InformationWeek Stories by Beth Stackpole

InformationWeek Stories by Beth Stackpolehttp://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2012-06-04T08:30:00Z4 Tips To Ease Cloud Bill ShockConsider this advice for managing people, governance processes, and automated tools to prevent end-of-month cloud bill surprises.http://www.informationweek.com/news/240001357?cid=RSSfeed_IWK_Authors <div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/cloud-computing/infrastructure/232901167"><img src="http://twimgs.com/informationweek/galleries/automated/788/01_Transformation-1_tn.jpg" alt="Amazon's 7 Cloud Advantages: Hype Vs. Reality" title="Amazon's 7 Cloud Advantages: Hype Vs. Reality" class="img175" /></a> <div class="storyImageTitle">Amazon's 7 Cloud Advantages: Hype Vs. Reality</div> (click image for larger view and for slideshow) </div>  There's no magic potion for stamping out cloud computing's copious hidden costs. Rather, the answer lies with getting serious about tried-and-true best practices to deliver enough real-time visibility so there are no surprises when the bill arrives. "Transparency is really the challenge, especially when you're looking at costs across various public clouds," notes Dave Zabrowski, founder and CEO of <a href=http://www.cloudcruiser.com/>CloudCruiser</a>, a cloud cost-management platform. "There are very tangible hidden costs that can be eliminated just with transparency of knowledge." For example, consider the simple problem of over-allocation. Companies typically sign up for public cloud computing power or storage capacity with the assumption that their workloads command a specific instance--therefore, they err on the side of over-provisioning and lock in at a higher price just to make sure they are covered. "But what happens is a lot is the workloads in real life aren't as demanding as people think," Zabrowski explains. "By having transparency into usage vs. allocation, for example, companies within hours can downgrade to a cheaper instance." [ For more on hidden cloud costs, read <a href="http://www.informationweek.com/news/cloud-computing/software/240001065?itc=edit_in_body_cross">4 Causes Of Cloud Bill Shock</a>. ] The formula for transparency is pretty straightforward, according to experts, but that doesn't mean it's easy to pull off. It involves putting the right people, processes, and tools in place to ensure clear visibility and that agile reconfiguring can happen on the fly. Here are the top four areas to focus on: 1) Tools, tools, and more tools. There is no shortage of cloud management and cloud cost-management tools on the market, and most experts agree that some combination of tools can deliver much of the requisite visibility and automation that can help IT organizations stay on top of their cloud environments. Tools like CloudCruiser and <a href="http://www.cloudyn.com/">Cloudyn</a>, for instance, can produce those usage vs. allocation reports to help companies continuously fine-tune their instances to optimize cost. Cloudyn employs algorithms to make recommendations around proper provisioning, pricing models, and tradeoffs between cost and performance. Other tools, like <a href="http://www.progress.com/en/openedge/index.html">Progress Software</a>, allow alerts to be set so companies are automatically notified, for instance, if usage runs over, based on predefined thresholds. "It's not just management tools--it's actually visibility and real-time monitoring so you don't find about things after the fact," says Colleen Smith, vice president, SaaS and cloud computing at Progress. "It's the only way to avoid end-of-the-month bill shock." 2. Establish clear cost-management processes. It's as much about tools as it is about process, experts say. With traditional IT deployments, IT had control and there were clear processes in place around approval and provisioning. Not so in the cloud world. "Mature IT departments have specific policies as to who can do what and what size machines can be provisioned--they have all that governance in place," notes Michael Melillo, senior user experience engineer for <a href="https://www.shi.com/">SHI Labs</a>, who is helping to architect the Infrastructure-as-a-Service (IaaS) provider's cloud platform. "Typically, when you go to the cloud, those same tools are not there." To help its IaaS customers create and enforce those governance policies, SHI Labs is offering its customers a portal, built around CloudCruiser, where they can pull detailed resource allocation reports, establish budget thresholds, and perform other cost-management tasks. "This gives them the visibility that was lacking and it's not just a bill at the end of the month," Melillo explains. "Having an audit trail along with proactive notification and thresholding is incredibly beneficial." 3. Create a dedicated management role. A move to the cloud doesn't mean all hands off deck. On the contrary, it's critical for IT organizations making the transformation to IT service management provider to retain dedicated management committed to managing and monitoring the environment for cost efficiencies. "You have to leverage domain expertise in cost management that exists within the organization," says Cloudyn CEO Sharon Wagner. "It's their responsibility to look for the right cloud vendors, negotiate (when they can) compelling business terms, and create streamlined processes that will support cloud provisioning." 