Cloud Computing Best PracticesBluepi Consulting Services

ContentsBusiness Drivers

Selection of Cloud Provider

Page No.

Page No.

Business Continuity/Disaster Recovery

Short Term Extension

Seasonality

Application upgrades or resource constraints

Compliance and regulatory challenges

Dev/Test and UAT workloads

Move to Opex

Uncertainty and Change

Flexibility

Interoperability & Portability

Degree of Automation

Service Dynamics

Costs

Price Model

Service Charges

Scope and Performance

Technology

Software

Performance

IT Security & Privacy

Datacenter Security

Network Security

Reliability and Trustworthiness

4

7

10

4

6

4

8

11

55

9

12

5

9

13

4

7

10

4

8

12

5

9

12

10

Security aspects of Cloud Computing

Licensing Considerations Contact us

Page No.

Page No.

Page No.

16

17

18

Migration Strategy Page No.Identify Business Drivers

Assessment

Roadmap

Migration

Optimisation

Operations

Business as Usual

15

14

15

15

15

15

1515

Contents

Why Businesses move to the cloud?

Business Continuity/

Disaster Recovery

Short Term Extension

Seasonality

Application upgrades or resource constraints

Different Enterprises have different drivers for adopting the cloud. Some see cost as the primary driver while some others consider agility as the prime criteria. We at BluePi have seen customers adoption being driven by one of these eight reasons.

A classic reason that is driving the adoption of hosted compute and storage resources is BCP & DR. The idea of being able to run the mission critical applica-tions even if the on- premise data centre is unavailable is lucrative. In this scenario the cloud computing could be either primary or secondary site eliminating the dependance on the on- premise availability.

Occasionally enterprises need a short term augmentation to their existing data center. Given that pro-curement times are usually in months to add extra capacity , the cloud provides an on- demand opportu-nity to add scale.

Many organisations, especially in B2C industries like leisure, hospitality, entertainment and retail, run regular one- off campaigns, special events, Managed cloud hosting help by allowing these companies to scale on demand and then scale down as demand subsides. This elasticity the ability to cloud burst is a huge driver for many businesses and will be significantly more cost- effective than buying hardware that is only used for a short portion of any given year.

Organisations often wait before upgrading to the latest versions of software which require expensive changes to the existing hardware. Sometimes current hardware is reach its end of life and are reaching their limits in terms of resource usage. This presents an opportunity to organisations to focus on manag-ing the applications while outsourcing the current hardware reach, upgrade and maintenance challenges to an MSP.

1

2

3

4

Business Drivers

Dev/Test and UAT workloads

Move to Opex

Uncertainty and Change

Organisations looking to adopt the cloud with minimal risk move their development, test and UAT envi-ronments to the cloud. These environments are usually on demand and significant cost savings can be accrued without any impact to ongoing business.

One big financial benefit of adopting the cloud comes from the move to a predictable monthly recurring model of IaaS costs as opposed to cape spikes. This also leads to removal of hardware ownership and lets organisations focus on their core competencies.

Cloud provides an instant ability to provision new resources and this acts as a safeguard against the uncertainty and unpredictability of the future growth of business.

6

7

8

Compliance and regulatory challenges Security and Privacy of data is a significant compliance, legal and regulatory issue for organisations. Some organisations require HIPAA compliance for healthcare data and some UK based organisations require ISO27001 complaint data centres. Cloud providers help by ensuring compliance to these regula-tory requirements. For example AWS provides HIPAA compliance and provides CloudTrail for capturing detailed access and audit logs.

5

In summary more often than not it is a combination of the above reasons that leads to the adoption of cloud computing. If you need help to identify your business drivers drop us a line at info@bluepi.in

We run a free survey that helps organisations define their business drivers accu-rately.

What are the considerations for evaluating the cloud providers?

Selection of Cloud Provider

One of the primary challenges that organisations face while deciding to move to the cloud concerns the choice of the cloud provider. What criteria should be applied to shortlist vendors and how to discern the qualitative difference be-tween these is a mammoth challenge. Below we provide a best practice criteria for addressing the same. Bottomline is that there is no one size fits all in selection of the cloud provider. Knowing your cloud computing needs hold the key to the selection of your cloud provider. First step is for you to identify whether a SaaS or IaaS model works best for you. For example if you are running exchange/outlook in your private data center it is primarily a choice between using a SaaS email solution like Office 365, gmail or hosting your exchange on an IaaS provider. While Office 365 or Gmail would provide you significant abstraction and automation thereby reduc-ing your maintenance overhead, they also limit the control you exercise on the environment. We recommend each organisation develop their own provider selection model based on their own priorities and criteria. However we summarise some of the criteria under different headings to help you develop your own model. Most of the section is structured in order to help you identify and frame the im-portant questions.

