A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there



Similar documents
Whitepaper. The ABC of Private Clouds. A viable option or another cloud gimmick?

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

IS PRIVATE CLOUD A UNICORN?

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini


The NIST Definition of Cloud Computing (Draft)

Kent State University s Cloud Strategy

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

White Paper on CLOUD COMPUTING

Managing Cloud Computing Risk

Technology & Business Overview of Cloud Computing

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The NIST Definition of Cloud Computing

Leveraging the Private Cloud for Competitive Advantage

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Capability Paper. Today, aerospace and defense (A&D) companies find

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

OVERVIEW Cloud Deployment Services

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing. Bringing the Cloud into Focus

AskAvanade: Answering the Burning Questions around Cloud Computing

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Moving from Legacy Systems to Cloud Computing

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Cloud Models and Platforms

IT Services. Capita Private Cloud. Cloud potential unleashed

Cloud Security Introduction and Overview

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

CLOUD COMPUTING GUIDELINES FOR LAWYERS

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

How To Get A Cloud Based System In Your Country

Trends in Business Intelligence

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

SCADA Cloud Computing

Session 2. The economics of Cloud Computing

The cloud - ULTIMATE GAME CHANGER ===========================================

1. From the CIO Strategic Direction for Cloud Computing at Kent State Cloud Computing at Kent State University 5

agility made possible Steven Romero Robert E Stroud

Strategies for Secure Cloud Computing

Enterprise Governance and Planning

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS.

Vodafone Private Cloud

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

CSO Cloud Computing Study. January 2012

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Computing. What is Cloud Computing?

Cloud Computing: The Next Computing Paradigm

Developing a Risk-Based Cloud Strategy

Cloud Computing Evolution Not Revolution

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Cloud Terminology Handbook

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

6 Cloud computing overview

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

Everything You Need To Know About Cloud Computing

Getting Familiar with Cloud Terminology. Cloud Dictionary

Analysis and Strategy for the Performance Testing in Cloud Computing

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Infopaper. Demystifying Platform as a Service

custom hosting for how you do business

Using the Cloud to fill the void between the business and the IT Department

ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT

GovDC Marketplace information pack

Connecting to the Cloud

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

CLOUD COMPUTING. A Primer

Developing SAP Enterprise Cloud Computing Strategy

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012

Transcription:

A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com

Page 2 The IT infrastructure within most organisations is unnecessarily complex, the result of successive business decisions taken over many years. The effect is to limit performance, scalability and particularly the ability to adapt to meet changing business requirements. Cloud computing promises limitless capacity, almost total flexibility and increased efficiency so could it be the solution to your IT infrastructure challenges? And, by moving IT spending from CapEx to OpEx, could it help organisations whose budgets are limited by the current recession? This paper examines how re-engineering your existing IT infrastructure, processes and service delivery as a private cloud serving your organisation, as the first step on the journey to cloud computing, can help organisations cut through the complexity of their existing IT infrastructure. This will enable them to make better use of the facilities they already have and be the start of your journey to cloud computing. The US National Institute of Standards and Technology currently defines cloud computing as follows (this is currently version 15): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models and four deployment models. Essential characteristics: On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically, without requiring human interaction with each service s provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g, mobile phones, laptops and PDAs). Resource pooling. The provider s computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g. country, state, or data centre). Examples of resources include storage, processing, memory, network bandwidth and virtual machines. Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and can be rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g. storage, processing, bandwidth and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

Page 3 Service Models: Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g. web-based email). The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems or storage, but has control over the deployed applications and possibly application hosting environment configurations. Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications and possibly limited control of select networking components (e.g. host firewalls). Deployment Models: Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g. mission, security requirements, policy and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g. cloud bursting for load-balancing between clouds). What cloud computing means to you So that s perfectly clear then! What we need to review is what does it all mean, why should you consider it and how can it usefully assist you to meet your organisational objectives? Fordway s view is that underneath the cloud computing hype there are some extremely useful concepts that organisations can quickly and easily implement to improve services. We believe that re-architecting your infrastructure as a private cloud serving your user community, with specific, low risk elements migrated to publicly available services, is the best first step to taking advantage of using cloud. One of the best things private clouds do is get business units out of the business of making IT decisions. In optimum private cloud instances, business units get to define the application or service they require with relevant SLAs. Once agreed they can then leave all of the other decisions (platform, OS, virtualised vs non-virtualised, resilience and failover etc.) to the IT professionals who run your data centre and ensure services to your user community. The business units benefit as their service definition and initiation can be considerably quicker and easier than before, the IT professionals benefit as they spend less time in discussions of this type and more time ensuring the service to their user community.

