OIT Cloud Strategy 2011 Enabling Technology Solutions Efficiently, Effectively, and Elegantly



Similar documents
Kent State University s Cloud Strategy

OVERVIEW Cloud Deployment Services

1. From the CIO Strategic Direction for Cloud Computing at Kent State Cloud Computing at Kent State University 5

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Kent State University s Cloud Strategy

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

6 Cloud computing overview

Computing in a virtual world Cloud Computing

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012


IS PRIVATE CLOUD A UNICORN?

Cloud Computing: The Next Computing Paradigm

White Paper on CLOUD COMPUTING

The NIST Definition of Cloud Computing (Draft)

Managing Cloud Computing Risk

Capability Paper. Today, aerospace and defense (A&D) companies find

Optimizing Service Levels in Public Cloud Deployments

Top five lessons learned from enterprise hybrid cloud projects

I D C T E C H N O L O G Y S P O T L I G H T. F l e x i b l e Capacity: A " Z e r o C a p i t a l " Platform w ith On- P r emise Ad va n t a g e s

Cloud Computing and Standards

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Cloud Storage: Where Does It Fit Into Tomorrow s IT?

Revitalising your Data Centre by Injecting Cloud Computing Attributes. Ricardo Lamas, Cloud Computing Consulting Architect IBM Australia

Cloud Security Introduction and Overview

Realizing the Value Proposition of Cloud Computing

California Enterprise Architecture Framework. Cloud Computing (CC) Reference Architecture (RA)

The Cloud: A Look at Today and Tomorrow

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

A Cloud Computing Handbook for Business

VMware vcloud Powered Services

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

How To Get A Cloud Based System In Your Country

Security Issues in Cloud Computing

CHAPTER 8 CLOUD COMPUTING

The NIST Definition of Cloud Computing

journey to a hybrid cloud

1.1.1 Introduction to Cloud Computing

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Getting Familiar with Cloud Terminology. Cloud Dictionary

1 Introduction. 2 What is Cloud Computing?

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

4/28/2014. What's the Scoop on Cloud Computing. Agenda. Why you are here?

Software as a Service Flexible Service Delivery for Your Health Insurance Exchange

A Guide to Hybrid Cloud An inside-out approach for extending your data center to the cloud

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

WWT View Point. Journey to the Private Cloud: Take the First Steps with FlexPod

Technology & Business Overview of Cloud Computing

Cloud Deployment Models. Kirk Kern CTO Cloud Solutions NetApp US Public Sector

EMC IT S JOURNEY TO THE PRIVATE CLOUD: APPLICATIONS AND CLOUD EXPERIENCE

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Federal Cloud Computing Initiative Overview

Cloud Computing. Bringing the Cloud into Focus

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

Creative Configurations

Cloud Computing Workshop

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Secure Cloud Computing through IT Auditing

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Radware Cloud Solutions for Enterprises. How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

Communications in the Cloud: Why It Makes Sense for Today s Business

Architecting the Cloud

INTRODUCING CLOUD POWER

Cloud computing: Innovative solutions for test environments

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

The cloud - ULTIMATE GAME CHANGER ===========================================

Cloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015

Cloud Panel Draft Statement of Requirement

Finding the right cloud solutions for your organization

Introduction to Cloud Computing

VMware for your hosting services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

White paper Reaping Business Value from a Hybrid Cloud Strategy

WHITE PAPER. Easing the Way to the Cloud:

CLOUD COMPUTING. A Primer

Datamation. Find the Right Cloud Computing Solution. Executive Brief. In This Paper

Enterprise Cloud Solutions

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Optimizing the Data Center for Today s Federal Government

Accelerate Your Enterprise Private Cloud Initiative

Cloud Management. - assuring cloud services. Carl Lloyd. Business Lead, Service Assurance

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Lifting the Fog: The High Potential of Cloud Computing Paul Daugherty, Chief Technology Architect February 19, 2010

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing Overview

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Cloud Computing; What is it, How long has it been here, and Where is it going?

