Project Management

Cloud computing migration issues: What you need to know

Rick Freedman thinks 2010 might be the year of the cloud. Get his tips on what IT consultants must know about migrating clients to cloud computing.

 

In an industry well-known for "the-year-of" hype around new technologies, many see the cloud computing buzz as an extension of previous "year-of" technologies, such as application service providers, software as a service (SaaS), and utility computing. In this case, the hype may be true. In an InformationWeek Analytics survey, 46% of companies surveyed say they'll use or are likely to use cloud CPU, storage, or other infrastructure services; this is up from 31% just one year ago.

Our mission as IT consultants is to understand: what the cloud is and what benefits it offers clients; what challenges and obstacles clients might have to overcome to tap into the cloud; and how their management of IT must change to secure and control their new cloud-driven infrastructure. When you migrate a client to the cloud, the issues you'll face fall into the following overall categories.

Security

Security is an obvious threshold question; if the cloud is not secure, enterprises won't consider migrating their sensitive data to it, and the conversation is over. As Salesforce.com has proven, external SaaS providers can provide a level of security that will satisfy most customers. Migrating sales leads and prospect data is, however, quite different from outsourcing key competitive information, such as R&D specifications or corporate strategy documents.

As Craig Balding (author of the Cloud Security blog) noted in his speech to the security conference BruCON, many cloud infrastructures are composed of patchworks of open source code that may bring their own underlying vulnerabilities. He also states that since public clouds are multi-tenant, your application could be affected by the vulnerabilities or defects of your neighbors' code. You must ensure that you understand the underlying infrastructure of the cloud to which you migrate your clients; you must also advise clients to include security in their cloud SLAs and terms of service. If data center security is not your area of expertise, I'd advise engaging a security expert before migrating your client to the cloud, as service interruptions or vulnerabilities make for embarrassing and tense customer interactions. As Balding says, many cloud vendors are performing "onboarding audits" to reassure prospective customers that their level of security is sufficient.

Vendor management

When the cloud is your IT platform, and it's in the hands of an outside firm, how do you ensure that their technical or business problems won't become yours?

Speaking of SLAs and terms, the experience of migrating to outsourced providers should give you a good starting roadmap, but the terrain in the clouds is different. Since the whole idea behind cloud computing is to offer a standardized, multi-tenant infrastructure, cloud vendors may not offer the same level of custom SLAs as IT managers are accustomed to. Some of the large vendors, such as Amazon.com and Microsoft, are integrating management dashboards into their cloud offerings. As you can see from Amazon's Service Health Dashboard, the level of information offered is pretty basic and might not be enough to satisfy many organizations. For clients who need more information, Amazon offers Amazon Web Services Management Console, a customizable monitoring interface with a more robust set of data. Other cloud vendors are following, and cloud management startup firms are springing up to address this need. Still, you need to assist clients so the cloud services they dial up are manageable and can be monitored sufficiently to ensure they won't have interruptions and performance issues.

Technical integration

The technical issues are also complex. Most firms that migrate to the cloud do so in a hybrid model, keeping certain key elements of their infrastructure in-house and under their direct control, while outsourcing less sensitive or core components. Integrating internal and external infrastructures can be a technical quagmire.

Go to the Web site of cloud vendors such as Joyent, and you'll find on-demand cloud services that can be purchased in real-time with only a credit card. While cloud services can be easy to purchase, does that mean they'll be easy to integrate into your current IT infrastructure? Cloud vendors expect customers to provide, or to develop jointly, a "virtual image" that specifies their basic server configuration, which is then built inside the cloud and offered as a service. (This implies that the organization has a standard configuration!) It also requires the IT team to have the skillset to create a VM template that includes the infrastructure, the application, and the security required by the enterprise. Force.com, Salesforce.com's cloud offering, is leading the way by offering integration as a service on top of its cloud offerings.

You must help clients develop the "golden image" that will be the basis for their cloud server configuration, and then integrate that cloud into the "hybrid cloud" with their existing data centers and applications.

Process and culture

There are also the ever-present political and cultural landmines. When anyone with a credit card can surf to the Web site of a public cloud vendor and dial up teraflops of cloud capacity, how does IT maintain control of its application architecture (or does it?).

