Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Introduction
2
Ken Cochrane
CEO, IT/NET
Partner, KPGM
Performance and Technology
National co-Leader IT Advisory Services
KPMG
Andrew Brewin
Vice President,
Solutions Delivery
IT/NET Ottawa, Inc.
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
What are your objectives for cloud computing?
To contain IT costs?
To support consolidation of IT assets?
To improve service quality?
To support “greening”?
To improve “time to market” for client program needs?
To reduce the procurement burden on projects?
To achieve department or government-wide
standardization?
To allow you to focus on core business – client
specific solutions?
3
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
What is the “goal” of Cloud Computing?
To provide easy access to and elasticity
of IT services
4
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Agenda
Cloud Myths
Cloud Computing 101 (“Bringing the cloud into focus”)
Value Proposition (“The silver lining”)
Issues (“Storm warnings”)
Next Steps (“The forecast”)
5
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Myths
Cloud Computing is a buzzword that has been sometimes misused.
Hype and misconceptions are common. Below are several myths that
are commonly associated with Cloud Computing:
Let’s learn more and look into these myths…
7
Cloud Computing is a
specific technology (e.g., virtualization)
It’s just… Web Hosting / Grid Computing /
Outsourcing …evolved
There are
no standards
Everything can move to the cloud
It’s all hype It’s always cheaper
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101
Bringing the cloud into focus
8
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: Defined
…a model for enabling:
convenient, on-demand network access to a shared
pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services)
…that can be:
rapidly provisioned and released with minimal
management effort or service provider interaction.
9
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: What it’s not
Cloud Computing is not:
Any specific technology such as VMware or
SalesForce
Virtualization
Outsourcing
Grid computing
Web hosting
10
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: What it is
Cloud Computing is:
An IT delivery approach that binds together:
Technology infrastructure, Applications and Internet
connectivity as a defined, managed service that can
be sourced in a flexible way
11
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: It’s characteristics
12
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Metered service
Abstracted Service
Based Scalable
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101:Service & Deployment Models
13
• Raw computing power and storage
Infrastructure as a Service
(IaaS)
• Operating system and application platform
Platform as a Service (PaaS)
• Remotely accessible applications
Software as a Service (SaaS)
Service delivery models Deployment Models
• Hosted internally or externally for your enterprise
Private
• Hosted by a service provider for many
Public
• Private data and/or applications are kept internal
Hybrid
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: Service Delivery Models
Software as a Service (SaaS)
The capability provided to the consumer is to use the provider’s applications (and services) running on a cloud infrastructure.
Reduce or eliminate application development effort
High adoption rate – any device, anywhere, any time
Lower up-front costs
E.g., SalesForce.com
14
SaaS (Software-as-a-Service)
Software, Application Layer
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: Service Delivery Models
Platform as a Service (PaaS)
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider.
Simplified software management (upgrades, patches, licensing, etc.)
Simplified application deployment
E.g., Google App Engine
15
PaaS (Platform-as-a-Service)
Standard Application
Platform
Business Rules, Logic,
and
Middle-ware
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Cloud Computing 101: Service Delivery Models
Infrastructure as a Service (IaaS)
The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the customer is able to deploy and run arbitrary software, which can include operating systems and applications.
