Enterprise & cloud computing
Cloud
computing promises a new world of IT agility, with quick deployment of applications
to support business needs. Organizations often plan an elegant cloud
environment that will be easy to maintain. But business needs often change that
plan, and the reality is usually a complex and dynamic cloud environment that
is unwieldy to manage using the tools provided with each separate cloud.
·
The vision of enterprise
cloud computing
Cloud computing offers a captivating
vision of IT agility: this model promises to makes it possible for enterprise
IT to deploy new applications in days or weeks rather than months or years, thus
helping them make a substantive contribution to overall corporate performance,
while reducing costs. Of course, in
seeking this improved agility, enterprise IT organizations must ensure that the
enterprise cloud meets critical IT requirements, including:
o
Manageability— IT must be
able to maintain control of the cloud environment and leverage existing IT
policies and procedures without losing flexibility
o
Governance— Appropriate
controls must remain in place to manage resource access by users.
o
Security— IT must be able
to implement enterprise standards to prevent security breaches and protect data.
o
Cost tracking—The solution
must enable assignment of computing costs to the organizational units
responsible for individual applications.
With this combination of benefits and
requirements in mind, many enterprise IT organizations have moved rapidly
toward creating a cloud computing strategy and implementation plan. Most
commonly, that strategy is based on implementing an internal cloud computing environment
(a private cloud) and deploying applications in that environment.
·
The reality of
enterprise cloud computing
The vision of enterprise cloud
computing appears straight forward, but the reality is not quite so simple.
Today, most enterprises find that they are no longer managing a single internal
cloud. Rather, they have applications spread across mix cloud environment
(public & private)in some cases three,
four, or even more cloud providers, both internal (private) and external
(public). And for every cloud, there are multiple accounts to manage.
·
Business priorities that
affect the enterprise cloud environment
Why so often this is the case? To put it simply, many IT decisions today are driven
by business priorities that conflict with IT’s cloud strategy:
o
Deployment decisions may
came by departments outside of IT—
Because obtaining public cloud computing resources is easy and simple,
departments like sales or marketing have
the ability to bypass central IT and deploy applications on their own public
cloud environments
o
New cloud environments
arrive through corporate initiatives—Changing business conditions, such as
acquisitions, mergers and changes in decision. Disrupting IT’s plan to have a
single “standard” cloud environment.
o
Application or operational
requirements force selection of another cloud environment— This environment
then becomes part of the cloud infrastructure that must be managed on an
ongoing basis.
Therefore, despite IT’s natural inclination to define a
simple solution that leverages a single cloud environment addressing all of a
company’s cloud computing needs, the reality is that every company will use a
variety of cloud solutions, including both private and public clouds, or “hybrid
cloud/IT computing.”
The true reality of enterprise cloud computing, therefore,
is a mix of cloud environments that must be managed on an ongoing basis.
Furthermore, that mix will be dynamic, with new cloud environments regularly
being added to the collection. This collection of cloud environments makes up the
company’s hybrid infrastructure.
Hybrid cloud/IT
A hybrid
cloud is a cloud computing environment in which an organization
provides and manages some resources in-house and has others provided
externally.
The cloud infrastructure is a composition of
two or more distinct cloud infrastructures (private, community, or public) that
remain unique entities, but are bound
together by standardized or proprietary technology that enables data and
application portability (e.g., cloud bursting for load balancing between
clouds). The hybrid computing
environment may be observed by two main point of view , hybrid cloud, hybrid IT,
in most cases they are mixed.
The hybrid
cloud (business) approach allows a business to take advantage of the
scalability and cost-effectiveness that a public cloud computing environment
offers without exposing mission-critical applications and data to third-party
vulnerabilities.
The hybrid
IT (IT) approach creates symmetry between internal and external IT services.
Hybrid IT relies on new technologies to connect clouds, sophisticated
approaches to data classification and identity, and service oriented
architecture.
The hybrid
IT approach empowers an organization by provisioning their IT services from the
public cloud while still having full control over certain services that might
be more efficient to use other IT environment. Hybrid cloud - Video clip
To be
effective, a IT strategy for hybrid cloud deployment should address configuration
management, change control, security, fault management and
budgeting. Because a hybrid cloud combines public cloud and private data center
principles, it's possible to plan a hybrid cloud deployment from either of
these starting points. Picking the better starting point, however, will make it
easier to address business goals.