Transcription:

OIT Cloud Strategy 2011 Enabling Technology Solutions Efficiently, Effectively, and Elegantly 10/24/2011

Office of Information Technology Table of Contents Executive Summary... 3 The Colorado Cloud... 4 Cloud Defined... 4 A Fundamental Shift around Infrastructure... 6 Colorado Cloud Strategy Goals... 7 Decision Framework for the Colorado Cloud Strategy... 7 Delivery Models... 7 Public... 7 Private... 8 Hybrid... 8 Community... 9 Service Models... 10 DIAGRAM... 11 Software as a Service... 12 Platform as a Service... 12 Infrastructure as a Service... 12 All Other as a Service... 12 Security and Privacy Standards... 12 Conclusion... 13 2

Office of Information Technology OIT Cloud Strategy 2011 OIT Cloud Strategy 2011 Enabling Technology Solutions Efficiently, Effectively, and Elegantly Executive Summary Bill Gates is a very rich man today... and do you want to know why? The answer is one word: versions. - Dave Barry Cloud Computing is both a new and old technology. Old in that much of the technology has been around for years under other names: ASP, Virtualization, Grid. New in that the offerings have become sophisticated and allow everyone from start ups to governments to increase their technology efficiencies and reduce waste. In the past, entities, especially governments, embraced the concept of private applications and infrastructure to maintain citizen security and privacy. Costs increased, as did resources, because maintenance was often manual and cumbersome. Even in today s current environment, many software applications are out of date and incompatible, often hampering business productivity. The cloud attempts to change that and remove some of the burdens that come with technology ownership. It shifts the onus of versions and change management to companies that claim it as a revenue stream and moves the rest of us away from maintenance toward Service Level Agreements and on demand technologies that can scale with us. It also allows the State to leverage technology improvements and innovations that result from the business focus of cloud providers. Few would argue that the State of Colorado s focus is on service delivery to the citizens, not maintaining and managing a huge technical infrastructure and portfolio. The cloud gives us the ability to focus on the business of government. Currently, there are pockets of cloud initiatives across the state, but no enterprise roadmap in which to work until now. This document lays out the principles and decision criteria for employing cloud services in specific instances and differentiates the different service and delivery models that may be appropriate for different application scenarios. Given the state of the industry, Colorado s IT infrastructure and footprint, and the opportunities that are available, Colorado is proceeding with a cloud first policy, mirroring the Federal government s cloud policy. To that end, Colorado is making a deliberate and explicit commitment to cloud services. We will proceed with the presumption that new services, applications and major revisions to existing ones will be supported in a cloud based environment first, unless there are significant reasons why they should be hosted on the State s private infrastructure. 3

Office of Information Technology The Colorado Cloud Cloud Defined At its heart, cloud technologies encompass a Pay as You Go model, allowing the consumer of the resources to scale up and down at will. In reality, it has become a ubiquitous term that means many things. OIT is following the National Institute of Standards and Technology (NIST) definition of cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. 1 *** Diagram from Wiki Commons file 1 The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-145. September 2011 4

Office of Information Technology OIT Cloud Strategy 2011 NIST identifies five essential characteristics of cloud computing: On-demand self-service. A consumer can unilaterally provision computing capabilities as needed automatically without requiring human interaction. Broad network access. Capabilities are available over the network through heterogeneous thin or thick client platforms allowing democratized access. Resource pooling. Computing resources are pooled, and potentially shared among multiple tenants, with resources often virtualized and dynamically assigned and reassigned according to consumer demand. There is location independence in that the customer generally has no control over the exact location of provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Rapid elasticity. Capabilities can be elastically provisioned and released to scale rapidly commensurate with demand. Measured service.resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. Additional key components of cloud technology for OIT resulting from these characteristics include: Flexible billing: Metering and resource usage combined with on-demand provisioning Resilience Affordable resources: Dramatic reduction due to the pay as you go model Service level management: Reduced complexity Delivery models for cloud offerings include: Public Cloud Private Cloud Hosted off-premise Multi-tenant environment Metered usage and billing Self service provisioning Hosted, on-premise solution that scales to one organization through private network links. However, it can be a hosted solution off-premise, as long as the network infrastructure is private to one entity (in this case, the State of Colorado) Multi-tenancy is minimized 5

