Audience: If you are evaluating and contemplating the use of private cloud, if you are keen to understand the cloud benefits beyond the public cloud, if you are interested in benefits of cloud in the enterprise context.
Definition: “Private cloud is the phrase used to describe a cloud computing platform that is implemented within the corporate firewall, under the control of the IT department.” – Webopedia
Cloud strategy/roadmap in an enterprise usually starts with a HUGE debate of public VS private, ending up with teams divided by their “belief” system. Dealing with belief systems equates to implementation nightmare. In order to deal with this, the decision makers either opt for top-down (force a strategy) or a bottom up approach(get everybody on board). It needs a combination of both really. In my earnest opinion DATA for the decision and transparently sharing it to the team is vital.
Quite a few enterprises have already gone through a physical Vs Virtual debate in the past and realizing the benefits, have ended up implementing virtualization. The concept of private cloud has raised a question. Is it the same as virtualization or a glorified form of it? Let me be very clear upfront Enterprise Private Cloud is NOT just virtualization.
Cloud (Gartner definitions) and the value from the same are underlined by elastic It-Enabled capabilities, highly automated resource offering, self-provisioning and other cloud characteristics
The value proposition is attributed to the following:
Cost: Reduced IT costs, capital expenditure free, on-demand, pay-per-use, cloud economies, Performance: Scalability, elasticity, load bursting, unlimited resources, security, risk and compliance, Enterprise advantage: Control, disaster recovery, business continuity, reliability, manageability, strategic advantage, flexibility of growth, work from anywhere, re-use/optimal usage in terms of multi-tenancy, self-service, faster time to market, standardization, increased collaboration, go green, no hardware required, server less, geography agnostic strategy, access to automatic software updates, transient environments, simplicity, back-up and recovery, etc.
Additional emphasis is needed in the fact that the benefits aren’t all about infrastructure savings
The debate circles around whether or not the cloud of “choice” can provide all or most of the above mentioned benefits.
For startups, and small to medium business with huge growth prospects, public cloud might be a no brainer and might have the highest returns as well. I say “might” because there can still be some outliers.
Large enterprises on the other hand have large capital investment made in terms of data center, infrastructure, network, security, licenses, virtualization, and NOT to ignore processes.
Risk Appetite
Data breaches, traffic hijacking, hacked applications, interfaces & APIs, SQL injections, compromised credentials, denial of service, malicious insiders, APTs, trojans, etc. security threat is a common place, more so than we can imagine. Regulatory governance has been adding layers upon layers of policies and procedures to safe guard customers from potential loss.
Any particular enterprise based on their industry and the region they operate, will have to comply by the regulations set forth in their geographic region as applies to their industry/domain.
Let’s say a security incident occurred and a data center is down, whether or not the data is lost, it can result in a reputational loss, loss of trust etc. the factors which can even lead to enterprise dooms day. Answering customers, media and protecting the trust doesn’t really equate to pointing fingers at a public cloud service provider (CSP).
On the other hand, maintaining the infrastructure or data center isn’t the core business or expertise of the enterprise, it is for a CSP. Ensuring that the data center security is airtight is business the CSP’s are in. SOX, HIPAA, PCI, CSA, ISO, FERPA, FedRAMP, FIPS, FDA, FISMA, DISA, CS Mark, ENISA, NIST, GXP, EU-US Privacy Shield, ITAR, UK G-Cloud, iDA, irap, the list goes on. A huge list of certifications and compliance standards which the CSP’s will need to keep up-to-date with. A single enterprise wouldn’t possibly try and comply with all those above said regulations, which simply means public cloud is supposed to be more compliant than any individual enterprise.
However, executives while well aware that their private infrastructure is NOT as or more secure, with their own infrastructure they feel a better sense of control. The entire IT landscape lives within their firewall, their team members are fully responsible for keeping it up and are fully accountable. No pointing fingers. Only possible outcome, if when such a thing occurs is accepting it with humility, spend more and ensure it is more secure and more compliant. Believe in their team’s capability to build that impenetrable environment (if such a thing exists)
Change Appetite
Will cloud change how members work? Will machines replace members? It is working now, why change? Keep the lights on Vs move workloads to cloud? Enterprises usually face a huge challenge of change management. While change is imperative, resistance from the team members against the strategy puts the executive management in a difficult situation. Lot of which can be attributed to lack of knowledge. Big bang adoption ends up being a BIG NO, pushing the strategy to slow and steady. When the slow and steady becomes a 5 year roadmap, most legacy thinkers will try and push it to the “ALAP”, as late as possible.
