Professional Documents
Culture Documents
cloud
computing
Harnessing this technology to
reduce costs and boost agility
800.800.4239 | CDW.com/cloudguide
7
Chapter 1: Welcome to the Cloud..................................................
• Cloud Clarity
• Break from the Past
• Foundation for Innovation
THE CLOUD
• Problem No. 4: Slow Adoption of New Applications
• Problem No. 5: Underutilized IT Expertise
• Problem No. 6: Growing Security Demands
Glossary............................................................................................... 33
Index..........................................................................................................35
SCAN IT
Download a QR code reader on your mobile
device to scan and discover how CDW
solved cloud infrastructure problems for
an international manufacturer.
2
chapter 1
Cloud Clarity
Break from the Past
Foundation for Innovation
Call it Cloud 2.0. After years spent can boost the overall efficiency of an provisioned computing resources,
fully clarifying exactly what cloud IT department, which in turn has the including networks, servers, storage,
computing is and how it can reshape IT potential to save money and make applications and services. The following
departments, this important collection operations more agile and effective. key elements fill out this description.
of technologies, architectures and For these reasons, 19 percent of the Resource pooling: Applications,
management frameworks has finally respondents to the AMD survey list processing power, storage volumes,
achieved mainstream status. cost reductions as the prime driver memory and other IT capabilities
Recent research shows how far cloud for their cloud plans, while 35 percent exist as pools that systems and
acceptance has come. CDW’s 2011 identify cloud computing as a tactical users can draw from as needed.
Cloud Computing Tracking Poll found move to address specific needs. The dynamic nature of these pools
that 84 percent of IT managers means users can tap into additional
now say their organizations rely on Cloud Clarity power to meet demand spikes — for
at least one cloud application. Unfortunately, the era of Cloud example, heavy number crunching to
Similarly, the Global Cloud Computing 2.0 doesn’t necessarily herald the close month-end financial books or
Study, sponsored by AMD in 2011, found end of cloud hype. IT managers must assisting an order processing system
that 35 percent of U.S. enterprises still guard against those who play during the busy holiday shopping
are investigating cloud computing and fast and loose with cloud claims and season. Once demand subsides, users
nearly 40 percent use cloud solutions definitions. A good dose of reality is relinquish the extra resources, which
for hosting data, running remotely available from the U.S. government’s become available to other users.
hosted applications or both. Those National Institute of Standards and Self-service: IT resources exist
numbers — a combined total of 75 Technology (NIST), which provides the for the taking, either automatically
percent — highlight how cloud computing go-to reference for formal definitions. or by request. For instance, end
has clearly influenced the IT roadmaps But working definitions are also users could click on a simple menu
of a wide spectrum of organizations. valuable: Many IT managers see cloud to book server time or reserve
The reason? Cloud environments can computing as a model for enabling additional storage capacity. Best of
address core business and technical convenient, on-demand access to a all, provisioning happens without
goals. Done right, the use of cloud shared pool of configurable and rapidly calling in the IT department.
3
chapter 1
Individuals and workgroups rely on dedicated Users access shared resources that exist as
hardware, storage and software resources. services available from a central repository.
Software resides on client computers. Software resides in private or public data centers.
Enterprises must support different versions of Users can access mission-critical software
applications for PCs and mobile devices. from a variety of client devices.
To boost computing power or roll out new capabilities to New or expanded services can be provisioned on
users, IT departments work through lengthy procurement, demand, typically without IT department intervention.
provisioning and implementation processes.
Overprovisioning of computing capabilities is Dynamically allocated pools of hardware and software
necessary to accommodate demand spikes. drive down idle or underutilized resources.
Rapid elasticity: Quick rightsizing Break from the Past effects of today’s more mature cloud
of IT resources helps eliminate the Cloud benefits represent a clear technologies are providing a foundation
costly overprovisioning that often break from traditional IT operations for other emerging IT developments.
plagues organizations. In the past, that tied users to dedicated hardware, For example, some organizations
it was necessary to prepare for storage resources and network are finding concrete operational
temporary demand spikes by installing devices. Although generally effective benefits from bring-your-own-device
more computing power than typically for giving users the computing power (BYOD) strategies that allow staff
needed, which left expensive high-end they need most of the time, the mobile devices to serve double duty
resources sitting idle much of the time. traditional client–server approach often as personal and professional gear.
