How to Integrate Your Operations Group with a Cloud-based Services Group

How to Integrate Your Operations Group with a Cloud-based Services

Group

Session #33

November 8, 2012

1:45 – 2:45 PM

David Miller, Chief Security Officer

Covisint, a Compuware Company

MIS Training Institute Session #33 - Slide 2© COVISINT, A COMPUWARE COMPANY


Discussion Topics What kind of cloud have you chosen? Interface points

Before You Buy Governance Procurement Innovation Implementation

After You Buy Operational Integration Event\Incident Management Managing Audits


PaaS delivers application run-time infrastructures as a IDM and Portal frameworks with SLAs

Platforms & Compute

FrameworksDB Msg DNS

Services Platform

Polic

y,

Contr

ol

Platform-as-a-Service

What Kind of Cloud Have I Chosen?

SaaS delivers provider-owned application capability as a plug-in and go experience with SLAs Apps or Web Services run on the provider’s infrastructure

SaaS App Services

ISV Web Srvcs

Services

Users &BusinessProcesses

Business Applications(CRM, ERP, UC)

Software-as-a-Service

InformationTechnology

IDM Mobility

Portal

Infrastructure-as-a-Service

IaaS delivers standardized virtualized computing environments as plug-in and go experience with SLAs

Delivers connectivity to global virtualized service resources as a plug-in and go experience with SLAsOperates at Internet scale, with Ethernet flexibility and optical performance

Cloud BackboneNetwork

Communications


Public/Private or Hybrid

External

Public Cloud

SaaS Engines

Virtualized Apps

SAP cluster

Hosted UC

Virtual Desktop

Internal

Private Cloud

BO/HO

Enterprise #2

Private Cloud

Enterprise

VPN

· Hybrid· Cloud

#2

Extending Private Resources

C-VPN

#1

Enterprise

Data CentersBO/HO

Enterprise #1

Traditional IT & Public Cloud

Enterprise

VPN

SaaS

Access

Leasing Public Resources

#3

#3

#3

Virtual Private

Cloud

BO/HO

Enterprise #3

Virtual Private Cloud

Cloud Aware

Network

C-VPN


Touch Points

IT

CIO

CFO

Customer

Cloud

Service

Operational

SLA’s

Operations

Technology

ValueFinancial Measures

LegalLiability

Operational Integration

Managing Security

Event/Incident Management

After you buy

Governance

Procurement

Technology Innovation

Implementa-tion/Adoption

Before you buy


Before You Buy Manage Governance

Cloud Executive Steering Committee Establish/Manage Communities of Practice and Working Groups Create a Could Policy and Strategy Document related to Cloud

Computing activities (e.g. Security, Records Management, eDiscovery, etc.)

Establish a Cloud Audit Process

· This information is draft and has not been published, please do not disseminate

Procurement Develop contract vehicles to ease procurement

of Cloud Computing Solutions Coordinate across the organization to ensure

adoption and implementation of cloud-related procurement policies and processes

Facilitate adoption of the Cloud Computing Storefront


· This information is draft and has not been published, please do not disseminate

Before You Buy Cloud Technology Innovation

Identify common cloud services and foster standards development and security policies

Develop architectures that allow groups to more effectively implement and leverage cloud computing services

Establish, manage and coordinate Cloud Computing Developer Communities and Application Libraries

Enable the reuse, modularity and interoperability of Cloud Computing Service interfaces

Create a Cloud interface group to share new technology plans

Implementation and Adoption Implement and roll-out cloud solutions Identify Partners for pilot activities Assess and implement services Disseminate Cloud Services Operating and Business Models


After you Buy

Operational Integration Scope of Services and Resource Training Process integration Manage your costs

Event\Incident Management Process Black Box Extend your team

Managing Security Don’t forget the basics Ensure you have your audit controls covered Manage your data


Scope of Services

A successful Cloud solution requires: Clearly defined Service Description Well documented and concise Service Level Agreement Clearly defined scope of the Support Agreement

Understanding scope of your Cloud Component Where does your piece end and theirs begin? Avoiding grey areas is crucial Build a detailed RASIC and get buy in from your new partner Identify your partner team dedicated and shared and your

counter point Understand their org chart and escalation matrix


Resource Training

Resource Training goes beyond operations Educate all disciplines in your company Make sure your operational resources understand the new cloud

components Ensure your developers and business teams understand for use in

future products or solutions. Instill understanding of how Virtual Technology works

Highlight differences between cloud components and traditional physical server architecture

Key Leads and Managers should visit your new provider and tour their facilities and NOC

A day of training on operations and processes Specific examples of successful integrations with other clients


Process Integration Identify/integrate key processes that will be changing or

impacted Helpdesk

Will this be transparent to your customer or will you be leveraging a cloud based service for Level 1?

What changes for your Level1 support model?– Do their contact points change?

– Do they have access to any new tools?

– How will they escalate?