A primary
goal of a hybrid cloud deployment should always be to minimize change. No
matter how similarly a public and private cloud is matched, design
differences will inevitably exist. The greater the differences between the
cloud environments, the more difficult it will be to manage multiple clouds as
a single entity.
"Hybrid IT is
the new IT and it is here to stay. While the cloud market matures, IT
organizations must adopt a hybrid IT strategy that not only builds internal
clouds to house critical IT services and compete with public cloud service
providers (CSPs), but also utilizes the external cloud to house noncritical IT
services and data, augment internal capacity, and increase IT agility,"
“Gartner
Says Hybrid IT is Transforming the Role of IT”
Breaking Down Hybrid Cloud Planning
There’s no doubt that hybrid cloud planning is a complex
process. In most cases – depending on whom you ask – regardless of a company’s
size or infrastructural resources this is a win/win situation. However,
planning out a hybrid cloud is another story altogether. The normal approach that organizations take
when implementing the hybrid cloud is to offload a bunch of processes into the
public cloud yet maintain the critical applications in the private cloud
environment. Organizations may assume that it is easy to deploy and manage a
hybrid cloud, but when they start to mix vendors and different technologies and
services, the complexity is considerably increased and the amount of attention
they need to put into the planning also rises with it. Here are some tips on how
to plan for such a complex environment.
·
Understand your IT
architecture and application needs.
Not only do companies need to
determine what applications and capabilities are suitable for the public cloud
vs. a private delivery model (based on factors like demand variability, high
availability, response times, and security/privacy requirements), they also
need to examine how their applications and workloads are designed to determine
if they can be effectively deployed in a hybrid situation.
·
Be realistic about the
integration challenges that lie ahead.
There’s a reason the public cloud
has seen a growth explosion in recent years, and that’s because it’s fairly
easy to set up and implement. The hybrid cloud is not the case. There are lots
of hoops to jump through, and you need to be realistic about the challenges
your organization will face in the implementation process. There are at least
10 different public cloud infrastructures, each with their own sets of APIs,
not to mention the growing list of private cloud infrastructure offerings like OpenStack or
Eucalyptus. The thinking is you can go back and forth and deploy workloads
across platforms, but because there is currently no universal standard for
workloads in the cloud, you need a portability layer to create the
interoperability. As you start planning to split between public/private cloud
environments in order to get some level of elasticity, then the complicity
ramps up dramatically. During the
planning process you need to go into this with both eyes open, or you'll find
yourself getting into awkward situations where you've moved something that
shouldn't have been moved.
·
Factor management tools
into the equation.
One of the most critical pieces
of a hybrid cloud scenario is a management platform used to monitor and manage
the environment with an eye towards resource provisioning, performance, and
scalability. The issue here is having a single interface and management layer
that can work both sides of the infrastructure. IT shops typically have their
own on-premises management consoles for monitoring internal networks while
public clouds employ their own set of tools, and a company implementing the
hybrid cloud needs visibility into both. Unless you want to duplicate work, you
have to find a management interface that puts all the resources in a single
pane of glass so you don't have to switch between different products to manage
this.
·
Ramp up organizational
skill sets.
Most IT organizations have highly
specialized experts who know virtualization, or applications, or servers and
backup. A hybrid cloud cuts across all those skill sets and you need to ramp up
your team accordingly. Very few people have the skills that cut across all of
these capabilities. When you're talking about your IT team, there's retraining
that has to go on to move beyond how we've run things for the past 25 years.
·
Close the gap between IT
& LOB
Cloud projects create many questions, one of them is the argument over who drives the cloud – line of business units (LOB) or the IT department. No matter how you frame it, enterprises need to think about whether to approach the cloud using an "outside in" (LOB) or an "inside out" (IT) approach.
Cloud projects create many questions, one of them is the argument over who drives the cloud – line of business units (LOB) or the IT department. No matter how you frame it, enterprises need to think about whether to approach the cloud using an "outside in" (LOB) or an "inside out" (IT) approach.
Line of business (LOB) planners
think of cloud in the "outside in" model; they want cloud
computing to make IT a more tactical component of operations. These planners
would like to visualize all of IT as Software as a Service (SaaS), with
the ability to quickly commission and decommission applications in response to
business needs. This is the "outside" vision of cloud planning --
start with how you want the cloud to look to end users.