Office of Information Technology Some solutions may not be pay as you go, since the capital is owned internally. Security can be maximized, since the infrastructure is owned by the entity, not an external company. Community Cloud Hybrid Cloud Group of organizations with a common set of requirements / objectives Can allow an industry to advance in concert Improves data and resource sharing among like organization / industries Business units may have different business requirements that do not lend itself to one infrastructure Applications may use different delivery points for applicable users. Services may use different service delivery mechanisms. Extension of internal systems leveraging public cloud systems Colorado will use a hybrid model for the Enterprise as a whole, with an inclination toward public cloud where feasible. Certain components of the Enterprise Architecture may use one delivery mechanism only (such as email), while others could be divided between two different delivery models. A Fundamental Shift around Infrastructure Cloud computing outlines a fundamental shift for Colorado. The IT environment for the state has the same issues that many other organizations, including the federal government, have around its infrastructure: Low asset utilization Fragmented demand for resources Duplicative systems Difficulty managing the disparate systems Long lead times for procurement Aging infrastructure and application platforms Resource constraints in staying current with technology developments Cloud computing can address these inefficiencies and improve service delivery to citizens. It can further create a more agile environment, to promote innovation and a more proactive and scalable environment. Similar to the federal government cloud policy which created a Cloud First policy, Colorado is adopting the Cloud First policy and expects to transition most services to cloud computing over the next ten years. As part of this policy, Colorado will look to cloud provisioning first in new or expanded deployments of applications or services. Subsequently, existing applications will be evaluated for transitioning to a cloud platform. This will lead to greater efficiencies, but will also allow the State to take advantage of the 6

Office of Information Technology OIT Cloud Strategy 2011 research and development pursued by cloud service providers and the technological innovations that result. Colorado state government does not have the resources for such research and should be focusing on the business needs of administering state government. The State will be particularly cognizant of and will anticipate ongoing reductions in cloud-based costs resulting from such innovations. A decision rubric for identifying the appropriate cloud model for an application or services is presented at the end of this document. These decision frameworks will be reviewed quarterly. Colorado Cloud Strategy Goals The Colorado Cloud Strategy has four simple goals, which align with the overall Enterprise Architecture Roadmap for 2011-2014. Reduce costs and redundancy Increase hardware usage Reduce data center footprint Recognize and reduce duplication in environments Increase agility Simplify management of the environment Increase procurement throughput Improve scalability and elasticity Continuously improve Take advantage of innovations in optimizing infrastructures for service delivery Rapidly adopt developments in applications Reduce business, operational and security risk Ensure ongoing service levels for operations, security and monitoring Take advantage of specified time frames for incident resolution and refined processes for root cause analyses Decision Framework for the Colorado Cloud Strategy Delivery Models Public Government services revolving around communication and non-sensitive data dissemination are perfect candidates for public cloud offerings. In the current public cloud environment, risks around data security and privacy are still evolving. Extreme care should be taken when considering moving sensitive data (such as PII, HIPAA, FERPA, PCI) into a public cloud offering. The lines are blurring between public and private clouds. As a guideline, public clouds should be the ultimate goal for the state, since they offer the most in terms of economies of scale and cost efficiencies. In general, a public cloud offering should either maximize or ensure that the following considerations are addressed: 7

