Flying into the Cloud: Do You Need a Navigator?

Written by:
Colin R. Chasler
Vice President
Solutions Architecture
Dell Services Federal Government

Executive Summary

Cloud Computing is the hot topic in IT computing services at the present time. While some still wonder whether this is just the latest trend, most technology professionals and industry analysts are convinced that the potential cost-savings and management benefits offered by cloud services make them an attractive alternative to consider.

Before you “fly into the cloud,” there are a few fundamental questions to consider:

1. What are cloud technologies all about?
2. What are the potential benefits?
3. How do I know if my organization is ready for a cloud environment?
4. How do I know if my organization needs help to explore the various options?

It is the intent of this paper to provide some answers to these basic questions to help you determine if your organization is in need of a “Navigator” to help you get the most out of Cloud Computing.

Current IT Challenges

As you consider various cloud environments, an experienced Navigator to guide you to the best destination for your organization may be an important ally to help ensure success.

These are extremely challenging times for the Information Technology (IT) organizations that support governmental agencies and departments. Today, doing more with less is standard operating procedure in just about every organization. Agencies must meet ever-increasing service demands with relatively static budgets over the next few years. Just a few of the new imperatives include:

• Enhancing service delivery to the public and incorporating Web 2.0 services such as Wikis and blogs.
• Supporting modernization of stove-pipe applications and infrastructure to enable more agile and improved business processes.
• Implementing commercial best practices for IT service delivery along with consistently high service levels.
• Accelerating consolidation of IT infrastructure to achieve economies of scale and create a more nimble, standards-based environment.
• Maintaining regular refreshes of older technology while limiting capital expense.
• Funding requirements that fall outside of single-managed budgets (such as those allocated from individual department or component budgets); or specific congressionally-funded programs.
• Improving performance reporting and expanding transparency requirements.
• Defending highly confidential information (intelligence, privacy act, healthcare, and other sensitive data) from malicious access or inadvertent exposure.

Against this backdrop of budget uncertainty and the pressures of additional management goals, a cloud environment has many advantages to offer if properly understood and managed.

What is Cloud Computing?

According to NIST ¹ , Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

This cloud model promotes the utilization of shared, virtualized resources and has a set of defined Essential Characteristics, Delivery Models, and Deployment Models as described in detail and shown in Figure 1 – NIST Cloud Computing Model.

As you consider various cloud environments, an experienced Navigator to guide you to the best destination for your organization may be an important ally to help ensure success.

Figure 1 - NIST Cloud Computing Model: The NIST Cloud Computing Model includes: Essential Characteristics, Delivery Models, and Deployment Models.

Essential Characteristics are the distinguishing features and functionalities that differentiate cloud services from other types of IT delivery models. Organizations can leverage the economies of scale that Cloud Computing service providers offer—along with a predictable measured service model—to lower the total IT infrastructure cost of ownership and significantly increase responsiveness to user demands as requirements scale up or down.

Essential Characteristics

• On-demand Self-service—An organization can immediately provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
• Ubiquitous Network Access—Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client devices (such as mobile phones, laptops, and PDAs).
• Location-independent Resource Pooling—The provider’s computing resources are pooled to serve all customers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to demand. Examples of resources include: storage, processing, memory, network bandwidth, and virtual machines.
• Rapid Elasticity—Capabilities can be rapidly provisioned to quickly scale up, and rapidly released to quickly scale down. The capabilities needed for provisioning can be purchased in any quantity at any time.
• Measured Service—Cloud systems automatically control and optimize resource use by leveraging a metering capability appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for the customer.

Security Considerations Of all the elements that go into IT hosting decision making for government agencies, information security is typically the highest priority. NIST has working groups looking at creating security standards for Cloud Computing and their publications can be located at http://csrc.nist.gov/groups/SNS/cloud-computing/index.html While NIST continues developing guidelines and standards, there are excellent opportunities for government agencies to begin adopting Cloud Computing and leverage its benefits. Considering cloud technologies is especially appropriate for applications that are public-facing and do not involve exposing privacy act or classified information. Also, some options such as the Virtual Desktop, may actually improve an agency's data security by migrating data stored at the workstation level to a secure hosting facility that meets all the current FISMA requirements.

Delivery Models for Cloud Computing include many of the “X as a Service” options. In the proper setting, well-implemented cloud services can offer numerous operational and performance benefits to government clients.