We've seen that cloud services are available with a credit card. When IT power becomes cheap and easily accessed, IT's control over its internal customers can be diluted, as we saw with the initial explosion of client-server computing. When a corporate department wasn't getting what it wanted from IT, or wasn't getting it fast enough, they simply went out and bought a server and a cheap, shrink-wrapped application and stuck it under the desk. The nightmare this caused in terms of IT consistency, integrity, and management is nothing compared to the potential for disruption of a dial-up cloud.

You must work closely with clients to ensure that when they bring the cloud into the enterprise it's done with all the required procedural safeguards in place. IT needs to be involved in the decision of which applications are cloud-eligible to ensure that sensitive data is protected and available. Most of all, you can help clients develop the processes that will keep them in control of their infrastructure while not becoming a roadblock to the innovation and cost savings that the cloud can offer.

Bottom line

Based on the uptake by major vendors such as IBM, Microsoft, Salesforce, and Amazon, and the energy evident in the startup community, it seems that 2010 may really be the year of the cloud. You must make sure that you're ready to help clients glean cloud computing's benefits, while avoiding the pitfalls.

Additional cloud computing resources on TechRepublic

Get weekly consulting tips in your inbox TechRepublic's IT Consultant newsletter, delivered each Monday, offers tips on how to attract customers, build your business, and increase your technical skills in order to get the job done. Automatically sign up today!

About

Rick Freedman is the author of three books on IT consulting, including "The IT Consultant." Rick is an independent consultant and trainer, working, through his company Consulting Strategies Inc., to help agile teams and organizations understand agile...

25 comments
rayandean
rayandean

A good deal of time and money in the IT industry has been spent on trying to make applications portable. Not surprising,According to the [url= http://cloudswave.com/blog] cloud computing blog [/url] the goal around migrating applications among clouds is to somehow make applications more cloud-portable. This can be done in at least three ways: Architect applications to increase cloud portability. Develop open standards for clouds. Find tools that move applications around clouds without requiring changes.

Saurondor
Saurondor

I think the first thing people need to understand is the fact that there are many "cloud computing" products out there. There's the big software service such as Salesforce, Gmail and Google Apps. You just rent it, put your stuff on it and it works. Then you go all the way to the "cloud hosting" that you mention. Your credit card buys you so much CPU and storage a month. The problem will begin to arise when people contract their 15 Dollar a month cloud server and expect their application to run like Google Apps. I see a lot of cloud products being sold as shoot and forget. Come on down put your stuff right here and be happy. I believe people need to analyze what they have. Is it hosted inhouse or already hosted outside? Are we talking about a commodity service like email or specialized core business application? Is it a product or service that is good to have and can't be provided inhouse? There is a big preconception that moving to the cloud will save costs. Take your datacenter there and cut down on IT costs. But taking your inhouse application and moving it to a cloud hosting will not make it robust, dependable and fail safe overnight. Cloud computing in any of its manifestations is a good way to do new things or do old things in a new way. To view cloud computing as only a cost saver is to underutilize its potential. But it's benefits do not come without a cost. Adding to your points I see the following: Security Aside from the cases you mention about putting your companies information in the hands of a third party. Attention must also be placed on security in developed applications. If we are moving an application or developing a new application in a cloud service model we might end up using the providers API. How well do we know this API? How secure is our application by design? How safe is it from our own accidental misuse? How safe and stable is it as the provider matures its platform? Vendor Management One of the main concerns with cloud computing is access to your applications and most importantly your data. If you're renting cloud hosting the problem is trivial. You move your image and data to another similar server in your premises. But what if its an service or worse yet and application you developed around the vendors API? Vendor management should not only cover uptime, but platform roadmap as well. We are used to having time to test our applications before applying a patch or upgrading to the next version. How does our client's development roadmap fit into the cloud vendor's roadmap? Will our application break on the next vendor's cloud upgrade? Technical Integration and Process and Culture It seems inevitable that the emergence of these cheap and very scalable solutions will lead to the abundance of internal department solutions. Its the second wave of VB programmers and Access form developers. Just like a decade ago we saw the surge of Excel, Access and Visual Basic solutions that were improvised to satisfy certain needs. We can expect something like this to happen as well with cloud services. With the added fear factor of such words as : concurrency, threading, authentication, authorization and scalability added to the design equation. There is a great deal of potential for the companies that can provide cloud development tools for the layman to use with ease while still maintaining the high level of security and interoperability these web applications will require. Matched with cloud only devices like Chrome OS powered netbooks we can soon see a boom in the development of these types of web only applications.

