BluePi has done numerous migrations for large enterprises and SMBs alike. Based on this experience we have documented the considerations an organization needs to make before embarking on their journey to the cloud. Feel free to download - http://bluepiit.com/white-paper/
2. Contents
Business Drivers
Selection of Cloud Provider
Page No.
Page No.
Business Continuity/Disaster Recovery
Short Term Extension
Seasonality
Application upgrades or resource constraints
Compliance and regulatory challenges
Dev/Test and UAT workloads
Move to Opex
Uncertainty and Change
Flexibility
Interoperability & Portability
Degree of Automation
Service Dynamics
Costs
Price Model
Service Charges
Scope and Performance
Technology
Software
Performance
IT Security & Privacy
Datacenter Security
Network Security
Reliability and Trustworthiness
4
7
10
4
6
4
8
11
5
5
9
12
5
9
13
4
7
10
4
8
12
5
9
12
10
3. Security aspects
of Cloud Computing
Licensing Considerations
Contact us
Page No.
Page No.
Page No.
16
17
18
Migration Strategy Page No.
Identify Business Drivers
Assessment
Roadmap
Migration
Optimisation
Operations
Business as Usual
15
14
15
15
15
15
15
15
Contents
4. Why Businesses
move to the cloud?
Business Continuity/
Disaster Recovery
Short Term Extension
Seasonality
Application upgrades or resource constraints
Different Enterprises have different
drivers for adopting the cloud. Some
see cost as the primary driver while
some others consider agility as the
prime criteria. We at BluePi have seen
customers’ adoption being driven by
one of these eight reasons.
A classic reason that is driving the adoption of hosted
compute and storage resources is BCP & DR. The
idea of being able to run the mission critical applica-
tions even if the on-premise data centre is unavailable
is lucrative. In this scenario the cloud computing could
be either primary or secondary site eliminating the
dependance on the on-premise availability.
Occasionally enterprises need a short term augmentation to their existing data center. Given that pro-
curement times are usually in months to add extra capacity , the cloud provides an on-demand opportu-
nity to add scale.
Many organisations, especially in B2C industries like leisure, hospitality, entertainment and retail, run
regular one-off campaigns, special events, Managed cloud hosting help by allowing these companies to
scale on demand and then scale down as demand subsides. This elasticity – the ability to “cloud burst”
– is a huge driver for many businesses and will be significantly more cost-effective than buying hardware
that is only used for a short portion of any given year.
Organisations often wait before upgrading to the latest versions of software which require expensive
changes to the existing hardware. Sometimes current hardware is reach its end of life and are reaching
their limits in terms of resource usage. This presents an opportunity to organisations to focus on manag-
ing the applications while outsourcing the current hardware reach, upgrade and maintenance challenges
to an MSP.
1
2
3
4
Business
Drivers
5. Dev/Test and UAT workloads
Move to Opex
Uncertainty and Change
Organisations looking to adopt the cloud with minimal risk move their development, test and UAT envi-
ronments to the cloud. These environments are usually on demand and significant cost savings can be
accrued without any impact to ongoing business.
One big financial benefit of adopting the cloud comes from the move to a predictable monthly recurring
model of IaaS costs as opposed to cape spikes. This also leads to removal of hardware ownership and
lets organisations focus on their core competencies.
Cloud provides an instant ability to provision new resources and this acts as a safeguard against the
uncertainty and unpredictability of the future growth of business.
6
7
8
Compliance and regulatory challenges
Security and Privacy of data is a significant compliance, legal and regulatory issue for organisations.
Some organisations require HIPAA compliance for healthcare data and some UK based organisations
require ISO27001 complaint data centres. Cloud providers help by ensuring compliance to these regula-
tory requirements. For example AWS provides HIPAA compliance and provides CloudTrail for capturing
detailed access and audit logs.
5
In summary more often than
not it is a combination of the
above reasons that leads to
the adoption of cloud
computing. If you need help
to identify your business
drivers drop us a line at
info@bluepi.in
We run a free survey that
helps organisations define
their business drivers accu-
rately.
6. What are the considerations for
evaluating the cloud providers?