Cost reduction/pay as used
Scalability/dynamic resource allocation
Reduced administrative overhead
E.g., Rackspace
16
IaaS (Infrastructure-as-a-Service)
Servers & Storage
Networking Infrastructure
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Inside the Enterprise
Cloud Computing 101: Deployment Models
Private Cloud
Operated solely for an organization
May be managed by the organization or a third party
On premise or off premise
Full control
Low risk/compliance issues
High initial investment
17
Private (Internal Cloud) Private (External Cloud)
External but owned by the Enterprise
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Public Cloud
Cloud Computing 101: Deployment Models
Public Cloud
Available to the general public or a large industry group
Owned by an organization selling cloud services
Pay as you go, utility pricing
High agility
Low control over data and service levels
Dependencies on external vendors
18
Public Cloud
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Inside the Enterprise
Cloud Computing 101:Deployment Models
Hybrid Cloud
Composition of two or more clouds (private or public) that remain unique entities
Bound together by standardized or proprietary technology that enables data and application portability
Maximum flexibilities in
managing costs, risks, and resources
High administrative overhead
Careful definition of data eligibility for migration from private to public
19
Private (Internal Cloud) Public Cloud
External - Public Cloud
Hybrid Cloud
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Value Proposition
The silver lining
20
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Value Proposition… to the business
Agility / Time-to-Market
New applications and computing resources can be provisioned more quickly
Cost
Shift from CapEx to OpEx as infrastructure investments are billed based on usage
Transparency
Business can see the ongoing costs of their applications due to the utility-pricing nature of Cloud Computing
Increased mobility of applications
Internet-based applications can be accessed, through appropriate security channels, anywhere
Forced compliance and governance
Standards which applications must follow (security, D/R, performance, etc.) can be enforced at the point of deployment to the cloud – i.e., release management cannot technically deploy an application to the cloud which does not meet certain criteria
21
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Value Proposition… to IT
Reduced support footprint
Standardizing platforms reduce the number of supported technologies, allowing a focus on depth of expertise
Service development flexibility
Defined platforms allow developers to focus on applications
Faster deployment of resources
Standardized platforms can be deployed in minutes, limited by
approval processes, rather than build times
“Green” (Improved efficiency of capacity)
Optimized utilization of resources through the abstraction of platforms and services from their underlying hardware and the merging of computing resources into a single grid
Security
Use of a common framework can improve overall security
22
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Financial
Underestimated start-up costs
Penalizing exit costs
Contract Complexity
Run-away variable costs – poor
capacity planning and forecasts
from the business
Data
Data Segregation, Isolation and
Transparency Concerns
Data encryption
Security/Privacy/Access
Intellectual Property Protection
Regulatory Compliance
Complexity to ensure compliance with Regulatory
Requirements and Regulations (Privacy, ATIP, etc.)
Lack of industry standards and certifications for
cloud providers
Records Management/Records Retention Concerns
Providers’ ability to monitor and adjust based on
changes to regulatory stipulations
Operational
Business Resiliency/Disaster
Recovery
Service Reliability and uptime
SLA Compliance in accordance
with agreed upon RACI
(who is responsible?)
Technology
Compatibility and Integration with
other services outside the cloud
Emerging technology/speed at which advances
are made in a production ’cloud’ environment
Customization limitations
Human Capital Security (Malicious Insiders)
Issues: Storm Warnings
Business Risks
Data
Operational
Technology
Regulatory Compliance
Vendor
Financial
Vendor
Vendor Lock-in – vendors dictate
technology to be used
Service Provider – reliance on
service providers for business
process (bankruptcy, loss of
reputation, lawsuit)
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Next Steps
The forecast
25
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Service / Deployment Model Decision
The service/deployment model selection
process requires an assessment involving
factors such as:
IT budget and financial constraints
Long-term IT strategy
Level of governance across IT in defining
and enforcing standards for security,
development
Current understanding of existing
application portfolio, e.g., knowledge of
attributes, dependencies, documentation,
architecture
Classification of applications based on
business criticality
Application development organization’s
maturity and level of standardization
IT organization’s willingness to accept
risk and comfort-level with moving
applications outside of their premises and
immediate control
26
Private /
PaaS-SaaS
Private /
IaaS
Public / PaaS Public / SaaS
Bu
sin
es
s C
riti
ca
lity
of
Ap
pli
ca
tio
n / D
ata
Complexity of Applications
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
• There is no “plug-and-play” solution
• Appropriate architectures will be unique to each organization
• Must weigh service and deployment models and their impact on people, processes, and technology.
Common Challenges in Adopting a Cloud Strategy
27
Lack of a clearly defined architecture “vision”
• Public clouds introduce the risk of data being stored outside the enterprise in uncontrolled, multi-tenant
environments
• Both public and private models must ensure appropriate identity and access management and audit
compliance.