Deadly Ernest
Deadly Ernest

Any Cloud Computing option has to, by its very nature, introduce major problems with operational reliability. In CC you no longer have to worry about anyone damaging a network cable in your building or campus, but about anyone in the world between you and the service provider damaging a cable. You also have to worry about bad weather and traffic accidents for every metre / yard between you and them, and the power companies along the way too. All it takes is one point along the way to cut the connectivity, for any reason, and your whole company computing system is off line and out of operation. That's way too many critical points waiting to bite your posterior. Then, you have security, you don't get to run security checks on the staff of the company you pay to look after you data with CC, any one of them may hold a grudge against your company and the other company won't know to take action. Or of a third party offers your CC company a huge cash bonus to get a peek at your data. You have no security control at all.

Tony Hopkinson
Tony Hopkinson

making, aside from downplaying security, privacy, connectivity and control with "oh you can trust us!" are a short term technical issue and a long term business consideration. The cloud isn't simply renting machine space off vendor X. It's a different platform. Just look at the cost difference between renting database space on SQL Server at a data centre, to file space for a property bag approach. That's a huge re-engineering task. Then there's moving towards a more pararllelisable modular approach when most basic business apps tend to run towards monolithic and almost single threaded. The long term problem should be obvious even to now oriented Mr Magoos who tend to lead businesses. When you are wholly dependant on a third party.... In the normal course of events, we are going to end up with very few and very big providers. They will sew up the market, probably set up something like the RIAA, and then demonise, perecute and after judicious campaign contributions to the legislature prosecute, anyone who chooses not to pay them their cut.

Sterling chip Camden
Sterling chip Camden

Especially the "process and culture" paragraph, which rings true to experience. Historically, companies have often jumped into new IT innovations before they're well understood. It will be interesting to see how cloud usage evolves, and we consultants will need to keep a sharp eye out for client pitfalls.

Deadly Ernest
Deadly Ernest

only a fool will trust critical data or operations to a Cloud Computing environment at all. I know of one company that was considering it, but had to give up when they found out it would cost them a multi-million dollar contract as no Cloud Computing service can yet meet the security requirements of the contract. I can see Cloud Computing being extremely useful for in-house use as a new sort of thin client type operations, thus making it easier to operate with mixed desk top computers as all you need is a browser to work on the in-house servers. I can also see it being useful for educational institutes to suggest to their students who can't afford the up front cost of the software needed to do their classwork and assignments. They pay a monthly fee and have all the software they need available from their home, the school / college / uni / etc and other places when visiting. For business, Cloud Computing greatly increase the risks of system down time, security infractions, and loss or theft of data.

CG IT
CG IT

for the cloud computing vendors. That really is the bottom line for software and hardware mfgs spinning the advertising hype that cloud computing is the next best thing for business. Not only that, but once you or your business is using the cloud, changing is a monumental and cost prohibited undertaking. Business would do well to understand that once they move to the cloud, their locked in.