Selection of
Cloud Provider
One of the primary challenges that organisations face while deciding to move
to the cloud concerns the choice of the cloud provider. What criteria should be
applied to shortlist vendors and how to discern the qualitative difference be-
tween these is a mammoth challenge. Below we provide a best practice criteria
for addressing the same.
Bottomline is that there is no one size fits all in selection of the cloud
provider. Knowing your cloud computing needs hold the key to the selection of
your cloud provider. First step is for you to identify whether a SaaS or IaaS model
works best for you.
For example if you are running exchange/outlook in your private data
center it is primarily a choice between using a SaaS email solution like Office
365, gmail or hosting your exchange on an IaaS provider. While Office 365 or
Gmail would provide you significant abstraction and automation thereby reduc-
ing your maintenance overhead, they also limit the control you exercise on the
environment.
We recommend each organisation develop their own provider selection
model based on their own priorities and criteria. However we summarise some
of the criteria under different headings to help you develop your own model.
Most of the section is structured in order to help you identify and frame the im-
portant questions.
7. A key criteria for selection is to ensure that the
data at rest hosted within the cloud is portable
and can be moved on-premise or to another
provider at a moment notice. Data could be in
form of object storage like files, backups and
archive or in the form of block storage like hard
disks. Even data stored in the form of audit/ac-
cess logs and message queue temporary data
should be considered.
Interoperability & Portability
Interoperability and portability may be a significant criteria for
organisations to ensure that there is no single vendor lock-in.
A cloud provider may choose to implement an
API or functionality that is completely propri-
etary in nature. Sometimes this becomes nec-
essary due to the lack of an existing standard
in the area. Often times these API or functional-
ity can evolve to be the de facto standard -for
example the AWS Simple Storage Service (S3)
API has evolved to be a standard and other
providers have now developed S3 interopera-
Standardisation
Data Portability
Virtual machine instantiation
and portability
One of the most basic resources which CloudCom-
puting delivers is the Virtual Machine, which is a
physical metaphor type of resource. VM Mobility is
that feature in a particular hypervisor which allows a
running system to be moved from oneVM to anoth-
er VM. As far as the running system is concerned
it does not need to be reconfigured, all of the ele-
ments such as MAC and IP address and DNS name
stay the same; any of the ways storage may be ref-
erenced stay the same. Whatever needs to happen
to make this work is not the concern of the running
system. VM mobility has been implemented with
several hypervisors but there are limitations
Flexibility
ble APIs. Another example is CloudFoundry that is
an open source de-facto standard in the area of the
PaaS.
Bottomline is though standardisation is important,
other criteria like feature richness and capability
should also be considered during the selection.
8. It is important to be able to provision a
VM very quickly when needed. This metric
becomes critical especially during a metric
autoscale scenario.
It is is critical to determine whether there is
a time bound tie-in or it is truly pay as you
go. Also some providers have discounts for
longer service periods.
Provisioning time Contract Length
Service Dynamics
The services provided need to be evaluated to get an
understanding of what the organisation is signing up for.
Degree of Automation
Sometimes the primary reason of moving to the cloud is to bene-
fit from automation. This therefore becomes a critical criteria and
needs a great deal of study.
Do changes to the VM require downtime?
Can we update the resources on the database
without causing a downtime?
Some providers allow the automated scale-out
, scale-in of the application environment driven
either by schedule or performance metrics.
This could lead to not only automated commis-
Can backups/restoration & upgrades be automated
for the database resources? Are security patches
automatically applied on the OS ?
Providers do provide varying degree of automation
in these areas. More automation of course means
lesser involvement and greater peace of mind.
Changes/Updates
Scalability
Systems Management
sioning of resources to address unexpected peak
load scenarios but also lead to significant cost sav-
ings due to the optimisation of resource utilisation.
9. Some cloud providers aim at the higher end of the
pricing spectrum but provide a very high degree
of automation, services & resilience. The balance
between cost and resiliency varies from organisa-
tion to organisation and application to application
within an organisation.
