Like many choices in life, choosing the person/company/service to host your applications is an important and sometimes difficult one. There are several different types of Cloud and every person involved has their own terminology or take on it – there are times in vendor presentations I feel like I’m in a particularly pretentious episode of Master Chef.
This post will draw out the basics of what customers should look at to begin their search for Infrastructure as a Service provider, and to be honest it is not much different to finding a new hosting provider.
The first item to be clarified, is what type of Cloud service do you wish to consume.
The main types of Cloud services
- Infrastructure as a Service (IaaS). This is a service where a customer gets full OS level control of a server/virtual machine
- Platform as a Service (PaaS). This is a service where a customer gets control of the database/middleware/application but the OS is supported by the provider
- Software as a Service (SaaS). This is a service where a customer gets access to an application and a subset of administration functions to support their users.
Each Cloud supports different application types and, as a customer, you must choose the Cloud which meets your business goals and matches, or improves, the capability of your organisation. The services offered by each type and the provider of each can differ, making a comparison somewhat challenging. That said, here are some key areas to start with.
Type of provider
Whilst a critical part of system resilience and recovery is the backup, not all backups are equal. It is essential to understand how your provider takes backups. For example, do they take incremental backups and not full backups, or do they backup to disk only and never to tape? These items can affect both the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). This also doesn’t factor in any compliance requirements your company may have.
DNS is a simple concept. It defines how resources in your landscape are found and where they are found. When you need to start providing this service to external sources and across multiple internal sites it can get complicated. Be sure to check how DNS is provided and managed by the service. Some providers require a domain delegation which may not be possible under your own security controls. Other providers might require that the customer holds the A records and not the CNAME – something which can affect SLA reporting in the event of an issue.
High Availability (HA) with Virtual machines can be quite complex. Depending on the level of support you have selected with your provider you might just be given an SLA and the provider will architect a HA solution which will meet that SLA. For example, with VMWare and VMotion it is possible to meet a 99.5+ SLA without any clustering. It is essential that customers understand their HA requirements and the providers’ architecture to ensure it meets compliance requirements. HA should be tested frequently and everyone working with a HA system should know how to fail it over and what to do if there are issues. HA is there to make life easier and reduce single points of failure – not to be an infrequent event.
Disaster recovery is essential for business continuity planning. As with HA – depending on your provider and the support level you have selected - you can expect different capabilities. Without analysing each in turn, you must ensure that you understand how the disaster recovery mechanism functions. Some providers will only fail over the entire of your estate and not a single application - this has huge implications on your SLA to the business in the event of a failure of a single component. It goes without saying that disaster recovery should be tested frequently to ensure the hand process works and hand-offs between providers and customers is good.
Monitoring and alerting
When handing your infrastructure and applications to another party you become dependent upon them to provide a good service. You must be able to determine if the application is being managed properly and issues are being handled. There are several ways to do this, again dependent upon your service level and provider. Some providers have clear SLAs and others provide access to the monitoring workbenches. It is prudent to at least get access to the service data regularly to ensure that issues are not being hidden.
Security of Cloud hosted environments has traditionally been an area of concern for customers. This is because of the fact that much of the infrastructure used by Cloud providers is shared, i.e. network infrastructure or storage infrastructure. This leads to concerns that your data will be accessible to other parties through human error. However, this is a risk with any shared service not just Cloud. Customers who are moving data external to their core network should do a thorough and pragmatic risk analysis of their data to fully understand what their risk profile really looks like. Cloud providers have some of the most secure physical facilities available, and have good change management processes to reduce the occurrence of issues affecting customers. Like with internally held systems, the biggest risk to a customer’s data is their own staff and their own application configurations.
Renewable energy and reporting of carbon emissions
This is another important consideration when selecting a Cloud provider. Major companies have been moving their data centre power to renewable sources like solar, hydro and wind for several years now. This has been for a number of reasons:
- Good corporate citizenship and alignment to corporate values
- Better control of supply chain for their power generation through partnerships and fixed rate charges
- Pre-empting carbon legislation from governments wishing to meet their binding carbon targets
Using data from Tom Raftery’s GreenMonk (Greenmonk.net) site, the table below shows some example providers, and the percentage that renewable energy and carbon credits contribute to their operations consumption, and their reporting transparency.
This metric differs in value to different companies, depending on their own environmental policy. It should be noted that companies are responsible for their supply chain and the providers which exist within it.
The choice of Cloud provider is a multi-dimensional decision involving many metrics outside of technical considerations – although ultimately the platform has to be able to provide the technical capability to run the application. The list above is a subset of technical requirements which customers have faced challenges with over the years with providers which hopefully will prove useful.