“Different Clouds Have Different Strengths – know what you need”
Behind the scenes of every cloud platform lives the components that used to exist on your own “pre-cloud” network – hard drives, memory, CPU etc. Depending on the cloud provider’s core focus, the cloud services they have will tend to fall into one of two categories:
- Infrastructure as a Service (IaaS) – A set of cloud services aimed at replacing traditional on-premise IT infrastructure with a consumption led charging model, typically for hosting storage, virtual server workloads, networking and associated security services.
- Platform as a Service (PaaS) – A set of cloud services aimed at developers allowing them to build, test, deploy and host web-scale software applications for their customers.
It’s important to make sure you don’t select a IaaS specialist if you are looking for the benefits of PaaS and vice versa. Pretty simple to say but it can take some work to investigate but this work is well worth the effort if you are not to make the costly mistake of selecting the wrong cloud and having to migrate again in the future.
As an IaaS specialist cloud provider, we’ll focus the remainder of this article on top things to consider when migrating IT infrastructure services to IaaS:
- Critical capabilities – security, availability business continuity
- Migration and Deployment
- Vendor lock-in (or multi-cloud considerations)
Critical Capabilities Around Security, Availability, Business Continuity
Assume nothing when it comes to understanding whether the cloud providers you are considering have critical risk areas covered in terms of security, availability of the services you are consuming and that their business continuity capability matches that which you require. There is too much to cover here in one article so here we are going to focus on the top-down view for each component.
Security – vet the security accreditations that the provider has and make sure these apply to the services you are purchasing. Their data centres should meet minimum physical security standards, they should operate to certified security standards which include the ongoing training and assessment of their people. Their people should be security checked to the levels you require for your operations and customers. Ensure you understand the security applied to the platform and operated by the provider and what your responsibility is to configure security on your virtual network running on the cloud. Do not fall into the trap of assuming that your cloud network is protected by anything unless explicitly stated by the provider. Also ensure you know who you are dealing with. In IT things go wrong from time to time and you will need to rely on the provider to help you and by this we mean their people. Understand who their key people are, how well trained they are and how many of them they have and located in which proximity to the data centres they operate. Understand their use of third parties. Where your data is not highly sensitive or where you are confident about the security protecting your cloud data, encryption of data at rest may not be a priority. However, ultimately your data will be being held on drives somewhere and whether they get stolen or accidently mismanaged so they end up in the wrong hands with your data on them, you may want to consider using data encryption at rest.
Availability – make sure that the services you require have published availability SLA targets that meet your own requirements but where possible investigate the history of the provider achieving this and understand how this is achieved across their platform. Include internet connectivity, provider WAN (between data centres) / LAN (inside the data centre) network resilience, infrastructure service resilience.
Remember that the cloud providers availability solution applies to their own cloud platform and does not necessarily mean your virtual cloud network and infrastructure services will have the same or better availability. It is likely you will have to configure up the necessary solution in your cloud tenant to achieve this. Depending on the service components offered by your provider this may also require third party services and software.
Business Continuity – it is not uncommon to find organisations who confuse availability with business continuity or disaster recovery. Infrastructure, including cloud services can be configured to provide high levels of availability but provide very limited protection to an organisation in the event of a disaster. Even with the major public cloud players, disaster recovery capability isn’t a given and needs to be configured as part of the cloud services you need to consume. It is important to vet that the providers you are considering can offer the level of disaster recovery you require, and this should be made clear in terms of RTO and RPO.
The level of support you need may well vary depending on the IT resources in your organisation, from being fully self-reliant to requiring a fully outsourced managed service for your cloud infrastructure. At the self-service end of the spectrum still assess the knowledge base, tutorials etc that are on offer for your team. Where support is needed from the provider understand who is delivering it and between which time windows and what skills they have within their teams to deliver the support you require.
Whichever support model you need, consider the provider’s monitoring capability. How are they monitoring their underlying platform – the bits you don’t get to see or control? Do they also monitor services within your virtual network or is this optional or entirely dependent on you?
Migration and Deployment
If your team is taking responsibility for migration make sure the provider supports this by offering a self-service approach with the tools you need for a successful migration and that they support the scale of the data and systems you intend to migrate to the cloud.
Where they don’t make sure viable alternatives exist which may include physical data shipping using drives or even dedicated appliances. Data concurrency concerns itself with changes to data while the migration takes place. Make sure you have proven procedures to keep track of changes while the migration takes place and that these changes can be successfully applied on completion of the migration. Whatever the approach to migration is used make sure that all data transfer rates are fully understood across each component, including between storage devices, across networks whether internal or across wide area networks and into the cloud provider’s network.
Finally cost. Cost budgeting for cloud can be a real challenge compared to the days of buying on premise infrastructure, particularly for organisations that had stable workloads. Some providers have made pricing of their cloud services enormously challenging to understand and accurately predict. Take time to understand different pricing structures and in particular look for hidden costs such as data ingress / egress charges.
Make sure to cost in the configuration you need to meet your security, availability, and business continuity objectives.
Vendor Lock-In (Multi-cloud considerations)
In today’s maturing cloud sector, the more enlightened providers have realised that they need to offer choice to customers when it comes to being able to work across multiple cloud platforms. You want to make sure that providers offer high quality connectivity to the other cloud providers you are interested in, including major SaaS services such as Microsoft 365, any other SaaS services that are important to you e.g. marketing platforms like Hubspot and public clouds such Azure, AWS that might offer particular services that could be of interest to you either now or in the future. Ensure you can span your network across all the cloud services you need without compromising on the quality of connectivity, security or ease of use.