24x7\NOC This is typically your command and control and the most crucial point of

integration How will the cloud impact your process of command and control

– Notification

– Event correlation

– Tracking

Level 2 or Level 3 Support Remote access and support Deployments


Process Integration Identify/integrate key processes that will be changing or

impacted (cont.) Monitoring

Who owns monitoring for which points

– Infrastructure (CPU, Network, Memory, Disk Etc.) How will you monitor your cloud provider? Can you leverage or integrate their tools with yours? Single pane of glass?

Change Management How does this change your process internally? How do you manage your partners changes? Can you integrate your change management tools? How do you ensure their changes are managed as part of your availability commitments?

Development How does the cloud impact your SDLC? Does it impact any deployment or version control tools? How do you give developers needed access but still keep them out of production?

.* When process integration is an afterthought of Cloud outsourcing services you lose control of your ability to measure service levels end-to-end

and end up with a fragmented solution


Managing Costs Understand your Contract and Billing

Billing by items and timing One time fees, Storage, Active Inactive, etc.

Understand your Billing Every provider bills differently and the calculations are almost

always complex and confusing Review each bill ask questions and challenge anything that seems

odd or wrong


Managing Costs1. Manage the Churn

Cloud means faster and easier – but must be controlled The rules are changing monthly in the industry Business teams and developers are not the best at policing their

consumption– Watch for waste

– Track by business unit and use bill back

– Developers like sandboxes or spares

» Run utilization reports and look at usage

2. Cloud pricing comparisons: things change, and they change quite often and without much notice

3. Make sure you understand whether you are being billed for VMs that are only up and running, or all the time


Event\Incident Management

Incident Management in the cloud is simplified right? Number of integration points tolls and organizations make it more

complex Rapid growth creates frequent changes Traditional ITIL process can be applied to your new cloud solution

IncidentCMDA Known Error Database

Nth Line Support

Resolved?

Resolved

Time to Resolution

Simplified Incident Management Process

Yes

NoNoNo

YesYes

Incident Management

Service Desk

Resolved?

Resolved?

Second Line Support

Resolved?

Problem Management

First Line Support


Event\Incident Management Making incident and event management simple is not so

simple Manage it like the contents of a black box:

– Find quickest resolution to minimize impact

– More levels of integration available for escalation - means we see more impact

– Leverage your partner and integrate them as a single layer

– If you try to manage your cloud partner as an extension of your teams and replace your teams in the matrix 1 for 1 you increase the touch points and the complexity

– By establishing a single point of contact and allowing them to manage their teams within that box actually simplifies your process


Event\Incident Management Don’t blame the complexity of event\incident management

on the Cloud Stick to the basics - keep it simple

Don’t reinvent the wheel (what has worked before, will work with the cloud)

The integration points may change but the underlying principles remain the same

– Clearly defined process and escalation points

– Tool integration

Resist the urge to throw resources at a problem Poorly architected software or business processes are still just that Don’t neglect training

– Education your internal teams on how your new cloud service works is crucial

– If they don’t understand it they will tend to blame it

– Treat it like a black box in process only. Making your cloud feel like part of your solution and integrating it into your documentation and WIKI’s or run books is critical

– As far as your internal teams and groups are concerned, the cloud is just another department.


Event\Incident Management For any Event\Incident Management solution to succeed

you need to ensure the following: Integrate all cloud processes into internal processes make your

cloud provider an extension of your team Measure and control your cloud partner services as another team

in your org chart

– Hold monthly SLA reviews

– Meet regularly to review all incidents and root cause

– Give them a performance review (like you would your own direct team members)


Managing Security

Do not forget the basics for security in the cloud

No matter who manages the individual components of your solution, you still own security

The methods and types of security do not change In the cloud or out of the cloud you still need things like

Virus Protection If your new Cloud service allows your admins to control

things like firewall rules don’t break your model


Managing Security Ensure you have your audit controls covered

Moving to the Cloud doesn’t change your rating or your controls for audit certification

Identify your existing controls and determine which ones may be affected

Cloud partner should be able to provide their own evidence or certification for the components they own (SOC, SAS, ISO, HIPAA, PCI or any other audit standard)

If your vendor maintains a SOC2 Type 2 certification (Same goes for SAS or ISO, etc.) this does not release you from having to attain your own

– Your cloud partners certifications do not become your certifications

– Your cloud partners certifications compliment your certifications and quite possibly will make it a lot easier for you on future audits


Managing Security Managing your data

Ongoing Debate - Cloud solutions revolve around data Many different types of offerings and solutions Should be a secure offering you are personally

comfortable with The debate is more around policy then it is around

technology There are ways to still leverage the cloud without

compromising benefits Consider using a hybrid model Consider a private cloud- Internal or outsourced

MIS Training Institute Session #33 - Slide 23© COVISINT, A COMPUWARE COMPANY · © 2010 IBM

Corporation

· IBM Global Technology Services