Welcome!

@CloudExpo Authors: Liz McMillan, Yeshim Deniz, Pat Romanski, Elizabeth White, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo

@CloudExpo: Blog Feed Post

Minnesota and Private Cloud

There goes today's blog

I had a blog partially written for today when @GeorgeVHulme tweeted this: "WAHOO! Minnesota goes Private Cloud!". And that changed my thoughts and direction completely. Here’s the article George linked to State of Minnesota Signs Historic Cloud Computing Agreement With Microsoft. The fact that it was private cloud and with Microsoft got me to read the article. And it’s actually a pretty impressive story for both the state and for Microsoft.

image In essence, this takes “private cloud” to a different place than I would have envisioned. They’re outsourcing. Yes, there’s a line in the sand, beyond which the state has complete control, but they have essentially given Microsoft their infrastructure (the collaboration and email piece of it anyway) and are holding Microsoft accountable for security and software maintenance. That’s a pretty solid plan if the admins at the state can manage the applications as they need/desire. There are gray areas that would need to be covered, like what types of threats are user/application threats that Microsoft isn’t responsible for, what’s the escalation path, etc. But those are no doubt covered in the contract, which we don’t have access to.

Microsoft is giving over dedicated space (notice that the article does not say dedicated hardware anywhere in it), and even has committed a datacenter that the cloud will run out of. The price tag must have been pretty high, but Microsoft Exchange admin, IM (ala Microsoft Communicator) admin, and Microsoft Sharepoint admin – the hardware and software maintenance, routing, upgrades, etc part – is expensive too. The state knows what that portion of its budget will cost and can focus on running the apps that the state and its citizens require to get the job done.

I admit to being a bit intrigued. Not just by the concept, but by the actual architectural implementation. Assuming that the access is via some form of SSL VPN, is it to be expected then that when another portion of the state is signed out to a cloud vendor, another VPN connection will be required? That would seem to be… Awkward. But they do reference a dedicated line, so it is possible that there is no “gateway” to the services, but that would seem irresponsible from a security perspective on both parts, so I doubt it. Though lock-down by IP might be possible, that’s spoofable, so again, I doubt it.

image This arrangement has half of the issues that traditional outsourcing does, but I would argue the worst of the issues are taken care of. In a traditional outsourcing arrangement, the fact that your contract decreases in value as time goes on (assuming your vendor is successful anyway) means that your staffing levels are slowly watered down by other duties, and by the end of the contract you are likely frustrated. This is compounded by the fact that your IT needs grow in the two to five year period of an outsourcing contract.

But in this case, the labor intensive part of the agreement resides with state employees. Upgrading hardware and software is labor intensive but “bursty” to put it in IT terms. You do it, and then it’s done until next time you need it. On the other hand, maintenance of users, modifying software configurations to meet your needs, and managing that software is a constant job that will likely increase over time.

This may be the answer outsourcing has been looking for. To me, having Microsoft employees apply their own security patches sounds like right-sizing. Of course there will be speed bumps, but even that has a pressure release valve. If a server drops for no explainable reason, state IT staff will point to Microsoft, but be quietly glad that they have someone to point at.

Depending upon the agreed-upon price, states with much larger budget woes than Minnesota should probably be considering such an arrangement. Instead of a hazy partial budget that is padded in case Exchange use grows at a faster-than-expected pace, they can have a number that is required to keep the lights on for critical state systems. It cleans up budgeting and allows the state to make critical choices in hard times without as much guesswork. Capital expenditures drop, ostensibly staffing needs will go down, but that greatly depends upon the number of servers this system replaces and what their server:admin ratio is.

And I’m really intrigued by the implication that Microsoft, just by virtue of taking over this function, increases the security of Minnesota’s data. I know that Microsoft has been getting better over the last decade at security, but that is still an intriguing concept to me. Hope my boss (who lives in Minnesota) doesn’t notice it…

By way of disclosure, we are a Microsoft Partner, not that being one had anything to do with this blog, just making sure you know.


Follow me on Twitter icon_facebook

AddThis Feed Button Bookmark and Share

Related Articles and Blogs

Read the original blog entry...

More Stories By Don MacVittie

Don MacVittie is founder of Ingrained Technology, A technical advocacy and software development consultancy. He has experience in application development, architecture, infrastructure, technical writing,DevOps, and IT management. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

CloudEXPO Stories
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In this presentation, I'll talk about what automation is, and how to approach implementing it in the context of IT Operations. Ned will discuss keys to success in the long term and include practical real-world examples. Get started on automating your way to a brighter future!
Serveless Architectures brings the ability to independently scale, deploy and heal based on workloads and move away from monolithic designs. From the front-end, middle-ware and back-end layers, serverless workloads potentially have a larger security risk surface due to the many moving pieces. This talk will focus on key areas to consider for securing end to end, from dev to prod. We will discuss patterns for end to end TLS, session management, scaling to absorb attacks and mitigation techniques.