A key criteria for selection is to ensure that the data at rest hosted within the cloud is portable and can be moved on- premise or to another provider at a moment notice. Data could be in form of object storage like files, backups and archive or in the form of block storage like hard disks. Even data stored in the form of audit/ac-cess logs and message queue temporary data should be considered.

Interoperability & PortabilityInteroperability and portability may be a significant criteria for organisations to ensure that there is no single vendor lock- in.

A cloud provider may choose to implement an API or functionality that is completely propri-etary in nature. Sometimes this becomes nec-essary due to the lack of an existing standard in the area. Often times these API or functional-ity can evolve to be the de facto standard - for example the AWS Simple Storage Service (S3) API has evolved to be a standard and other providers have now developed S3 interopera-

Standardisation

Data Portability

Virtual machine instantiation and portabilityOne of the most basic resources which CloudCom-puting delivers is the Virtual Machine, which is a physical metaphor type of resource. VM Mobility is that feature in a particular hypervisor which allows a running system to be moved from oneVM to anoth-er VM. As far as the running system is concerned it does not need to be reconfigured, all of the ele-ments such as MAC and IP address and DNS name stay the same; any of the ways storage may be ref-erenced stay the same. Whatever needs to happen to make this work is not the concern of the running system. VM mobility has been implemented with several hypervisors but there are limitations

Flexibility

ble APIs. Another example is CloudFoundry that is an open source de-facto standard in the area of the PaaS. Bottomline is though standardisation is important, other criteria like feature richness and capability should also be considered during the selection.

It is important to be able to provision a VM very quickly when needed. This metric becomes critical especially during a metric autoscale scenario.

It is is critical to determine whether there is a time bound tie-in or it is truly pay as you go. Also some providers have discounts for longer service periods.

Provisioning time Contract Length

Service Dynamics The services provided need to be evaluated to get an understanding of what the organisation is signing up for.

Degree of AutomationSometimes the primary reason of moving to the cloud is to bene-fit from automation. This therefore becomes a critical criteria and needs a great deal of study.

Do changes to the VM require downtime? Can we update the resources on the database without causing a downtime?

Some providers allow the automated scale-out , scale-in of the application environment driven either by schedule or performance metrics. This could lead to not only automated commis-

Can backups/restoration & upgrades be automated for the database resources? Are security patches automatically applied on the OS ? Providers do provide varying degree of automation in these areas. More automation of course means lesser involvement and greater peace of mind.

Changes/Updates

Scalability

Systems Management

sioning of resources to address unexpected peak load scenarios but also lead to significant cost sav-ings due to the optimisation of resource utilisation.

Some cloud providers aim at the higher end of the pricing spectrum but provide a very high degree of automation, services & resilience. The balance between cost and resiliency varies from organisa-tion to organisation and application to application within an organisation.

Does the provider allow you to make choices based on your needs so that you can customise your environment and therefore your costs. For example Amazon provides two classes of storage services in S3 - Standard(99.999999 availability) vs Reduced redundancy storage (99.99 availabili-ty) with different costs.

How frequently have the prices changed his-torically? Are they resilient ups and downs in the marketplace. For example Amazon AWS has continuously slashed prices on an ongo-ing basis and passed on the benefits of scale to the consumers.

Granularity determines the blocks at which the services are priced. For example S3 storage services is priced at the same rate for the first TB and then for the next 50 TB. These blocks mean that it favours organisations with peta-bytes of storage.

Are there hidden costs or the pricing transpar-ency and clearly documented? What about local tax implications? These are some of the considerations to determine the providers business ethics.

What are the different types of service charges applied to a service? For example apart from storage cost AWS charges $.005 per 1000 update requests and $.004 per 10,000 get requests.

Price Class

Price Options

Price Resilience

Granularity

Price Transparency

Type

Costs

Service Charges

In depth analysis of the costs associated with the cloud adoption needs to be carried out. The sad truth is that there is no easy way to do an apple to apple comparison of the costs between different providers. The problem is aggravated due to a variety of pricing option, SLAs and transparency.

All providers charge for services that are automated while using their environments.

As seen, calculating the costs may not be an easy exercise given the granularity and type of charges being applied by the provider.

How easy is to provision load balancers to the en-vironment? What kind of configuration options do these load balancers provide? is it possible to use instance load metrics to define the routing algo-rithms? Is it possible to provision an on-premise load balancer (F5 for example) to the provider.

What are the sizing options available for the in-stances? What operating systems are supported? Are there instances available that provide specific resource optimisations - like CPU, memory or disk or GPU?

Are there automated lifecycle policies available to migrate data from one type of storage to anoth-er? Are there automated template deployments for common use cases like LAMP stack, J2EE web stack or .Net based IIS web applications? Are there automated audit logs and performance metrics that can be turned on an as needed basis?

