Availability & Accessibility in The Cloud
Cloud service providers are making serious inroads into IT’s traditional turf; they are offering compute and storage hosting services, and, in many cases, applications at a lower cost than IT can offer. Progressive IT leaders are embracing these trends and are integrating or planning to integrate cloud services into their offerings; essentially turning IT organizations into a service broker. As a Service Broker, application, service, and infrastructure offerings can look like a continuum of offers in an IT Market Place with standardized service levels and cost transparency, while providing integration with organizational and regulatory compliance controls.
The seamless appearance of offers can reduce the cost of IT services while increasing the value and confidence in IT. A service today can be substituted with a new provider tomorrow. And as a broker of services, IT leaders and compliance officers need to take on new responsibilities. Service providers must be vetted and evaluated against corporate and regulatory controls. And existing service level agreements (SLAs) and service level objectives (SLOs) can be used to provide a basis for evaluating provider offerings. You can also extend your SLAs and SLOs with some of the new capabilities that the provider may have.
Availability and data protection capabilities are key evaluation criteria that should be examined for cloud providers. You need to understand the vendor’s availability metrics, what counts and what’s excluded. Understand what the provider’s availability and DR plans are, how they test, and how they are audited or verified. And if needed, understand how you can perform an integrated DR test with them. Further, you need to understand the data protection schemes offered; encryption, data erasure, access controls, back-up, offsite protection of back-up data, along with the availability and recovery mechanisms; operational and disaster.
Often you will find that provider capabilities don’t neatly fit into your existing frameworks; look on this positively. It will give you an opportunity to re-evaluate and extend your capabilities; the capabilities can also serve as a value enhancer to existing IT services. In many cases, IT has capabilities that are often taken for granted and not understood by IT’s customers. Establishing your internal IT service capabilities along with provider capabilities in a service catalog is a great way to do this. And a by-product of this exercise is that you may find that some of your own services may not be cost-competitive with external providers and it may be an opportunity to offload the services.
Finally, an area of evaluation often overlooked that goes along with availability is accessibility; that is how do you access cloud services when the provider has an outage and how is the service accessed when you have an outage? When a cloud or external provider is being considered for inclusion into your service catalog you need to understand how the service is going to be accessed. Is the service accessed directly by the user community? Is it accessed out of the back-end of an application? Does if feed applications, etc.? The cloud access paths to the services need to be considered in your enterprise availability and DR programs.
Essentially there are two questions that need to be asked: If I have a disaster, how are the access paths failed over or made available; likewise if the provider has a failure, how do you re-establish connection to the failed over service. In an ideal world, this should all be transparent and handled by domain name services both internally and from service providers. And finally ensure that your application global and local load-balancers can tolerate moving services.
The Cloud is an exciting and can be nerve-wracking all at the same time. Being prepared and well versed on the Availability and Accessibility capabilities will sooth the nerves and ensure a smooth integration. Good luck with your initiatives and as always play it safe with your organization’s data.