Posts Tagged ‘Cloud services’

Alright, so you’ve toiled and slaved and spent countless sleepless nights (and probably countless ducats as well) to launch your shiny new mobile-local-social app that’s turned into the next big thing. Congrats and all. No really..no small feat, this; good work! Though before you pop open that magnum of La Grande Dame, allow me to ask: happy with your disaster recovery plan?

You. Do. Have. A. Disaster. Recovery. Plan. Right??

No? Step into my office. A Disaster Recovery plan is not the sort of thing you consider briefly, only to shove in the corner for a rainy day. All that’s needed is a cut of some errant fiber line, or some natural disaster to come along and your über-popular app could be down. As for you: that’d be time to dust off the ole resume once again. (I’m hearing the faintest sound of a teeny tiny violin playing.)

Let’s avoid this sad-sack scenario then, shall we? The good news is that although DR planning is a serious undertaking which should be performed by – ahem! – professionals, there are a few easy steps you can take right now to help appropriately prepare you for the unthinkable:

• Ask yourself: What’s the worst that could happen? No, seriously. If that volcano erupts and hot liquid magma melts the datacenter where your servers live, it’s trouble. (Volcanoes do erupt, you know.) You’ll first need to determine how many hours or days your app can be down before your business is irreversibly affected. This is known as Maximum Tolerable Downtime, or MTD.
• Research, research, research. Now that you know how quickly you’ll need to be up and running post-blackout, time to start looking into backup options. If your app is running on, say, Rackspace Cloud, you might want to start by learning about their load balancers-as-a-service, and reach out to your account manager for additional detail and customization. Similarly, if you’re running Amazon AWS, their Elastic Load Balancing offering is where I’d start. (With Amazon, you’ll almost certainly want to work with a company who has experience with tailoring  failover using AWS) Spend your time wisely and dig (and Digg) appropriately. Be super conservative as well – underestimate your MTD by perhaps 30% and ensure the solution you’ve picked can meet this. In writing.
• Go time. Once you’ve selected your backup and recovery solution, time to implement and test. A weekend maintenance window is a good time to test and ensure that your DR system works. Make any adjustments and test again right away. Repeat this processed until perfect.

Keep in mind that his is the quick-and-dirty version of DR planning, but hopefully will give you a rough idea and perhaps serve as a primer regarding how you might approach this very important part of your infrastructure.

So if you’re still asking yourself, should I…?

The answer is simple: you bet your sweet little app!

—

Tagged as: active garage, amazon cloud, Cloud services, data backup, data center, data recovery, datacentertrust, Disaster Recovery, DR, marc watley, rackspace

By now, you’re probably well aware of the AT&T/iPad security debacle earlier this month, yes?

Good.

AT&T’s security breach was cause for serious concern for iPad users and was first reported at Gawker.

Since this story, there have been scores of articles prattling on about the “vulnerability of the Cloud”, “Cloud failures”, etc.  Sensational headlines pay bills, granted, and while it’s important that security issues receive attention, I’d much rather look at this from a more holistic angle:

Why adopting Cloud solutions is unavoidable for companies who want to remain competitive?

and also…

How Cloud can be introduced into IT environments in a secure and highly available fashion?

Let’s be Swarovski-crystal clear here: This incident was a good thing, friends! At fault in the iPad incident was a poorly-secured back-end on AT&T’s side of the fence.  As Gawker’s Ryan Tate accurately points out in his story,

“AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise.”

That said, the pundits do have a point, which is that this incident has implications regarding security – in this particular instance with the underlying AT&T Cloud infrastructure powering the iPad.  Responsibility for security with Cloud services is a critical one and falls on all parties involved: the device manufacturers, application developers, and service/infrastructure providers, who must provide and maintain a secure environment as well as immediately resolve all issues when discovered.  Same goes for the end users. Thankfully in this case, only one person outside of Goatse Security (who were evidently behind the “attack”) was provided the list of 114,000 email addresses after having leaked the flaw to AT&T where it allegedly went unaddressed for almost a day.  That person was Ryan Tate at Gawker, who broke the story. While white hat groups like these are sometimes criticized for their “alternative disclosure process”, they actually do more help than harm.  The more ‘holes’ like this found, the more secure Cloud solutions will become available for all of us in the long run.  I say “hats off” (sorry couldn’t help that one!) and keep up the good work.

So, should these security issues be taken seriously?

Hell yes!

Should you hold off moving any of your company’s IT infrastructure to the Cloud as a result of incidents such as “iPadgate”?

Absolutely not!

Both consumers and small businesses alike have, en masse, placed their trust in Cloud-based solutions, much to the degree that services like GMail and GoToMeeting, for example, have become core to day-to-day life – both in personal and business settings.  At the enterprise level, CIOs and CTOs worldwide are rapidly climbing aboard the Cloud train as well, deploying various solutions within their organizations. These highly scalable, on-demand solutions can help businesses to deploy additional infrastructure quickly with reduced capital costs and refreshed technology – often helping to optimize operating costs as well. The rate of adoption in the business community is increasing rapidly: Gartner forecasts that, by 2012, some one in five businesses will own no IT assets, and that by 2013 businesses will be spending some $150 billion on Cloud services.

Question is, how can businesses take advantage of high-level Cloud solutions right now and still retain some peace of mind relative to availability and security?  Fairly easily, and in a just a few steps. Whether your organization is a startup or an established enterprise, Cloud solutions can play a key role in your IT organization. Risks related to security, control, and availability with Cloud services are not dissimilar from those in any IT environment, and can be mitigated through careful provider selection and sound planning. Here are a few steps that might be helpful in your adoption of these services:

First : Strategize. Plan. Then plan some more.

