A Cloud can be either a public or private cloud. A public cloud in effect outsources the client data centre to a managed service provider, (“MSP”) who provides cloud services to several clients on the same physical infrastructure. In the past, there would have been physical connections to the MSP data centre using telecommunications links, but nowadays it is much more likely to be an Internet-delivered “Cloud Computing” connection.
A private cloud is similar to a public cloud but is dedicated to a single organisation. A private cloud can be provided by an external MSP or internally by the organisation’s IT services. The MSP can dedicate one of many installations to a single client, or be an MSP who has one client only. An increasingly popular choice is to host cloud technologies internally inside an organisation’s firewall, supported by the organisation’s own IT services.
MSPs are different sizes, ranging from the small, effectively resellers of the services of a larger MSP, to major market suppliers like Google, Amazon or Microsoft.
There have been new entrants to the MSP marketplace offering hosted Cloud services, and a potential user must be sure that they can provide an acceptable level of service to the desktop. Most do, but because of the critical nature of the service they provide, care in selection is needed.
Before migrating to the Cloud, assess what can operate in a cloud environment and whether a public or private cloud is more appropriate to your environment. For example, you might not want to take the security risk of having third parties steal research data or intellectual property hosted on a public cloud.
Another consideration is the type of business you operate. For example, if you provide mission-critical systems to an organisation or have concerns about security, outsourcing to an external third party with all the associated risks may not be an option.
If you choose to proceed, the first decision is clearly public or private. Public clouds offer cost and flexibility advantages but have been receiving a bad press recently following some high-profile security breaches. Single-client MSPs are rare since they offer little cost benefit and each party is entirely dependent on the other.
Until recently, there was a significant cost advantage to public clouds. However, the difference in capital and operational costs between private clouds and public clouds is rapidly narrowing. This is largely as a result of technologies developed by MSPs to create public cloud models being applied to private cloud deployments. Private cloud operators can now use technologies such as software-defined data centres and object storage. This gives the opportunity to access cloud benefits in internal data centres.
As a consequence, adoption of internal private clouds in on the increase, and is becoming the de-facto choice for many organisations. As an indication, private clouds are now around 77% of all cloud migrations, as set out in RightScale’s 2016 State of the Cloud Report.
Assuming that you have made the decision in principle to migrate towards an internal private cloud, how should you go about it, what benefits can you expect, and what pitfalls lie in wait.
A key point to understand is that a heavy commitment will be needed from senior management to support and enable the transition. Gaining that commitment, frankly may not be an easy task. They will have read and heard horror stories in the media and from professional colleagues about data loss, data theft and all kinds of hacking. They will have an instinctive distrust of the concept of company data being accessible using Internet techniques, even though the cloud is inside the company firewall. It will require a carefully planned programme of education and trust building to achieve buy-in and commitment.
One of the advantages of moving to a private cloud is the opportunity to meld in other changes you have had in mind, for example including the software-as-a-service-based (“SaaS”) operational model as part of a private-cloud-as-a-service model. Indeed, IBM recommends this as a necessary step in the migration by providing immediate benefits and removing the requirement for early and costly upgrades to hardware and software.
A second advantage and one key to acceptance of the cloud concept by senior management are the cost advantages of an external MSP while maintaining the security and control offered by an in-house service.
On the downside, however, it is highly likely, particularly if SaaS is part of the equation that new software environments will need to be implemented and significant changes made to operational and systems management processes and procedures. You may need temporary or permanent skilled and experienced staff to design the cloud environment and to manage and implement the transition. Such skills may be hard to find and could be expensive.
As an offset, proprietary and open-source platforms and frameworks for private clouds are emerging to ease the transition. Two market leaders are currently the proprietary VMWare and the open-source OpenStack framework.
In parallel with the cloud implementation, there needs to be a comprehensive review of operational procedures and controls. Many existing functions will vanish or substantially change. An operational audit might be needed to ensure all bases are covered:
- Policies and procedures. All new and revised policies and procedures must be documented and staff trained in their use, with regular follow-up checks and re-training.
- You need to review the security protocols and procedures that manage physical access to data centres and the equipment within data centres, including any co-location or third-party hardware.
- Access to systems and data needs to be reviewed and new user authorisation lists prepared. Use of administration procedures must be strictly controlled.
- You need to review your existing software and hardware firewalls, security appliances and documented policies and procedures to ensure they are still adequate.
- Data Integrity. Again policies and procedures, particularly those for backup and restore need to be reviewed.
- Change Management. Review and amend your Change Management procedures.
- Incident Management. Implement or review a support service that provides trouble ticketing and problem resolution services, including a Help Desk if appropriate. This is particularly important during the transition.