Office of Information Technology Efficiency: The public offering should decrease the financial burden on the state and should be significantly more cost efficient than other delivery models. Agility: The public offering should allow a faster time to market than other delivery models. Security: The public offering should meet the security requirements for the initiative. Technology Lifecycle: The public offering should replace hardware/software currently in use by the government that is at end of life. The following are guidelines for storing data in the public cloud: Data is stored in the United States. Vendor must pass all CISO requirements OR no sensitive data is being stored. Vendor s SLA states Colorado owns the data. Legal jurisdiction is Colorado. Change management processes (including data storage) are approved by CISO and CTO. Bandwidth is available for the public delivery model into the government services and agencies. Clear of data retrieval or cleansing if contract is severed. Privacy Recommendations for Cloud Computing A paper which highlights potential privacy risks agencies should consider as they migrate to cloud computing (CIO Council / http://www.cio.gov/documents/privacy-recommendations-cloud- Computing-8-19-2010.docx) Private Several flavors of private clouds are defined today. In general, private solutions may be more expensive than a public delivery model, but may offer additional security than a public cloud. The private cloud should maximize r ensure that the following are addressed: Security: The private model should provide for better information security when there is a security risk with a public delivery model that cannot be overcome. Technology Readiness: Bandwidth is available if the delivery model into the government services and agencies is from an external source. Efficiency: The cost model should be on demand or the hardware exists on premise. Technology Life Cycle: The hardware should be vendor supported. Virtual Private Clouds are becoming more common and these may be candidates for future offerings. Hybrid The enterprise for the State of Colorado will be based on a hybrid model, though much of the state s portfolio will be either public or private. Under certain circumstances, it will be useful to have a hybrid 8

Office of Information Technology OIT Cloud Strategy 2011 model, particularly when scaling is not linear. For example, during tax season peak times, it may be necessary to scale hardware from a private delivery model to encompass a public delivery model to ensure services. Under this scenario, a public cloud offering may be able to offload the additional temporary hardware requirements. This model should maximize the foll0wing: Efficiency: The public offering should decrease the financial burden on the state, and it should be significantly more cost efficient to pursue a hybrid than add additional hardware to the private cloud. Agility: The public offering should allow a faster time to market. Security: The public offering should meet the security requirements for the initiative. Technology Readiness: The hybrid solution should allow for the network/hardware/software changes required to take advantage of the environment. Community The state is currently pursuing community clouds with other states and should continue to pursue these types of delivery models as it makes sense. State and local governments may wish to pool resources in order to create economies of scale. In general, the community model should maximize the following: Efficiency: The economies of scale should allow for a cost effective delivery model. Innovation: The community offering should offer services not available outside of the community cloud. Technical Readiness: Each entity within the community should share like processes and can support the delivery model. These different platforms and how they relate to critical considerations for cloud computing may be depicted as: 9

Office of Information Technology Lower Agility Higher Interoperability: Virtualization and Architectural Standards Core to the advantages of cloud computing is the opportunity for an organization to avoid the costs of managing a complex computing environment, if systems, networks, storage and virtual resources are adequately considered. Ultimately workloads or virtual machines should cross the boundaries between departmental data centers or silos to address the broad requirements of the State most efficiently. This will require an emphasis on standards and underlying platforms that promote interoperability. An emphasis on interoperability and related standards simplifies the management of cloud services and reduces the risk and effort associated with a commitment to cloud computing environments by supporting greater portability between delivery models. An additional benefit of such interoperability is the ability to decompose complex applications into reusable services that may reside in any particular delivery model while the application is primarily supported in another model. The end result is a common architecture which allows all assets and resources to be supported in the most effective environment and have a resonant value that is amplified across the entire organization and its services. 10

Office of Information Technology OIT Cloud Strategy 2011 To achieve a consistent state of interoperability among its cloud services, cloud computing environments should conform to OIT standards related to virtualization and data center consolidation. When interoperability objectives have been achieved, computing environments will be more defined by the types of workloads and services that they support rather than location or ownership. In effect, the total computing environments of the state become defined by their services and workloads, rather than operational metrics, and effectively operate within a cohesive architecture that assigns uses to cloud delivery models. The graphic below represents the central position of interoperability in the use of cloud resources. Service Models The state should pursue all service delivery models and stop relying on rich clients that are difficult to maintain. The delivery model will be combined with service models to create the most efficient and cost effective models. In all cases, security must be approved by the CISO. 11