4. Automate, but don't leave the human side out of the equation. While many of these checks and balances can be accomplished via automated cost management and monitoring tools, there's still a requirement for humans--both business users and IT--to work through the proper governance and rules of engagement. "There's a reason why it took three weeks or three months to get IT to set up a new server--you had to go through certain levels of approvals and processes," notes Progress' Smith. "While you can automate those in the cloud, you still have to think through the rules that govern cloud usage." The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital <a href="http://www.informationweek.com/gogreen/031412s/?k=axxe&cid=article_axxt_os">Cloud Calculations</a> InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)2012-05-29T09:05:00Z4 Causes Of Cloud Bill ShockSome companies shoot for reduced costs only to find unexpected expenses drive up the cloud computing bills. Do any of these problems lurk in your company?http://www.informationweek.com/news/240001065?cid=RSSfeed_IWK_Authors <div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/cloud-computing/infrastructure/232901167"><img src="http://twimgs.com/informationweek/galleries/automated/788/01_Transformation-1_tn.jpg" alt="Amazon's 7 Cloud Advantages: Hype Vs. Reality" title="Amazon's 7 Cloud Advantages: Hype Vs. Reality" class="img175" /></a> <div class="storyImageTitle">Amazon's 7 Cloud Advantages: Hype Vs. Reality</div> (click image for larger view and for slideshow) </div>  While the promise of the cloud is more cost-effective IT, the reality is that once companies move beyond simple deployment into a wholesale enterprise architecture shift, they often bump up against unanticipated expenses that threaten the cloud's principal value proposition. It could be a development team that spins up hundreds of servers for load testing that they then forget to switch off, or a marketing team reserving dozens of new server instances to run a specific campaign when there are untapped enterprise resources they could otherwise deploy. Whatever the case, the 'aha moment' around the cloud's hidden costs typically presents itself along with a hefty bill that can leave some CFOs questioning the long-term viability of the cloud as a cost-effective platform. "It's the shocking bill problem--that's when the pain first gets raised," said Sharon Wagner, CEO of <a href="http://www.cloudyn.com/">Cloudyn</a>, a provider of an automated cost management solution for analyzing cloud spending. It's a scenario many early cloud adopters are just now confronting as their cloud usage and infrastructure expands as, conversely, their direct visibility and control over usage patterns shrinks. Unlike days past, CIOs are unable to maximize cloud resources because they likely don't know what applications are running, where they are running, how much they are consuming, and what the cost implications are. [ Allocating costs across the enterprise has always posed problems, but cloud computing brings new complications. See <a href="http://www.informationweek.com/news/cloud-computing/software/240000672?itc=edit_in_body_cross">Cloud's Tough Enemy: Chargeback Pushback</a>. ] Experts say it boils down to a simple visibility problem, yet there aren't a lot of simple answers at this point in time. Most cloud management tools, which are in themselves still evolving, address the nature of workflow, providing visibility and management capabilities around things like capacity, provisioning, and utilization of resources, but not necessarily total cost of ownership (TCO). While tools like Cloudyn, CloudCruiser, Cloudability, and a handful of others are tackling the cloud cost-management problem, they are in the early stages of adoption, and most companies have yet to confront the cost issue head on. "Too many companies, until recently, only deal with the problem when they run into overages," said Mat Ellis, CEO of <a href="http://www.cloudability.com">Cloudability</a>. "TCO is the new security for the cloud. People are starting to take this seriously because they are now starting to spend serious amounts of money on the cloud." According to Ellis and other cloud experts, these four scenarios account for cloud's most common hidden costs: 1. Runaway VMs: One of the key tenets of the cloud is self-service, making it easy for users to gain access to compute power wherever and whenever they need it. Often what happens, though, is users are so empowered to spin up compute resources that they overprovision or go over budget because there are no guidelines or caps in place to limit their usage. "One of the ironies of the cloud is you create a self-service portal to make it easy for users to stand up virtual machines (VMs) thus you make it [too] easy for users to stand up VMs," said Dave Zabrowski, founder and CEO of <a href="http://www.cloudcruiser.com/">CloudCruiser</a>. 2. Zombie VMs: This is something Zabrowski refers to as the "living dead" concept. Think back to the group of developers who spun up a bunch of clouds for load testing, which they never brought down, or even a handful of licenses for a software-as-a-service (SaaS) application purchased on credit cards by a lone business group, which after a period of brief usage lies dormant. While individually these expenses may not account for much, cumulatively they can add up, especially if there's no visibility for tracking, and months, even years, go by without turning off the spigot. 3. Choosing the wrong pricing model: Cloud providers price their services differently and often, the costs are a moving target. Many organizations will opt for more expensive on-demand pricing because they don't want to make a long-term commitment to the provider, but they do so without having the proper context. "By having enough information on how long the application will be running and which users are accessing it, you could potentially take a long-term commitment, get dedicated resources, and pay a lower price. But [without proper visibility], you don't know that," Cloudyn's Wagner said. 4. Maintenance costs: A move to the cloud means support and maintenance comes off of IT's plate. Well, that's the idea, but not necessarily the reality. "People think a move to the cloud cuts maintenance costs by 50%, but they're wrong because you still have some servers and resources that need to be supported," Wagner said. Also, all of the groups that have tapped cloud resources on their own (so-called shadow IT) come calling on IT, not the support folks at the Amazon cloud, when something goes wrong. Cloud Connect is expanding to the Windy City. Join 1,200+ IT professionals at <a href="http://www.cloudconnectevent.com/chicago/?