Depending on the individual cloud proves too rigid for the fast-paced Anywhere, anytime availability of
strategy, an IT department can world in which processing demands enterprise resources via the cloud
reduce or even eliminate capital increase without much warning. means those employees have all the
expenditures and keep underutilized In the past, bringing a new resources they need on their devices,
resources to a minimum. server online could take months to yet IT managers can keep close tabs
Measured service: Usage accommodate procurement planning, on security and data management.
monitors meter resources being purchasing, implementation and The rise of governance frameworks,
drawn from the cloud for clear testing. And the consequences could such as the IT Infrastructure Library
data about costs, service-level be painful — too few resources could (ITIL) and the VCE Vblock Infrastructure
performance and consumption result in poor service to an important Platforms, also dovetails nicely with
patterns, making budgeting for client or user, or a costly delay in cloud strategies. ITIL provides the
operational expenses more accurate. responding to a new opportunity. discipline and guidance organizations
Broad network access: High-speed Dynamic, self-service resource need as they transition from traditional
networks provide the pipelines that pools overcome these problems by IT environments to a cloud future.
connect users to cloud resources. This breaking the ties between applications The rise of governance frameworks,
promotes anywhere, anytime access and their underlying infrastructure. such as the IT Infrastructure Library
to applications, data and processing The result is a new computing (ITIL), also dovetails nicely with cloud
power, whether end users are at their framework that can make processing strategies. ITIL provides the discipline
desks, on the road or working from capacity available in near–real time. and guidance organizations need as
a home office. Clouds provide similar they transition from traditional IT
flexibility in the choice of client hardware Foundation for Innovation environments to a cloud future.
by accommodating everything from IT innovations don’t arise in a vacuum, For example, ITIL defines a services
traditional desktop and notebook so as more organizations embrace management approach to IT, which is a
systems to tablets and smartphones. cloud, they’re also adopting other new key first step for cloud implementations.
capabilities. Fortunately, the ripple This and many other resources are
becoming available for organizations
seeking guidance in the cloud.
4
chapter 2
Choosing the
Right Cloud
How to pick the right model and platform before migrating
a single file, app or system.
5
chapter 2
can mitigate privacy, security and Platform as a Service from computing resources such as
compliance fears. Similar to a private A step up in cloud sophistication is operating systems and applications.
cloud, the community option can platform as a service. PaaS offerings IT departments can expect flexibility
reside either within an organization’s go beyond delivering a prepackaged to expand further with the evolution of
data center or at an external site. application via the cloud, instead completely web-based clients. Browser
providing the entire computing platform interfaces will ultimately be the only
Hybrid Cloud and solutions stack. This allows technology that users need to connect
There’s also the hybrid cloud enterprises to run custom applications their chosen hardware to sophisticated
model, which mixes and matches or use the solution’s programming IT resources. For now, desktop clients
the best elements of private, public environment to create new solutions. remain the most common way for
and community clouds. For example, As with SaaS, customers avoid users to access cloud services.
an enterprise may run a private upfront provisioning costs and
cloud for day-to-day operations but ongoing expenses for infrastructure
contract for additional resources maintenance and management. PaaS
made available from a public cloud gives users control of the specific The DaaS Duo
to weather a demand spike. capabilities of their applications as
The best cloud deployment model long as the in-house development Two emerging service models have joined
will depend on several factors, including staff is comfortable with the PaaS the familiar SaaS, PaaS and IaaS options.
cost, control, performance, scalability, provider’s choices for programming Although the names of both newcomers
security and service requirements. languages, interfaces, development share the same acronym, DaaS, they
tools and database support. perform quite different IT services.
