Web Application Architecture Part I

Many organizations still make some incorrect assumptions while implementing the cloud.

While cloud certainly provides the capability of High Availability, High Scalability, Disaster Recovery. These cannot be assumed to be available by default.. Each enterprise will need to specifically design and architect for the same.  However..

Do all applications including non-critical ones need a Active-Active DR? No

Do all applications need to scale to millions of users? No

Do all applications have the same performance requirements? Hope Not. .

Should all applications be designed as Micro-Services? Not necessarily

Do all applications need to be deployed across multiple regions? Absolutely Not

Do all applications need to be architected as SAAS, multi-tenanted applications?  Certainly Not

What is the right WEB APPLICATION ARCHITECTURE in the CLOUD?

There is no silver bullet/one size fits all.

Right architecture is usually the one that meets the requirements well, and it can be iteratively improved/changed with out having to rewrite it and spending too much doing it. .

CORE ARCHITECTURE PRINCIPLES

Principle of maintainability: We should strive to build our applications in a way that allows code to be iterated and maintained into the future. While there is nothing wrong with aspirations, the principle Does not mean that business will manage the application going forward.

Principle of Scalability: Application should be able to scale to the number of users our web applications has and beyond. Beyond is the key here. As a business and the growth prospects unless there is complete unpredictability, the scale should be known and the architecture built enough to meet the requirements.

Principle of Simplicity:  Application is simple and easy to understand and build

Principle of Performance: Applications are built to respond to requests in a timely manner, Does timely manner mean 1ms, 2 ms or 6 ms? Not all pages respond at the same rate. Important factor however is customer experience.

Principle of Reliability: Application should be able to handle when something goes wrong. What if the data centre goes down? This is not a trivial requirement, a requirement that warrants No single point of failure, and redundancy built at all layers. However, Does every application in the enterprise require that?

Principle of Testability: Application easily be tested. Testing across environments can be quite expensive, but necessary.

Principle of Reusability:  Application components are built for reuse.

Principle of Security: Applications are built to be secure against all known vulnerabilities and only the authorized users can access the application

Microsoft provides reference architecture for multiple web application patterns, Lets look at them. .

Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/basic-web-app?tabs=cli

Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/scalable-web-app

Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/apps/scalable-apps-performance-modeling-site-reliability

Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks-microservices/aks-microservices

Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/multi-region-sql-server

Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/multi-region

Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-integration/ase-high-availability-deployment?source=recommendations

Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/infrastructure/multi-tier-app-disaster-recovery

Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/apps/ecommerce-scenario

Reference: https://learn.microsoft.com/en-us/azure/architecture/solution-ideas/articles/scalable-ecommerce-web-app

Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/multi-saas/multitenant-saas

While migrating applications, like-by-like might be a way to look at initial cost estimates, it is NOT the right way to design your application. The cloud design is a paradigm shift in programming, embrace that change by designing for the cloud. Cloud native design, implementing PAAS has its benefits, but if not done right can be expensive.  Continuously monitor and optimize costs.

Consider consumption based pricing models, architectural patterns such as queue based load levelling and auto scaling services when you have to build scalable applications. Find the right balance between scalability and predictability.

Design internal applications (assuming their scale to be low), in a different way than your external(Customer facing) applications. Bring cost consciousness in to your design.

Building highly scalable, highly available application with multi-region deployment can be fairly complex.

There are multiple ways to architect applications. It is very important to segregate your application workloads and architect them right. Not every application architecture needs to be built the same way.

CLOUD EXPO

Ecstatically thrilled and proud of my team. Orchestrated yet another successful cloud expo ! The event recently took place across Hyderabad and Bengaluru with over 1600 team members participating. The event included deep dive sessions from cloud experts. Engaging the participants through presentations, demos, hand-outs, innovative games, animations, videos and stalls – all designed exclusively to help team members understand the technology and its intricacies.

When organization adopts technology, educating the team members around why certain strategy is being adopted is paramount. And thus, connecting the dots along with evangelizing technology adoption and creating change agents through such events is very important.

Big Thanks to my team and Partner leaders(L & D, SecDevOPs, FACE, Facilities, GTP, Toast masters)

Cloud and Beyond, Milestone in a transformation Journey

Transformation begins with reflection and we have only begun our journey. Organizations don’t transform, people do! 

Cloud initiative is the spearheading force in the transformation journey. The cloud journey began about a year and a half ago. We created a private cloud environment, migrating Microsoft workloads providing both IAAS and PAAS capabilities. Extending on it, we are now looking to implement a hybrid, multi polyglot cloud strategy for all of our workloads.  