_mc=UFPQCH06">Cloud Connect Chicago</a>, where you will learn how to leverage new cloud technology solutions to increase productivity and improve your business agility. Join us in Chicago, Sept. 10 -13. Register today! 2012-05-21T12:48:00ZCloud's Tough Enemy: Chargeback PushbackChargeback has always been hard for IT, but cloud computing forces the issue. At the same time, pushback from business users continues.http://www.informationweek.com/news/240000672?cid=RSSfeed_IWK_Authors <div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/cloud-computing/infrastructure/232901167"><img src="http://twimgs.com/informationweek/galleries/automated/788/01_Transformation-1_tn.jpg" alt="Amazon's 7 Cloud Advantages: Hype Vs. Reality" title="Amazon's 7 Cloud Advantages: Hype Vs. Reality" class="img175" /></a> <div class="storyImageTitle">Amazon's 7 Cloud Advantages: Hype Vs. Reality</div> (click image for larger view and for slideshow) </div>  As cloud management tools and platforms evolve to better handle metering and chargeback, IT shops are still struggling with the practice--both from the standpoint of financial management challenges and ongoing pushback from business users. Implementing chargeback has been a longstanding problem for IT, which traditionally has either avoided the practice or employed simple math to apportion costs based on headcount or some other broad metric. Yet in a cloud environment, where effective metering and chargeback are a core tenet of the service model, those types of stopgap measures are no longer viable. "In the past, chargeback has been allocated as funny money, moving money back and forth between departments and IT, but it's a completely different game in the cloud," said Dave Zabrowski, president and founder of <a href="http://www.cloudcruiser.com/">CloudCruiser</a>, a provider of cloud cost management solutions. "With the new paradigm of IT as a service, chargeback is absolutely necessary because you're talking about real money. There's an invoice coming in that has to be paid." Third-party public clouds like Amazon's EC2 have pretty well-defined <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/232602126">pricing structures</a>, making it easy for business groups to know exactly what they're paying for when it comes to compute time, storage, and servers. But Zabrowski says these third-party offerings typically don't provide the granularity of detail that is necessary for true cost accounting on an enterprise scale, nor do they have the ability to show total spend across heterogeneous clouds, whether they are public or private or orchestrated by another third-party vendor. [ EMC World kicks off this week. Learn what to expect; see <a href="http://www.informationweek.com/news/storage/systems/240000705?itc=edit_in_body_cross">EMC's Gelsinger Talks Cloud Storage, Pricing Pressure</a>. ] This loss of transparency is one of the biggest challenges for IT in terms of implementing effective chargeback. Most systems can handle chargeback at an account level (i.e., Joe Developer spun up this cloud for this duration and incurred this charge on his credit card), but there is still a gap in terms of linking that granular usage data to a particular project or business process. Zabrowski calls this hierarchical resource mapping and says it's a core capability of the CloudCruiser cost management offering. "Hierarchical resource mapping means whoever used it is charged--it doesn't matter if it's at a project level, a department level, or a region or different country," he explains. "Whatever the organizational structure is, we take those costs and map them back to those consumers, holding them accountable." The transparency problem gets even more complex when IT tries to assign a cost to services as part of putting together a services catalog for a private cloud. Say, for example, a marketing manager is looking to run a campaign over the weekend. The key question for IT is to figure out the costs associated with that end-to-end process, including the virtual machines, storage, CPU power, and network resources associated with deploying that service. A task much easier said than done, according to cloud experts, who say the rub is that financial management and costing don't comfortably fall into IT's domain. "The thinking is that costing is someone else's job--everyone points fingers and it falls by the wayside," explained Dave Bartoletti, senior analyst of infrastructure and operations at Forrester Research. "But the cloud is putting the squeeze on IT to understand what the costs really are and to start thinking like a service center, not a cost center." Products like CloudCruiser can take the burden off of IT to do that level of financial management. The tool will automatically track usage at a granular level and provide reports that show business users exactly what they're spending. There are also analytics capabilities and the ability to set alerts so a group knows if it's hit its budget threshold or if it needs to re-provision cloud resources to optimize its spend. "IT hasn't had the tools to know what things cost," Zabrowski says. "But if you're moving to an IT service model, you have to turn yourself into a business, and to do that, you have to put costs into the hands of the decision makers so they can understand the costs and optimize them." Just because they understand the costs doesn't necessarily mean business units will readily agree to pay up, however. Business has historically pushed back on IT chargeback, mostly because it was either dissatisfied with IT service, or it balked at tying any direct charges for compute power to its specific budgets. "There has always been a bit of tug of war between IT and business users and that cultural and organizational dynamic certainly still exists in the cloud," noted Jeffrey Kaplan, managing director of THINKstrategies, a cloud consultancy and analyst group. "Most people will be hesitant to move in this direction both in IT and the business side until they see new systems and services specifically designed to overcome barriers to success." Private clouds are more than a trendy buzzword--they represent Virtualization 2.0. For IT organizations willing to dispense with traditional application hosting models, a plethora of pure cloud software options beckons. Our <a href="http://reports.informationweek.com/abstract/5/8682/Cloud-Computing/fundamentals-understanding-private-cloud-stacks.html?k=axxe&cid=article_axxe">Understanding Private Cloud Stacks</a> report explains what's available. (Free registration required.) 