The implementation of a hybrid cloud can be fraught with risks that can undermine the true value of your investment and perhaps place an enterprise in an even more precarious position. As with any implementation, getting your hybrid cloud up and running requires the careful consideration of several important factors to ensure appropriate functionality, security, and reliability. For a hybrid cloud to work effectively, the silos that have been erected must be torn down to provide a common approach to both business service management (BSM) and IT service management (ITSM). It requires the intelligent construction of governance policies to regulate the system and its performance while maintaining strict compliance.
IT has to become a true business partner by implementing IT as a Service (ITaaS). This implementation requires that IT processes be designed to:
- Embrace the mindset of a service provider
- Develop an agile and responsive approach to business needs
- Act as the gateway to the cloud, which eliminates the circumstances leading to the development of Software as a Service silos and cloud islands
- Assume the role of security and compliance partner, constantly appraising and scrutinizing services both internally and for third-party suppliers
- Remove the silos by extending BSM and ITSM policies into the cloud
- Recognize and appreciate the economic drivers that are critical to the financial health of the enterprise
Ultimately, IT must become a value creator for the enterprise, preventing the chaos that could evolve if the migration to the cloud were not well coordinated, regulated, and managed. At the same time, IT must provide space for the increase in business value based on innovation and optimization. Adeptly walking this tightrope will lead to great value for the enterprise.
Key phases in hybrid cloud implementation
Understanding and planning for any potential problems are critical for a successful deployment of your hybrid cloud solution. To avoid the perils, IT and the business stakeholders must work closely to state business objectives clearly, define project scope precisely, and outline migration guidelines explicitly. To perform these tasks, the implementation team must consider many aspects of the migration carefully and ensure that all stakeholders are informed and in agreement.
Before you begin, be sure to:
- Describe the business needs that the solution serves
- Document the underlying drivers that are the impetus for migrating into the cloud (new functionality or applications, moving existing solutions)
- Understand the true nature of the solution (will it work in isolation or with other systems)
- Determine the number and nature of the users who will use the new solution and their potential support and training needs
- Establish the real cost of the solution, encompassing the complete life cycle, not just the implementation
- Calculate the effect on day-to-day cash flow based on the new pay-per-use model
The implementation process should be organized into planning, execution, monitoring, and assessment phases. During the planning phase, you should establish the key business drivers and delineate the business objectives as well as outline the project plan. A team of IT and business stakeholders should be established to oversee the process. In the execution phase, the plan must be implemented based on the guidelines established during the planning phase, with a wary eye to preventing scope creep. Once established, the system must be constantly monitored and accessed to ensure proper performance and return on investment (ROI).
Hybrid cloud governance must address policies related to availability, security, and compliance while keeping in strict harmony with the general IT goals and the overall strategic objectives of the enterprise. Governance is a policy-making process designed to assess risk as well as opportunities in a constantly changing and evolving environment. These policies must focus on the delivery and location of cloud services and data as well as track and enforce policies at run time.
The governance policies must include both design-time and run time governance. Design-time governance focuses on the development phase, concentrating mainly on internal concerns. Run time governance focuses on policies concerned with the regulation of access, security, and the service performance that can be consumed both internally and externally. The policies must be designed to address:
- Role-based access. Establishing control over who has access to the system and what they can do, including who can deploy and manage cloud assets
- Metrics for monitoring. Assessing application performance and other business-critical key performance indicators
- Service level agreements (SLAs). Establishing levels for both the application and the underlying infrastructure
- Quality of service. Providing the benchmarks for service delivery
To manage a hybrid cloud, you must implement a comprehensive framework composed of various tools and the processes that govern their use. In the final analysis, the achievement of optimal value and utility hinges on the effectiveness of the specific enterprise governance structures deployed. This is the key to realizing the desired returns from IT and associated human resources investments.
One huge governance issue is disintermediation—the bypassing of IT. The cloud makes it extremely easy for impatient and poorly informed IT or business unit personnel to bypass IT all together and create solutions on their own. Pressured by deadlines and with credit card in hand, someone reaches out to Amazon for compute capability, quickly completes a project, and all seems well. Or a business unit needs software that is currently unavailable in house, and the people in that unit are facing a drop-dead date—no excuses accepted, no extensions possible. They quickly reach out to the cloud, use the software, complete the project, and deliver. Again, all seems well. However, they have left a trail in the cloud that is outside their organizational governance and security. This is dangerous and can ultimately be crippling. In addition, disintermediation reinforces silos and leads to cloud island development. In the end, this approach leads to governance and compliance chaos, opening the door to potential data loss as well as malicious intrusions.