Are there limits to the storage capacity? Are they available on-demand and via an API? Are tiered storage options available? Are server and client side encryption available on the storage tier for security and privacy available? Is service side la-tency insignificant compared to internet latency?

What kind of virtualisation technology is provided by the provider? Can you extend your current data centre assets by leveraging a product like vmware cloud director. Can you choose the hypervisor. For some organisations these may be critical decision making points.

Is it possible to create a segregated network and VPN within the cloud environment? Some organi-sation provide their services as SaaS offerings to end clients. It may be a requirement to provide data segregation for this to succeed given the compliance and regulatory requirements.

Is RDP or SSH access to the VM environments allowed? How secure are these? Do the VMs get patched for security vulnerabilities on an ongoing basis? Can network access be allowed from spe-cific ip address ranges and on specific ports?

Load balancers

Instance Type Add-On Services

Storage Services

Virtualisation

Multi-Tenancy Network Access

Scope and PerformanceIt is critical to evaluate the scope of services and capabilities provided. Given that the migra-tion to a different provider is a costly affair it is critical that the due diligence exercise takes into account the variety of services that are available. In this area AWS leads the market by adding new capabilities on a regular basis. There PaaS offerings like Beanstalk while at the same time deployment automation frameworks like Opsworks and cloudformation.

Technology

Software

Is it possible to procure guaranteed com-puting time? This becomes critical in case of running a High Performance Compute Cluster (HPCC).

Are there SLAs available for connection band-width between the different tiers? Does the bandwidth become an issue during peak load scenarios? Very few providers give clear answers in this regard.

Computing Time Connection Bandwidth

Performance

Datacenter Security

Network Security

IT Security & Privacy

Security and trust from a hardware perspective is a complex subject and requires consideration from a compliance perspective. More often than not the physical aspect of data security is well taken care of by almost all the known cloud providers. One interesting insight comes from the fact that most violations in the field of healthcare in the US appear to be physical in nature and mostly due to negligence. Some cloud providers allow the in-stallation of a hardware security module. An HSM may be required due to corporate, contractual and regulatory compliance requirements.

Depending on the criticality of the data on the cloud it may be necessary to secure the connec-tions between the data centre and the cloud. For example AWS provides DirectConnect while rack-space provides rackconnect to establish a secure dedicated private connection between the cloud and the on-premise data center. Firewalls play a critical role in the security of the networks provided in the cloud. How easy it is

Software security more often than not needs to be provided by the organisation itself. Patching of OS, application servers, unmanaged databases as well as any application that the organisation runs is the responsibility of the organisation. This is called the shared security model.

Hardware Security

Connection Security

Software Security

to setup a network configuration could be some-thing of vital importance to the data centre opera-tions. It is important to ask questions like how quickly could a specific IP range be banned in case of DOS attack.

Reliability and TrustworthinessThe Cloud Service Provider should have certain safety nets in place to ensure services whice are consistently available. These include

redundancy of power redundancy of Internet connection cooling systems fire suppression systems servers storage security systems

Migration StrategyWhen and how do you migrate to the cloud?

1 2 3 4 5 6 7Business Drivers

Assessment Roadmap Migration Optimization Operations BAU

What are your drivers?

Are your ready to priortise

services to be migrated to cloud?

Do you know how to scale

your business and reduce your costs?

Do you know how to scale

your business and reduce your costs?

Are you up to speed on the evolutin of the

cloud?Are your apps/IT ready for the cloud?

Have you started the process of

migrating your apps to the

cloud?

Define key business drivers and measurable benefits for the cloud migration.

55% cite busi-ness agility and scalability as the biggest drivers

Close behind is the cost with 48% citing it as driver

Assess your applications/infrastructurescloud readiness

Assessment should not only evaluate IT but must encom-pass process, people & gover-nance

Bluepi has a proprietary framework to evaluate your cloud readiness

Identify and priortise the appropriate systems

Identification is a cost ben-efit analysis between speed of migration, cost, criticality & business value

Make the move, transistion all or parts of data, applications and services

The following types of appli-cations are seen to be moving to the cloud :

CollaborationApplicationWeb Applica-tionsData BackupBusiness Appli-cations

Scale, improve, RTO/RPO and lower costs

Now that your apps are already in the cloud, its time to focus on operational efficiency, re-covery, objec-tives and cost opimizations. We have helped clients reduce costs by 50% while experienc-ing higher per-formance and lower response time.

Standardise op-erational tasks, leverage cloud services

Take enterprise cloud comput-ing to the top by managing your business critical services.

Intergrate cur-rent processes and systems with those on the cloud to create a seam-less experience

Define key business drivers and measurable benefits for the cloud migration.