2012-05-14T09:00:00ZCloud Management Tools: Beware 3 Pain PointsKnow the danger zones as you select cloud management tool platforms.http://www.informationweek.com/news/240000281?cid=RSSfeed_IWK_Authors<div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/cloud-computing/infrastructure/232901167"><img src="http://twimgs.com/informationweek/galleries/automated/788/01_Transformation-1_tn.jpg" alt="Amazon's 7 Cloud Advantages: Hype Vs. Reality" title="Amazon's 7 Cloud Advantages: Hype Vs. Reality" class="img175" /></a> <div class="storyImageTitle">Amazon's 7 Cloud Advantages: Hype Vs. Reality</div> (click image for larger view and for slideshow) </div> Despite the growing sophistication of IT professionals building out cloud environments, the management piece of the puzzle still tends to be an afterthought--a scenario that can cause problems as cloud services mature. Many IT shops moving from a virtualized infrastructure to a cloud-based environment initially fall back on their hypervisor provider for management capabilities. However, as they expand into public, private, and <a href="http://www.informationweek.com/news/cloud-computing/platform/232901673">hybrid</a> deployments, the baseline cloud management tools fall short. IT staffs aren't able to successfully integrate all of the various types of clouds, or deal with the complexities of moving between environments, according to various cloud experts. "The 'aha' moment typically comes when companies want to start moving activities between clouds, offering self-service requests for internal resources, or deploying workloads, [and] thus need tools to connect private and public clouds," said Dave Bartoletti, senior analyst of infrastructure and operations at Forrester Research. "It's not really a function of size--it's a function of when you want to start kicking in cloud economics. You start to realize you're spending too much time creating, deploying, and recovering cloud resources and that you're going to run out of steam really quickly if you are still manually provisioning resources. That's not really behaving like a cloud." [ How much can cloud change time to market? Read <a href=http://www.informationweek.com/news/infrastructure/management/240000096?itc=edit_in_body_cross">DreamWorks Turns To Cloud To Speed Production</a>. ] Once an IT organization becomes serious about cloud management, keep three danger zones in mind, experts say: -- 1. Comparing tools won't be easy. Cloud management services are still fairly embryonic, and the platforms are evolving so it's hard to make apples-to-apples comparisons. A cloud management platform that has legs to meet future requirements must address a broad range of capabilities, not just performance monitoring. It also should provide automation, self-service provisioning, chargebacks, security and compliance audits, and governance. The ability to support a multi-cloud environment is perhaps the most critical differentiator. Even organizations that are just starting out should take a long-term view and define a cloud roadmap so it can best match its requirements with what a particular cloud management provider delivers today and what it's committed to deliver tomorrow. "All of the major players have management tools around their platforms, but they're all different from one provider to another, each with their own nuances," said Rick Blaisdell, CTO at ConnectEDU, who is directing the buildout of the college and career planning site's cloud architecture. ConnectEDU is currently using proprietary tools to manage its private cloud, hosted by a managed services provider, but Blaisdell is fully aware that longer term, this strategy will need some fine tuning. "Eventually we'll want one pane of glass so we can see all the SaaS applications and the infrastructure-as-a-service stuff tied all together on one management system with dashboards so we can look back at our SLAs and evaluate uptime. We can use third-party tools to get some of this information, but we're not there yet." 2. Don't ignore internal process revamps. The cloud management platform needs to be not only multi-cloud aware, but also integrated with existing internal processes. Given that most firms don't do a wholesale migration to the cloud, the cloud management platform needs to be linked to the existing infrastructure management tools, which is a rebuilding and integration effort many companies don't anticipate. Further, companies need to think through what they want to offer from the standpoint of a standard services catalog--another hurdle related to integration because that image library needs to be pushed out to span multiple clouds. "You have to spend time thinking about what services you want to provide to end users from either a public or private cloud," said Forrester's Bartoletti. "How many deployment options do you want to provide? Three sizes of a Windows development environment, or six flavors of Linux? You have to take the time upfront to figure that out." Bartoletti's recommendation: "Offer a limited number of standardized services upfront and only expand when you're forced to. That's how you drive cloud economics." 