The solution to disintermediation is not only well-developed policy but also effective communication. To eradicate disintermediation, IT must provide a catalog or portfolio of approved cloud service providers that have been vetted and therefore can be safely accessed by users. The entire organization must be aware of and adhere to the governance policies and at all times accept the gateway responsibilities of IT. Remember, ITaaS is designed to partner and facilitate.
Change management is another issue. How do you handle change management in the cloud? Behind your firewall, you control the deployment of application upgrades according to a timetable and schedule that is understood by and agreeable to the overall organization. Before deployment, you test to ensure that the upgrade or change will not affect the operation of the enterprise.
When implementing a hybrid cloud, you must address versioning at all levels, securing system viability through SLAs as well as internal processes, infrastructure, and policy. It is important to make this part of the SLA. There must be rules regulating these changes that you and the service provider agree to before changes are implemented. These rules must include the use of multiple versions as well, to ensure the viability of legacy applications.
The data that travels into the cloud must be encrypted. Encryption prevents service provider staff as well as rogue servers from gaining access to your data. It also renders unreadable any remnants of data on discarded storage devices.
A hybrid cloud combines service and deployment models. When the cloud is private, both the enterprise and the provider are encompassed by the same network boundary. When the cloud is public, the enterprise and provider reside in different networks. In the hybrid cloud, the enterprise network may need to extend into the provider and the provider into the enterprise. The bottom line is that both the enterprise and the service provider must expose some of their network to the other. To meet the new challenges of the hybrid cloud, network architecture must become more flexible, network services need to decouple from location, and automated provisioning needs to be facilitated through the abstraction of resources.
The connectivity capabilities of the hybrid cloud are central to the adoption and enduring usage of cloud services, and bandwidth is a critical delivery factor. Bandwidth policy is critical, because an important aspect of the value of data is the timeliness of its delivery.
The hybrid cloud requires a bandwidth-aware system. Bandwidth must be based on the anticipated amount of data, which can be difficult to calculate and costly when overestimated. Scalable bandwidth provides the solution while offering a more efficient use of network resources. Scalable bandwidth responds quickly to changes in demand without sacrificing security or architectural flexibility.
Latency is also a connectivity issue. When users, applications, and data are distributed across the globe, the reliability and performance of your applications can be affected. When it comes to performance, milliseconds between the cloud and the end user can be costly to your business. End users expect results quickly, and when they don't get them, they click away.
Both the cloud infrastructure and the network must be considered when evaluating performance. They both play an important role, and the success of your cloud deployment will depend on both when it comes to end user acceptance. Because the laws of physics can't be overcome and latency is a function of distance as well as hops across routers, it is important that you test for latency issues early in your cloud evaluation process. Selecting the appropriate location for your cloud infrastructure is the first step. Concentrate on shortening the distance between the cloud and your end users. Doing so lowers latency and also increases the performance of your applications. When it comes to the hybrid cloud and latency, the mantra must be location, location, location.
The firewall must also be considered. The ideal approach is a cloud-based web application firewall (WAF). Cloud-based firewalls are agnostic and do not require hardware or software changes to accommodate expansion. Because a cloud-based WAF is centrally managed, threat detection is shared among all the tenants of a service, resulting in improved detection rates as well as lower false positives. The service grows and expands with your needs and provides an elastic and scalable solution. When the use of mobile devices and telecommuting are thrown into the mix—not to mention the addition of bring your own device delivery—it is easy to see that the increased burden on firewall management can be exponential.
Comprehensive identity and access management (IAM) is a vital criterion for success in the hybrid cloud. In addition to the role IAM plays in securing your data, it is a key to meeting the rigors of compliance. Compliance requires that you not only show who has been granted access and the security surrounding the role, but it also requires tracking user actions after access has been granted.
Security information and event management (SIEM) technologies can be used to improve IAM user and role management. SIEM permits more extensive exception monitoring and audit capabilities than IAM alone as well as a consistent interface for your logs and reports.
This approach also provides advantages when organizational or economic structural change is required. Today, changes in the economy and business models are frequently at the speed of thought. An identity-driven cloud provides higher visibility into business processes, allowing you to gather real-time, event-driven information, which facilitates rapid change in direction while providing a clear view of the separation of duties.