This would transform our application landscape to a more cloud native, highly available, highly scalable, DR/BCP ready, service metered, portability friendly, container friendly, and faster time to market enabled environment. Such transformations go above and beyond technology transformation – covering strategy, processes, structure, culture, enabling a platform which is agile, and ready for a digital and business transformation.  

To help accelerate the adoption, educate, and to institutionalize the awareness, we will be hosting a series of roadshows/expos/trainings/accelerator programs.   

The recently concluded CLOUD and BEYOND event was the first of many. I would like to thank the team for making it a grand success. So much hard work – starting from planning the event, being part of town hall discussions, floor walks, freeze mobs, flash mobs, teasers, LED displays, printed collateral, t-shirts, goodies, creative gamification ideas to engage with the teams… we did a lot of evangelizing. All that effort resulted in passionate participation from over 1500 folks at the stalls, workshops, and dojo sessions.   

Testament to your great work (Chosen from the hundreds of great feedback)

“Excellent Expo. Loved the presentations, Very informative innovative way of making understand concepts, Looking forward for more such!, Felt like Cloud 9, Versatile as colors of Holi, Thanks Guys for your efforts J, GREAT PRESENTATION! NICE GAMES! WELL DONE!, Super program. Keep it up!, GREAT SHOW, Informative & Interesting, Super FUN!, Awesome!!!” 

I am very proud of our efforts and would like to say a big thank you to everyone who contributed.  

Coming up in March -> “Rendezvous with Architecture”, Agile ahead -> “Speed to Market”

Pragmatic 2020 Cloud strategy for LARGE enterprises

How many large enterprises believe that their cloud strategy is in the right direction? How many CIO’s feel confident about their cloud strategy? In this emerging market have we implemented the steps for an enabling cloud? Read on. .

MITSloan in their digital transformation report, categorized enterprises as following:

Beginner: Slow to adopt, or are skeptical of advanced digital technologies.

Conservative: Companies deliberately hang back when it comes to adopting new technologies.

Fashionista: Companies are very aggressive in adopting new technologies, but they do not coordinate well across departments or have an effective vision in place

Digirati: Companies have executives who share a strong vision for what new technologies bring, invest in and manage digital technologies quickly and effectively

This categorization seems as relevant for cloud adoption in large enterprises as well. How many Cloud Fashionistas have you seen?

Difference between a cloud leader and a cloud fashionistas is the mapping of implementation to a strong direction. Key is to have a strong Vision/Goals for enterprise without being very generic, and hence create a technology strategy which aligns well with the same.

Few sample enterprise goals for cloud:

• Transformation/Innovation enabler
• Faster time to market
• Standardize IT
• Enhanced security
• Lower risk
• Faster access to infrastructure
• Business Continuity, Disaster Recovery
• Cost Savings, Optimize investments – A Move from Capex to Opex
• Increase IT productivity and efficiency
• Simplify IT
• Geographic reach
• Greater scalability, and availability
• Higher performance
• Data center consolidation
• Rationalize applications
• Operate anywhere
• Portability

Prioritization of the above is extremely important. Let’s say innovation is top priority, adopting public cloud and accepting a level of stickiness to a cloud provider would be acceptable. While, if portability was the highest goal then by nature stickiness would not be acceptable. If being risk averse is the highest priority, then enterprises might want to stick with a single cloud provider rather than multi-cloud technology enabling strategy. But, is this the right approach?

Apart from Fashionistas, Cloud discussions might begin with the ROI context, and move to cloud Native! as a dream state. What is this cloud native dream state? Gartner defines cloud computing model with LIFESPAR (latency-aware, instrumented, failure-aware, event-driven, secure, parallelizable, automated and resource-consumption-aware) characteristics – An ideal goal for cloud native? Or is it 12Factor? What do we really build the cloud for?

My recommendations for a pragmatic 2020 and BEYOND cloud strategy:

NOTE This applies to “LARGE” enterprises ONLY. Small to medium enterprises strategy can vary significantly.

• Map cloud goals to strategy
• Bimodal IT **, isn’t really a bad thing. Need to balance IT workings between stability and agility, so should our cloud strategies.
• Adopt public cloud. Mature service offerings are something that enterprises should be taking advantage of.

• When you get pushback, quoting NOT all applications are “cloudable”, in the current context of the enterprise that might be true. Application rationalization effort along with current cloud efforts should provide the data set and the workloads. The implementation strategy of each workload (IAAS/PAAS/Container -> DevOps -> CI/CD) will vary and will need to be solution in the overarching strategy. Segregation of workloads (Example: Active Directory, Archival, Microsoft and non-Microsoft workloads) is important.