Efficiency as a Service The first, data as a service, offers
IT managers must also decide which Infrastructure as a Service users a method for tapping into large
services to migrate to the cloud. The Infrastructure as a service delivers storehouses of information on demand
options available break down into processing power, security tools, wherever and whenever they need them.
three categories. storage capacity and network
bandwidth as on-demand services. This form of DaaS will likely be a
Software as a Service As an organization grows, it therefore welcome tool for enterprises that must
The most mature and widely can avoid new investments in handle “big data,” massive influxes
used option is software as a these components. of information that must be quickly
absorbed, analyzed and used. Think NASA
service. With SaaS, users access IaaS users don’t directly control or
faced with analyzing flight information
applications hosted within a service have access to the technologies running
in real time during and immediately
provider’s cloud infrastructure. in the offsite infrastructure; the cloud
following a mission launch, or Wal-Mart
Users don’t own the applications provider manages these. A core
plotting final seasonal orders from
or the underlying infrastructure of component of most IaaS offerings is the
suppliers based on Black Friday sales.
servers, operating systems, storage service catalog, an online tool for finding
systems and network resources. and provisioning available services. The other new service model is
That’s good from a capital desktop as a service, an outgrowth
expense viewpoint, but potentially Client Flexibility of client virtualization trends such as
troublesome in terms of flexibility: Flexibility is at the core of all these virtual desktop infrastructure. This
Applications come as-is, with little or cloud choices — the ability of users to DaaS lets IT managers rely on service
no opportunity for customization. not only access important resources providers to manage virtual desktops,
Small- or midsize organizations’ anywhere and anytime there’s a secure reducing the need for in-house data
limited budgets and IT staff obviously network connection, but to do so using center investments to do so.
can benefit from this model. Large many types of devices. Endpoint devices
Both DaaS options are so new that
enterprises can also benefit from can range from traditional desktop and
at present their widespread appeal is
this approach by offloading routine notebook computers to diskless thin
hard to gauge. But they highlight how
services to a third-party provider and clients, tablets and smartphones.
cloud models will continue to evolve to
devoting internal resources to strategic This is possible because of the
solve highly specialized IT challenges.
and mission-critical activities. principal cloud framework, which
separates physical hardware
6
chapter 3
Cloud computing represents potential initiatives to fund and which but unproven technologies. Rather
a fundamental change in how to prioritize, delay or shelve entirely. than gamble on a capital investment, IT
enterprises acquire and deliver IT The Solution: Reduce capital managers can choose cloud providers
resources. But before embarking expenditures by avoiding investments that offer the most innovative
on an ambitious cloud strategy, IT in additional on-premise hardware services at the best prices.
managers need a clear idea of the and applications. Instead, contract Cloud technology also offers some
potential benefits they can achieve, for cloud services that are paid important ancillary financial benefits
and they must be able to communicate for through operational spending not directly tied to capital expenditures.
these advantages to bring senior that’s easier to justify. For example, many enterprises have
management and end users on board. The diversity of cloud computing seen their power and cooling costs rise
One way to make the case for options (ranging from internal private significantly as traditional data centers
cloud computing is to focus on six clouds to pay-as-you-go public grow and more densely packed servers
long-standing IT challenges, and clouds) increases the chances that generate higher levels of heat. Shifting
how organizations can solve them IT shops can acquire the services to third-party cloud providers relieves
with the right cloud strategy. they need at costs that are in line energy demands and reduces utility bills.
with their current budgets. Organizations can also gain better
Problem No. 1: Continuous For example, 52 percent of IT insight into their IT-related costs
Investment Outlays executives participating in the CDW through the use of monitors that are a
IT departments are under constant 2011 Cloud Computing Tracking Poll cite staple of both public and private cloud
pressure to implement new services reduced capital expenses as one of the models. Metering allows for accurate
to support the core missions of their top benefits of their cloud strategies. The chargebacks to individual departments
organizations. But supporting these poll’s respondents also say they saved for the services they use and can even
requests in traditional IT environments an average of 21 percent in annual costs fundamentally alter the role of the IT
requires ongoing investments in new by migrating applications to the cloud. department. As IT departments evolve
hardware and software. In an era of tight In addition to cost reductions, to become service providers, they may
budgets, organizations find themselves clouds can lower the risk of making transform from a cost center to a revenue
making hard choices about which the wrong decisions about promising unit with profit-and-loss responsibility.