Implementing a hybrid cloud means your enterprise may be in a multitenancy environment. Multitenancy is the sharing of resources such as compute, storage, and networking amongst multiple tenants. In this situation, an enterprise must ensure the security of its information and the keys to system access. To guarantee that security is managed properly in a multitenancy environment, you must investigate the service provider to see how it organizes the situation. For example, in multitenancy, no tenant can be allowed to access or know of the existence of resources assigned to other tenants. You must know how security is implemented and validate that the implementation method is effective.
The security put in place in a multitenancy environment must be role based. There must be a secure management capability that allocates resources without revealing any of the resources content to the service provider's administrator. The administrator must be able to set up and deploy as well as allocate additional resources, but he or she cannot be allowed to perform single-tenant environment functions.
The enterprise administrator must also be role based. He or she must be able to distribute the management and access roles for the enterprise.
To secure your data in the hybrid cloud, use a virtual private network (VPN) tunnel between the private and public cloud services. A VPN tunnel facilitates secure connections and the use of a single name and password to access an array of cloud assets. VPN communication uses generally available assets such as the Internet as the means of moving the hybrid cloud's data. The process employs encrypted access modes and the Secure Sockets Layer protocol's use of dual-key cryptography.
Keep in mind that the access controls you put in place are not just relevant to your users. Your cloud vendor also has access to your servers, so you must ensure that it is following the access policies you have put in place.
The hybrid cloud is the most cost-effective and efficient means for an enterprise to create rapid responses to the fast-paced changes in today's marketplace. It provides an ROI that cannot be achieved using on-premises solutions alone. This paradigm involves new risks that can be mitigated with appropriate governance and oversight. This article concludes this series on the hybrid cloud. Thank you for taking the time to read along.
- Tivoli cloud product manager Robin Hernandez talks with Judith Hurwitz, author of Service Management for Dummies, Cloud Computing for Dummies, and Hybrid Cloud for Dummies, about "cloud done right."
- Cloud computing fundamentals (Grace Walker, developerWorks, December 2010) introduces the basics of cloud computing and construction, including the three basic components of the cloud: Infrastructure as a Service, Platform as a Service, and Software as a Service.
- Hybrid Cloud Integration or No Cloud is an Island (Marc-Thomas Schmidt, developerWorks blog, October 2011) describes the challenges involved with the integration of private and public clouds.
- Connecting to the cloud, Part 1: Leverage the cloud in applications (Mark O'Neill, developerWorks, April 2009) examines a few of the offerings from the major cloud platform vendors.
- Connecting to the cloud, Part 2: Realize the hybrid cloud model (Mark O'Neill, developerWorks, April 2009) explains how to implement a hybrid cloud application that combines local application components with cloud computing.
- Connecting to the Cloud, Part 3: Cloud governance and security (Mark O'Neill, developerWorks, June 2009) examines governance and security for cloud computing using the hybrid cloud application example begun in the previous parts.
- Review the information provided by the article New developerWorks survey shows dominance of cloud computing and mobile application development (Michael O'Connell, developerWorks, October 2010) and see where cloud computing will be in the next few years.
- Explore developerWorks Cloud Computing, where you will find valuable community discussions and learn about new technical resources related to the cloud.
- In IBM Smart Cloud, get valuable business advice to enhance performance and efficiency in the cloud.
- Read a collection of reports that outline the future directions of cloud computing from a symposium held in Brussels on 23 January 2010 titled, The Future of Cloud Computing.
- Learn about the Cloud4SOA initiative, which aims to combine three fundamental and complementary computing paradigms: cloud computing, service-oriented architectures (SOA), and lightweight semantics.
- Find valuable risk management information developed by the European Network and Information Security Agency.
- Read Cloud Computing - A Primer for a basic understanding of cloud computing.
- Read the cloud computing white papers developed by Cisco Systems Cloud Computing for the company's view of networks in the cloud.
- Stay current with developerWorks technical events and webcasts focused on a variety of IBM products and IT industry topics.
- Follow developerWorks on Twitter.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement service-oriented architecture efficiently.
- Get involved in the developerWorks community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.
Dig deeper into Cloud computing on developerWorks
Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.
Complete cloud software, infrastructure, and platform knowledge.
Software development in the cloud. Register today to create a project.
Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.