• Cloud Software as a Service (SaaS)—Customers use the provider’s applications running on a cloud infrastructure, which are accessible from various client devices through a thin client interface such as a Web browser (example: Web-based email). The customer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
• Cloud Platform as a Service (PaaS)—This service deploys customer-created applications using programming languages and tools supported by the provider (examples: Java, Python, .net) that are hosted on the cloud infrastructure. The customer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but does have control over the deployed applications and possibly application hosting environment configurations.
• Cloud Infrastructure as a Service (IaaS)—Provides the customer with the provision of processing, storage, networks, and other fundamental computing resources and allows the customer to deploy and run software, which can include operating systems and applications. The customer does not manage or control the underlying cloud infrastructure, but does have control over operating systems, storage, deployed applications, and possibly select networking components (examples: firewalls, load balancers).

Deployment Models allow an organization, or group of organizations, to use cloud technologies in the way(s) that best suit their needs. In some cases, it makes sense to mix cloud usage within an organization depending on considerations such as security requirements, accessibility, and volume. It is even possible to manage selected functions through cloud technologies and other functions through traditional IT environments.

• Private Cloud—A Private Cloud infrastructure is operated solely for one organization, may be managed internally or by a third-party, and can exist either onsite or offsite.
• Community Cloud—A Community Cloud infrastructure is shared by several organizations to support a specific community with shared interests, such as overlapping missions or constituencies, security requirements, policies, or compliance considerations. A community cloud can be managed by the organization(s) or by a third party, and may exist either onsite or offsite.
• Public Cloud—A Public Cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
• Hybrid Cloud—The Hybrid Cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (for example, cloud bursting – where an organization can take advantage of an external cloud infrastructure to meet short duration demands for additional capacity during peak or seasonal periods).

How Did Cloud Computing Get Started?

If Cloud Computing seems like it may be a good fit with your organization, see Appendix One: Adoption/Navigation Strategy Tips for more information about areas of consideration.

To support the rapid growth in Internet-based business models, companies such as Amazon and Google built massively scalable virtualized data centers with enormous ready-to-deploy processing and storage capacity. The advent of Cloud Computing came about when these companies recognized that they could sell this spare capacity on a pay-for-use basis over the Internet. The retail model of Cloud Computing has been highly successful in attracting individual consumers and organizations who can use these services for applications that have low information security requirements as well as for Web 2.0 applications.

The success of this new hosting model soon caught the attention of established data center hosting IT companies and Managed Service Providers (MSPs) who started to develop, deploy, and market their own Cloud Computing offerings, which include:

• Simply providing basic ping/power/pipe services while the client continues to provide the equipment and systems administration
• Hosting and managing a fully outsourced IT infrastructure that includes all equipment provisioning and refreshes, along with full systems administration and support, using fixed price contracts with stringent Service Level Agreements (SLAs)

In contrast to Amazon, Google, and other mass-market hosting providers, MSPs that provide outsourcing to the government, healthcare industry, and financial institutions have deep levels of experience and proven tools to meet the requirements of FISMA, HIPAA, Privacy Act, and other stringent security protocols.

Adding Cloud Computing to your IT Services Portfolio

As described above, Cloud Computing offers a variety of delivery and deployment models, each with a unique set of benefits. While it is true that selecting a cloud service can be as simple as acquiring Gmail services from Google, chances are far better that evaluating various options and choosing the best solution set – both short-term and long-term – is likely to require a more complex assessment process.

Considerations

Many organizations still prefer to have their IT infrastructure hosted on their premises where they feel they have greater control of IT costs and investments. Other organizations have outsourced some, or all, of their IT infrastructure and are now comfortable having it hosted offsite at the providers’ facilities. In many instances, data is actually more secure in offsite, dedicated data centers where the physical environment is designed to protect IT equipment and data, and where back-up and recovery procedures may be more scheduled and stringent.

Organizational preferences are key factors to consider when deciding how to acquire cloud services and what delivery and deployment models will best meet goals and needs. For example:

• Organizations that prefer onsite hosting may lean towards establishing their own Private Cloud infrastructure. In many instances, onsite hosting also provides a greater feeling of security over the organization’s data.
• Organizations that use third-party hosting facilities may opt for a Public Cloud for applications with publically-accessible data (for instance, web sites) and a managed Private Cloud when data security requirements are more stringent.