Page 4 Once your organisation has implemented cloud for yourselves, you are then in the best position understand the requirements of each of the services the IT department currently delivers, giving you the flexibility to choose where and how each service is hosted in future. If you have an IT Department, we would expect that you are already in control of your IT infrastructure, applications and services, which you are delivering to a defined user community. This will allow you to easily measure, using a third party if required, what resources you currently consume, enabling you to size the basic elements of your private cloud. In Fordway s view, private cloud is effectively the realisation of improved infrastructure maturity which is the direction we have all been heading over the past few years, and the value and benefits of this approach are still extremely valid. Simplistically cloud computing is a combination of sophisticated and robust virtualisation run to IT best practices, presented to the service consumer through a web portal providing initiation, delivery, management and reporting. As a minimum cloud services start at the Virtualised level of Infrastructure maturity, with the more advanced and better managed services meeting the Service Based level. The diagram below shows the different levels of infrastructure maturity.

Page 5 Ideally, the infrastructure for your private cloud should look something like this: So what s stopping you? Current issues preventing adoption of cloud Based on industry surveys and Fordway s own analysis, the major issues preventing organisations adopting cloud computing today are: 1) Lack of service availability, capacity and performance guarantees 2) Undefined failure remediation 3) Unclear provider operations; possibility of hidden supply chain with associated risks and dependencies 4) Commitment requirements for service initiation, risk of proprietary and contractual lock-in 5) Lack of ability to customise service to meet business requirements 6) Concerns over client data ownership, security and protection 7) Provider information security, privacy and disaster recovery policy 8) Impact of regulatory requirements on information security

Page 6 9) Lack of support for e-discovery and investigations 10) Risk of poor or lack of integration with on-premises systems 11) Immaturity of vendors and interoperability standards 12) Immaturity of cloud service and application development skills 13) Licensing issues 14) As yet unproven financial model and lack of visibility and definition of real costs As can be seen, most of these issues are commercial or legal issues; in a single world, most of them involve management of risk. A major loss of service such as a datacentre failure, security breach or other outage, or even reduced performance, can create significant issues for the customer. However, under most public cloud service SLAs today, if the provider even offers them, most cloud providers will apologise, sincerely in most cases, and refund a proportion your monthly service fee. You, on the other hand, are receiving recompense which covers a very small proportion of the disruption, missed business opportunity, effort and cost you have incurred due to the outage. Until this imbalance is addressed we believe this will curtail the take up of public cloud services for business critical services. Happily, the majority of these issues are negated if you implement private cloud for critical services and reserve public cloud for less critical services effectively creating a hybrid cloud. This means you will still need to have and run your own infrastructure, or have a trusted third party run it for you, but we see this as a valuable next step on the journey. Once your organisation is familiar and comfortable with cloud concepts and practices, and you have tested public cloud, then you can look to move more services to public cloud services if it is appropriate for your business to do so. Some of the more basic services that we believe organisations could look to public cloud providers today include data archiving and short term projects such application development and test environments. What are the key issues we believe you should be looking at to start your journey to private cloud? Review IT infrastructure complexity The value of IT to most organisations come from three factors: the business specific applications and data that are used to run their operation; the business process improvements that can be implemented more effectively through using IT; and the information and insights that can be gained from the data the organisation retains. The primary requirement of the IT infrastructure these services run on is simply that it is fit for purpose and works effectively which is the basic premise of cloud. The IT infrastructure of most organisations is unnecessarily complex, often the result of many valid but separate business decisions which have been taken over a number of years, with little thought given to their effect on the organisation s overall IT infrastructure. This complexity consumes a vast amount of internal resource and cost whilst delivering very little real business benefit. It limits performance, scalability and particularly agility, reducing the ability to implement change quickly to meet business requirements. These are all issues that cloud computing can help address. Organisations which reduce this complexity and optimise their infrastructure using virtualisation and other cloud technologies can improve operational performance and realise significant savings. Initial benchmark studies which Fordway has carried out across a range of organisations have shown that optimising infrastructure can save in excess of 25% of an organisation s annual IT infrastructure budget compared to their current approach. We at Fordway believe that organisations who optimise their infrastructure through concepts such as resource pooling, virtualisation and dynamic provisioning are in effect putting in place all the technologies required for cloud computing. By optimising their infrastructure, they can then easily create a private cloud, as discussed earlier, on which they can run their own applications.