An "inside out" (IT)
approach to cloud, viewing it as an alternative platform for running
applications or as an extension of the data center. "Inside out"
thinkers consider cloud services as either Infrastructure as a Service (IaaS) or Platform
as a Service (PaaS), depending on whether there is a single dominant software
platform on-premises or whether it supports multiple operating systems and
middleware. This vision of cloud computing starts with what the enterprise has
and evolves it. Cloud projects that involve cooperation between IT and LOB
planners are almost four times more successful than cloud projects in which IT
and LOB remain separate. The key to a successful cloud deployment is to combine
both sides - the "outside in" team with the "inside out"
team.
As we enter these complex planning conversations, it’s
important to remember why you’re implementing a hybrid cloud solution into your
infrastructure. The road ahead will not be easy, but your organization will
reap the benefits of a more stable cloud in the long run.
Managing the hybrid cloud environment
For an enterprise to consider adopting the hybrid cloud
model, the implementation must be designed so IT manages it with the same
veracity as an existing private cloud.
No matter how carefully you have selected a public
cloud service and how well it matches your private cloud design,
differences will inevitably exist. The greater the differences between the two
clouds, the more difficult it will be to manage the two clouds as a single
entity. The greatest gains will be achieved in extending, as much as possible,
your existing management strategies and best practices to the hybrid
cloud.
A management strategy for hybrid clouds should cover the
following areas:
·
Configuration.
IT teams must specify best practices
for creating, modifying, patching and implementing a cloud installation. A
version-controlled library of development and approved production images can
help make configuration more effective and secure. Wherever possible,
configurations should be created to run in either the public cloud or private
cloud. When this isn't the case, the library system should clearly specify with
which cloud the image is associated.
·
Change control.
Despite being a staple of nearly
all enterprise ITIL best practices, change control seems to have been
overlooked in many of the public cloud implementations. Many small IT shops
look to DevOps as a way to quickly implement changes from development
to production. As enterprises agree to use a hybrid cloud model, they need to
bring with them the discipline of change control in which developers submit
their changes with rollback plans.
·
Security.
Hybrid cloud security includes
data encryption in transit and at rest, access control policies, firewalls and
network rule enforcement. The enterprise risk-management department should
enforce same or similar policies across the public and private cloud.
·
Fault monitoring.
For a time, we heard cloud
pundits declaring device fault monitoring was not mandatory in the public
cloud. The elastic ability of resource provisioning masked underlying device
failures and therefore eased the burden of stringent fault monitoring. But as
recent high-profile Infrastructure as a Service (IaaS) outages have
demonstrated, this is not the case. Fault and performance alerts need to be
sent to the centralized manager of managers (MOM) who, in turn, opens help desk
tickets. If the public cloud has a customer-facing e-commerce function, then a
geographically distributed user-experience performance monitor will be required
to ensure uptime.
·
Budgetary control.
The elasticity of the cloud can
be a double-edged sword regarding budgetary control. An IT pro who has
inadvertently left an extra-large instance up and running without realizing it
until he sees the monthly IaaS usage bill can understand this. Alerts
for unused resources and alerts indicating when an IaaS or Platform as a
Service (PaaS) charge exceeds a threshold will help you maintain budgetary
control over cloud resources.
Eventually cloud technology will evolve enough to allow
enterprises to simply extend private cloud management systems to effectively
control an isolated section of the public cloud as well as the network
connection binding the two clouds. Enterprise IT will most likely need to incorporate
at least some the public cloud management systems to feed back into the MOM.
This can occur when you are using a function such as a content distribution
network or big data, which don't reside in your private cloud.
Enterprises will need to stitch these new cloud systems
together with their existing centralized management system to use a single help
desk and realize the total cost of ownership (TCO). IT managers have been
combining management systems for years; however, cloud is a disruptive technology
that's causing IT to adjust their management systems once again.
Managing hybrid cloud Risks
Hybrid cloud isn't perfect; it still includes a few
compliance, performance, control security obstacles. As you analyze the
business and technical hurdles of maintaining a hybrid cloud, keep the
following issues in mind.
·
Lack of data redundancy
Public cloud providers commit
significant resources to ensuring the infrastructure is available and
accessible when end users need it. In spite of a cloud provider's best efforts,
problems are inevitable. Well-publicized outages highlight the risk of
running your applications in a single data center without failover to another..
