There is a persistent (mainly vendor-driven) meme going around the world of IT that building and running a responsible, secure, available, enterprise-quality cloud is simple. The theory seems to be that it just needs some server virtualization, adding automation, maybe dropping in some change control, and calling it done. Or that all you need to do is to logon to a public cloud provider, give them a credit card number, then click a button to migrate your workloads to the cloud.
You see it virtually everywhere you turn. It shows up in myopic discussions of ‘cloud lifecycle’ that conveniently ignore pre- and post-deployment activity like service planning, application design, security and compliance, and facilities management. It is the basis of posts that gush over benefits of cloud that only apply to new applications on mono-platform ecosystems. It is the premise for speeches advising you to ‘ring-fence’ any platform, technology, or application that does not fit the new cloudy ways.
So I thought it might be useful to review the CA Technologies approach to cloud. This is a more complete approach that outlines six essential capabilities required to address more than just the virtualization and automation of component infrastructures, more than just migration to a public cloud provider, and more than just a single-platform ‘ecosystem.’
6 Core Competencies to Use and Provide Enterprise Cloud Services
The CA Technologies approach is based on our Business Service Innovation (BSI) roadmap – a common set of guiding principles and disciplines that CA Technologies advocates to deliver any innovative business service. When applied to cloud computing, the BSI roadmap outlines six core competencies that enterprises and service providers alike should adopt to responsibly use or provide enterprise-grade cloud services.
Of course, it includes the core basics of delivering a cloud – such as virtualization and automation. However, it (appropriately) starts earlier in the process with essential elements of planning, modeling, and assembly of complex hybrid IT services before they are delivered. It also progresses forward to encompass ongoing security, assurance, and management for complex services after they are delivered.
As such, this approach forms the basis of a much more realistic cloud computing strategy than the idealistic and tactical ‘imagineeering’ that seems increasingly common elsewhere.
The six core competencies include:
- Model and simulate cloud services before you invest. It is not enough to proclaim “To the cloud!” and declare victory. You need insight into your current service portfolio and your upcoming development projects. You need to know what cloud options you have, and what will actually help solve your problems. You need to know whether SaaS, PaaS, IaaS, private, public, or hybrid is the answer for any given service. You need to model, simulate, and test before you invest to ensure a smooth and cost-effective transition. Only then can you make objective and effective decisions on how, when, what, and why to move to cloud – the right services, the right way, the first time.
- Assemble cloud services from internal & external sources. Cloud choice is often haphazard and ad hoc, resulting in unproductive, costly, insecure, duplicated, and non-compliant ‘rogue cloud.’ Instead, you should intentionally assemble the right cloud choices to create a functional hybrid service environment. This too must start with objective insight into current service definitions and requirements, available service offerings, and possible service providers. Only then can you evaluate cloud options and assemble the right combination of infrastructure resources and/or pre-built services, to deliver the complete cloud service that business needs.
- Automate manual activity across diverse systems. Cloud computing assumes ‘on-demand self-service,’ so automation is essential to accelerate the complex interactions of virtualization, self-service, resource measurement, chargeback, and service delivery. Large enterprises especially must consider how to orchestrate complex services across cloud and traditional platforms; how to automate processes and workloads across public and private clouds, whether IaaS, PaaS, or SaaS; how to integrate element managers and fabrics like VCE Vblock, NetApp FlexPod, or Cisco UCS; and how to automatically manage non-IT resources like power, cooling, and facilities. Enterprise cloud needs unified orchestration capabilities that can automate manual activity across all these environments as one, not just one or two proprietary platforms.
- Assure service performance across the IT value chain. It is not enough to build a cloud – the complete cloud lifecycle includes running cloud services to assure the availability, compliance, and experience that the business requires. This starts with the alignment of service levels and business service priorities, and extends to real-time, 24×7, service-aware performance monitoring for the entire business service. Moreover, in a complex world of hybrid IT, you need assurance across multiple service tiers; across physical infrastructure and non-x86 components; across elements of SaaS, PaaS, and IaaS; as well as across virtual, private, and public cloud boundaries.
- Secure cloud with content-aware identity & access controls. Any cloud lifecycle ‘solution’ that does not include security is risky at best, downright dangerous at worst. Shifting boundaries of cloud make traditional perimeter protection less effective, so you need to adopt agile identity- and content-aware security, alongside traditional technologies such as data loss prevention and event monitoring. Automated controls will help to reduce risk by ensuring functional isolation and strict audit for data access, system provisioning, configuration changes, and other sensitive activities. And this security should not only support all your cloud services – on-premise, off-premise, public, private, IaaS, PaaS, SaaS, etc. – but should also integrate with traditional IT systems to ensure there are no gaps for the bad guys to walk through.
- Manage hybrid cloud service according to business needs. It is not enough to build, buy, or use a cloud and call it good; it is not even enough to go just one level higher than the element infrastructure, and look at so-called ‘IT services’ in isolation. Instead, you need a top-down approach that values and manages business service outcomes – user productivity, return on assets, carbon production, legal and contractual compliance, energy utilization, resourcing costs, innovation and ideation, cycle time acceleration, performance, and more. You must also continually revisit IT and business service delivery, automating and orchestrating as much as possible to keep removing inefficiencies and manual intervention.
Make no mistake. If all you are doing is virtualizing and automating a corner of your data center with one proprietary platform, then you are destined to create yet another costly and complex silo of duplicated resources and wasted money. If all you are doing is taking existing infrastructure tools and equipping them with people, you are destined to suffer the ever-increasing cost of an army of consultants. If all you are doing is collecting data from an uncontrolled and unplanned ‘cloud of clouds,’ then you aren’t fixing the problem, you are making it worse.
And if you are adopting cloud computing without planning, without security, without assurance, then your cloud – and perhaps your business – is destined to fail spectacularly.
Because ‘the cloud’ is complex, overly simple approaches will not work. IT needs to manage the entire cloud, from end to end – starting with initial service analysis, planning and modeling; through intentional assembly of components and services; automation and orchestration of complex processes; assurance for performance and reliability; security and compliance for data and identity; to business-focused management of the whole business service.
Hopefully this helps give an idea of the reality of how to get to cloud computing – and how CA Technologies can help with everything from modeling to securing and managing your cloud.
At CA Technologies, we have a lot of best practice advice and material on using and providing cloud computing services, across the entire BSI value roadmap – including brochures, presentations, whitepapers, etc., from both CA employees (like myself) and from independent industry experts including research analysts, journalists, and independent consultants. If you want to find more in-depth content on this topic, check out CA.com/cloud for a wealth of detailed material. We can always connect directly with our strategy and technology experts for a great in-depth conversation, too.
Finally, as always, I would love to hear your thoughts on this practical model for cloud. Please go ahead and hit me up, either in the comments below, or on Twitter!