Does the provider allow you to make choices
based on your needs so that you can customise
your environment and therefore your costs. For
example Amazon provides two classes of storage
services in S3 - Standard(99.999999 availability)
vs Reduced redundancy storage (99.99 availabili-
ty) with different costs.
How frequently have the prices changed his-
torically? Are they resilient ups and downs in
the marketplace. For example Amazon AWS
has continuously slashed prices on an ongo-
ing basis and passed on the benefits of scale
to the consumers.
Granularity determines the blocks at which the
services are priced. For example S3 storage
services is priced at the same rate for the first TB
and then for the next 50 TB. These blocks mean
that it favours organisations with peta-bytes of
storage.
Are there hidden costs or the pricing transpar-
ency and clearly documented? What about
local tax implications? These are some of the
considerations to determine the providers
business ethics.
What are the different types of service charges
applied to a service? For example apart from
storage cost AWS charges $.005 per 1000
update requests and $.004 per 10,000 get
requests.
Price Class
Price Options
Price Resilience
Granularity
Price Transparency
Type
Costs
Service Charges
In depth analysis of the costs associated with the cloud adoption
needs to be carried out. The sad truth is that there is no easy way
to do an apple to apple comparison of the costs between different
providers. The problem is aggravated due to a variety of pricing
option, SLAs and transparency.
All providers charge for services that are automated while
using their environments.
As seen, calculating the costs may not be an easy exercise given the granularity and type of charges
being applied by the provider.
10. How easy is to provision load balancers to the en-
vironment? What kind of configuration options do
these load balancers provide? is it possible to use
instance load metrics to define the routing algo-
rithms? Is it possible to provision an on-premise
load balancer (F5 for example) to the provider.
What are the sizing options available for the in-
stances? What operating systems are supported?
Are there instances available that provide specific
resource optimisations - like CPU, memory or disk
or GPU?
Are there automated lifecycle policies available to
migrate data from one type of storage to anoth-
er? Are there automated template deployments for
common use cases like LAMP stack, J2EE web
stack or .Net based IIS web applications? Are there
automated audit logs and performance metrics that
can be turned on an as needed basis?
Are there limits to the storage capacity? Are they
available on-demand and via an API? Are tiered
storage options available? Are server and client
side encryption available on the storage tier for
security and privacy available? Is service side la-
tency insignificant compared to internet latency?
What kind of virtualisation technology is provided
by the provider? Can you extend your current data
centre assets by leveraging a product like vmware
cloud director. Can you choose the hypervisor. For
some organisations these may be critical decision
making points.
Is it possible to create a segregated network and
VPN within the cloud environment? Some organi-
sation provide their services as SaaS offerings to
end clients. It may be a requirement to provide
data segregation for this to succeed given the
compliance and regulatory requirements.
Is RDP or SSH access to the VM environments
allowed? How secure are these? Do the VMs get
patched for security vulnerabilities on an ongoing
basis? Can network access be allowed from spe-
cific ip address ranges and on specific ports?
Load balancers
Instance Type Add-On Services
Storage Services
Virtualisation
Multi-Tenancy Network Access
Scope and Performance
It is critical to evaluate the scope of services and capabilities provided. Given that the migra-
tion to a different provider is a costly affair it is critical that the due diligence exercise takes
into account the variety of services that are available. In this area AWS leads the market by
adding new capabilities on a regular basis. There PaaS offerings like Beanstalk while at the
same time deployment automation frameworks like Opsworks and cloudformation.
Technology
Software
11. Is it possible to procure guaranteed com-
puting time? This becomes critical in case of
running a High Performance Compute Cluster
(HPCC).
Are there SLAs available for connection band-
width between the different tiers? Does the
bandwidth become an issue during peak
load scenarios? Very few providers give clear
answers in this regard.
Computing Time Connection Bandwidth
Performance
12. Datacenter Security
Network Security
IT Security & Privacy
Security and trust from a hardware perspective is a
complex subject and requires consideration from
a compliance perspective. More often than not
the physical aspect of data security is well taken
care of by almost all the known cloud providers.
One interesting insight comes from the fact
that most violations in the field of healthcare in the
US appear to be physical in nature and mostly due
to negligence. Some cloud providers allow the in-
stallation of a hardware security module. An HSM
may be required due to corporate, contractual and
regulatory compliance requirements.
