I D C V E N D O R F O C U S C l o u d S e r vi c e s : U s i n g Virtual Priva t e C l o u d s t o I m p r o ve B u s i n e s s Ag i l i t y September 2010 By Linus Lai Sponsored by SingTel, Optus Cloud computing has been the buzzword in recent times, to the delight and the disdain of many IT professionals. On the one hand, cloud's pay-per-use pricing approach means a reduction in CAPEX and greater business agility; on the other hand, this new IT delivery/consumption model opens up a Pandora's box of issues. Seven out of ten organisations in Australia polled recently are building a private cloud to allay concerns of security and data privacy. This paper discusses the enterprise viewpoint of what makes up a "private cloud" and the investments being made in private cloud from an Australian perspective. This paper also highlights how Optus Business are helping organisations overcome their business issues by adopting Cloud. While there are many tasks within IT that can be delivered as a service, such as platform and applications, the scope of this document examines Infrastructure as a Service (IaaS), which is defined as both the hardware layer and management software to make computing resources available. IaaS include system-level capabilities such as server/computing, server operating system (OS), client OS, storage, infrastructure management software, or networking on which the user can run a variety of applications. This discussion on IaaS is particularly important in Australia, where more organisations are looking to transform their aging data centres. Data centre modernisation is on the cards, with organisations planning to build new data centres; virtualise server, storage and network resources within existing data centre; or re-fit existing data centres with more efficient infrastructure, whether it be a converged infrastructure platform, dense server blade technologies or more efficient power and cooling. Interestingly, in a recent IDC survey, almost half of the Australian organisations polled said that sourcing for external data centre space was an option for its private cloud infrastructure. This brings up an interesting question: Can an IaaS offering from a third-party service provider be considered a private cloud? It's all in the definition. Most organisations would think of a private cloud as having to build, operate and manage the cloud service themselves. But when does a cloud stop becoming "public" and becomes "private" is the question. About 56% of the 326 survey respondents believe that a third-party resource would qualify as a "private cloud" if they can access it in a secure and private manner (to the extent of siloed IP addresses and VPN). This is now, more often than not, called a "virtual private cloud". Through the use of clever virtualisation and security technologies embedded in the hardware, infrastructure software and network layer, a "virtual" private cloud is made available. Every service provider has a different take on a virtual private cloud offering. Some offer encryption technologies at the data storage and network layer; others have variations to the theme. It is best to have these discussions with service providers to unearth the differences in the details. #AU092010L
Long-Term Benefits Expected from a Private Cloud IDC has documented the benefits expected with building or using a private cloud. Whilst some benefits of private cloud are similar to that of a public cloud, IDC's survey revealed some key differences. Cost savings and return on infrastructure assets were considered important benefits to private cloud users. Here is a quick look at some of the key benefits of private cloud: Flexibility (i.e., ability to ramp up and ramp down capacity for applications or storage as needed). The slow pace of traditional IT development and deployment of business systems has long been a frustration for line-of-business (LOB) executives. Users clearly see cloud services as an important answer to speed up project delivery. Lowering costs by consolidating and standardising shared resources internally. Improving the economics of IT use through consolidation strategies will help CIOs to align costs with utilisation and frees in-house IT staff allowing them to concentrate on strategic priorities. Increase utilisation of existing IT assets. Most infrastructure resources in enterprises are underutilised. For businesses that have large amounts of infrastructure, this is an added benefit as the cloud model offers a higher return on infrastructure assets, and the ability to manipulate and manage these assets on a self-service model. Challenges facing adoption of a Private Cloud Despite the benefits of private cloud, organisations still regard security and loss of control over data as the top two challenges as far as cloud adoption is concerned, as shown in Figure 1. F i g u r e 1 Ranking of significant information security risk associated with cloud computing or cloud services N=77 2 2010 IDC
Source: IDC, 2010 The inability to protect sensitive or confidential information has been cited as the top security risk. This perception of a lack of control and governance around security and availability is the number one reason why organisations are building private clouds instead of using public cloud services. This perception is driven by the view that organisations are unable to understand the associated risks related to their inability to assess or verify the security of data centres used within the cloud, the ability for cloud providers to properly store and back-up private information, restrict access or even monitor policies and procedures as a result of infrastructure downtime. Service providers that do not have an open and transparent approach to dealing with these challenges are not able to address these organisations' needs. Performance is also a challenge as the geographical reach over vast distances in Australia can cause issues with applications that are sensitive to latency. In reality, a cloud provider can only do so much in this area as not all real-time applications are architected to take advantage of newer network, server and memory technology. For organisations that need application performance over a wide area network, this may still be a major concern, starting with the identification of application performance over a wide area network. Profile of Optus Cloud Solutions Optus Business through its wholly owned ICT subsidiary, Alphawest, has developed cloud-based services that enable core ICT infrastructure to be shared and deployed across multiple customers. By adopting a cloud solution, the costs associated with deploying and maintaining hardware and software services could be reduced, which is some cases, could amount to millions of dollars. The Optus Virtual Private Data Centre (VPDC) service uses an IaaS model typical of other cloud computing services, where customers can access virtualised computing and storage capacity over a remote network connection, as illustrated in Figure 2. 2005 IDC 3