55% cite busi-ness agility and scalability as the biggest drivers

Close behind is the cost with 48% citing it as driver

Migrating to the cloud is a long term strategic investment. We at BluePI believe the steps below highlighting the staged approach towards enterprise cloud migrations.

Before embarking on a cloud initiative it is imper-ative for an organisation to identify and define the key business drivers. Unless the key success criteria is clearly articulated and documented, the initiative cannot be measured and is doomed for failure. Often this stage requires involving all the stake-holders (business and technical) to discuss and agree on their definition of key success criteria. Please read the section on Business drivers for further details.

Once you know what your objectives of migration are the next step is to identify assess the state of the state of the IT assets. The big question that needs answering here is whether your infrastruc-ture and applications are cloud ready. The evaluation should include processes, people and governance. Questions like skilled manpower requirements for operating a cloud environment should be carried out in this stage.

Assessment

Operations

Identify Business Drivers

Roadmap

Optimisation

Business as UsualBased on the outcome of the assessment in the previous step a roadmap should be drawn. The roadmap should take into account the appetite for risks as well the business criticality of application being migrated. A cost-benefit analysis of each application landscapes migration to cloud should be carried out. It is also essential to consider the possibility of consolidation of applications and retiring some of them if possible.

Its never BAU in an enterprise. However at this level the stage is set where cloud becomes the first choice for deployment for any new IT initiative and a body o knowledge and best practices have already emerged within the organisation to take care of routine activities.

Once the roadmap is defined the actual process of migration begins. Most organisations prefer to move application low in criticality but with large footprints. Some organisations move DR environ-ments first before moving the entire production landscape. Others choose to move Dev/Test/UAT before anything else. Once the environments are optimised it is impera-tive to leverage cloud services to automate op-erations. This is where the benefits of automated backup, restore, versioning and lifecycle rules can be leveraged.

Once the applications are migrated it is time to optimise the deployment by focusing on the RTO/RPO and by lowering costs by using tiered storage and scale-in, scale-out techniques. At this stage the real benefits of the migration begin to manifest. This is also a good time evaluate the migration against the success criteria established in step 1.

MigrationOnce the roadmap is defined the actual process of migration begins. Most organisations prefer to move application low in criticality but with large footprints. Some organisations move DR environ-ments first before moving the entire production landscape. Others choose to move Dev/Test/UAT before anything else.

How do you keep your data/apps safe ?

Security aspects of Cloud Computing

This area in itself is a significant area of contention and varies from busi-ness to business. To ensure that this guide provides best practices for a large cross-section of industries, this is phrased in terms of action items that must be carried out .

Review vendors business continuity and disaster recovery plan Create a Backup plan for data at rest Evaluate the need to maintain redundancy with the same or a different vendor Ensure scheduled outages acceptable both in terms of duration and time of the day Evaluate the SLA guarantees adequate system availability Ensure ability to increase computing resources on-demand Ensure legislative obligations can be met to protect and manage data Sanitisation policy of storage media after EOL Evaluate if secure monitoring is available Is Disk encryption available if required The vendor has a secure gateway environment Is there gateway certification available Availability of Multi-factor authentication Determine the availability of private subnets

How does licensing work on the cloud?

Licensing Considerations

Licensing is sometimes is called the achilles heel of Cloud computing. This is primarily because the old models of software licensing are wholly incompatible with the on demand nature of cloud workloads. Enterprise software is in a category unto itself when it comes to licens-ing. It isnt like drive-by downloads: pay $39.95 through PayPal or a cred-it card and its yours, deploy at will. Enterprise software licensing is a complex system of variables and equations that has remained largely inscrutable. Even in the simplest CPU based licensing model cloud computing intro-duces variables that can be prediction of costs very difficult. As it is on the cloud the number of CPUs that would be run is variable - that is the definition of the term elastic. Each cloud provider enters into strategic partnerships with the enterprise solution providers to bring some level of transparency. However it re-mains a legal and procurement nightmare to ensure license compliance. If you have questions around licensing feel free to reach out to us at info@bluepi.in and we would share our collective experience on the sub-ject matter with you. We leave you with four documented links on how enterprise product licensing works on Amazon AWS for different vendors to underline the complexity of the affairs.

IBM on AWS

Microsoft License Mobility

Licensing Oracle Software in cloud computing environment

http://aws.amazon.com/sap/

Thank YouBluepi Conculting Services

Gurgaon Address:455, 4th Floor, JMD Megapolis, Sohna Road,Sector 48, Gurgaon, Haryana,122018India.

Phone: +91-9899787871E-mail: inquiry@bluepi.in

Bangalore Address:Sierra Cartel Business Center, Second floor, No.91 17th Cross, 14th main, 4th sector, HSR layout,Bangalore 560102India.