Page 7 The result is a solution which offers flexible capacity, together with scalability, flexibility and resilience, and can provide applications to users wherever they are. The use of private cloud, rather than public cloud, enables organisations to maintain a higher level of control and preserve their existing investment and develop support and management skills to ensure if it ever becomes appropriate to transfer services to commercial cloud providers that they have the expertise to do so effectively. Application delivery The ubiquity of the Internet has led to cloud computing, and provides the standard interface for cloud: the browser. Whilst not all applications yet run natively in a browser, most are heading that way; almost every mainstream commercial application Fordway has experienced across over 1,000 clients can be published to a Web portal and accessed through a browser. Except where specific device drivers are required, which would by definition negate the application being ported to a cloud service, applications can be centrally streamed from datacentres. This client device flexibility, delivered through desktop and application virtualisation which you may have or be considering implementing, will help your organisation meet several other key objectives. These include application and service standardisation; central control and management of the corporate desktop; simplified and cheaper licensing; and most importantly for most of our clients, the capability to deliver location independent flexible working. This capability on its own will provide most organisations with a compelling business case and substantial cost savings. Need for internal IT controls The not so good news is that effective use of any form of cloud requires that all the traditional IT disciplines as defined by ITIL and other best practice frameworks, ideally automated. If these are not already in place cloud computing will not provide the shortcut to delivering them. The good news is that most organisations will already have most of the required elements, which may just need to be re-architected or enhanced for cloud: On-demand self-service. This can be provided through standard web portals, with packaged and streamed applications, services and complete desktops published through the portal. Access to these is linked to user authentication mechanisms such as Active Directory or LDAP which define which applications and services users receive. New users can be set up directly from the portal with appropriate security capabilities, and new services can be published and accessed on demand. Broad network access. Almost every computing device in use today can boot a browser with Java, ICA, RDP, WebDAV, SOAP or REST plug-ins and communicate over HTTPS with SSL encryption. Almost every public or private network can route and in most cases secure and authenticate this traffic. Resource pooling. Virtualisation, which most organisations already have or are currently implementing, provides this capability for servers, storage, desktops and more recently networks. Rapid elasticity. Again this is one of the key capabilities of virtualisation; additional resources can be added quickly and easily. With a private or hybrid cloud servicing a defined set of users this is less of an issue than for public services. Measured Service. If organisations have effective Capacity Management and Service Level Management in place then, in our view, two of the most important requirements for moving to private cloud and eventually provider independent cloud (i.e. up to you to choose the most appropriate place to run it from) are in place. Along with fully embracing virtualisation of all elements, this is where the majority of organisations we have worked with need to begin their journey towards cloud.

Page 8 Service levels One of the key definitions of cloud computing is that the service provided is measurable; we are frequently amazed when we discuss this with organisations that operate their IT without defined and agreed service levels, or who have defined service levels but no way of measuring them to ensure they are being met. One of the key benefits of private cloud is cost effective delivery of high quality, fit for purpose and guaranteed service levels that meet, and in most cases easily exceed, what your organisation requires. To achieve this our recommended starting point is a business and IT alignment review to ensure your organisation has accurately defined the service levels it requires for the key operational processes that IT supports, and fully understands the cost, performance and availability implications of the requested service levels. Fordway has developed a Business and IT alignment analysis methodology, APAC, which we have successfully delivered to a range of organisations. There are also several others, including COBIT, that you can use. Secondly, once service levels are defined, there are several standard best practice frameworks that you are probably already running to, or intending to implement, such as ITIL/ISO20000 for IT Service Delivery, ISO27000 for Information Security and BCI best practice for Business Continuity. These base frameworks can be refined and optimised to suit the requirements of your organisation. Thirdly, private cloud infrastructure is by definition a fully resilient, virtualised environment that has no single point of failure, allowing applications and services to be dynamically reassigned and automatically failed over. If properly designed, implemented and managed, downtime from hardware failures should be non-existent. Information security This is one of the key inhibitors for public cloud service take- up, which is negated by implementing private cloud as your first step. As commercial cloud service providers enforce and better guarantee information security standards, this will allow migration of more business critical services to public cloud services. For private cloud every aspect can be audited against ISO27000 or PCI DSS best practice information security standards. Effective security processes can be embedded into the portal and the platform. As you are supporting a known user community, device authentication can be controlled by Network Access Control; every element of the connection between the client device and delivery platform can be secured using 128 bit or higher encryption. If properly designed two factor and biometric authentication methods should be fully supported. One of the key advantages of using private cloud to deliver a virtualised desktop environment is that no data ever leaves the data centre unless your security policy specifically allows mapping of local drives, USB memory sticks or other external storage. Also, on private cloud, your existing user directory infrastructure can be reused; most public cloud services require this to be recreated from scratch.