• Identify environments such as development, performance, testing, etc. and create a strategy to take advantage of the cloud.
• DO NOT begin the cloud implementation without a clear ROI model
• Capital investment already made, need to be best leveraged, while avoiding redundant future investments (Especially infrastructure) is key. If possible, Pause new hardware investments and align it to the cloud strategy
• Identify the cost implications of datacenter consolidation. Create a data center strategy. Make sure that data center strategy includes both private data centers and public cloud data centers. Did your ROI model consider this? How many data centers across how many cloud providers?
• MULTI CLOUD – One public cloud is hard to convince, well it just might not even suffice. Case in point, Mergers and acquisition: What happens when the merged organization is utilizing a different cloud provider? It is important to create processes to adopt public cloud and to contain it as well. Try to build these processes agnostic of a cloud provider. When it comes to adopting try to keep it to < 5 providers.
• Cloud services matter. One cloud provider might have a great storage, the other ML offering, the other database etc. Choose workloads and strategies based on the services offered.
• Containers can enable platform agnostic portability, while stickiness to an extent is a good thing. Containers are DISRUPTIVE in nature and impact enterprise project lifecycle, DevOps, Patching, Maintenance and controls to a great extent. Enterprise strategy in today’s world, I believe is incomplete without container strategy. Create a container strategy.
• Current capital investments are large, regulatory restrictions are overarching. Cloud strategy cannot be ALL or NOTHING. Private data centers are here to stay for a few more years. Adopt and plan for hybrid workloads. Hybrid cloud also enables application working on both on-premise and public cloud which imposes high engineering effort and complexity on the integration and deployment. Define a “just enough private” cloud strategy.
• A re-definition of network would be mandatory. Create a network strategy (DirectConnect, ExpressRoute etc.), software defined *.

• PAAS and its ROI in private cloud, its extension in to public cloud. Decision of “only in public cloud” vs both private and public. There are lot of variants in PAAS (aPaaS – application platform as a service, bPaaS – Business Process as a Service, cPaaS – Communication Platform as a Service, cPaaS – Container Platform as a service, dbPaaS – Database platform as a service, fPaaS – Function platform as a service, hPaaS – Hybrid platform as a service, iPaaS – Integration platform as a service, jPaaS – Java Platform as a Service, mPaaS – Managed platform as a service, oPaas – Oracle Platform as a service, tPaas – testing platform as a service, rPaaS – runtime platform as a service . . You get the idea! ). Create a PAAS strategy.

• NO DOWNTIME, ZERO PATCHING are good goals to have and yes very achievable, given a good DevOps/CI/CD strategy. Auto provisioning, CI/CD, Auto Scale etc. all refer to significant process modifications, which is usually one of the biggest barrier in cloud implementations. Identify the process to be modified and update accordingly.
• Does the enterprise have a clearly defined Enterprise information architecture? What is the relevance if EIA? Does cloud strategies revolve around the LOB’s decision on database strategy? Data, insights, Analytics, workloads, governance, or security the information flow guides the enterprise transformation. Create an EIA, the services roadmap also depends on it.
• One of the most important direction that the cloud implementation needs, is the direction on cloud services. For Example, Compute, Storage, Networking, telemetry, management, dev tools, etc. The maturity of services built in-house and in public cloud varies to a great extent. It is important to make a decision and build out a comprehensive service catalog. This needs to be outlined by identifying which services should be in the private cloud and which ones in the public cloud.
• Project, Portfolio, LOB all have varying POV’s. Usage patterns vary, usage metrics vary. Identifying, measuring and thresholds are extremely important. For regulatory, Audit and compliance requirements, it is critical to service meter and track the cloud adoption. Lot of organizations feel that the ROI isn’t there, when the utilization is not controlled. Extremely complex environments lend to even more complexity when the adoption is multi-tenanted. Create a process to identify and service meter the cloud. (Handling Licenses and 3^rd party software, components aren’t trivial)
• One of the important aspects of cloud that encourages team to adopt sooner is the self-service capability. The fact that the team can go to a particular location, browse the services and initiate a cloud migration goes long way in building the confidence for the team to start the cloud journey. Teams are quite keen to understand upfront what can be controlled and are concerned on what they cannot. Create a self-service strategy.
• Imagine a single application or a dashboard view where all the services, all instances, all consumers, all LOB’s, thresholds, etc. are visible and are maintainable! Again a dream state. Current offerings around this in the industry is not as mature. Will need to build this out. Plan for a Self-service portal.
• Public cloud strategy also warrants an exit strategy. Create an exit strategy at the beginning, this will also provide clarity on portability etc. that are important decision points.
• Cloud also paves the way for distributed computing. One of the hurdles of cloud implementation are the associated data and the legacy tied with the same. Co-location data, unidentified data risk etc. Merging data strategy with the cloud strategy is very important

