1 Is Hybrid IT The New Antifragile? Silverton Consulting, Inc. StorInt Briefing
2 PAGE 2 OF 6 Introduction Nassim N. Taleb introduced the concept of antifragility in his 2012 book Antifragile: Things That Gain from Disorder. His idea is to divide all categories of things activities, phenomena, and structures into one of three risk domains: Fragile things are those that break down or fail when encountering faults, volatility or disorder. Examples of fragile things include laptops, sub- prime mortgages and military dictatorships. Robust or fault tolerant things are those that adapt and continue to operate despite disturbances or shocks, albeit sometimes in a degraded fashion. In IT, multiple network fabrics, redundant storage controllers and clustered systems might be called robust. Antifragile things are those that perform better when faced with faults, volatility or disorder. Taleb provides a number of examples of antifragility in his book, but the best might be evolution. The Earth has encountered multiple disruptions and worldwide extinction events, and each time nature has come back stronger and more resilient than before. Another example is entrepreneurship with its fail fast model most startups fail and go bankrupt in a short time, but those that succeed can change the world. In his book, Taleb writes about fragile, robust and antifragile activities in relative rather than absolute terms. In other words, one activity can be more antifragile than another because it functions better under disorder or volatility. While Taleb applies this risk classification schema to a number of different domains, our paper will apply his approach specifically to IT. However, before we begin our discussion we must first review some of the characteristics of traditional and cloud- based IT services. Traditional IT services Traditional IT today involves servers, storage and networking infrastructure with hypervisors, operating systems, middleware and application software, all of which operate within a single data center or across multiple sites. These multi- layered systems have evolved from mainframe/mini- computer centralized computing models to client- server architectures and more recently, to a fully distributed computing environment. Servers in the client- server or distributed computing model execute Windows or Linux with middleware and applications running atop them. Traditional IT services have many advantages. First, traditional IT has grown with the company; as such, its goal has long been to provide optimal security, performance and availability support to meet the company s application environment requirements.
3 PAGE 3 OF 6 In addition, complete control over the IT infrastructure gives companies direct say over service level agreements (SLAs), which often dictate transaction responsiveness, application availability and other operational characteristics of the application execution environment. On the other hand, the problems of traditional IT are many. Not all systems and application environments were designed for resilience and thus can fail catastrophically when faults occur. Immature systems like these are often designed to run in best- case operational environments and are redesigned to handle an increased level of fault tolerance only after a failure occurs. Taleb would say that the original designers had improperly classified fault occurrence as extremely unlikely, but the reality is that they happen much more frequently than anticipated. Furthermore, the typical traditional IT production environment is inflexibly structured with enterprise applications running across servers or VMs attached to silos of storage that are in turn connected via the corporate networking backbone. Changing this environment by adding more storage or networking fabrics can often be a difficult and time- consuming process. Even changing the operational infrastructure can lead to problems, especially when administrators have worked for a long period of time within an unchanging environment. For instance, replacing such an infrastructure can involve significant administrator re- training with a commensurate period of suboptimal operations. Cloud-based IT services The cloud- based delivery models that have emerged over the past decade or so offer alternative application and service options that go beyond the traditional IT services discussed above. Many enterprise applications can be delivered over the cloud as Software- as- a- Service (SaaS) offerings. However, other cloud- based services are also available, such as Infrastructure- as- a- Service (IaaS), Platform- as- a- Service (PaaS), and Desktop- as- a- Service (DaaS). As a result, Cloud- based deployments can supply just about any of the functionality that traditional IT can provide. Using cloud- based services has many advantages. One advantage is that cloud- based systems provide elasticity in performance that can expand or contract on demand. When peak workload hits, cloud- based services can scale up to deliver more processing and can scale back down when the need for excess demand passes. Another advantage of cloud- based services is the operational expense or pay- as- you- go economics model. Cloud- based services require no capital investment. With SaaS offerings, users can enter into a monthly contract for services, paying only for the amount of use.
