost workload needs where best efforts delivery and cost are the primary drivers.
IT Outsourcing Use Cases
11
Security - Real or perceived there are many issues surrounding this and these items will be an issue to watch for the foreseeable future.
Physical Location - Legal jurisdiction, physical/network access and audit issues (will the provider allow you to go onsite and transparency to installation and design).
MSA & SLA - Master Service Agreement and Service Level Agreement issues (jurisdiction, transparency, availability, etc). Concerning ownership, use, or transfer of customer-owned data upon termination of an agreement.
Regulatory/Compliance - Personally Identifiable Information, Payment Card Industry (cardholder data), Border issues (Patriot Act, European Union's Data Protection Directive), Local laws, etc. PCI DSS did not have Cloud requirements until 1/1/11 (v2.0).
Research SLA's - One large provider has the ability to terminate services in the event their core business requires additional resources. Others offer 95% SLA as a maximum.
Collect all your costs - Elasticity of the cloud often times comes at a premium. Be sure to calculate all of the costs of services and capacity you anticipate utilizing.
The Hype - Beside the hype is Cloud really where each application should run? Pick the appropriate technology, capabilities and costs for each application based on its specific needs and business impact.
Business/Legal Pitfalls
12
Development – Meeting a providers proprietary standards, solutions or API’s may make it difficult to grow, migrate and/or move components to another service provider or to other types of services in the future.
Portability - The more data you have in the Cloud the longer it will take to retrieve and/or move it which is an issue for DR planning and migration to an alternate vendor. Think about how long it takes to transfer a TB across an internal network connection and start multiplying.
Interoperability - What do you do when you have 10’s or 100’s of applications in the cloud with disparate service providers and you do not have access to a management interface to support them all. Looks interestingly enough like most of the current IT issues we all struggled with before Cloud.
Security - Real or perceived there are many issues surrounding this and these items will be an issue to watch for the foreseeable future.
Transparency and Troubleshooting - If you do not have visibility into the configuration and design it may increase troubleshooting requirements and time well beyond what is acceptable.
Technical Pitfalls
13
Underestimating Cloud sprawl - You probably have a Cloud user in your ranks today that you are not aware of and who is expensing the service via a personal/corporate credit card for corporate use.
Managing services in the Cloud is different than traditional IT - Make sure you think it through and are prepared for access, monitoring and reporting changes. Having technology remote requires a different management model.
Underestimating resource – Don’t underestimate your requirements and growth (specifically in storage). As your needs grow Cloud services may not continue to offer the benefits (expense reduction) you expect.
Production - Make sure you know what Production means to each user. Developers see their platform as production as it is their job and most IT organizations view development as a best efforts delivery.
Self Service - What does “Self Service” mean to you? Do you really want to fly without a net?
Technical Pitfalls
14
Vendor/technology lock in - Highly integrated platforms cab be very compelling. But what happens if/when the vendor changes something that affects you or does not stay current?
Pay to Play - If you are using a pay to play service and you stop playing make sure to terminate the instance as if it continues to run you likely continue to pay.
The Wild West - Cloud is the wild west today and providers are in a land grab. Standards will continue to come quickly but it is important to make sure that you do not lock yourself into a box canyon until they do.
The Data Center and the Network matter - If the Data Center or the Network go down the Cloud goes with it. Do you know where the Cloud provider has their infrastructure installed?
Technical Support - Chat, FAQ’s, Email, Blogs or Telephone. What works best for you?
Technical Pitfalls
15
Questions
Questions?