• APP RATIONALIZATION: Enterprises when planning for cloud, start with identify workloads for migration, Microsoft defines 6 R’s: Remove, Retain, Replatform, Rehost, Repurchase, and Refactor. Before dispositioning applications in to one of the above, an ideal exercise is to understand the value of each application with respect to business and technical suitability. Create an application rationalization strategy.

Conclusion: 2020 is almost there, for most large enterprises the journey has just begun, strategy incomplete or undecided. What differentiates a digirati enterprise is a strong vision and a strategy. I hope this blog provides factors to be considered for a pragmatic cloud strategy. Always appreciate your feedback and/or counter arguments.

Additional thoughts and considerations:

• Lot of enterprises start with let’s hear from the experts, from partner vendors. They come with lot of experience NO DOUBT. Key is to build expertise in-house. BOT models help with jump starts.
• Developer experience MATTERS and drives quite a few technology choices. Be it patterns or technology adoption. Getting the team onboard with the strategy is important. Institutionalizing strategy is a good thing. Great thing in fact. Reducing the internal technology gap is the key for a successful implementation.
• Not one size fits all, Enterprises will continue to have a few workloads on physical servers, Few on just VM’s, IAAS only, PAAS etc. Realizing and modifying the strategy to reflect architecture principles and governance is important. Cloud first? Cloud only? Container first? Container only? Micro Services first?
• Does IAAS in a private cloud makes sense beyond virtualization? What is the current investment in virtualization stack? Utilizing IAAS workloads in public cloud
• CONTAINER: A shift left on the configuration controls, huge impact on testing, huge impact on deployment, Also brings in a divide of opinion between departments on ownership. Should the developer have control or the infrastructure or the operations? With additional variants such as Container PaaS, Container and Big Data platforms, Cloud Enabled, Container Orchestration platforms, Container as a service platforms, Container Infrastructure as a service which variant aligns well with the enterprise goals and with Enterprise Architecture roadmap. (Examples: Cloud Foundry, PCF, RHOCP, Deis, Mesosphere enterprise DC/OS, Apprenda, Apcera, VAMP, Rancher Labs, Canonical, CoreOS, Cloudify, Azure Service Fabric, AWS Lambda, Techtonic, Cloudsoft AMP, Kubernetes, Docker Data center, Platform 9, VMWare. . . You get the idea!) , the lines get blurry.
• DATA CENTER STRATEGY: Once upon a time the cloud story began with, on-premise vs hosting providers. Large enterprises continue to leverage hosting provider fully protected private environments. Should that be continued in the context of the public cloud? How many data centers is the right number. Is one primary and one secondary between public and private work? Or 2 each for private and public? If a large enterprise has multiple core and satellite data centers, Should they be consolidated? Does it make sense to set up Platform as a Service cloud environments in all the core data centers?
• The services offered by the cloud providers are growing by the day. https://prashanthpanduranga.wordpress.com/2018/01/15/changing-services-landscape/
• The ROI of going to public cloud lies in how best the services are leveraged. While those services lure enterprises to go to public cloud, the concerns of stickiness that service consumption imposes bothers the enterprises. How sticky is your strategy?
• Enterprises are finding it difficult to implement cloud from ONE service provider, but is it because there is no consensus on which cloud provider is better? Is the chosen cloud provider best in all services? Does the developer community think one cloud fits all needs? Well, let’s say they do. Would a large enterprise not have any mergers or acquisitions? Would a criteria to merge be which cloud provider? I hope not. When a merge happens would the applications be refactored or migrated to the chosen cloud, would that kill the ROI of merger! I really hope not.
• SAAS STRATEGY: When there are applications packaged with all the functionality needed and fairly customizable, why not use that, rather than trying to build the same from scratch? Which of the enterprise workloads will be SAAS products and what would be the Information architecture strategy for the same? Number of SAAS offerings are also growing by the day.
• VIRTUALIZATION REDEFINITION: Have we reached a virtualization saturation point? Are Enterprises utilizing virtualization to its full potential? What is the enterprise view on infrastructure as code, how do we really implement Auto provisioning and auto scaling in a virtualized environment. Most enterprises, I feel, are struggling with this challenge. Stuck between controlled virtualization and exposing the API’s to Auto provisioning/scaling.
• PROCESSES REDEFINITION: How long does procurement take? How long does deployment take? How many lower environments are created? How long is the test cycle? How is the capacity planning done? How is the cost allocated across infrastructure? And more importantly, HOW will this change with the change in cloud strategy?
• NETWORK REDEFINITION: Is the current network optimized for cloud? When the public cloud is implemented, how would the network landscape change? Significant! AWS Direct Connect, Azure Express Route, Google Cloud Interconnect, they all have varying features and weigh in heavily in the cloud strategy.
• MERGE DATA STRATEGY: When it comes to performance, insights, growth data plays a vital role. Few enterprises have an advanced data strategy, but lack in a clear cloud strategy. Data strategy at scale includes Big Data considerations, NoSQL considerations and distributed computing considerations which forms the basis for cloud strategy as well. While creating unstructured and large scale data strategy is important, merge the same with cloud strategy.