7
chapter 3
8
CDW.com/cloudguide | 800.800.4239
CDW’s Complete
SaaS Portfolio
Software as a service (SaaS) providers
offer many office productivity applications,
including word processing and spreadsheet
programs, as well as customer relationship
management, calendar, e-mail and human
resources management solutions.
9
chapter 4
10
CDW.com/cloudguide | 800.800.4239
1. Profile the existing environment. This requires combing through invoices and budgets for capital and operations spending
that documents hardware investments and fees for software licenses. Next, fold in related expenses for IT personnel,
service and support activities, upgrades, and routine maintenance.
Also factor in facilities costs, including power and cooling. Finally, estimate the unnecessary capital and operational
expenses associated with underutilized or excess resources common to traditional IT environments. Don’t ignore
downtime associated with upgrades and routine maintenance or the opportunities lost because of delays in
adopting technology innovations.
2. Gather similar statistics for the proposed cloud project. Subscription rates for a public or hybrid cloud solution can come
from a service provider’s proposal or industry estimates available from market research firms.
But don’t ignore hidden costs that exist for cloud services. Evaluate investments for hardware upgrades and any
virtualization work. Finally, estimate how the switchover to a services model and the resulting cultural changes
will affect staff productivity.
It may take time for a multiyear cloud plan to present a clear cost advantage over the current environment. But
organizations ready for a long-term commitment will see the numbers move in their favor through more efficient
operations, increased productivity and greater agility.
Here are some examples of biggest technical pushes will involve the large-scale consolidation of physical
typical cultural fallout: Department adoption of virtualization technologies servers. A 20-to-1 virtual server to
heads may initially balk at sharing throughout the organization. physical server ratio is possible in
resources with other workgroups or Virtualization provides a foundation theory, but ratios vary depending on
with strangers in public clouds. Other for cloud services because it breaks numerous variables. Second, but no
managers may balk at paying for IT the tight bond between hardware and less significant, server virtualization
services (in the form of chargebacks) associated software and data that can slash IT capital expenditures and
that in the past appeared to be free. exists in traditional IT environments. lessen ongoing operational costs.
Even IT administrators aren’t immune It’s an essential first step to creating Storage virtualization offers similar
to some cloud-induced discomfort, the shared pools of resources and benefits in cloud environments. Once IT
because relying on third-party service dynamic provisioning of workloads administrators virtualize storage, they
providers takes away their direct control that are at the core of the cloud can create shared volumes and use thin
over how services are delivered. model. Cloud projects can benefit provisioning technology to allocate disk
In addition to helping organizations from virtualization at all levels: server, storage among multiple users based
work through any initial cultural hurdles, storage, client and application. on their minimum requirements at
these teams of cross-departmental Many enterprises are well versed in any given time. Fewer dedicated disks
representatives should make up server and storage virtualization today. mean better capacity management
permanent steering committees According to industry estimates, 30 to and optimized storage utilization.
that handle implementation and 40 percent of server infrastructures are Increasingly, organizations are
governance issues going forward. already virtualized. Tech analysts predict turning their attention to desktop
that percentage will continue to grow virtualization, which separates
A Virtualized Foundation as organizations shed management and operating systems, applications and
Although rolling out cloud across the security concerns about virtualization. associated data from end users’ physical
enterprise is not strictly a technology Virtualization has become a devices. This lets IT departments
venture, the IT department will need to successful data center technology for centrally manage and deliver desktop
do a fair amount of prep work. One of the two primary reasons. First, it enables environments from the data center.
11
chapter 4
1. Data encryption: Encrypting data is essential for protecting sensitive information while at rest or when traveling
to and from private, public, hybrid or community clouds.
2. Hypervisor security: Traditional firewalls and intrusion prevention systems (IPSs) cannot monitor traffic within
the virtualized environment. Organizations need to use a combination of configuration and management policies,
plus specialized hardware and software tools, to secure the hypervisor, the central control center for virtualized
resources. Also, place security controls within virtual servers to harden them individually on the same physical host.