Figure 2 – Traditional vs. Cloud Hosting Models: Transforming to a Cloud Computing Model from a Dedicated Hosting Environment requires a significant change to IT service management practices.

Migrating to a Cloud Computing model is not simply the implementation of new virtualization technologies. It will require the adoption of technology management services where users will expect more agility from the service provider to deploy new IT capacity, while charging only for those services that are actually used. These fundamental changes will need to be supported with detailed reporting that substantiate the billing and capacity utilization for each user and enable their IT budget organizations to plan for this variable utilization of the IT infrastructure.

The move to Cloud Computing/virtualization may also mean fundamental changes in the roles and responsibilities of staff within IT organizations. For example, the role for the systems administrator who takes care of the racks of servers may largely disappear as these single-purpose servers become part of a larger pool of virtualized servers in an onsite or offsite cloud. This position can be transformed into one that focuses on ensuring that services from the cloud provider remain aligned to business goals and are delivered to performance levels as required by the contract.

Transformation Considerations

Cloud Computing has the potential to dramatically change the landscape in which IT services are delivered in both commercial enterprises and within governmental agencies. The public sector market research firm INPUT forecasts that the 2009 federal market for Cloud Computing is $0.36 billion and will grow to approximately $1.2 billion by 2014. This is a compound growth rate of 27%! At present in 2009, less than 0.5% percent of federal IT investments are being steered towards Cloud Computing, a figure that is projected to grow to 2% in 2014. These significant projection increases indicate that cloud technologies are likely to show strong staying power as they become widely adopted. At the very least, it is clear that proven cloud services will emerge as viable niche solutions for a particular set of business applications.

How Should Organizations Take Advantage of Cloud Computing?

Government agencies are faced with making far-reaching decisions concerning whether cloud services are right for their organization; and if they are, which ones make the most sense; and to what level should services be deployed? It is important to evaluate the wide range of options available by weighing the benefits, risks, governance, budgeting, IT skill set requirements, and other pertinent considerations.

There are several sound approaches that can help with the decision-making process surrounding Cloud Computing services, which are summarized in Appendix One: Adoption/Navigation Strategy Tips. The important takeaway is to realize that there are multiple viable options for introducing and assessing Cloud Computing. Options range from low risk, low cost assessments and pilots to more substantial implementations.

Given that Cloud Computing is still in its infancy, obtaining the services of an experienced Navigator may be in the best interests of your organization. When you are nearing a decision point, look for a services partner who can offer a full range of IT infrastructure, IT transformation capabilities, and strategic vendor alliances; while maintaining a firm commitment to meeting the goals of your organization.

Summary

An experienced Navigator can help meet the mission goals of your organization by: Performing virtual desktop assessments Performing cost/benefit analyses Conducting turnkey short term pilots at little or no cost Identifying who can offer IT infrastructure, IT transformation capabilities, and strategic vendor alliances that meet the goals of your organization

This paper has provided an overview of the current Cloud Computing landscape with answers to many common questions. While the differing delivery and deployment models may seem a bit daunting to decipher, keep in mind that when implemented correctly, cloud services have common benefit characteristics, including: self-service, access, resource pooling, elasticity, and service controls.

Targeting an effective Cloud Computing strategy requires focused planning and experience so you don’t miss the mark.

Of all the elements that go into IT hosting decision making for government agencies, information security is typically the highest priority. NIST has working groups looking at creating security standards for Cloud Computing and their publications can be located at: http://csrc.nist.gov/groups/SNS/cloud-computing/index.html .

While NIST continues developing guidelines and standards, there are excellent opportunities for government agencies to begin adopting Cloud Computing and leverage its benefits. Considering cloud technologies is especially appropriate for applications that are public-facing and do not involve exposing privacy act or classified information. Also, some options such as the Virtual Desktop, may actually improve an agency’s data security by migrating data stored at the workstation level to a secure hosting facility that meets all of the current FISMA requirements.

If Cloud Computing seems like it may be a good fit with your organization, see Appendix
One: Adoption/Navigation Strategy Tips for more information about areas of consideration.