 

** Gartner defines, Bimodal IT: Mode 1 is predictable, improving and renovating in more well-understood areas. Mode 2 is exploratory, experimenting to solve new problems.

References:

https://sloanreview.mit.edu/projects/embracing-digital-technology/

https://www.gartner.com/document/3181919

https://12factor.net/

http://www.informit.com/articles/article.aspx?p=1596524

 

 

 

Enterprise Private Cloud, Just a FAD or the Whole nine yard?

Audience: If you are evaluating and contemplating the use of private cloud, if you are keen to understand the cloud benefits beyond the public cloud, if you are interested in benefits of cloud in the enterprise context.

Definition: “Private cloud is the phrase used to describe a cloud computing platform that is implemented within the corporate firewall, under the control of the IT department.” – Webopedia

Cloud strategy/roadmap in an enterprise usually starts with a HUGE debate of public VS private, ending up with teams divided by their “belief” system. Dealing with belief systems equates to implementation nightmare. In order to deal with this, the decision makers either opt for top-down (force a strategy) or a bottom up approach(get everybody on board). It needs a combination of both really. In my earnest opinion DATA for the decision and transparently sharing it to the team is vital.
Quite a few enterprises have already gone through a physical Vs Virtual debate in the past and realizing the benefits, have ended up implementing virtualization. The concept of private cloud has raised a question. Is it the same as virtualization or a glorified form of it? Let me be very clear upfront Enterprise Private Cloud is NOT just virtualization.
Cloud (Gartner definitions) and the value from the same are underlined by elastic It-Enabled capabilities, highly automated resource offering, self-provisioning and other cloud characteristics
The value proposition is attributed to the following:
Cost: Reduced IT costs, capital expenditure free, on-demand, pay-per-use, cloud economies, Performance: Scalability, elasticity, load bursting, unlimited resources, security, risk and compliance, Enterprise advantage: Control, disaster recovery, business continuity, reliability, manageability, strategic advantage, flexibility of growth, work from anywhere, re-use/optimal usage in terms of multi-tenancy, self-service, faster time to market, standardization, increased collaboration, go green, no hardware required, server less, geography agnostic strategy, access to automatic software updates, transient environments, simplicity, back-up and recovery, etc.
Additional emphasis is needed in the fact that the benefits aren’t all about infrastructure savings
The debate circles around whether or not the cloud of “choice” can provide all or most of the above mentioned benefits.
For startups, and small to medium business with huge growth prospects, public cloud might be a no brainer and might have the highest returns as well. I say “might” because there can still be some outliers.
Large enterprises on the other hand have large capital investment made in terms of data center, infrastructure, network, security, licenses, virtualization, and NOT to ignore processes.

Risk Appetite
Data breaches, traffic hijacking, hacked applications, interfaces & APIs, SQL injections, compromised credentials, denial of service, malicious insiders, APTs, trojans, etc. security threat is a common place, more so than we can imagine. Regulatory governance has been adding layers upon layers of policies and procedures to safe guard customers from potential loss.
Any particular enterprise based on their industry and the region they operate, will have to comply by the regulations set forth in their geographic region as applies to their industry/domain.
Let’s say a security incident occurred and a data center is down, whether or not the data is lost, it can result in a reputational loss, loss of trust etc. the factors which can even lead to enterprise dooms day. Answering customers, media and protecting the trust doesn’t really equate to pointing fingers at a public cloud service provider (CSP).
On the other hand, maintaining the infrastructure or data center isn’t the core business or expertise of the enterprise, it is for a CSP. Ensuring that the data center security is airtight is business the CSP’s are in. SOX, HIPAA, PCI, CSA, ISO, FERPA, FedRAMP, FIPS, FDA, FISMA, DISA, CS Mark, ENISA, NIST, GXP, EU-US Privacy Shield, ITAR, UK G-Cloud, iDA, irap, the list goes on. A huge list of certifications and compliance standards which the CSP’s will need to keep up-to-date with. A single enterprise wouldn’t possibly try and comply with all those above said regulations, which simply means public cloud is supposed to be more compliant than any individual enterprise.
However, executives while well aware that their private infrastructure is NOT as or more secure, with their own infrastructure they feel a better sense of control. The entire IT landscape lives within their firewall, their team members are fully responsible for keeping it up and are fully accountable. No pointing fingers. Only possible outcome, if when such a thing occurs is accepting it with humility, spend more and ensure it is more secure and more compliant. Believe in their team’s capability to build that impenetrable environment (if such a thing exists)

Change Appetite
Will cloud change how members work? Will machines replace members? It is working now, why change? Keep the lights on Vs move workloads to cloud? Enterprises usually face a huge challenge of change management. While change is imperative, resistance from the team members against the strategy puts the executive management in a difficult situation. Lot of which can be attributed to lack of knowledge. Big bang adoption ends up being a BIG NO, pushing the strategy to slow and steady. When the slow and steady becomes a 5 year roadmap, most legacy thinkers will try and push it to the “ALAP”, as late as possible.
This by no means is a reason to go with private cloud, however few executives find a comfort zone in adopting private cloud first, get members to warm up to the idea and eventually look at utilizing hybrid.

Process Nightmare
Which processes does your enterprise align to? ITIL, APQC, BPMN, BPEL, SOA, SCOR, eTOM. How mature is this process? Does it align with your business architecture? Does it align to the Enterprise architecture roadmap? How long did this take to reach its current maturity level? Now, rewind and start over with the cloud. While the change is NO DOUBT beneficial to the enterprise, cloud nevertheless creates a HUGE shift in process.
Executives, who have gone through this dreaded process nightmare, feel enormous pressure in restarting this process change again. Public cloud does offer opportunities for optimized SDLC processes with large automation potential. Building a private cloud also mandates a similar set up. Which really means processes WILL have to be changed for the better.
For large enterprises audits, compliance, change control procedures, and the governance framework does not easily lend itself to externalizing the processes.

Isolation
By the very nature, cloud is multi tenanted. Every individual enterprise has to have uniqueness in their business model to sustain. So how isolated is your environment in the cloud? Based on the services consumed by the customer and the level of configuration, the level of isolation varies.
As users enterprises have absolutely no say in who else is using the service. While trying to stay true to its multi-tenanted nature CSP’s still try to ensure isolation of network, service, data, meta-data, disk, etc. few things such as encrypting data on rest and on transit, clean up etc. are the onus of consumers. Nevertheless trust in the CSP is absolutely needed with the public cloud. Remember case of malicious insiders is true to CSP’s as well.

Cost
Public cloud enables converting capital expenditure to operational expenditure. In theory and implemented and utilized right the overall operational cost should also be lesser. For a startup, mid-size company or a large company which has legacy infrastructure needing a complete overhaul, it is a huge boon. No need for longer commitments, however most CSP’s lure with better rates for longer term commitments. For large enterprises short term might not make sense anyway.
Minimal capital investment would be needed to get the business rolling. Who wouldn’t want that? As for the large enterprises, where large capital investments have already been made (physical hardware, storage, switches, routers, load balancers, virtualized stack, network, data center, contracts with multiple vendors to enable or maintain or license the infrastructure, racks, PDU’s, power and cooling, etc.), it is a different story altogether. What is the depreciation rate? What is their individual life span? What is the amortization value being considered for the cloud ROI?
How many environments (Production, Pre-Production, SIT, UAT 1/2, INT 1/2/3, DEV, Performance etc.) does the enterprise have? What is the ratio of production to other environment servers? Does your enterprise policy allow having transient environments (Create when needed and destroy when you don’t)? Is transient environments part of your strategy? What is the cost per environment? What about pay per use? How long will it take to implement infrastructure with a pay per use model, how long will it take to implement a pay per use software environment?
What would be the set up cost for the cloud? No wrong assumptions here, there is absolutely cost involved. Some might want to set up separate network connectivity.
How many workloads can easily be migrated? What workloads cannot be? What is the cost for migrating the workloads? Gartner defines Five R’s of modernization: Rehost, refactor, revise, rebuild, replace, the cost varies with each migration segment. What is the sum total? Is there a strategy for each “R” with a ROI model?
Migrations really provide a large scope/opportunity for overall improvement. Migrations are coupled and sometimes preceded with other initiatives such as, business process rationalization, data center consolidation, infrastructure optimization, application rationalization; technology standardization and simplification; automation etc. and these apply to both private and public cloud scenarios. This cost can be considered as a common denominator for the ROI calculations, however the strategy and cost based on the chosen platform will vary.
Does your enterprise strategy lead itself to hybrid approach, in which case what would be the cost to run the on premise workloads (During, pre and post migration)? What is the yearly cost of infrastructure and technology refresh for the on premise environment? Remember software upgrades are not private cloud only, while few are handled by the CSP, enterprise will have to accommodate a few.
There are existing processes, audits etc., and public cloud helps with a lot more, however, each of these processes need to be changed to comply with regulatory requirements. What is the cost for the same?
There are a lot of cost considerations, and determining ROI isn’t easy. But a good ROI model should take the above in to consideration.

Time to implement
ROI is calculated in terms of financial value and project cost. Financial value is calculated against time required to complete the process, volume of work involved and the cost required to do so.
Clubbing other initiatives such as business process rationalization, application rationalization, Re-engineering etc. will increase the overall timeline.
If the implementation is spread over multiple years then ROI might not stack up, hence it is very important to strike that balance.
While some employ a strategy to migrate easier workloads sooner, get the low hanging fruits out of the way and see some initial success, some choose to think the opposite. Get it right the first time.
Do we migrate first and then re-engineer for cloud or re-Engineer first and then migrate. Certain legacy applications add lot of constraints to migrate without re-architecting them anyway. So from a strategy point of view, it’s a good old chicken and egg story. There are a few strategies which identifies basic requirements in the form of Twelve-Factor (12), etc. to get the application on to the cloud.
What would be the time to set up a private cloud environment? If the infrastructure isn’t virtualized, how long does it take to set up the virtualization layer? How long does it take to finalize and set up the Enterprise PAAS in the private environment? For private or public, how long will the POC phase last?
How long does it take to set up the network for a public cloud environment? There are pre-requisites such as Active directory, etc. needed for any environment. How long does that set up take?
Now let’s say basic set up is complete, movement of applications has its own sweet timeline. For large enterprises, what would be the time needed to set up primary/secondary data centers, DR, BCP etc. across multiple geographic areas?. Public cloud will have the underlying set up needed, but it is important to note that, enterprises have to enable and configure the same.
TIME matters! So does the success! And importantly with respect to time!!!

Cloud thinking
What is cloud thinking?
IAAS, PAAS, SAAS, DBAAS, etc. are the various high level segments of cloud. Each of those segments offer advantages to enterprise capabilities in its own way. How many of the existing workloads have been built to take advantage of that? What is multi-tenancy and how many applications are built to take advantage of the same? What is the current business thought process? Where is the business architecture heading? Does it incorporate cloud thinking?
Cloud case studies varies from providing capability to scale, to perform, to be highly available, to adopt newer technologies, to be able to sustain extremely large numbers of users, to enable enhanced user experiences, to provide number crunching capabilities that was not previously perceived possible, capabilities to learn, adapt and evolve so much from data. How many current workloads were built to utilize that? Which of those case studies applies to your business? Moving workloads to cloud wont automagically enable all this, but it opens up possibilities to architect and take full advantage of the same.
Are current workloads built to take advantage of, pooling of resources, optimization of underlying hardware, optimal usage of environments, standardization of operating system, faster environment provisioning, security isolation, patches, infrastructure automation, continuous integration, continuous deployment? Are these implemented on the virtualization layer?
Is cloud thinking and resulting benefits restricted to the infrastructure space? Does the case studies above relate to infrastructure alone? Not really. It is only a part of it. Scalability, Elasticity doesn’t really confine to dynamic infrastructure, but also how applications react and support that.
Enterprises spend more on version refresh and application software upgrades than operating system upgrades (we might still have enterprises on Windows 2000, 2003, RHEL 4, 5). Enabling deep insights via Big Data, Machine Learning, Deep Learning, Data Science, stream analytics etc. and the compute, storage and other resources needed for the same are all enabled by the software layer.
How many of the current workloads are highly available, built to scale, auto provisions, built with CAP theorem in mind, support partition tolerance, is fault tolerant, is designed for failure, implements distributed processing, uses distributed caching, memory etc.?
A much needed change of development paradigm and thought paradigm in order to incorporate the disruptive technologies such as Software Defined Anything, Autonomous vehicle, Internet of Things, Bio Chips, 3/4D printing, Augmented Reality, Natural Language Processing, Block Chain, Context Brokering, etc. are mostly related to the application layer.
The technology disruption is real and it is all around, it will impact the way of working and thinking. The percentage spend on innovation management, alignment of business to the new and enhanced capabilities will be the key driver for change. New business models will enable new age thinking and hence the applications and its capabilities. The cloud thinking that it warrants, would not have been part of the legacy applications.
So, migrating applications to private or public cloud, will not inherently take full advantage of it. Re-engineering them will.