3. Establish trust zones: An additional way to mitigate inter-VM threats is through the use of virtual security software
that creates trusted network segments. These segments group VMs with similar trust levels and let IT administrators
monitor VM-to-VM traffic and enforce security policies.
4. Hybrid cloud challenges: Organizations need to upgrade security in any private cloud segment they manage to match
levels in associated public cloud services they procure. IT shops and cloud providers will need to standardize on the
cloud-specific security technologies, including virtual firewalls. IT administrators should also consider using proxy
servers that intercept sensitive data for local delivery rather than via the cloud.
12
CDW.com/cloudguide | 800.800.4239
13
chapter 5
Internal private clouds deliver on much run in the same virtual pool as programs
of the cloud vision, including on-demand for the facilities and human resources
resources, pay-as-you-go pricing and staffs. That idea may unnerve some users.
unprecedented levels of scalability. Having to address these types
And they offer an additional advantage: of concerns can leave IT managers
There’s a comfort factor that comes wondering if creating a private cloud is
with being inside the organizational worthwhile. But before this concern is
firewall. This familiarity may be important even considered, there are many other
to managers and end users who questions that need to be answered about
aren’t ready to trust outside service whether a private cloud is the right fit
providers with important applications, for an organization.
data and performance promises.
Another attractive facet of private Is a Private Cloud the Right Choice?
clouds is that IT departments have First things first: IT managers need
likely already laid the foundation to honestly assess their enterprise’s
for this computing model through private cloud readiness. The answers to
widespread use of commodity x86 server five particular questions will go a long
hardware and standardized operating way toward making that determination.
systems and software platforms.
But even with these advantages, 1. A re you prepared to give users
organizations still need to overcome the autonomy they’ll expect?
cultural reticence because the cloud Q uick provisioning of IT resources
concept challenges some users’ ideas of should be available to end users.
IT normalcy. For example, multitenancy For example, developers may
rules are integral to fully realized private decide they need four virtual
clouds, meaning that applications for the machines, storage resources and
accounting and legal departments might dedicated network bandwidth.
22
CDW.com/cloudguide | 800.800.4239
23
chapter 5
• Self-service interface: Private cloud users should I n addition, an internal private cloud requires
be able to access services from a self-service a program that acts as a service governor to
portal in a manner that meshes with their roles dynamically optimize available resources against
in the organization. Typically, users select the service requests based on a range of factors. These
services they need using an IT services catalog — can include service-level agreements, operational
without having to also request the back-end policies and scheduled service demands. In the
resources required for supporting that service. absence of a service governance tool, IT shops
will need to handle this orchestration manually.
I n addition to choosing specific applications
from the catalog, users should be able to select • M etered service: Most mature private cloud
desired performance characteristics, such as implementations charge departments for the
“high speed” or “high availability.” Ideally, the services they use based on pricing published
self-service interface would remain consistent no in the IT services catalog. Some organizations
matter what changes take place on the back end. may not be ready for this level of chargeback
at the time they launch a private cloud.
• IT service management: The widely used ITIL Nevertheless, experts suggest it’s good
framework is a good starting point for essential practice to meter service use in order to best
private cloud best practices, including creating determine how to use resources efficiently.
processes and service policies; building the
services catalog; applying capacity, configuration,
demand and performance management;
monitoring service health; and implementing
metering, chargeback and reporting.
Private Private clouds aren’t for everyone. Here are some concerns to address before making a move:
Cloud
• N etwork connections: The weak link in cloud performance is the reliability of network and Internet
connections (for hybrid clouds). Any interruption in these pipelines can bring operations to a
Gotchas standstill. High-speed network (think 10-Gigabit Ethernet) and broadband Internet connections
are a must.
• Data management: Data sets may be so large that they overburden available bandwidth on some
network segments. IT shops considering migrating applications with large data sets to the cloud
need to guard against such performance degradation issues. One answer: Move end-user clients
into the cloud.
• IT expertise: Private clouds need the support of IT talent that’s well versed in virtualization and
cloud concepts, such as IT service delivery and multitenancy. Hiring these workers and keeping
their skills tuned can be expensive.