This by no means is a reason to go with private cloud, however few executives find a comfort zone in adopting private cloud first, get members to warm up to the idea and eventually look at utilizing hybrid.
Process Nightmare
Which processes does your enterprise align to? ITIL, APQC, BPMN, BPEL, SOA, SCOR, eTOM. How mature is this process? Does it align with your business architecture? Does it align to the Enterprise architecture roadmap? How long did this take to reach its current maturity level? Now, rewind and start over with the cloud. While the change is NO DOUBT beneficial to the enterprise, cloud nevertheless creates a HUGE shift in process.
Executives, who have gone through this dreaded process nightmare, feel enormous pressure in restarting this process change again. Public cloud does offer opportunities for optimized SDLC processes with large automation potential. Building a private cloud also mandates a similar set up. Which really means processes WILL have to be changed for the better.
For large enterprises audits, compliance, change control procedures, and the governance framework does not easily lend itself to externalizing the processes.
Isolation
By the very nature, cloud is multi tenanted. Every individual enterprise has to have uniqueness in their business model to sustain. So how isolated is your environment in the cloud? Based on the services consumed by the customer and the level of configuration, the level of isolation varies.
As users enterprises have absolutely no say in who else is using the service. While trying to stay true to its multi-tenanted nature CSP’s still try to ensure isolation of network, service, data, meta-data, disk, etc. few things such as encrypting data on rest and on transit, clean up etc. are the onus of consumers. Nevertheless trust in the CSP is absolutely needed with the public cloud. Remember case of malicious insiders is true to CSP’s as well.
Cost
Public cloud enables converting capital expenditure to operational expenditure. In theory and implemented and utilized right the overall operational cost should also be lesser. For a startup, mid-size company or a large company which has legacy infrastructure needing a complete overhaul, it is a huge boon. No need for longer commitments, however most CSP’s lure with better rates for longer term commitments. For large enterprises short term might not make sense anyway.
Minimal capital investment would be needed to get the business rolling. Who wouldn’t want that? As for the large enterprises, where large capital investments have already been made (physical hardware, storage, switches, routers, load balancers, virtualized stack, network, data center, contracts with multiple vendors to enable or maintain or license the infrastructure, racks, PDU’s, power and cooling, etc.), it is a different story altogether. What is the depreciation rate? What is their individual life span? What is the amortization value being considered for the cloud ROI?
How many environments (Production, Pre-Production, SIT, UAT 1/2, INT 1/2/3, DEV, Performance etc.) does the enterprise have? What is the ratio of production to other environment servers? Does your enterprise policy allow having transient environments (Create when needed and destroy when you don’t)? Is transient environments part of your strategy? What is the cost per environment? What about pay per use? How long will it take to implement infrastructure with a pay per use model, how long will it take to implement a pay per use software environment?
What would be the set up cost for the cloud? No wrong assumptions here, there is absolutely cost involved. Some might want to set up separate network connectivity.
How many workloads can easily be migrated? What workloads cannot be? What is the cost for migrating the workloads? Gartner defines Five R’s of modernization: Rehost, refactor, revise, rebuild, replace, the cost varies with each migration segment. What is the sum total? Is there a strategy for each “R” with a ROI model?
Migrations really provide a large scope/opportunity for overall improvement. Migrations are coupled and sometimes preceded with other initiatives such as, business process rationalization, data center consolidation, infrastructure optimization, application rationalization; technology standardization and simplification; automation etc. and these apply to both private and public cloud scenarios. This cost can be considered as a common denominator for the ROI calculations, however the strategy and cost based on the chosen platform will vary.
Does your enterprise strategy lead itself to hybrid approach, in which case what would be the cost to run the on premise workloads (During, pre and post migration)? What is the yearly cost of infrastructure and technology refresh for the on premise environment? Remember software upgrades are not private cloud only, while few are handled by the CSP, enterprise will have to accommodate a few.