Saurondor
Saurondor

Well I've used or seen "cloud" services used over the past few years with success. Of the three modes, rented services, hosted applications and rented space. I've used services such as Google Apps and I've used rented space in the form of virtual machines running an image. I've seen people I work with use the hosted application model in which they develop the application and host it with someone that takes care of the underlying server. Moving our email to GMail and getting Google Apps has been beneficial because it frees us of having to maintain a mail server and gives us new tools to work with. We are not moving our "desktop" to the web, but rather complementing the tools so we can work on documents with geographically separated members of the team and/or clients. Using rented cloud servers has been beneficial in terms of response time and costs. Since we basically get the same OS install we get if we rented a full server there is no real management difference. The benefit kicks in when demand grows or diminishes. I can upscale a server or downscale it in minutes. I can ask for four more, use them a week with a load balancer and then shut them down. I only get billed for what I use. Before it was a lot more complicated and costly to estimate a year's demand in server load. When slow traffic months hit you still had to pay for the full thing. Now I've been using BSD virtual private servers since 2000 and although I never had a security issue of a jail break in I was hit by performance issues as the neighbors overloaded. So there is a risk of that in cloud hosting, but then again there's the same issue in virtualization. Should we stop using inhouse virualized servers? Hardly so. I believe such technical issues can be addressed and solved. On the topic of hosting inhouse developed applications. Well I'm not too confident with that. I prefer to have my own infrastructure and not depend on third party APIs. But I can clearly see the benefits for companies, people and projects I've worked with that lack the resources and skills to manage everything: server, storage, database and applications. A counterpoint I've heard to the drawbacks I've presented for this type of cloud service is: applications break with different Windows versions too and the same can happen with an application that goes out of mainstream support. So I have to hand it to them they have a point.

Deadly Ernest
Deadly Ernest

lock in is a cash cow chain, which is why MS are really, really pushing for the Trusted Computing to be implemented across the board.

Tony Hopkinson
Tony Hopkinson

might treat some of their claims about how valuable it is to us as suspicious.... The whole thing has the credibilty of an email scam or pyramid scheme to me. Step one Gather large bunch of Sheepdogs. Step two Now you have Gartner, gather sheep Step three Fleece them, eat their children, and when they pass their sell by date, there's always the dog food market....

CG IT
CG IT

there are 6 billion people in the world, that's a lot of potential customers. More importantly, that's an almost inconceivable amount of montly income for a business that provides consumers online storage. And it's that, the sheer amount of money a company could potentially rake in every month that has virtually every Cloud Computing vendor spending millions of dollars with advertising and marketing firms spinning the benefits of Cloud Computing. It's like cell phones companies with millions of users with a $50.00 a month bill. If AT&T has 3 million users of their cell phone services each with a $50.00 a month bill, that is $150,000,000.00 a month income. That's a large sum of money coming in each month. Cloud Computing vendors are trying to convince the general population that using their services is better, easier, safer way to store data, all the while salvitating over the sheer enormity of monthly cash that could come in from the potential billions of consumers. Don't see any of the Cloud Computing gurus mentioning that.

Deadly Ernest
Deadly Ernest

less knowledge of the other ramifications are also supporting Clouding Computing because they do not understand the full picture. the other side is the marketing is aimed at the senior executives who have even less knowledge of the technical side of things. I hear and understand what you say about resizing ability, but that only comes into play AFTER you can confirm it is safe and wise to place your operations and data storage out in the Cloud and outside of your control. For most businesses, such a situation is neither wise, or legal - privacy laws come into play now days. I know one organisation where it would be useful to have their operations handled by a hosted Cloud Computing service, but I doubt there is a Cloud Computing service provider who's prepared to have every person who enters the server room passed through a full Department of Defence Secret security check - several months worth of work costing thousands, and the research contracts require all person who have ANY exposure to the data MUST be so cleared before they are allowed anywhere near the data. To meet this requirement, the senior contractor had to create and establish it's own IT unit with a server room within an existing establishment with suitable physical security, have everyone involved checked, and organise for the hundreds of researchers at other locations link in via encrypted VPNs. By the time all was set up, it involved hundreds of thousands of dollars for equipment, staff, and security checks. Yet it operates exactly as a Cloud Computing operation, but will never go to the cloud per se and never operate over the normal Internet, because of the security needs. Hospital health records could never be legally stored or accessed via a Cloud Computing operation hosted externally, but can be an internal set up - like a thin client. Again, laws intervene.

Deadly Ernest
Deadly Ernest

exposed data on a hosted computer, such as happens with me own web site, and putting critical data or data protected by privacy laws on a hosted server where you have absolutely no control or say over who has physical or electronic access to the servers themselves. Put the data outside, and you lose control of it. Yes, Cloud Computing can be good for situation where you do NOT care if the data is compromised, but where confidentiality is required, you need absolute control. Another aspect, using desktop services over the Internet based in the next city can mean any damage to the link between you and the server puts ALL your desktops off line. There is a damn sight more to be considered that is mentioned by those promoting Cloud Computing.