3. Cloud tools must be a new kind of dynamic. The dynamic nature of the cloud demands a different type of management tool, one that understands the difference between an outage and something that is shut off purposely, said Dave Roberts, senior VP of business development and platform ecosystem for ServiceMesh, which provides cloud management products and services. In the cloud, something could theoretically spring into existence in the morning and be taken down every night. "From a monitoring tool perspective, it's hard to tell the difference if the tool isn't set up to understand the characteristics of the cloud," said Roberts. A cloud management tool is set up in the path of provisioning so it can monitor the infrastructure and tell if someone is simply flipping a switch to shut down a cloud or if there a bigger problem, Roberts said. A traditional management tool can't make that distinction. The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital <a href="http://www.informationweek.com/gogreen/031412s/?k=axxe&cid=article_axxt_os">Cloud Calculations</a> InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)2012-05-07T09:20:00ZGovernance Meets Cloud: Top MisconceptionsWhile cloud computing takes some IT responsibilities off of your plate, governance isn't one of them. Experts say you still need to do the heavy lifting to ensure strong security and access policies.http://www.informationweek.com/news/232901483?cid=RSSfeed_IWK_AuthorsThe biggest fact that organizations building out cloud environments don't understand about governance in the new world of infrastructure-as-a-service (IaaS) is that, despite the handoff of certain IT functions, the responsibility around governance still remains at home. Within the structure of traditional IT, companies could skirt some of the real governance challenges by clamping down on certain deployment scenarios and keeping anything questionable within the four walls and security controls of internal IT. That's not so easy with a true cloud environment, which mixes it up between private and public clouds, ultimately with applications running between the two, depending on demand and use case. "What's great about cloud computing is that it offers a great deal of agility, but that poses a governance challenge," said Bernard Golden, VP of enterprise solutions at EnStratus, a provider of cloud management and governance tools. "In the past, even if you didn't do governance quite right, everyone and everything was still in the same sandbox. But now you can't rely on that." [ <a href="http://www.informationweek.com/news/cloud-computing/software/232900997?itc=edit_in_body_cross">Converting Your Product To Cloud Service?</a> Consider these lessons learned from Salesforce.com and others</a>. ] If not having any wiggle room around the governance problem is a wake-up call, so too is the realization that it's not the cloud provider's problem. Most IaaS cloud providers, even those with Payment Card Industry (PCI) or other regulatory compliance certifications, will take responsibility for securing their data centers and the services that run within them, but they stop short of taking ownership for anything done atop of their virtualized infrastructure, cautioned James Staten, VP and principal analyst at Forrester Research. "The cloud provider is only partially responsible for governance, only up to the point of abstraction where their services stops," Staten said. "All the rest is yours." What does that gap--or as Forrester describes it, the "uneven handshake"--mean in terms of a real cloud-based application? Consider a website that processes credit cards. The cloud provider is responsible for meeting PCI requirements in the data center, through the virtual machines, up through the storage volumes and network infrastructure that's assigned to the customer. However, it's still the customer's responsibility to document how they protect the application, how security patches are applied to the operating system, whether data is encrypted in flight, or what ports are open to the outside world. "People go to a cloud provider that has a <a href="http://www.informationweek.com/news/security/management/230600138">PCI-DSS</a> data security certification and think they're covered and have nothing to worry about, but it's not true," Staten sais. Even companies attuned to the unique challenges of governance in the cloud often underestimate the delicate balancing act of leveraging the self-service and agile benefits that the cloud affords, with the requirement to maintain and manage some centralized controls. "In the cloud world, one of the things that you're really driving towards is this notion of self-service, but the challenge is how to square that up with governance," said Dave Roberts, VP of strategy and evangelism at ServiceMesh, a cloud management tool provider. "You need governance that works in a way that respects the creative process and fosters it, yet at the same time, ensures that things get verified and checked." Some, like Roberts, make the case that effective governance in the cloud isn't really possible without some sort of automation that leverages prescribed rules to ensure the right security levels and access policies are applied, that workloads are dispatched to the proper environments, or that data isn't moved to a jurisdiction that it shouldn't be, based on global regulatory standards. Given the agile nature of a true cloud, traditional governance processes (many of which can require human intervention) just won't cut it in this new environment, according to Roberts. "The cloud is very dynamic, and old processes just can't keep up," he explained. "Anything that requires a human signature or a human in the loop to do provisioning is too slow. You need a machine system to enforce governance rules, and it needs to be built for high volume without human intervention." Another issue to consider to ease the burden of governance in the cloud is leveraging internal IT policies and directory services like LDAP so there is a consistent view of access rights and policies across both internal and external systems. Having the ability to orchestrate fine-grained access controls for who does what is another consideration when evaluating cloud providers along with cloud management and governance tools, experts say. Finally, beyond any new technology to throw at governance, companies also need to look at their organizational models and ensure governance isn't the sole responsibility of IT. "This is not a case of IT guys buying governance software and deploying it," Roberts says. "You need to get the company's compliance officer involved, the security officer involved, and the business units involved, so the rules are clearly understood. It's a people and organizational issue beyond any simple technology issue." InformationWeek is conducting a survey on the current state of compliance within the enterprise: How many regulations are in scope? Which are most important? How easy is it to get vendors to toe the line? Upon completion of our survey, you will be eligible to enter a drawing to receive an 32-GB Apple iPod Touch. Take our <a href="http://informationweek.2012compliance.sgizmo.com/s3">InformationWeek 2012 Compliance Survey</a> now. Survey ends May 11. 