Download updates from

pixeldyne.org

GNU Free Documentation License Copyright © 2011-2013 Maciek Plewa ([email protected])

Download updates from

pixeldyne.org

WHAT'S IN A CLOUD

• • Any technology, software or devices made available as services over the Internet, consumed clients.

Three most common models: Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service: • • • IaaS: a lower level offering full control to automatically or manually allocate servers, install operating systems, etc.

PaaS: level up (usually on top of IaaS), some loss of control, aimed at application design and development.

SaaS: high level, very specialised, provision of traditional applications for Internet and Mobile access.

WHAT'S IN A CLOUD :: COMMON MODELS

Software Testing Development Integration Data Platform API Desktop Database Backend Security Infrastructure Network Storage

RECIPE FOR ADEQUATE SUCCESS?

• • • • • • • State your objectives.

Research and avoid common pitfalls.

Obtain advice on legal issues involved.

Choose Cloud models that fit the organisation.

Make your case and evaluate the Cloud services.

Choose: Microsoft, Google, Amazon or someone else?

Begin change management processes in advance and prepare PPPs for the adoption.

STATE YOUR OBJECTIVES

• • • Cost reduction: • How much can you save by exploiting economies of scale?

Less maintenance: • You will need experienced staff for setup, integration, development and some maintenance.

Business agility: • If your current architecture and platforms are not delivering the agility you want on-premise, why would propagating the same kind of technology in the cloud give you greater agility?

DO YOUR RESEARCH :: PLAN

• Take your time: Allow yourself sufficient time for planning and transitioning to the Cloud. Moving too fast increases the risk of oversight or failure.

• Ensure that you have staff on hand to perform testing • Look ahead: Consider future growth requirements. Will you be adding new software? Expanding your business? How much will your storage requirements increase?

• • • •

DO YOUR RESEARCH :: THE BASICS

Established leaders: research the provider’s financial outlook, past performance and reputation, and how long they have been in the game.

Inside out: Know all of the provider’s equipment, vendors and solutions the provider uses - especially if you plan to use their services for the long term.

Like-minded: a provider should have the same change management best practices that you would demand.

Iron clad contracts: review and compare the contracts and SLAs from different providers. Tailor the SLA to your needs.

DO YOUR RESEARCH :: COST

• Some basics: I.

Define requirements: services and applications that will be used, analyse current utilisation including the number of users, storage capacity, bandwidth, and other needs.

II. Compare: pricing models (subscription or utility based) between providers, and actual prices for bandwidth, storage, computing hours or server instances.

III. Calculate ROI and TCO. Budget for the risk, anticipate growth, but avoid paying for more than is needed.

DO YOUR RESEARCH :: FIT FOR PURPOSE

• • • • Location: determines the usability and how quickly you can access your information, transfer data, and use the applications and services.

Performance: carefully evaluate the performance of your cloud solution. It needs to meet or exceed your existing infrastructure performance.

Integration: analyse the Cloud service’s compatibility with your applications and processes, and all available integration options.

Scalability: what scalability solutions does the provider offer?

• •

DO YOUR RESEARCH :: SECURITY

Encryption: are transfers encrypted? Do you control the encryption keys for stored data? Does the provider use the same encryption key for everyone else you share the cloud with?

• You may need to implement own encryption for the data.

Firewall: are firewalls provided as part of the service, what level of control and protection can they provide?

• Only in some cases you will have enough control to roll out own firewall.

DO YOUR RESEARCH :: ACCREDITATIONS

• ISO certifications, independent auditing: ensure that the provider has been audited for security and legal compliance by independent auditors. Look for ISO certifications to backup provider’s claims and marketing literature.

• You cannot completely outsource risk, accountability and compliance obligations, but some level of trust is important.

DO YOUR RESEARCH :: RELIABILITY

• • • High availability and redundancy: some providers don’t include redundancy, increasing the risk of Cloud based businesses going offline for days or weeks.

• You may need to purchase load balancing or load sharing, and additional standby redundant services.

Backups: some providers don’t provide backups at all.

• Similar to the above, you may need to purchase additional storage for backups, perhaps even implement custom backup solution.

SLAs: can the provider meet your availability, backup frequency, and disaster plan requirements?

DO YOUR RESEARCH :: GETTING HELP

• • Support: • Look for a provider offering dedicated phone and email support 24/7/365.

Trial and error: • Some providers offer either 30 days or more evaluations or free Cloud services (feature-limited). • Get help with auditing, benchmarking, and testing the services, and a pilot deployment before committing to a contract.

DO YOUR RESEARCH :: COMMON PITFALLS

• Vendor Lock-in 2.0: Is the provider using open technologies? Can they move the data if the business’ owners change?

• Analyse the feasibility and plan for moving your data to another provider.

• Contract Lock-in: Don’t sign long term initial contracts (over 12-24 months), especially if you haven’t completed the hands-on evaluation.

• Middle man: Is the provider simply a reseller of services without added value?

LEGAL ISSUES :: A FEW EXAMPLES

• • Jurisdiction: processing or storing information in another country may be subject to the legislation of that jurisdiction.

• Trans border dataflow: You may not host customer data solely overseas.

Data access and retention: can the provider access and refer your data to foreign law enforcement? How long is the data is stored by the provider, and when/if is it deleted once the contract ends?

LEGAL ISSUES :: PROTECT THE INVESTMENT

• • • Obtain legal advice: can legal issues impact or prevent the move to the cloud?

Safeguard: educate users, create bulletproof terms, comply with legislation.

Don’t make the regulators your adversaries: • improper leading to

litigation disclosure

, data

breaches reputational

damage, by third parties or even

prosecution

by Information Commissioner; other

surprises

?

LEADERS :: AT A GLANCE

Provider

Cloud Model Focus Pricing Models Free Trial Period Free/Limited Service Australian Hosting Management UI Technology Support Windows OS GNU/Linux OS Microsoft .NET

Enterprise Java Node.js

Yes Yes No Yes Yes

Amazon

IaaS Use / Subscription 2 months Yes Yes Web, API

Google

PaaS Use 6 months Yes No API Only No Yes No Limited No Yes Yes Yes Yes Yes

Microsoft

PaaS Use / Subscription 3 months No No Web, API

LEADERS :: FEATURES COMPARISON

Provider

Features Analytics Archiving Backups Encryption Firewall Load Balancing Monitoring Relational DB Service Bus Virtual Machines

Amazon

Yes Yes No No Yes Yes Yes Yes Limited Yes

Google

Yes No Yes No Yes Yes No Limited No Yes

Microsoft

Yes No Yes Yes Yes Yes Yes Yes Limited Yes

Download updates from

pixeldyne.org

Q & A

What else: private/public/hybrid Clouds, sovereignty issues, technologies, concepts and business processes?

For comments or questions about how/why/when/where just email

Mac: [email protected]

Copyright © 2011-2013 Maciek Plewa ([email protected])