Page 9 Resilience and disaster recovery No single point of failure should be a given as part of private cloud; resilient hardware and the disaster recovery process should be an embedded, fundamental part of the package. The key elements to making failover fast, cost effective and efficient are virtualisation of all elements and standardisation. Virtualisation makes automated, scripted failover and full service recovery between data centres achievable in minutes, potentially seconds. Using private cloud your full corporate virtual desktop can be accessed from anywhere using almost any device with any network connectivity. Effectively private cloud provides data centre clustering. Standardisation ensures that each data centre is identical, allowing active/active and active/standby data centre operation, with the added benefit that you can replicate your entire data centre to any organisation that offers comparable facilities, saving you the investment cost and management overhead of running a separate disaster recovery environment.

Page 10 Efficiency and cost optimisation Every element of private cloud should be designed to be as resource efficient as possible. Whilst this is Green, to us Green IT is just good business practice. Using a reference design for private cloud infrastructure for one of our clients, the entire hardware for Fordway s Optimised Infrastructure for 2,000 users occupied 2 x 42U racks and consumed 48KW of power. Another for 4,000 users required 3 x 42U racks and 75KW. In both cases this increases by approximately 50% for a full DR environment. This makes it ideal for co-located hosting or even installation into a 20 or 40 foot shipping container which can be dropped in virtually anywhere you require. Under this design all components can run at 26ᵒC or hotter, saving on air conditioning. Every element is modular where possible, meaning that if upgrades are needed you simply replace components rather than complete units. The design life is 6 to 8 years before full hardware replacement is needed rather than the typical 3 to 4. Every component is also WEEE recyclable. How to get to private cloud Having assisted a number of organisations on this journey, the high level actions most organisations will need to undertake to get to an initially private or hybrid cloud, and potentially public cloud in future, are as follows: 1) Understand what services your business requires from your IT function. Define your Service Catalogue based on this. 2) Review the required service levels needed for each of the defined services, include resilience and data security. 3) Define and agree the services you want to provide internally and those that can be hosted or provided by a third party. 4) Measure the current resources you require to deliver the internally provided services to the require service levels. 5) Review your current infrastructure and look for all opportunities to simplify, rationalise and standardise what you support and how you manage it. 6) Find suitable public cloud services providers for the services you believe can be hosted externally. 7) Virtualise every element you have not already done so where it is technically and commercially appropriate to do so; this includes desktops. 8) Implement a common user portal where all users access all services whether provided internally or by a third party. 9) Refine and improve your operational processes to take advantage of the new environment. 10) Implement suitable internal charging mechanisms so all users/departments can understand the costs of the services they are using. 11) Review cost of internal service provision against what commercial cloud providers can offer for the same level of service. 12) If commercial cloud providers can offer the same service more cost effectively with appropriate risk mitigation and guarantees then look to migrate the service to their cloud platform. 13) Monitor every service provided whether in house delivered or externally to ensure it meets agreed service levels. 14) If commercial cloud service providers cannot meet required service levels or cost in future, move service to another provider or bring back into your private cloud.

Page 11 Fordway is an independent ICT infrastructure integrator specialising in planning, management, delivery and support of business-critical infrastructure change. We provide short and long term advice and guidance, IT governance, IT service delivery process improvement, technical expertise, complete ICT infrastructure solutions and support services. For further information on any aspect of this White Paper or to discuss any of the issues raised by it in more detail please contact: Paula Banfield or Richard Blanford, Fordway Solutions Tel: 01483 528200 Email: paula.banfield@fordway.com / Richard.blanford@fordway.com or visit www.fordway.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information