2012-04-23T12:30:00Z4 Keys To Hybrid Cloud PlanningWhen blending private and public cloud infrastructure, IT leaders must consider everything from IT skill sets to management tools. Prioritize these four topics.http://www.informationweek.com/news/232900731?cid=RSSfeed_IWK_AuthorsAmidst all the hype surrounding cloud computing, the hybrid cloud approach-- the blending of both private and public cloud environments--is gaining traction. But the reality of building a bridge that effectively leverages the strengths of both architectures is ending up to be a greater challenge than many anticipated. With private cloud implementations set to accelerate this year, hybrid clouds, too, are destined to grow in popularity. That means organizations are going to have to ramp up efforts to evaluate application and data location scenarios based on factors such as cost, core business enablement, and business alignment, <a href="http://blogs.unisys.com/disruptiveittrends/2012/01/17/2012-it-prediction-cloud-maturity-extends-business-adoption-of-private-coud-and-software-as-a-service-saas/">Unisys said</a> in making its 2012 cloud computing predictions. Initially, most companies' vision for a hybrid cloud involves offloading some applications to the public cloud, where there is a compelling need to take advantage of scalability benefits, while at the same time maintaining applications that demand a higher level of security in private cloud infrastructures. A longer-term and more sophisticated view of the hybrid cloud blurs the boundaries between public and private environments, creating an infrastructure that allows applications to shuffle seamlessly between them based on need and economics. Experts say the former hybrid cloud scenario is fairly straightforward and not necessarily new, while the latter instance is where companies are still struggling. "People think it's easy to set up a hybrid cloud, but when you start to mix vendors and technologies, it amps up the level of complexity and the amount of attention required for planning out the solution," noted Dave LeClair, director of product management and marketing for Stratus Technologies, a maker of high availability server and software solutions. [ Learn more about cloud storage. Read more about what to look for at <a href="http://informationweek.com/news/storage/systems/232600705?itc=edit_in_body_cross">Cloud Storage Infrastructures Raise Many Issues</a>. ] Indeed, hybrid cloud models that span an entire environment are a very different animal from a hybrid cloud solution for a single capability, where the application operates on a private platform and so-called "cloud bursts" to a public cloud when transient capability is required, noted Jonathan Shaw, PhD, principal at consulting company Pace Harmon. Another more complex hybrid cloud interpretation is to segregate requirements within a single capability--storage-as-a-service, for example--so that different storage tiers might be delivered privately vs. publicly as part of an overall storage strategy. "This requires virtual machine portability, session management, etc., which is a more complex technical problem," Shaw said. With an eye towards the more complex hybrid cloud as the end goal, experts say companies need to consider the following factors as part of their deployment roadmap. 1. Understand your IT architecture and application needs. Not only do companies need to determine what applications and capabilities are suitable for the public cloud vs. a private delivery model (based on factors like demand variability, high availability, response times, and security/privacy requirements), they also need to examine how their applications and workloads are designed to determine if they can be effectively deployed in a hybrid situation. Typically running some applications on a public cloud and some on a private cloud is a better scenario than spanning a single application across both. "It's much better to have discrete instantiations of applications on one or the other as opposed to a single application spanning both," said Michael Crandell, CEO of <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/229900165">RightScale</a>, which provides cloud management capabilities. So for example, you might do R&D work on a private cloud then launch the finished product on a public cloud <a href="http://www.informationweek.com/news/hardware/virtual/232600776">or vice versa</a>, he explained. 2. Be realistic about the integration challenges that lie ahead. Crandell said there are at least 10 different public cloud infrastructures, each with their own sets of APIs, not to mention the growing list of private cloud infrastructure offerings like <a href="http://www.informationweek.com/news/cloud-computing/infrastructure/232900379">OpenStack</a> or Eucalyptus. The thinking is you can go back and forth and deploy workloads across platforms, but because there is currently no universal standard for workloads in the cloud, you need a portability layer to create the interoperability. "When you start talking about splitting between the public and private cloud environments because you want some level of elasticity, the complexity ramps up dramatically," said Stratus' LeClair. "You need to go into this with both eyes open or you'll find yourself getting into awkward situations where you've moved something that shouldn't have been moved." 