Depending on the criticality of the data on the
cloud it may be necessary to secure the connec-
tions between the data centre and the cloud. For
example AWS provides DirectConnect while rack-
space provides rackconnect to establish a secure
dedicated private connection between the cloud
and the on-premise data center.
Firewalls play a critical role in the security of
the networks provided in the cloud. How easy it is
Software security more often than not needs to be
provided by the organisation itself. Patching of OS,
application servers, unmanaged databases as
well as any application that the organisation runs
is the responsibility of the organisation.
This is called the shared security model.
Hardware Security
Connection Security
Software Security
to setup a network configuration could be some-
thing of vital importance to the data centre opera-
tions.
It is important to ask questions like how quickly
could a specific IP range be banned in case of
DOS attack.
13. Reliability and Trustworthiness
The Cloud Service Provider should have certain safety nets in place
to ensure services whice are consistently available. These include
• redundancy of power
• redundancy of Internet connection
• cooling systems
• fire suppression systems
• servers
• storage
• security systems
14. Migration Strategy
When and how do you migrate
to the cloud?
1 2 3 4 5 6 7
Business
Drivers
Assessment Roadmap Migration Optimization Operations BAU
What are your
drivers?
Are your ready
to priortise
services to be
migrated
to cloud?
Do you know
how to scale
your business
and reduce
your costs?
Do you know
how to scale
your business
and reduce
your costs?
Are you up to
speed on the
evolutin of the
cloud?Are your
apps/IT ready
for the cloud?
Have you
started the
process of
migrating your
apps to the
cloud?
Define key
business drivers
and measurable
benefits for the
cloud migration.
55% cite busi-
ness agility
and scalability
as the biggest
drivers
Close behind
is the cost with
48% citing it as
driver
Assess your
application’s/
infrastructure’s
cloud readiness
Assessment
should not only
evaluate IT but
must encom-
pass process,
people & gover-
nance
Bluepi has a
proprietary
framework to
evaluate your
cloud readiness
Identify and
priortise the
appropriate
systems
Identification is
a cost ben-
efit analysis
between speed
of migration,
cost, criticality &
business value
Make the move,
transistion all or
parts of data,
applications
and services
The following
types of appli-
cations are seen
to be moving to
the cloud :
Collaboration
Application
Web Applica-
tions
Data Backup
Business Appli-
cations
Scale, improve,
RTO/RPO and
lower costs
Now that
your apps are
already in the
cloud, its time
to focus on
operational
efficiency, re-
covery, objec-
tives and cost
opimizations.
We have helped
clients reduce
costs by 50%
while experienc-
ing higher per-
formance and
lower response
time.
Standardise op-
erational tasks,
leverage cloud
services
Take enterprise
cloud comput-
ing to the top by
managing your
business critical
services.
Intergrate cur-
rent processes
and systems
with those on
the cloud to
create a seam-
less experience
Define key
business drivers
and measurable
benefits for the
cloud migration.
55% cite busi-
ness agility
and scalability
as the biggest
drivers
Close behind
is the cost with
48% citing it as
driver
Migrating to the cloud is a long term strategic investment. We
at BluePI believe the steps below highlighting the staged
approach towards enterprise cloud migrations.
15. Before embarking on a cloud initiative it is imper-
ative for an organisation to identify and define
the key business drivers. Unless the key success
criteria is clearly articulated and documented, the
initiative cannot be measured and is doomed for
failure.
Often this stage requires involving all the stake-
holders (business and technical) to discuss and
agree on their definition of key success criteria.
Please read the section on Business drivers for
further details.
Once you know what your objectives of migration
are the next step is to identify assess the state of
the state of the IT assets. The big question that
needs answering here is whether your infrastruc-
ture and applications are cloud ready.
The evaluation should include processes, people
and governance. Questions like skilled manpower
requirements for operating a cloud environment
should be carried out in this stage.