A lack of redundancy can become a serious security risk to your hybrid cloud,
specifically if redundant copies of data are not distributed across data
centers.
·
Compliance
Maintaining and demonstrating
compliance can be more difficult with a hybrid cloud. Not only do you have to
ensure that your public cloud provider and private cloud are in compliance,
but you also must demonstrate that the means of coordination between the two
clouds is compliant. If, for example, your company works with payment card
data, you may be able to demonstrate that both your internal systems and your
cloud provider are compliant with the Payment Card Industry Data Security
Standard (PCI DSS).
·
Poorly constructed SLAs
You may be confident that your
public cloud provider can consistently meet expectations detailed in the service-level
agreement (SLA), but can your private cloud live up to that same SLA? If
not, you may need to create SLAs based on expectations of the lesser of the two
clouds -- and that may be your private cloud.
Collect data on your private
cloud's availability and performance under realistic workloads. Look for
potential problems with integrating public and private clouds that could
disrupt service. For example, if a key business driver for the private cloud is
keeping sensitive and confidential data on-premises, then your SLA should
reflect the limits to which you can use public cloud for some services.
·
Risk management
From a business perspective,
information security is about managing risk. Cloud computing (hybrid cloud in
particular) uses new application programming interfaces (APIs),
requires complex network configurations, and pushes the limits of traditional
system administrators' knowledge and abilities. These factors introduce new
types of threats. Cloud computing is not more or less secure than
internal infrastructures, but hybrid cloud is a complex system that admins have
limited experience in managing -- and that creates risk.
·
Security management
Existing security controls such
as authentication, authorization and identity management will need to work in
both the private and public cloud. To integrate these security protocols,
you have one of two options: Either replicate controls in both clouds and keep
security data synchronized, or use an identity management service that provides
a single service to systems running in either cloud. Allocate sufficient time
during your planning and implementation phases to address what could be fairly
complex integration issues.
·
Trust requirements
When thinking about the hybrid
cloud, the most important concept to understand is that of the trust levels of
the different environments. Organizations will likely have contractual
and regulatory requirements for the protection of certain
information. However, organizations will have many services that don’t
have those extra security requirements and can be adequately protected and
provided in the public cloud portion. So understanding of trust and what
applications and information an organization can put in the public cloud and
which ones must reside in the private cloud is critical. By understanding what
trust requirements exist within your environment, you’ll be able to determine
access control requirements as well as authentication requirements. Once
you have identified those areas, you can utilize your cloud management tool to
implement and enforce those requirements.
·
Cloud management flexibility
From a practical standpoint, the
most important security decision for a hybrid cloud is choosing a tool that
will be used to manage the environments. By definition, a hybrid cloud
has communications between the public and private cloud infrastructure, so the
tool must be flexible enough to manage both environments, as well as be able to
implement your security requirements.
·
Identity considerations
One aspect of hybrid clouds
that should get special consideration to is identity sharing. Most
organizations will extend their enterprise identity solution to the hybrid
cloud, but they need to examine how this extension to the public cloud will
affect the security of the private cloud and the enterprise overall.
This is more of a risk assessment
issue than an control implementation issue. Organizations will need to
ensure the mechanisms by which they provide and consume identity with their
public cloud provider do not decrease the security within their private cloud.
Implementing a hybrid cloud introduces more than just
technical challenges; IT admins also need to address upwards issues.
By understanding and mastering these hurdles, hybrid cloud could offer more
reward than risk.
Summary
Not many companies are running hybrid clouds today. But
while the technology that will power hybrid clouds is still developing, the
potential benefits are already coming into focus. Hybrid clouds provide the
advantages users already expect from public cloud storage deployments, like pay-as-you-go
flexibility and self-service. They also promise to provide the enterprise-level
capabilities typically found only in a private cloud, such as secure
multi-tenancy and the ability to deliver quality-of-service levels for
availability and performance. Clouds are still in their “Wild West” growth
phase, and the hybrid model is still evolving. But we see hybrids as a
stabilizing force in the cloud market, bringing together the best of private
and public clouds to address the demands of midsize and enterprise users. “Gartner Says Hybrid IT is Transforming the
Role of IT”
Reference