3. Factor management tools into the equation. One of the most critical pieces of a hybrid cloud scenario is a management platform used to monitor and manage the environment with an eye towards resource provisioning, performance, and scalability. The issue here is having a single interface and management layer that can work both sides of the infrastructure. IT shops typically have their own on-premises management consoles for monitoring internal networks while public clouds employ their own set of tools, and a company implementing the hybrid cloud needs visibility into both. "Unless you want to duplicate work, you have to find a management interface that puts all the resources in a single pane of glass so you don't have to switch between different products to manage this," said Crandell's Rightscale, which offers a product that provides automation, autoscaling, and monitoring capabilities that span public and private clouds. 4. Ramp up organizational skill sets. Most IT organizations have highly specialized experts who know virtualization, or applications, or servers and backup. A hybrid cloud cuts across all those skill sets and you need to ramp up your team accordingly. "Very few people have the skills that cut across all of these capabilities," said LeClair. "When you're talking about your IT team, there's retraining that has to go on to move beyond how we've run things for the past 25 years." The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital <a href="http://www.informationweek.com/gogreen/031412s/?k=axxe&cid=article_axxt_os">Cloud Calculations</a> InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)2012-04-16T14:59:00Z5 Tips For Negotiating Cloud Software SLAsCustom cloud service level agreements aren't the norm, but can be done. Prepare to make a business case to the cloud provider with this expert advice.http://www.informationweek.com/news/232900365?cid=RSSfeed_IWK_AuthorsWhile negotiating special contract terms is not standard operating procedure in the world of software-as-a-service (SaaS), experts say companies have a much better shot at custom provisions if they know exactly what they're looking for and can frame their needs in the context of why they're critical for business. "You need to spend time figuring out why you need to make the change so you can make a business case to the cloud provider that it's in everyone's best interest that the changes be made," noted David Snead, an attorney in Washington, D.C., who represents Internet infrastructure providers and whose specialty is hammering out service level agreements (SLAs). As an example, Snead cited a social network company that sought custom SLA terms and was successful. Rather than complain that the provider's generic uptime guarantees weren't enough, the company detailed a highly specific scalability requirement to accommodate usage spikes during key time periods. "They said, if your network can't expand during those time periods, we will lose X amount of revenue so we need you to expand your SLA to accommodate that," Snead recounted. "Communicating with your provider about what your business does will get you an SLA that meets your business needs." [ Learn more. See <a href="http://www.informationweek.com/news/cloud-computing/software/232800480?itc=edit_in_body_cross">3 Truths About Cloud Software SLAs</a>. ] Other than transparency and a clear accounting of business need, there are plenty of strategies for negotiating the best SLA terms with a cloud software provider. Here are four additional best practices to ensure you cut the best deal: 1. Don't set unrealistic expectations. Since many cloud providers offer standard terms, they tend to set the bar pretty high in terms of service-level performance in areas like uptime, security, and high availability. Getting fixated on a particular metric--say 99.999% uptime, for example--as a requirement when your own IT organization couldn't possibly meet that standard can stand in the way of establishing an effective and enforceable SLA. "Be realistic about what you're asking vs. the reality of what you do or need to do," said Liz Herbert, principal analyst at Forrester Research. "Make sure you're not aiming for a pipe dream in your contract." 2. Do proper research and make the SLA part of the selection process. Given that there's often less flexibility around SLAs, it makes sense to consider a cloud provider's SLA as part of the due diligence around vendor selection--not as an afterthought, post evaluation. For instance, if your business needs a highly redundant environment, a cloud provider serving up routers, network, server, and application infrastructure for use along with 50 other customers may not be the right fit. "It really comes down to whether a cloud solution offered by provider X is suitable for what your business is going to do," said Jonathan Shaw, principal with Pace Harmon, a consulting company. "The SLA needs to come into play during the selection process rather than at the backend in negotiation." It also makes sense to collect SLAs from other cloud providers so you can make an informed comparison about what most are offering and potentially use the information to your advantage, according to attorney Snead. "If you are able to say that competitors are providing this SLA clause and you can demonstrate why it's important to you, it goes a long way in creating a strong argument," Snead explained. 3. Aim for an SLA that reflects the user experience. Whenever possible, insist on SLAs that reflect the full scope of service. So, for example, it's not enough for the cloud provider to say they've met their SLA if their server is up, but the network or Internet connection is down. It's necessary to include providers' switches, firewalls, networks, authentication systems, and whatever other gear as part of how you measure application availability, noted Shaw. "Makes sure they're measuring availability [of the application] from outside of their firewalls, routers, data center, and networks, and that they're not just using a monitor sitting in their data center," he explained. 