Assessment
Operations
Identify Business Drivers
Roadmap
Optimisation
Business as Usual
Based on the outcome of the assessment in the
previous step a roadmap should be drawn. The
roadmap should take into account the appetite for
risks as well the business criticality of application
being migrated. A cost-benefit analysis of each
application landscape’s migration to cloud should
be carried out. It is also essential to consider the
possibility of consolidation of applications and
retiring some of them if possible.
Its never BAU in an enterprise. However at this
level the stage is set where cloud becomes the
first choice for deployment for any new IT initiative
and a body o knowledge and best practices have
already emerged within the organisation to take
care of routine activities.
Once the roadmap is defined the actual process
of migration begins. Most organisations prefer to
move application low in criticality but with large
footprints. Some organisations move DR environ-
ments first before moving the entire production
landscape. Others choose to move
Dev/Test/UAT before anything else.
Once the environments are optimised it is impera-
tive to leverage cloud services to automate op-
erations. This is where the benefits of automated
backup, restore, versioning and lifecycle rules can
be leveraged.
Once the applications are migrated it is time to
optimise the deployment by focusing on the
RTO/RPO and by lowering costs by using tiered
storage and scale-in, scale-out techniques. At
this stage the real benefits of the migration begin
to manifest. This is also a good time evaluate the
migration against the success criteria established
in step 1.
Migration
Once the roadmap is defined the actual process
of migration begins. Most organisations prefer to
move application low in criticality but with large
footprints. Some organisations move DR environ-
ments first before moving the entire production
landscape. Others choose to move
Dev/Test/UAT before anything else.
16. How do you keep your
data/apps safe ?
Security aspects
of Cloud
Computing
This area in itself is a significant area of contention and varies from busi-
ness to business. To ensure that this guide provides best practices for a
large cross-section of industries, this is phrased in terms of action items
that must be carried out .
• Review vendors business continuity and disaster recovery plan
• Create a Backup plan for data at rest
• Evaluate the need to maintain redundancy with the same or a
different vendor
• Ensure scheduled outages acceptable both in terms of duration
and time of the day
• Evaluate the SLA guarantees adequate system availability
• Ensure ability to increase computing resources on-demand
• Ensure legislative obligations can be met to protect and manage
data
• Sanitisation policy of storage media after EOL
• Evaluate if secure monitoring is available
• Is Disk encryption available if required
• The vendor has a secure gateway environment
• Is there gateway certification available
• Availability of Multi-factor authentication
• Determine the availability of private subnets
17. How does licensing work
on the cloud?
Licensing
Considerations
Licensing is sometimes is called the achilles heel of Cloud computing.
This is primarily because the old models of software licensing are wholly
incompatible with the on demand nature of cloud workloads.
Enterprise software is in a category unto itself when it comes to licens-
ing. It isn’t like drive-by downloads: pay $39.95 through PayPal or a cred-
it card and it’s yours, deploy at will. Enterprise software licensing is a
complex system of variables and equations that has remained largely
inscrutable.
Even in the simplest CPU based licensing model cloud computing intro-
duces variables that can be prediction of costs very difficult. As it is on
the cloud the number of CPUs that would be run is variable - that is the
definition of the term elastic.
Each cloud provider enters into strategic partnerships with the enterprise
solution providers to bring some level of transparency. However it re-
mains a legal and procurement nightmare to ensure license compliance.
If you have questions around licensing feel free to reach out to us at
info@bluepi.in and we would share our collective experience on the sub-
ject matter with you.
We leave you with four documented links on how enterprise product
licensing works on Amazon AWS for different vendors to underline the
complexity of the affairs.
IBM on AWS
Microsoft License Mobility
Licensing Oracle Software in cloud computing environment
http://aws.amazon.com/sap/
18. Thank You
Bluepi Conculting Services
Gurgaon Address:
455, 4th Floor, JMD
Megapolis, Sohna Road,
Sector 48, Gurgaon,
Haryana,
122018
India.
Phone: +91-9899787871
E-mail: inquiry@bluepi.in
Bangalore Address:
Sierra Cartel Business Center,
Second floor, No.91
17th Cross, 14th main, 4th
sector, HSR layout,
Bangalore – 560102
India.