Saurondor
Saurondor

If someone listens blindly to proponents they deserve what's in store for them down the road. I don't see cloud computing's strength in brute data storage. It has proliferated because having a static IP with a known domain is better(read easier) than setting up your home computer as a server (provided your ISP gives you a publicly visible IP). A strength is on demand computing. The ability to resize your infrastructure on demand. But that requires skill to handle and most end users don't care for that, just their photos, videos and what not. So we see mass storage more often, but it's not necessarily the only cloud computing model out there.

Saurondor
Saurondor

I don't understand why you say that going to the cloud takes away all control, security and immediate access. People have been putting critical systems in hosting services for quite some time now. You can put your web facing applications on a server in your cubicle. But then the guy with the backhoe has a better chance of interrupting them than the guy with a backhoe on a hosting site with redundant fiber optics. Unless of course you have triple redundant communication cables, but then how much is that costing you? And how many companies can afford it? If they can't afford it they can't have it. Thus the choice is between not having something or having something which is a bit less reliable, but works 99.9% of the time. Between 0.0% availability (because I can't afford it) and 99.9% availability I choose the second. Wouldn't you?

Deadly Ernest
Deadly Ernest

only doesn't happen, but can't happen with the Cloud Computing environment. They go on about how much better and cheaper Cloud Computing is, yet, for the average business, if you still have to keep back up copies on your site to ensure you don't lose it, why should you pay to send it over the Internet to someone else? Only one place data is really safe and secure, and that's within your own storage facility with proper backups and safely stored. Apart from the two options I previously mentioned, the only other Cloud Computing I can see some use for is off-site back up storage, yet the Cloud Computing services for this are already folding and showing operational problems, including serious data loss.

Saurondor
Saurondor

All that info stored there came from somewhere. Cloud computing is not an excuse for poor practices. Could I claim USB drives are poor media choice and shouldn't be sold because I backed up my info on one and then lost it? People have hard drives packed with info and no backup. When those drives fail they loose info. People have been using proprietary file formats for years. The day the company that develops the tools for those files fails you loose the ability to keep the files up to date or maybe even use them. Has that stopped proprietary file formats? Hardly so. Companies take special care in choosing their software providers. Same thing applies to cloud services. And even then we have fiascos like the music DRM from known companies that decide to shut down their service. Thus leaving your music stranded on a few devices. The issues you mention with cloud computing occur in other fields as well. Precaution is taken to mitigate their impact. Cloud computing is not the bullet proof solution to all mankind's problems.

Deadly Ernest
Deadly Ernest

The HP Upline data backup service closed down with only a few weeks notice for people to get their data, much of which wouldn't be recoverable due to the heavy usage and bandwidth restrictions. The same process happened during 2009 with a Cloud Computing Photo service like Photobucket - I forget the name of the service that went belly up, but they only gave a couple of weeks notice and most clients weren't able to recover their photos due to the lines being jammed pack all the time as a portion of their clients got lucky. Also, the TR report at: http://content.techrepublic.com.com/2346-1035_11-376810-1.html list web sites that went belly up, some of them being Cloud Computing style services that failed, and cost users lost data and fees. Experience is Cloud Computing is full of problems.

Tony Hopkinson
Tony Hopkinson

will perform very poorly in the cloud. People with real skills will be needed to address that. I can see uses for it, not core business though. Others issues aside simply re-engineering them for the new platform, will knock the entire idea on the head.

Deadly Ernest
Deadly Ernest

not where you have critical systems, information, or processes where it matters if you lose access to them for periods of time or the information becomes known to others or the data is lost completely. Going into the cloud takes away all control, security, and immediate access; it also puts your operation at risk of being stopped by many factors outside your control - even something as simple as an idiot with a backhoe who's digging a hole in his yard and hasn't checked if he has any communications cables buried in it, or an accident that takes out a roadside cable.

CG IT
CG IT

once businesses are on the Cloud their locked in having to pay a monthly fee. Basically it's like the new health care or car insurance in the US, you have to buy.