• Security: Keeping IT resources within the confines of a private cloud may sound preferable to
sending sensitive data out to a public cloud, but risks remain. Increasingly sophisticated hacking
techniques require enterprises to continually invest in personnel and technology to protect
their digital assets — a requirement that can be mitigated by finding an outside cloud provider
with a staff of security specialists.
24
CDW.com/cloudguide | 800.800.4239
25
chapter 5
too taxing for the dynamically provisioned, too. In addition, IT organizations that have instituted
self-service model. Some mission-critical apps or are planning to use chargeback mechanisms for
that support core operational processes also their private cloud services should look for tools that
might need to remain on dedicated resources. provide real-time usage metering. The more automated
Identifying legacy apps eligible for cloud this capability, the easier it will be to implement.
computing is only a first step. It’s also wise to cull Besides understanding management requirements
from the list any apps too rigid to take advantage and picking the most appropriate tools for these needs,
of the elastic nature of cloud computing IT managers can ease cloud management burdens by
(such as programs that pull information simplifying and optimizing their self-service catalogs.
from multiple databases, for instance). A service catalog, providing services uniquely
And any app needing modification or a full suited to the users’ needs, should be built upon
rearchitecting to benefit from migration to interchangeable resources for maximum flexibility.
the cloud should be moved down on the list of The IT team also will need to develop an understanding
priorities. Seems obvious, right? But failure of how users will consume the services.
to think about and plan for adapting apps A goal of continuous improvement should
for use in the cloud can negate the benefits underpin private cloud management practices. To
of moving services to this environment. achieve this, the IT staff should constantly assess
The same considerations apply to legacy the performance of the enterprise’s processes,
hardware. Server updates will happen as part resource consumption rates and usage trends.
of the virtualization process, so organizations Doing so dovetails with one of the primary benefits
will likely have newer hardware migrating of a private cloud infrastructure: the ability to adapt
into their private cloud infrastructure. Trying quickly to changing requirements. An informed
to squeeze additional value out of older, less awareness of how the cloud operates, coupled with a
flexible hardware may prove counterproductive solid understanding of end-user needs, will position the
in the dynamic cloud infrastructure. cloud as an invaluable resource for the organization.
As with any major IT project, organizations
must carefully examine both the capital and
operational costs associated with building
and managing a private cloud infrastructure,
as well as how they’ll show ROI.
Finally, managers shouldn’t gloss over the Reaping the Benefits
possibility that the self-service, automated
characteristics of a private cloud will prove Private clouds bring the concept of self-service, on-demand IT
unsettling for the IT staff. The antidote resources to an organization’s internal data center, or in some
is to educate them about the long-term cases to a facility exclusively maintained by an outside
benefits available from the private cloud. service provider.
26
chapter 6
Service Options
Security Concerns
Sticker Shock
Compliance Considerations
Choosing a Provider
Negotiating SLAs
Migrating (with Care)
27
chapter 6
healthy dose of due diligence. The ability to provision servers from a public cloud allows
the IT group to acquire computing capacity on a per-
Service Options project basis (and much more quickly than when hardware
Public clouds shouldn’t be confused with had to be ordered, delivered, installed and tested).
their older cousins, hosting services. Third- Powering up servers on demand works well in both
party providers may perform a similar role in staging and production environments, and many
maintaining and managing services for a client’s IaaS offerings give users choices in the configuration
enterprise, but there’s one big difference between characteristics of the servers they’ll be accessing,
the venerable hosting solution and public cloud including operating systems and memory allotments.
computing. Hosting services provide infrastructure Similar benefits exist for data storage. Organizations
to support a predetermined level of capacity can store production files and backup copies on a
that customers have earmarked up front. public cloud provider’s arrays. And as with processing
The capacity is dedicated to individual power, IT managers can scale storage capacity
customers, and it’s static. If a user needs additional up or down according to prevailing demand.
or fewer resources, the host must reprovision A great deal of Web 2.0 data gets stored in the cloud
accordingly. Missing in this model are some of the by default, but cloud storage’s usefulness goes far
essential characteristics that make public clouds beyond that. For example, accommodating high I/O
so flexible, including self-service, on-demand operations per second (from rich-media content or the
resource allocation and freedom from having unpredictable growth of digital archives, for example)
to accurately gauge capacity needs up front. is another area where cloud storage pays off.