Devising a sound strategy and planning effectively is a sure first step to approaching and taking advantage of Cloud solutions for your business. The one thing you can’t afford to do is to get this stuff wrong.  This is especially true if your company itself is a service provider of one form or another, as most businesses today are.  It would only take one mishap – say, the inability to quickly test and release a patch to your popular online game, or having physicians who are unable to access their patients’ electronic medical records, etc. – to realize the importance of effective planning and smart Cloud provider selection.  If you need a hand with strategy vetting the  providers and options, don’t be afraid to ‘phone a friend’ – there are many IT consultants and brokerage firms out there fluent in Cloud who are objective and can be helpful from strategy through to implementation, often saving you both time and resources.

Planning for the deployment of Cloud services such as storage or rich content delivery is fairly straightforward, as the related services – Amazon’s S3 storage or EdgeCast’s Content Delivery Network (CDN) services, for example – are more or less plug-and-play and can be segregated from the rest of your infrastructure.  Those services that include compute functions however (Cloud-based servers and related infrastructure) will take a bit more time and detail at the planning stage.  Most businesses considering Cloud deployments of this type spend the necessary time to analyze existing and future needs around each of their main environments, which typically fall under:

• Development
• Testing
• Quality Assurance (QA)
• Production

Evaluating Cloud services by IT discipline is smart, since there are many available options for compute power (CPU), memory, storage, and networking – and the build requirements within each environment will likely be varied.  A good strategy should include a thorough understanding of the resources you currently have in place by spending the necessary time to evaluate the needs with each of your IT environments.

Understanding your existing financial exposure and budget for Cloud solutions during this stage is also important.  Some questions to consider:

• Hardware: What is the current value of existing hardware per environment, and how close are you to needing hardware refresh? What are the capital costs associated with such a refresh?
• Network: What are the current monthly costs for networking/IP bandwidth, per environment?
• Labor: What are the current human resource costs associated with operating each environment (operations, monitoring, support, etc.)?
• Roadmap: What are the hardware, infrastructure, performance, and human resource requirements, per environment, over the next  18-24 months needed to support growth demands?

From these and similar questions, you should be able to arrive at total monthly operating costs – both for your current environment and at scale.  (Consultants can be helpful here as well, many times providing that second set of objective “eyes”.)   With your Cloud approach now defined, you’ll likely see immediate capital  and operating cost reductions, the ability to quickly scale infrastructure commensurate with usage and growth, and the ability to reallocate human resources to support more business-critical IT functions. Still with me?  Alrighty then…on to finding and selecting the right providers.

Next : Thou shalt do thy homework.

There might be as many shops hawking Cloud services today as there were candy and toy shops selling Beanie Babies many years back…craziness! As you step through your due diligence with potential providers, beware the Cloud pricing that sounds too good to be true…because, as the adage dictates, it probably is.  When you dig below that wow-this-provider-is-30%-cheaper-than-the-others! pricing, don’t be too surprised at what you’ll likely find.  The provider in question might indeed have some of the shiny bells and whistles you’re after, but perhaps only one datacenter…so if the ground opens up during an earthquake and swallows it whole, or a tornado carries it away Dorothy-and-Toto-style, well…don’t say I didn’t warn you.  Other low-cost leaders tend to lure you in with great pricing, but have limited resources on hand (meaning they’ll need to go out and buy those Bugatti Veyron-grade servers you’re after and will charge huge setup fees accordingly).  Also, ensure your provider-to-be is well-certified and maintains full regulatory compliance (typically SAS-70 Type II at a minimum) with your organization.  So, let’s move those “life on the B/C/D-list” providers right into the rubbish bin, shall we?  Right.  So now we’re left with the few real players – names you’ll likely recognize: Amazon, Google, Joyent, Microsoft, Rackspace, Rightscale, Terremark.  (These are but a few of the many A-list providers available.) Spend time with each prospective provider; ask tough questions, ensuring the selected provider has ridiculously good support, lots of IP bandwidth options, and security features that exceed your own requirements.  Take a good, hard look at the providers’ pricing, negotiating wherever possible and comparing to your existing cost structure.  When it comes to final selection time, take a well-organized approach to this as well.  My colleague Matt Carmen recently broke down in detail the process of selecting the right outsourced IT provider, which I would recommend checking out.

Finally : A phased approach.

Now that you’ve got a good head for the Cloud services and options that will best suit your business, it’s time to get tactical.   A best practice when approaching any Cloud solution is to pilot, evaluate, then implement in phases.  Select which of your IT environments will work best for a pilot.  The pilot should be brief, but long enough to provide a thorough evaluation…30-45 days is usually enough time.  We’re still on the leading edge of what Cloud can provide, and solutions are constantly evolving.  Providing feedback during a pilot period is key – try to break the solution and be as granular as possible with your providers as to how their service can be improved.  The good providers will work with you and incorporate your feedback into their services…and everyone wins.

Post a successful pilot, make the move into a full launch window with the same, sure-footed project management aplomb as you might with releasing a new product to your customers. You’ll find here again that the provider(s) you’ve selected will work hand-in-hand with your team, ensuring a smooth transition and quickly addressing any issues.

Congratulations!

Now that wasn’t so bad, was it? Your organization is now among a rapidly growing number of businesses who have embraced Cloud solutions and whose IT organizations have realized increased availability, efficiency, and productivity as a result. Once you’ve got one environment successfully ported and humming right along, you’ll likely see the benefits of deploying the rest of your environments in similar fashion.

Stir. Repeat. Enjoy.

—

Tagged as: active garage, amazon, cloud computing, Cloud services, datacentertrust, gawker, gotomeeting, marc watley, matt carmen, rackspace, rightscale, sas-70, sas-70 type II, terremark