Office of Information Technology Software as a Service The Software as a Service (SaaS) service model should be pursued for all applications. Guidelines for choosing the vendor should include the following: Identity Federation: As the state widens its portfolio to SaaS offerings, Single Sign On and Identity Federation will become more important. Web Services and Open Platforms: The SaaS solutions should offer API s to move data in and out of the service. The platform should not be proprietary, but should offer an open platform for interoperability with other solutions. Exit Strategy: Data should be available for download when a decision is made to leave the solution. Platform as a Service A Platform as a Service (PaaS) model is best when there is a high need for interoperability between disparate processes. These solutions offer ways to combine data and processes to create a business platform unavailable in the marketplace. These should include the following: Identity Federation: As the state widens its portfolio to PaaS offerings, Single Sign On and Identity Federation will become more important. Web Services and Open Platforms: The PaaS solutions should offer API s to move data in and out of the service. The platform should not be proprietary, but should offer an open platform for interoperability with other solutions. Platform Integrations: The solution should offer multiple SaaS solutions that can be combined in multiple ways to create new business processes. For instance, a PaaS platform may offer a CRM SaaS solution that is easily integrated with a survey SaaS solution and a project management SaaS solution that can be combined without any proprietary code or integration solutions. Exit Strategy: Data should be available for download when a decision is made to leave the solution. Infrastructure as a Service Virtualization of desktops is becoming increasingly useful as mobile devices become more ubiquitous. Customers want to access their applications and information anytime, anywhere. Please refer to the Enterprise Technology Roadmap for more information on virtualization and mobility. All Other as a Service New as a Services a cropping up to address the needs of businesses and governments. Database as a Service, Identity as a Service, Security as a Service are all becoming feasible services to reduce costs and increase efficiencies. Network as a Service is the foundation of the recently reprocured Colorado State Network. All will be scrutinized as the time comes for viability in the workplace. Each of the offerings should meet the goals outlined in the goals section above. Security and Privacy Standards 12

Office of Information Technology OIT Cloud Strategy 2011 The Colorado Cloud Strategy will adhere to all policies and standards set forth by the Chief Information Security Officer for the State of Colorado. Policies are found here: http://www.colorado.gov/oit/security_policies Information security standards are found here: http://www.colorado.gov/oit/security_standards The Government Data Advisory Board is responsible for enterprise privacy standards. These can be found here. http://www.colorado.gov/cs/satellite/oit-eadg/cbon/1251579896288 Conclusion There are numerous opportunities for Colorado to leverage cloud based technologies. It is important that the State s consumption of these services be governed and guided to avoid a simple replication of the current siloed IT situation in a cloud environment. OIT will take the leadership for this governance in the following ways: Standards The federal government is working on standards for cloud computing, many of which inform this document. OIT will document these standards and catalog other standards for various cloud deployments. Standards will increase flexibility and ability to leverage a variety of technologies to increase agility in the cloud. Business use cases OIT shall document business cases and provide guidance for developing business cases for potential cloud deployments. Federal government efforts may be leveraged. This documentation and guidance will facilitate planning for cloud use by helping agencies to consider specific objectives for their cloud deployments. In addition, it will provide background on financial or other benefits for those considering cloud computing. Ultimately, potential cloud initiatives should be included in department IT plans. Procurement OIT will take the lead on statewide price agreements for cloud services. This is being started with Colorado s participation in a four-state collaborative procurement through the Western States Contracting Alliance (WSCA) of cloud services to support geospatial information technologies. Agency procurements should be based on a centrally negotiated contract or price agreement to maximize cost efficiencies. In addition, such centrally negotiated contracts will include standard service level agreements that should be used unless there is a specific need. Monitoring and reporting OIT will provide guidance for and record results of monitoring cloud services to ensure anticipated benefits are being realized and develop an ongoing record of services and service providers that perform well. 13

Office of Information Technology The following graphic presents decision a decision rubric for opting out of the cloud first paradigm, or conversely choosing the appropriate delivery model. It starts with new applications or services or major developments or enhancements to existing ones then considers workflow and information security questions. 14

Office of Information Technology OIT Cloud Strategy 2011 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information