There are existing processes, audits etc., and public cloud helps with a lot more, however, each of these processes need to be changed to comply with regulatory requirements. What is the cost for the same?
There are a lot of cost considerations, and determining ROI isn’t easy. But a good ROI model should take the above in to consideration.
Time to implement
ROI is calculated in terms of financial value and project cost. Financial value is calculated against time required to complete the process, volume of work involved and the cost required to do so.
Clubbing other initiatives such as business process rationalization, application rationalization, Re-engineering etc. will increase the overall timeline.
If the implementation is spread over multiple years then ROI might not stack up, hence it is very important to strike that balance.
While some employ a strategy to migrate easier workloads sooner, get the low hanging fruits out of the way and see some initial success, some choose to think the opposite. Get it right the first time.
Do we migrate first and then re-engineer for cloud or re-Engineer first and then migrate. Certain legacy applications add lot of constraints to migrate without re-architecting them anyway. So from a strategy point of view, it’s a good old chicken and egg story. There are a few strategies which identifies basic requirements in the form of Twelve-Factor (12), etc. to get the application on to the cloud.
What would be the time to set up a private cloud environment? If the infrastructure isn’t virtualized, how long does it take to set up the virtualization layer? How long does it take to finalize and set up the Enterprise PAAS in the private environment? For private or public, how long will the POC phase last?
How long does it take to set up the network for a public cloud environment? There are pre-requisites such as Active directory, etc. needed for any environment. How long does that set up take?
Now let’s say basic set up is complete, movement of applications has its own sweet timeline. For large enterprises, what would be the time needed to set up primary/secondary data centers, DR, BCP etc. across multiple geographic areas?. Public cloud will have the underlying set up needed, but it is important to note that, enterprises have to enable and configure the same.
TIME matters! So does the success! And importantly with respect to time!!!
Cloud thinking
What is cloud thinking?
IAAS, PAAS, SAAS, DBAAS, etc. are the various high level segments of cloud. Each of those segments offer advantages to enterprise capabilities in its own way. How many of the existing workloads have been built to take advantage of that? What is multi-tenancy and how many applications are built to take advantage of the same? What is the current business thought process? Where is the business architecture heading? Does it incorporate cloud thinking?
Cloud case studies varies from providing capability to scale, to perform, to be highly available, to adopt newer technologies, to be able to sustain extremely large numbers of users, to enable enhanced user experiences, to provide number crunching capabilities that was not previously perceived possible, capabilities to learn, adapt and evolve so much from data. How many current workloads were built to utilize that? Which of those case studies applies to your business? Moving workloads to cloud wont automagically enable all this, but it opens up possibilities to architect and take full advantage of the same.
Are current workloads built to take advantage of, pooling of resources, optimization of underlying hardware, optimal usage of environments, standardization of operating system, faster environment provisioning, security isolation, patches, infrastructure automation, continuous integration, continuous deployment? Are these implemented on the virtualization layer?
Is cloud thinking and resulting benefits restricted to the infrastructure space? Does the case studies above relate to infrastructure alone? Not really. It is only a part of it. Scalability, Elasticity doesn’t really confine to dynamic infrastructure, but also how applications react and support that.
Enterprises spend more on version refresh and application software upgrades than operating system upgrades (we might still have enterprises on Windows 2000, 2003, RHEL 4, 5). Enabling deep insights via Big Data, Machine Learning, Deep Learning, Data Science, stream analytics etc. and the compute, storage and other resources needed for the same are all enabled by the software layer.
How many of the current workloads are highly available, built to scale, auto provisions, built with CAP theorem in mind, support partition tolerance, is fault tolerant, is designed for failure, implements distributed processing, uses distributed caching, memory etc.?
A much needed change of development paradigm and thought paradigm in order to incorporate the disruptive technologies such as Software Defined Anything, Autonomous vehicle, Internet of Things, Bio Chips, 3/4D printing, Augmented Reality, Natural Language Processing, Block Chain, Context Brokering, etc. are mostly related to the application layer.