Perception of insecurity
• Business developing their own applications using whichever platform suits its need comes to an end in
PaaS and SaaS models
• Platforms and technologies must be carefully selected based on the enterprise’s business application
requirements, balanced with technical feasibility.
Lack of standardized platforms & technologies
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
• Can mission-critical applications be moved to a cloud environment? How will SLAs be assured with
tenants sharing resources?
• Even for non-mission-critical applications, contracts with public cloud vendors must be carefully defined
to address SLAs and how the provider will meet these.
Common Challenges in Adopting a Cloud Strategy
28
Reliability, ensuring SLAs
• Will standardized platforms and technologies lock the organization into a specific vendor or limit its
scalability in the future?
Vendor lock-in and interoperability
• Geo-location and in-house restrictions on data may limit the types of services that could be moved to
a public cloud environment; private clouds must accommodate these regulations by appropriately
zoning applications.
Regulations and compliance
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Service Models Compared
29
IaaS PaaS SaaS
Level of
Standardization
Low Medium High
Flexibility High Medium Lowest
Agility Fast Faster Fastest
Consolidation Reduced number of
physical hosts
required
Reduced breadth of
support required to
service various
platforms
Everything up to the
software-layer is
consolidated, focus
shifts to any
customizations or
mash-ups to make up a
business service
Security Logically, same Increased through
reduced number of
platforms to secure
Potential to be
strongest, limited,
defined software stack
to secure
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Deployment Models Compared
30
Public Hybrid Private
Cost + Low up-front costs
+ Shift capital expenses to
operating expenses
+/- Similar to private;
however, private build-out
requirements may be less
- Up-front costs may be
significant; new computing
capabilities may be needed;
new skill sets and
knowledge may be required
Flexibility - Vendor-lock in risk, limited
portability
+ Able to discriminate data
moving to a public cloud
- Risk of vendor-lock with
public-cloud element
+ Full customization of
platform and infrastructure
offerings available
+/- Risk of vendor-lock
limited to component
technologies
Agility + Offerings prebuilt, very
fast deployment
- Most complex to architect
and deploy
+ Once fully implemented,
has potential to quickly
deploy business services
Security - Least control of
environment, reliant on
vendor
+/- Provides balance; ability
to determine public-eligible
or restricted data or
services
+ Most secure; data and
services are kept in-house
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
Conclusion: Myth Busters
There are many misconceptions about Cloud Computing.
31
Cloud Computing is a
specific technology, (e.g., virtualization)
It’s just… Web Hosting / Grid Computing /
Outsourcing …evolved
There are
no standards
Everything can move to the cloud
It’s all hype It’s always cheaper
Not true However, Virtualization technologies, such
as Vmware, provide a base on which to provide Infrastructure-as-a-Service
Not true It is an IT delivery approach that binds
together technology infrastructure, applications, and internet connectivity as a
defined, managed service that can be sourced in a flexible way
Not true Cloud Computing in PaaS and SaaS Service Models limit the breadth of
applications and platforms available to the business, leading to increased
standardization
Not true The feasibility of moving to the cloud
depends on security requirements, ability to standardize, risk concerns, access
requirements
Not true Cloud Computing is built on the world’s
continued globalization and internet connectivity and is here to stay
Not true Underestimated start-up costs, penalizing exit costs, contract complexity and run-
away variable costs all impact the financial benefit of Cloud Computing
© 2011 IT/NET Ottawa, Inc., a subsidiary of KPMG LLP. All rights reserved
IT/NET can help…
Cloud computing promises to bring sweeping changes to the way
businesses and other organizations use IT.
IT/NET can help:
Provide clarity on cloud computing services and practices
Identify tangible benefits that are achievable today
Assist in navigating the associated risks and challenges
Getting independent advice can mean the
difference between success and failure
32
1
2
3
33
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to
provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate
in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Thank you!