Welcome!

@CloudExpo Authors: Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Liz McMillan, Elizabeth White

Related Topics: @CloudExpo, Java IoT, Recurring Revenue

@CloudExpo: Article

Managing IT in a Hybrid Cloud World By @DanKoloski | @CloudExpo #Cloud

Consumption may change, but business expectations of IT do not change

Enterprises and IT organizations around the world are excited about the agility promises of hybrid cloud computing, but they remain concerned about the potential for ungoverned sprawl and its attendant downstream effects such as hidden costs, increased performance risks, and potential security and compliance problems. The good news is that properly planned and architected hybrid clouds don't require organizations to trade agility for governance. Let's explore some of the factors that can ensure success with a hybrid cloud environment.

Consumption may change, but business expectations of IT do not change
Development and line-of-business users often drive initial hybrid cloud demand. The promise of on-demand access to cloud services that can bypass more formal approval and procurement processes is naturally very exciting for IT consumers whose primary job description is "build." Especially as enterprise strive to accelerate innovation, the notion of rapid experimentation and temporary environments becomes increasingly attractive, and there is a tendency to rush both new application development projects and migration of existing production workloads toward cloud services.

But just because IT consumption options have changed doesn't mean that the real-world considerations of enterprise IT have been thrown out the window. On the contrary, the traditional enterprise-level requirements of IT Operations and the CIO's office become even more important when customers choose to outsource some of their IT to a cloud service provider. Think about it -- IT assets aren't just instantiated - they persist over time and have a lifecycle of their own. New applications aren't exempt from performance, service level and security/compliance considerations just because they are "built in the cloud."

Line of business managers or developers who are investigating or even using cloud should make sure their IT operations counterparts are fully appraised of their actions. Similarly, IT operations personnel must evaluate cloud service providers in terms of their current on-premises best practices and not compromise on those requirements.

Basic, siloed performance monitoring isn't enough
Developers who are rushing to embrace Platform-as-a-Service (PaaS) solutions often have the misperception that cloud providers will provide comprehensive performance assurance - but in reality, most cloud providers only provide basic monitoring of their infrastructure resources for compute and PaaS and not for applications and instances deployed using the cloud provider's platforms. This is especially disappointing in that over the past 30+-years of distributed computing, IT operations professionals have built up a huge repository of best practices, frameworks, standards and intellectual property about what it takes to operate large-scale, mission-critical business services on an ongoing basis. Yet when those environments are cloud-based, IT operations is faced with the reality that today most cloud service providers only offer lightweight infrastructure monitoring consoles to their customers that show basic up/down, consumption and top-level performance information. This information, while possibly sufficient for early dev/test cycles of departmental applications, doesn't provide anywhere near the level of visibility, diagnostics or tuning capability that production applications require to deliver meaningful levels of service. This problem is particularly pervasive among IaaS-focused cloud services which may provide VM-level monitoring but treat what's inside the VM as a black box. Furthermore, most vendor-provided tooling isn't integrated with other sources of information such as logs and other cloud applications. Organizations that intend to use the cloud for "serious" application development should make sure their cloud services provide deeper levels of instrumentation on par with what they use for on-premises IT.

It's a hybrid cloud, not a siloed cloud
Many cloud service providers attempt to offer customers operational tooling that is specific to their cloud only, with no linkages back to on-premises IT. This model may be fine for small "cloud-only" organizations, but for organizations of any scale with any existing on-premises IT environment, clouds should represent an extension rather than a new silo. In other words, a hybrid IT estate consisting of on-premises IT assets and cloud-hosted IT assets needs to be treated as one estate rather than two or more. Otherwise, redundant people, processes, skillsets and tools will be required to manage these siloed environments, bringing along hidden costs and limiting workload portability across the estate. Organizations with existing on-premises IT footprints should make sure their cloud services can be managed through the same single pane of glass as their on-premises IT environments, with the same skillsets and processes, and by the same people.