So how much of an enterprise’s IT needs can Of course, IaaS isn’t the only public cloud service
pubic clouds deliver today? The list is extensive. model. Enterprises can choose PaaS solutions
IaaS provides a comprehensive range of services to host entire computing platforms and solution
that include servers, storage, networks, load- stacks needed for an application during testing,
balancing technology and security. Organizations development and, if desired, deployment.
can move entire blocks of services, such as web Providers also deliver a range of SaaS-based enterprise
applications or e-mail, out to an external cloud applications. The choice of applications grows constantly and
and take advantage of almost limitless scalability includes everything from office productivity suites and e-mail
without paying for dedicated servers and storage. to collaboration, sales force automation and web hosting.
At the top of the list in popularity are online office
productivity suites and conferencing services, according
to the latest CDW Cloud Computing Tracking Poll. What
do most applications delivered via public clouds have in
common? They’re often general-purpose programs that
can easily move off-premises so that internal IT staffers
can devote more time to mission-critical projects.
Security Concerns
No matter what public cloud deployment model an
organization chooses, relying on a third-party provider
carries risks. Numerous surveys conducted since the rise of
Case Study cloud computing show that IT managers have a broad range
of concerns that they need to address before public clouds
Data Security in the Cloud become a viable option. Ranking at the top is security.
Learn how an Illinois company For example, when asked what, if anything, is holding their
addressed security concerns when organization back from adopting or further implementing cloud
it moved to a hosted cloud solution: computing, 41 percent of the respondents in the CDW 2011
Cloud Computing Tracking Poll cite security — specifically,
CDW.com/cloudcs2
respondents say their organizations’ management and
28
CDW.com/cloudguide | 800.800.4239
29
chapter 6
detailed discussions with spent on current IT operations. costs. Organizations also have to
potential cloud providers about An IT department will need to look determine how much they value
their security strategies and at more than capital investments in other potential advantages, such as
whether regularly updated hardware and software to determine the chance to eliminate underutilized
certifications of these measures total cost of ownership (TCO). What the or excess capacity and the ability
are available to customers. organization spends on IT personnel, to free IT personnel from daily
It’s also important to identify service and support activities, maintenance tasks so they can
management controls that upgrades, maintenance activities, focus on strategic initiatives.
authenticate and regulate users and facilities (including power and Enterprises will need to devote
and administrators when they cooling) must also be determined. time and research to determine the
access cloud resources. Data When comparing cost data to a final answer, but the result will be
encryption should be in place to cloud provider’s pricing, look beyond a clearer picture of a public cloud’s
protect information while stored subscription fees. IT managers should initial and long-term cost profile.
in multitenancy environments also identify costs for any necessary
and as it passes from the cloud Compliance Considerations
environment to users and back Depending on the organization,
again. IT managers should also concerns about regulatory
look to new data loss prevention compliance may dictate the terms
(DLP) technologies, which can of a public cloud relationship.
monitor and control data flow Highly regulated industries, such
into and out of the enterprise. as healthcare and banking, need
Finally, organizations should providers that can maintain audit
redouble security best practices trails to prove compliance with the
that have become standard in Healthcare Insurance Portability
traditional environments, including and Accountability Act (HIPAA) and/
mandating that passwords be or Sarbanes–Oxley (SOX) rules.
changed every 90 days and daily Cloud Computing Similarly, some laws governing data
monitoring of new hardware and Tracking Poll protection for public sector agencies
software security patch releases. Get the full results of the CDW 2011 require highly sensitive information
The challenge is logistical Cloud Computing Track Poll here: to be stored in domestic facilities.
because some measures will Discussions with cloud providers
be the responsibility of service
CDW.com/cloudpoll must address any government
providers, others will fall on the or internal data management and
organization’s shoulders, and verification requirements.
some must be addressed by both. internal upgrades in networking or Important questions during these
IT managers need to determine security technologies. And don’t make discussions would include: Where does
up front if they’ll be able to work assumptions about what’s a standard the data reside? Who has access to
with a potential provider to achieve or optional cloud service. For example, the data — and how is that monitored
a high level of coordination. a provider may offer data recovery as for auditing purposes? What data
part of its continuity package, but if protection mechanisms and disaster
Sticker Shock that service isn’t listed in the standard recovery strategies are in place?