4 PAGE 4 OF 6 However, cloud- based services have their own set of risks that need to be considered. For instance, cloud- based services can often lock customers into using their offerings. Many customers find it difficult to change SaaS suppliers because doing so often involves migrating lots of application data and mapping old formats to new applications. Given some of the difficulties required to change providers, some companies may stay with their current service providers longer than necessary. Another problem with cloud- based services is that information security may be harder to achieve. Once data leaves the IT environment, security becomes a responsibility of the cloud service provider and they may not treat security with the same attentiveness as IT would. Traditional data protection and disaster recovery services Similar to the traditional IT services discussed earlier, traditional backup and disaster recovery environments have a number of advantages. Companies that invest in data center backup processes and internal business continuity/disaster recovery (BC/DR) processes understand the risks they need to protect against and can tailor their backup and BC/DR strategies to match their application requirements. For example, secondary sites can be selected to support recovery for critical applications with appropriate servers, networking and storage. In this fashion, companies can tailor their BC/DR environment and costs to protect against only those risks they deem most important to their survival. Much of the same applies to a company s data protection environment. Here, data can be guaranteed to never leave the company s operational control. Backup data can be shipped offsite or replicated to the company s own DR site based on the company s recovery objectives. Backup data can also be retained for as long as required or budgets allow. However, providing BC/DR support for most IT operations can be a difficult and time- consuming undertaking. As a result, some companies have devoted less effort to BC/DR support than warranted, for example by using dated BC/DR plans that haven t been adequately tested in years. While many companies are diligent and disciplined about their BC/DR support, some that haven t encountered a recent disaster rely too heavily on offsite backups and have only a rudimentary idea of how to restore their operations in case of an emergency. Again, Taleb would say that these disastrous events occur more frequently than anticipated. Moreover, some of the staff providing BC/DR support lack the necessary expertise to design and implement traditional recovery efforts, especially when their skills are in
5 PAGE 5 OF 6 designing and operating IT systems, infrastructure and applications rather than in recovery in the event of a disaster. Cloud-based data protection and recovery services As with SaaS discussed earlier, cloud- based data protection and recovery services have become available over the last decade. Such services can provide a solution to companies struggling to support these activities internally. In the case of Backup as a Service (BaaS), systems are designed to copy a company s backup data to cloud storage repositories. Once there, the data can be replicated to other sites or distributed over multiple sites for added redundancy. Cloud- based disaster recovery services also have a number of advantages. Cloud- based infrastructure is frequently distributed across the Internet. As such, recovery data centers can be located countrywide, in multiple cities, or across multiple regions, thus easing fears of a region- wide disaster. Another advantage of cloud- based recovery services is that they offer greater BC/DR expertise to apply to a company s recovery activities. Their highly trained and knowledgeable staff support only disaster recovery services and can recognize the weaknesses that can lead to ineffective recovery. Hiring such experts would be difficult and costly for a single company, but cloud- based recovery services provide support to many companies, enabling them to hire the best. Cloud- based backup and recovery services also have some disadvantages. Similar to the previous SaaS discussion, cloud- based recovery and backup service information security protection may be less rigorous than what IT would provide. Cloud- based backup services store more data in the cloud, and data centers may need to migrate years of data when changing providers. In addition, data replicated to cloud- based recovery sites can cause problems. Any changes to the production application and storage environment need to be carefully coordinated with and matched by the recovery provider. Antifragility of hybrid-cloud IT services Recently, a hybrid IT paradigm has emerged that combines the best of traditional and cloud- based IT. This new hybrid model depends on an IT- hosted, private cloud service combined with a public cloud service. This hybrid form offers more antifragile functionality than traditional or cloud- based IT services alone. Hybrid- cloud or Hybrid IT antifragility is derived from the fact that application execution domains can now span both data center IT and public cloud provider environments. In hybrid- cloud environments, applications can execute wherever it makes the most
6 PAGE 6 OF 6 sense in a data center s private cloud or in a public cloud. Applications can even migrate between the two as needed. With its vcloud providers, VMware has started to supply services that can span public and private cloud deployments, allowing VMs to migrate between the two with ease. With such facilities in place, companies can manage and control traditional IT while gaining the flexibility and adaptability of cloud- based services. Not all applications may be able to be deployed in this fashion today, but over time existing constraints are likely to be relaxed. With hybrid- cloud, IT can support planned peak workloads with ease because the application can take advantage of execution resources within the data center or in the cloud. In addition, IT can deploy a number of backup solutions over data center environments and use the cloud for longer- term, archive/dr services. While such services may not technically be classified as hybrid IT, they provide similar advantages. In any case, hybrid IT services are more antifragile than traditional IT or cloud- based services because applications can be run in either environment. Such flexibility enables more stable operation than either IT or cloud- based services, especially when faced with volatility. As such, hybrid IT is by definition antifragile, at least when compared with cloud- based or traditional IT alone. Summary Traditional IT and cloud- based IT have many advantages but also suffer from a host of intrinsic disadvantages whose solutions often depend on use of the alternative. To become more antifragile, application environments must be able to execute in both cloud and internal data center environments. Such public- private application environments can operate better when disturbances occur. Technologies that offer hybrid IT services, while nascent today, are certain to improve over time. Even with today s technology, hybrid IT services can easily provide more complete antifragile functionality than traditional IT or cloud- based IT services alone. Silverton Consulting, Inc., is a U.S.-based Storage, Strategy & Systems consulting firm offering products and services to the data storage community. QRcode: SilvertonConsulting.com