Why should cloud be less secure than on-premises?
The CIO's office and IT Operations departments in every large enterprise have spent most of the last decade instituting governance practices such as managing configuration consistency, largely as a security and compliance measure. Creating gold standard templates, applying rules of engagement for deployment, rectifying drifts and regressions and providing special handling for sensitive data are "table stakes" requirements for any mature IT organization. Yet many cloud service providers offer no such governance capabilities for environments in their clouds - essentially expecting their customers to take a "leap of faith" that every single individual consumer will somehow manually apply corporate standards to cloud environments. Maintaining security of applications and data in an increasingly hacker-filled world is hard enough - but it's absolute madness to throw away those practices just because some instances happen to be hosted in a cloud. Organizations should demand full configuration management, compliance management and governance features from their cloud service provider, on par with what is available for on-premises IT.

Workload portability needs to be a two-way street
Cloud service providers are winning customers with very simple-sounding "snapshot," "migrate" and "lift and shift" offerings to move instances from on-premises IT to clouds. But customers often forget to consider, what if, in the future, they want to move some environments back on-premises? For most cloud service providers who have no on-premises IT business, this use case is unthinkable and threatening, yet for customers in the real world, it's arguably the most important way to avoid lock-in and preserve business flexibility. Even those cloud service providers who do offer some kind of bi-directional migration often do so by placing undue infrastructure requirements on customers - basically forcing them to retrofit their on-premises data centers to match the bill of materials resident in the cloud data center. They do so freely because in the end they aren't interested in actually allowing customers to move environments back...they are just "checking the box" on bi-directionality. Enterprises need to think ahead to the reality that the relative percentages of their hybrid estate hosted on-premises or in the cloud will fluctuate over time. Organizations should require bi-directional platform workload portability from cloud service providers, regardless of infrastructure considerations.

Conclusion - treat hybrid cloud as one cloud
All of the issues mentioned above can be avoided technically. Cloud vendors exist today, especially in the platform-as-service space that can cover the needs of Development, IT Operations, DevOps and the CIO's office for the full spectrum of workloads and use cases, from departmental dev/test to mission-critical production. However, not every vendor can do this, and doing it well is not easy, so many cloud service providers simply do not. Prospective hybrid cloud consumers, especially at the enterprise level, need to think ahead and demand enterprise-class monitoring, governance, migration and security capabilities from their cloud providers, and should "vote with their wallet" when cloud providers can't provide those capabilities. If they choose wisely, they can achieve a true hybrid cloud environment instead of a sprawling set of many environments.

More Stories By Dan Koloski

Dan Koloski is Senior Director, Product Management and Business Development at Oracle. Dan Koloski is a software industry expert with broad experience as both a technologist working on the IT side and as a management executive on the vendor side. Dan currently manages the Central Product Management organization for Oracle's Systems and Applications Management group, which produces the Enterprise Manager family of products. Dan's role also includes partner and ecosystem activities.

Previously, Dan was CTO and Director of Strategy for the Web BU at Empirix, which he helped spin out and sell to Oracle in 2008. Dan holds a B.A. from Yale University and an M.B.A. from Harvard Business School.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.
Digital Transformation is well underway with many applications already on the cloud utilizing agile and devops methodologies. Unfortunately, application security has been an afterthought and data breaches have become a daily occurrence. Security is not one individual or one's team responsibility. Raphael Reich will introduce you to DevSecOps concepts and outline how to seamlessly interweave security principles across your software development lifecycle and application lifecycle management. With these new automated application security methodologies, organizations will be able to minimize their risk with digital transformation & migration to the cloud, comply to new regulations, and prevent data breaches from ever happening.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a member of the Society of Information Management (SIM) Atlanta Chapter. She received a Business and Economics degree with a minor in Computer Science from St. Andrews Presbyterian University (Laurinburg, North Carolina). She resides in metro-Atlanta (Georgia).
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading these essential tips, please take a moment and watch this brief video from Sandy Carter.