4. Make sure the provider can meet its SLA claims. If it's critical to your business that your data be mirrored in two different locations, Shaw said, don't just settle for an SLA that promises a high level of redundancy or says simply that data will be mirrored. Instead, shoot for SLAs that specify that data will be mirrored to these two very specific and separate locations. "In an SLA, specificity is very important," he explained. "You don't want to leave it open to broad terms. It goes back to knowing what you want--as a customer, you know your business best and you shouldn't rely on a provider to figure out what you need." The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital <a href="http://www.informationweek.com/gogreen/031412s/?k=axxe&cid=article_axxt_os">Cloud Calculations</a> InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)2012-04-09T11:43:00Z3 Truths About Cloud Software SLAsYou're not imagining things. Unlike the rigorous SLAs of traditional enterprise IT services, today's cloud software SLAs don't offer much room for customization and tend to cover only the basics.http://www.informationweek.com/news/232800480?cid=RSSfeed_IWK_AuthorsComplex service level agreements (SLAs) have long been the norm for upholding performance and uptime guarantees for traditional on-premises applications and old-world hosted apps. But experts say when it comes to the shared resource world of cloud-based software, enterprise IT must rethink its tried and true notions for IT contracts. While SLAs for traditional IT services are typically highly tailored to meet the unique uptime, performance, and availability requirements for a particular application and business process, that same level of granularity and customization rarely exists with cloud software SLAs. Cloud SLAs are generally far more standardized experts say, and overall, far less enforceable. Truth 1: A one-size-fits-all SLA is common What's common in the era of cloud-based software is a one-size-fits-all SLA with a base set of performance metrics, intended to meet the needs of the broader user population and a wider variety of use cases. "It would be extremely difficult for anyone to negotiate an SLA with a cloud provider that is in any way significantly different than their standard terms," says Tom Nolle, president of <a href="http://www.cimicorp.com">CIMI</a>, a consulting firm that caters to telecommunications, media, and technology issues. "It's almost an inevitable consequence of the cloud." [ Bring your own cloud is coming to an enterprise near you, CIOs. See <a href="http://www.informationweek.com/news/global-cio/interviews/232800385">If Bono Loves Dropbox, Shouldn't You?</a> ] What is it about the cloud model that breeds a vanilla SLA? Cloud providers argue that any deviation from a standard agreement impedes the cloud provider's overall ability to deliver on the value proposition and overall economies of scale enabled by the cloud's shared resource pool and multitenant computing architecture. "Saying that some users are going to get different performance than other users is the antithesis of the concept of a vast resource pool," Nolle contends. "If you're going to make effective allocation of resources in the cloud, you can't make concessions from standard terms of service, because those standard terms of service are the basis for calculating profit, margins, and operating efficiencies. [As an IT department] You're just not going to get radical changes in the SLA." Truth 2: Expect relatively immature SLA terms Also know this: Whatever limited terms you are offered are typically just that--pretty basic terms. Given the relative immaturity of the cloud software market and the fact that many of the providers are smaller companies, often startups, contract terms are still evolving. In many cases, these terms only cover the bare minimum. Most enterprises are accustomed to SLAs that sometimes call out as many as a dozen very specific benchmarks, most commonly a certain percentage of uptime and availability--in many cases, 99.99% is the target number. However, few cloud software providers, at this point, offer such formal guarantees, instead using looser terms to describe uptime availability. Others like Symantec, which tout more comprehensive SLAs, go as far as to promise things like 100% service uptime, with problem solving responses in the range of 75% for an eight-hour response to minor issues, up to a 95% rate for a two-hour response for anything deemed a critical problem. Truth 3: Multiple layers mean limited accountability Let's face it--a cloud software provider can promise the moon when it comes to SLA performance levels, but the truth is the software depends on the Internet and overall network infrastructure to run. In that sense, any disruption to critical areas outside of the provider's jurisdiction has everything to do with the performance of their application, making it next to impossible, experts say, to make concrete guarantees about availability and uptime. That wasn't necessarily the case with previous-generation ASP (Application Service Provider) or on-demand applications, where a provider delivered computing services to a customer via a network dedicated to that particular customer. In this case, the provider had complete control in managing uptime and mitigating network failures. "One of the risks of cloud-based solutions is network failure between you and the cloud provider," notes Jonathan Shaw, a principal with <a href="http://www.paceharmon.com">Pace Harmon</a>, a consulting company. "No one is responsible--that's part of the risk." Of course, there are upsides to the one-size-fits-all cloud software SLA model as well. For example, in the world of Software-as-a-Service (SaaS), one buyer's requirements resulting from a security audit could translate into new security features that benefit all. Beyond democratizing improvements, most cloud software vendors do maintain pretty high performance standards. "Cloud software contracts aren't customized like an IBM hosting deal, but there are high and rigorous security standards set," says Liz Herbert a principal analyst at <a href="http://www.forrester.com">Forrester Research</a>. The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital <a href="http://www.informationweek.com/gogreen/031412s/?k=axxe&cid=article_axxt_os">Cloud Calculations</a> InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)