Cloud security may be top of contract, it may be a costly option. Will auditors be able to review a
mind for many IT managers, but By breaking out the hard costs to provider’s overall security practices?
cost follows a close second. This maintain the existing environment, an Finally, enterprises should address
concern ranked one percentage organization can make cost comparisons one other fundamental concern: What
point below security, according to different cloud options and see the are the risks associated with relying
to the CDW tracking poll. Part likely financial impact. But even this on a single vendor for a sizable portion
of the cloud cost challenge analysis won’t tell the whole story. of the organization’s IT resources?
for managers is accurately Remember, the public cloud First, be sure any applications
determining what’s being model isn’t entirely about cutting that run in a public cloud are easy
30
CDW.com/cloudguide | 800.800.4239
• Scalable storage for production and backup files • General-purpose and noncritical applications
31
chapter 6
Negotiating SLAs
At the core of the relationship between an organization
and a cloud services provider is a service-level Migrating (with Care)
agreement. The SLA sets performance guarantees for Once cloud choices have been finalized and
the procured services. The agreements also spell out an SLA approved, all that’s left is moving the
remediation options when service levels fall short. organization’s data to the provider’s infrastructure.
Unfortunately, SLAs remain an immature and still Before the migration, IT shops must test the
evolving area in cloud computing. Sticking points include scalability of the infrastructure as well as its
how best to assign accountability for problems. on-demand responsiveness. Promises don’t
IT managers should make sure that their SLAs always meet reality. It’s better to know this
answer the following questions: before the migration than after. Depending
• H ow quickly will the cloud services be up and running? on an IT organization’s capabilities and the
• H ow quickly can service levels be adjusted nature of the procured public cloud services,
as use demands rise and fall? assistance from the service provider during
• Does the SLA apply to the infrastructure as a the migration process may make sense.
whole or does it cover each individual machine? IT organizations usually can expect SaaS
• H ow often will downtime occur for scheduled deployments to be fairly routine, with applications
maintenance, and how will disruptions be scheduled? quickly becoming ready for use. But porting
• W ill the provider accept an exit clause allowing data and on-premises applications to a cloud
termination of the contract without penalty infrastructure will typically be more difficult. As
in the case of recurring incidents? part of a migration plan, an IT organization may
• W hat types of service problems result in refunds? need to call on its provider to help optimize apps.
What types receive service credits? What are As with any IT deployment, it makes sense to
the redemption procedures in each case? ramp up migration, evaluating services for hiccups
• H ow will reports analyzing performance against and making adjustments as needed. But one thing
agreed-upon metrics be provided (and how often)? is certain: The potential points of failure will be
• H ow will the cloud be monitored for fewer (if nearly nonexistent). After all, that’s a chief
regulatory compliance? reason for making the move to a public cloud.
32
This glossary serves as a quick reference to some of the essential
terms touched on in this guide. Please note that acronyms are
commonly used in the IT field and that variations exist.
Glossary
33
as failover to a cloud service for load guides aimed at promoting effective systems and applications within
balancing between types of clouds. and secure cloud computing. compartmentalized virtual machines.
34
Disclaimer
The terms and conditions of product sales are
limited to those contained on CDW’s website
at CDW.com. Notice of objection to and rejec-
tion of any additional or different terms in any
form delivered by customer is hereby given.
For all products, services and offers, CDW ®
Index
Right Technology. Right Away. are registered
®
35
march 2012
about the
contributors
Nathan Coutinho is a solutions manager for CDW with a focus on
virtualization. He has more than 11 years of experience in IT, covering
various roles in management, technical sales and consulting. His
current responsibilities include evaluating and educating clients
about trends and directions in the server, client and storage
virtualization spaces.
SCAN IT
CDW and VMware get cloud computing.
Download a QR code reader on your
mobile device to scan and view.