As you and other decision-makers consider the potential value of Cloud Computing for your organization, there are some basic “Up-front Questions” you will probably want to consider:

• How does Cloud architecture differ from what we already have?
• Can a Cloud configuration help re-allocate a “hard” asset portfolio to increase capability requirements without capital expense?
• Can Cloud Computing provide added capabilities for key services including: citizen engagement (wikis, blogs, data.gov); enhanced productivity, and enterprise operations (core mission and business services).
• What is the most efficient way to prioritize the services your organization offers and assess how cloud technologies can add functionality and efficiency?
• How do you justify and address venturing forward with Cloud Computing when security is a primary concern?
• What “should” Cloud Computing mean to our organization?
• How “will” Cloud Computing impact you and your team?
• What additional information do key decision-makers need to understand as they assess Cloud options for your environment?

As you look to answer these basic questions and determine whether soaring into the cloud is the right strategy, there are many tactics you can use to gather information, assess options, or try out Cloud Computing in your environment. See Appendix One: Adoption/Navigation Strategy Tips on the next page for some highly manageable and phased implementation strategies.

Given the complexities of choices, obtaining the services of an experienced Navigator may be a good strategy for your organization. The experience and skill sets of a trusted services provider can offer the management and technical expertise needed to help you achieve your goals.

An experienced Navigator can help meet the mission goals of your organization by:

• Performing virtual desktop assessments
• Performing cost/benefit analyses
• Conducting turnkey short-term pilots at little or no cost
• Identifying who can offer IT infrastructure, IT transformation capabilities, and strategic vendor alliances that meet the goals of your organization

About the Author

Colin R. Chasler is Vice President, Solutions Architecture, for the government services group of Dell Services. Colin has held IT leadership positions in several Fortune 1000 companies and has been involved in many mission-driven projects, including the introduction of new technologies, services and business processes into those organizations. These experiences have provided him with extensive insight into the benefits as well as challenges of adopting new technologies, and leading change within organizations. Colin is currently leading initiatives within Dell Services to introduce cloud technologies to government services clients and help IT influencers and decision-makers explore if cloud options will provide benefits for their organizations.

About Dell Services

We serve clients in government, healthcare, banking, insurance, and manufacturing. Dell Services serves all DoD branches; agencies within the DHS including the Coast Guard, USCIS, and Customs and Border Protection; the intelligence community; and a multitude of other high profile federal civilian agencies. We are a highly-experienced systems integrator and IT services provider leading the way in offering the latest technologies including modular services, virtual solutions, and Cloud Computing.

Appendix One: Adoption/Navigation Strategy Tips

If flying into the cloud sounds like it may be right for your organization, here are a few recommendations to consider:

Areas of Consideration Recommendation Consider Lessons Learned from Early Adopters Establish a network of organizations who are using some form of Cloud Computing and can provide counsel on what worked, things that were easy to implement, things that were more complex than expected, and perhaps most important: what did and did not meet expectations. Optimize the Use of Server Virtualization While many organizations have implemented some form of server virtualization, there may still be significant opportunities to lower the total cost of ownership (TCO) of the server infrastructure. Perform a Virtual Desktop Assessment and Cost/Benefit Analysis. Implementing a desktop environment in which end-user devices are virtualized and the data center servers are not yet virtualized can provide an opportunity to pilot either an onsite or remote Cloud Computing environment with low risk and low initial investment. Pilot Either an Onsite or Offsite Cloud Infrastructure Implementing pilot programs can help assess the readiness of an organization to adopt Cloud Computing and identify the impact on the IT infrastructure and applications support groups. A successful pilot forms a solid base for expansion. Some suggestions for initial pilots are: Internal/external web site hosting that include access to confidential data Development/test environments Perform a Cloud Computing Readiness Assessment Typically this is relatively short (perhaps 1-2 month) assessment of management practices and support capabilities with the goal of determining which areas of IT infrastructure and applications could most benefit from Cloud Computing. Develop a Cloud Computing Strategy and Investment Plan Detail a 2-3 year road map on how to invest in and transform the delivery of IT services to your organization. This more comprehensive approach is especially important if you are looking to be a Center of Excellence and deliver cloud solutions as a managed service. A thorough strategic and tactical plan will address the impacts on organizational capabilities in the external- facing environment that is not necessarily required of an internally-focused IT organization.

1 “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Information Technology Laboratory. Peter Mell and Tim Grance, Version 15, October 7, 2009. csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc