Costs and risks to consider when planning a move to the public cloud

If you're considering a move to the public cloud, you need to conduct a risk and cost analysis vs. that of creating your own private cloud. Here, Colin Smith gives you some points to consider and an example of one such calculation.

Amazon's EC2 has set the bar for VM/hour costs in the range of $0.05 for a small (2GB) reserved instance. This is the benchmark that internal IT organizations will need to compare against. How does your organization measure up? Do you have an internal cost per VM hour that you can meaningfully compare to EC2? In this post, I will try to compare the cost savings associated with a public IaaS cloud and the value-add of internal IT. (Note: I used EC2 for my analysis but a similar analysis can be made of other cloud providers.)

In trying to understand the value proposition of internal IT compared to a public cloud I wanted to compare like to like. Since the charging metric used by public clouds is cost per VM hour, I looked for industry figures using that metric but I couldn't find anything authoritative. So I took it upon myself to create a working number based on conservative estimates and a little over inflation so that whatever I come up with is at least in the ballpark if not lower than the actual cost per server hour for the typical enterprise. Here's how I came up with $0.25 per server hour:

1.       I used the Rackspace dedicated hosted server basic configuration as an analog to the traditional data center server. The cost for a 3.5GB hosted server is $419 per month. That works out to about $0.58 per hour.

2.       Let's assume a 20% margin on the part of Rackspace and 20% management efficiency on the part of the on premise IT department and we come up with an hourly cost of $0.35 per hour.

3.       Now the Rackspace server is a little beefier than the EC2 small instance so let's shave off another $0.04 per hour (11%).

4.       That leaves us with a cost of $0.31 per hour.

5.       Now I've probably missed something so let's use a margin of error of 20% and we end up with $0.25 per hour as a conservative estimate.

So now we are comparing a public cloud IaaS offering of $0.05/VM hour to $0.25 per physical hour gives us a 500% cost differential. How does the IT department address the cost gap?

Lowering costs

First of all, we are comparing VM hours with physical server hours. We need to adjust that. Some analysts claim server utilization rates in the 4% (Data Centers Only Operating at 4% Utilization) to 7% (Kundra: Fed Data Centers 7 Percent Utilized) range, but according to Gartner, traditional data center server utilization is between 15-20%. If virtualization can get that number up to 40%, then we are looking at $0.125 per hour, assuming no increased costs associated with virtualizing.

Adopting virtualization technologies is a great first step in lowering costs but we're still at more than double the public cloud price. What else can the IT department do? Most organizations of significant size will introduce management tools to reduce overall management costs and increase the reliability of the data center.

So perhaps that reduces the cost by another 20%, bringing our internal costs down to $0.10 per VM hour.

Business requirements

Not bad, but still double the public cloud price. Can you justify the higher cost to your CIO or CFO? This is where understanding your organization's business comes in to play. What are the non-cost issues that you need to be aware of? What about some of the following:

SLAs: EC2 offers 99.95% uptime guarantee but what happens when your servers go offline for an extended period of time - remember last year when lightening hit one of Amazon's data centers and some clients were down for four hours? You get a credit on your invoice for the following month if you bother to ask for it. How do the EC2 data center operations staff prioritize which of the thousands of servers need to come up first? What if your SQL server comes up before your Domain Controller? Security: Data Leak? Data Ownership? Jurisdiction? How well screened and controlled are the cloud providers staff (remember David Barksdale)? What type of perimeter security do they have? What rights do you give up when your data is stored on another organization's hardware? What procedures do they have in place when they dispose of hard disks? What happens in a multi-tenant cloud when one tenant is investigated by authorities like DHS or the IRS and the all of the hardware that they had information on is seized? Is there a guarantee that your data will not leave a particular jurisdiction? Regulatory compliance: SOX, PCI, PIPEDA, HIPAA, GLBA, etc. Can you maintain compliance with a key system in the public cloud? Others: Are your existing licenses portable to the cloud? What happens if your cloud provider goes out of business?

Are these risks ones that your organization is willing to accept? Once you have a handle on your business requirements, you might just find that it makes sense to move some applications to a public cloud. Perhaps training servers, demo environments, or UAT are a good fit.


I've highlighted just a few of the areas where on-premises IT can add real value to justify costs higher than the public cloud. Couple this with strategies to lower operating costs (like virtualization, high availability, self-service portals, rich management tools) and it starts to look like your organization has taken steps towards creating a private cloud. The actual costs for your organization may be different but I think the message is clear: Enterprise IT's best response to the public cloud is to start planning for a private cloud!


Colin Smith is a Microsoft SCCM MVP who has been working with SMS since version 1.0. He has over 20 years of experience deploying Microsoft-based solutions for the private and public sector with a focus on desktop and data center management.

Editor's Picks