The technology disruption is real and it is all around, it will impact the way of working and thinking. The percentage spend on innovation management, alignment of business to the new and enhanced capabilities will be the key driver for change. New business models will enable new age thinking and hence the applications and its capabilities. The cloud thinking that it warrants, would not have been part of the legacy applications.
So, migrating applications to private or public cloud, will not inherently take full advantage of it. Re-engineering them will.
Crystal ball thinking:
Software roadmaps will merge, Hopefully. The Enterprises are now seeing a plethora of PAAS products, such as WAP/Azure stack, Cloud Foundry, Apprenda, Cloudify, , Pivotal, Stackato, OpenShift, Elastic Beanstalk, Heroku, Kubernetes, etc. built cloud agnostic, which makes me believe that, if the enterprises won’t go to cloud, the cloud will come to the enterprises.
While public CSP’s want to be aggressive, they have come to terms with the fact that, there will be some workloads which enterprises will never be comfortable to move to the public cloud. Financial and Health care enterprises with the regulations on the industry are extremely restricted and constrained, or so most large enterprises feel. In order to cater for these enterprises, CSP’s are keen to help set up private cloud environments or enable hybrid environments.
For large enterprises who decide to move to the public cloud, the path to migration is not a few days or weeks effort, it is a few years of effort. Unless companies opt for a big bang migration (which I haven’t really seen any enterprise adopt, I don’t recommended the approach either), the workloads are going to be distributed between their existing datacenters and the public cloud. CSP’s help with the gradual migration roadmap with a hybrid approach. It is in their best interest.
Will one CSP have all the expertise and features large enterprise need?
Each CSP has a differentiator:
Different pricing Models, Runtime support, Middle ware support, frameworks, Databases, Operating Systems, Containers, IOT gateways, Machine Learning algorithms, Domain specific value added services [ Blockchain, Genomics], Enterprise Applications, Functions, Hybrid storage models, Backup and maintenance services, Compute Engines, Analytics, App Engines, Mobile Services, Storage, Content Delivery, Networking, BigData, API extensions, Security, Media Services, Search, etc.
While stability of services provided, overall service quality, maturity of services is important, capability to innovate will always be a primary differentiator.
CSP’s might choose to innovate and introduce new technology capabilities by themselves in a few areas, however looking at the broader spectrum of services CSP’s also leverage enterprise grade software from the industry to build the services. Example: Docker, RevR, Elastic Search, Hadoop, Spark, Git, etc.
More and more software’s will be built with hybrid cloud environments in mind. Enterprise software will be built cloud/environment agnostic. CSP’s will create services which can run in private environments.
Summary
Migration to any cloud is not trivial. Private cloud does not equate to infrastructure optimization alone. Enterprises PAAS has lots to offer, and is the key to the success of private cloud. If cloud strategy is built around infrastructure alone, then that strategy is INCOMPLETE. Enterprise PAAS has a huge role. Private cloud will not make sense for every organization; the cost benefit in setting up one just will not stack up. Large Enterprises with huge capital investments and extensive engineering should be able to translate the engineering strength to build out the capabilities; however a very detailed assessment is needed to determine the ROI.
While not for faint hearted, Private cloud is definitely is not just a FAD, with a good strategy, great engineering team and holistic IAAS and PAAS implementation, it can be the whole nine yards.
Watch out for my next blog will be on Enterprise private cloud strategy, emphasizing on Enterprise PAAS.
References:
http://www.webopedia.com/TERM/P/private_cloud.html
http://www.gartner.com/newsroom/id/1684114
https://12factor.net/
Gartner definitions:
Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using internet technologies. Infrastructure as a service (IaaS) is a standardized, highly automated offering, where compute resources, complemented by storage and networking capabilities are owned and hosted by a service provider and offered to customers on-demand. Customers are able to self-provision this infrastructure, using a Web-based graphical user interface that serves as an IT operations management console for the overall environment. Platform as a service (PaaS) is defined as application infrastructure functionality enriched with cloud characteristics and offered as a service. Application platform as a service (aPaaS) is a PaaS offering that supports application development, deployment and execution in the cloud, encapsulating resources such as infrastructure and including services such as those for data management and user interfaces