Crystal ball thinking:
Software roadmaps will merge, Hopefully. The Enterprises are now seeing a plethora of PAAS products, such as WAP/Azure stack, Cloud Foundry, Apprenda, Cloudify, , Pivotal, Stackato, OpenShift, Elastic Beanstalk, Heroku, Kubernetes, etc. built cloud agnostic, which makes me believe that, if the enterprises won’t go to cloud, the cloud will come to the enterprises.
While public CSP’s want to be aggressive, they have come to terms with the fact that, there will be some workloads which enterprises will never be comfortable to move to the public cloud. Financial and Health care enterprises with the regulations on the industry are extremely restricted and constrained, or so most large enterprises feel. In order to cater for these enterprises, CSP’s are keen to help set up private cloud environments or enable hybrid environments.
For large enterprises who decide to move to the public cloud, the path to migration is not a few days or weeks effort, it is a few years of effort. Unless companies opt for a big bang migration (which I haven’t really seen any enterprise adopt, I don’t recommended the approach either), the workloads are going to be distributed between their existing datacenters and the public cloud. CSP’s help with the gradual migration roadmap with a hybrid approach. It is in their best interest.
Will one CSP have all the expertise and features large enterprise need?
Each CSP has a differentiator:
Different pricing Models, Runtime support, Middle ware support, frameworks, Databases, Operating Systems, Containers, IOT gateways, Machine Learning algorithms, Domain specific value added services [ Blockchain, Genomics], Enterprise Applications, Functions, Hybrid storage models, Backup and maintenance services, Compute Engines, Analytics, App Engines, Mobile Services, Storage, Content Delivery, Networking, BigData, API extensions, Security, Media Services, Search, etc.
While stability of services provided, overall service quality, maturity of services is important, capability to innovate will always be a primary differentiator.
CSP’s might choose to innovate and introduce new technology capabilities by themselves in a few areas, however looking at the broader spectrum of services CSP’s also leverage enterprise grade software from the industry to build the services. Example: Docker, RevR, Elastic Search, Hadoop, Spark, Git, etc.
More and more software’s will be built with hybrid cloud environments in mind. Enterprise software will be built cloud/environment agnostic. CSP’s will create services which can run in private environments.

Summary
Migration to any cloud is not trivial. Private cloud does not equate to infrastructure optimization alone. Enterprises PAAS has lots to offer, and is the key to the success of private cloud. If cloud strategy is built around infrastructure alone, then that strategy is INCOMPLETE. Enterprise PAAS has a huge role. Private cloud will not make sense for every organization; the cost benefit in setting up one just will not stack up. Large Enterprises with huge capital investments and extensive engineering should be able to translate the engineering strength to build out the capabilities; however a very detailed assessment is needed to determine the ROI.
While not for faint hearted, Private cloud is definitely is not just a FAD, with a good strategy, great engineering team and holistic IAAS and PAAS implementation, it can be the whole nine yards.
Watch out for my next blog will be on Enterprise private cloud strategy, emphasizing on Enterprise PAAS.

References:
http://www.webopedia.com/TERM/P/private_cloud.html
http://www.gartner.com/newsroom/id/1684114
https://12factor.net/
Gartner definitions:
Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using internet technologies. Infrastructure as a service (IaaS) is a standardized, highly automated offering, where compute resources, complemented by storage and networking capabilities are owned and hosted by a service provider and offered to customers on-demand. Customers are able to self-provision this infrastructure, using a Web-based graphical user interface that serves as an IT operations management console for the overall environment. Platform as a service (PaaS) is defined as application infrastructure functionality enriched with cloud characteristics and offered as a service. Application platform as a service (aPaaS) is a PaaS offering that supports application development, deployment and execution in the cloud, encapsulating resources such as infrastructure and including services such as those for data management and user interfaces