F i g u r e 2 High level diagram of the Optus Virtual Private Data Centre (for illustrative purposes only) Source: Optus Business, 2010 Unlike other cloud computing services, the VPDC is exclusively available to Optus Business customers over the advanced Evolve IP network. It enables customers to modernise their data centre architecture and integrate private clouds with the Optus virtual private cloud in a hybrid and secure manner, as opposed to connecting to a cloud service via the public Internet. This added security from the Optus virtual private cloud, and service availability, is a key differentiator for the VPDC. In addition to this, the Optus VPDC offers piece of mind that data is being housed in ISO accredited data centres located in Australia. The VPDC offers a host of advantages including scalable IT resources available on demand; low capital and maintenance costs; secure network protection through the privacy of the Optus Evolve IP VPN; network redundancy; and network quality of service. The VPDC introduces the concept of compute slices of resources, where Optus Business customers can request fixed reserved compute capacity based on "slices" of resources from the VPDC infrastructure. The unit of a slice is defined as 500MHz of CPU and 1GB of memory. Optus Business customers can then create virtual machines from within their own pool of resources as a flexible, scalable service with no capital expenses and reduced maintenance costs. VPDC offers customers flexibility and control in cost, consumption, provisioning and tear down. 4 2010 IDC
Optus' Challenges Optus Business' challenge in bringing services to enterprises will be the build versus buy debate over private cloud infrastructure. In reality, judging by the market sentiment at the moment, IDC expects enterprises to fulfil their ambition of building a private cloud infrastructure that it can own and operate. Less than half of the enterprise market does not believe that a virtual private cloud is equal to a private cloud. That will be the first of many challenges for cloud providers like Optus Business. The subsequent challenges are part and parcel of engaging a third-party service provider. Optus Business will have to demonstrate its service capability, reassure customers of its security practices and, finally, be ready to have discussions on the costs of an overlay network infrastructure to complete the private cloud. Five Key Factors to Consider When Selecting A Service Provider It s still early days for Cloud service providers. IDC expects that cloud assessment services will be the order of the day as organisations embark on a strategic review of how to take advantage of the cloud. Below is a five-point checklist when selecting a service provider: 1. Expect a thorough cloud assessment service from your service provider. A competent service provider will be able to calculate the economics behind using cloud resources as opposed to running it in-house. A competent service provider is not out there to offer pay-per-use as so much as to help enterprises understand the many 'hidden' costs of running a service in-house, for example, under-utilisation of services, power, cooling, maintenance and high availability/backup. Likewise the 'hidden costs' around cloud services such as downtime, latency and the impact on user training will also need to be factored in to make an objective comparison. Cloud providers will need to prove the cost savings to the business before adoption will happen. 2. Local presence is also important because of the laws governing data protection and intellectual property. Customers feel more secure to know that they have legal recourse and operate around the same regulations that they are used to. Local presence also assures the customer that the service provider is 'there' to aid and help them in a local account managed relationship, as opposed to dealing with a supplier via email. Local presence also means to them that they prefer access to the vendors who are able to 'come by their office'. Although most cloud services may be purchased online it still doesn't replace a working relationship at the local level. 3. Cloud providers will also find that "support" is needed from the end-user perspective. Offering a narrow, totally self-service offering may seem like a recipe for profits for the service provider but from the end-user perspective, these solutions will need to integrate into their unique environment. Some consulting and integration firms are taking advantage of this by being the 'trusted advisor' to the end-user and providing the consulting and integration skills necessary for end-users to use cloud services effectively. This gives the end-user a sense of face-time and handholding as they venture to an on-demand model. 4. Service-level assurances around performance. This includes uptime, throughput, response times, backup and redundancy. In fact, some ICT suppliers will find themselves in new territory here, unlike telecom operators who are used to these metrics for their voice and data services. Saying that, cloud providers that can guarantee service levels in their data center may also find that users may want the entire ecosystem managed such as the WAN linkages. 5. The next attribute is having the option and ability to move the cloud service (and customer data) back on premise if the customer wishes. An intermediate stage may be a private cloud or an 2005 IDC 5
'internal cloud' but in essence the service provider will be asked for a termination or relocation clause that gives them the option to running the service in-house, and avoid data lock-in. Conclusion In light of past experience from 10 years ago when SaaS came onto the scene, has it taken over the IT world? No. What we have learnt from the past is that shifts to new paradigms offer a vast array of options for the enterprise. In the past year, we ve had hundreds of conversations with vendors, CIOs and the press about the emerging cloud services model and its impact on the IT industry. The skeptics point, legitimately, to the many remaining challenges of cloud services adoption, particularly around security, availability, performance, limited customisation, and lack of standards. IDC's response to the skeptics is simple: Within the next several years, none of those challenges will make a bit of difference to the vast majority of cloud adopters. The cloud is where the best and richest variety of business solutions will increasingly be found. They will choose, in large numbers, cloud services as core elements of their IT services delivery portfolios (we would certainly argue that this is already the case in the consumer IT solutions world). Organisations may never fully trust or use a public cloud service, and that is why the interim is a hybrid cloud solution, one that marries internal private clouds and virtual private clouds to address concerns around security, dependability, performance as well as accountability (i.e., one throat to choke as it were). As more organisations put the service challenge to the providers, there will be more incentive for the industry to invest in developing creative solutions to cloud challenges. A B O U T T H I S P U B L I C A T I O N This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T A N D R E S T R I C T I O N S Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 65-6829-7757 or gmsap@idc.com. Translation and/or localization of this document requires an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms. IDC Australia: Level 20, 8-20 Napier Street, North Sydney, Australia www.idc.com.au Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved. 6 2010 IDC