Cloud or Data Center? Jeff Gilmer of Excipio Consulting shares best practices.
A hasty decision to move to the cloud can lead to trouble. There needs to be a substantial, comprehensive process. What factors should your organization consider in that process?
This interview will give you valuable insight into finding the right answers for your specific needs. Jeff Gilmer of Excipio Consulting has led dozens of processes to determine what an organization’s cloud strategy should be, deciding what would work well in the cloud, what applications would thrive in more traditional data center environments, and how it should all come together.
In the discussion, Jeff talks about the importance of your organization understanding why a transition to the cloud is being considered and making sure the company’s business goals match up to solutions and strategy that you decide upon.
The conversation is highlighted by Jeff sharing the six steps of discovery that your organization must undertake to maximize the probability that the choices you’re making regarding are the correct ones. This interview offers value insight into a process that has helped many organizations decide upon a strategy that enables them to grow and strive.
You can listen to the full conversation in the player above and can read the full transcript of the conversation below.
Kevin O’Neill, Data Center Spotlight: This is Kevin O’Neill with Data Center Spotlight, I have with me today Jeff Gilmer of Excipio Consulting. Jeff, thank you for joining us today.
Jeff Gilmer, Excipio Consulting: Yeah, thank you, Kevin.
Data Center Spotlight: This is the second time Jeff has been with us, he’s becoming a frequent guest, and we are going to be talking about cloud strategies, best practices in cloud utilization, which is certainly a topic that’s on everyone’s mind, Jeff, so I appreciate you taking the time to join us today.
Jeff Gilmer: My pleasure.
Data Center Spotlight: Jeff, based upon your experience, and your experience is extensive, can you give us an idea of the key areas in which people need to understand for them to pursue best practices in the cloud? Obviously, the goal of any organization is to use IT at its most effective level, and that’s what people are trying to do here, and sometimes it’s the cloud, and sometimes it isn’t the cloud.
Jeff Gilmer: Yeah, so there are different things, and obviously we can get into this a little bit more as we continue, but understanding just the basic differences within the cloud offerings is very confusing today. There is no set standard, when you look at each organization, every organization has their own unique aspects to it, and those aspects relate to the application and services they’re providing, to the infrastructure and other areas. So when you look at a company’s overall IT department, and IT gets asked by some executive within the organization that, “hey, why don’t we close the data center and move to the cloud?” That has some significant ramifications to the business. Cloud sizing is not something that there’s always a common answer for, every environment is unique, you need to look at those unique demands within your business before you can understand it.
There’s a series of different considerations or best practices that need to be understood before you can really go into even selecting a cloud provider, let alone putting together a migration project, and that can be very complicated on all the different offerings that cloud providers have, and being that there is no standard, each one of them has their unique characteristics. And then you also get into the aspect of we often hear, well, if I’m going to move these migrations to the cloud, I want to optimize these applications, or I want to update them, or I want to make changes to them, or other factors, and the reality of it is, you really should look at moving those applications to the cloud when they’re cloud ready, making that migration, and then using the cloud to be more for your capacity planning, and for the utilization of that application, or things where you can turn off your time in the cloud so that you can conserve your financial costs, and other factors with it, make the best benefit of it. So, all of those types of things are really different areas that an organization should really talk about, should really understand, and really should compare before they consider making a move to the cloud solution.
Data Center Spotlight: Now, Jeff, are you finding as a rule, are the people that you’re doing data center and cloud evaluations for, in your consulting clients, are they a little more informed about cloud computing, and the realities of cloud computing that we’re talking about today, than they were maybe two or three years ago?
Jeff Gilmer: Well, I think they’re a little bit more informed, but again, when you go back to, the market itself creates confusion around cloud computing, right? You have almost every single marketing program out there, when you start to look at the product companies, and the service companies, has the word cloud in it, and what does cloud mean?
A cloud storage solution is one thing, a cloud software as a solution is completely different from another cloud offering. There’s public cloud, there’s hybrid cloud, there’s private cloud, now I just heard community cloud as the latest term that you’re hearing lately. There’s infrastructure as a service, software as a service, platform as a service, and there’s infrastructure as a service for only storage, or there’s infrastructure as a service for an entire stack from servers all the way through. So, there’s a wide variety of that, and if you like, Kevin, I can get into some of the definitions-
Data Center Spotlight: Yeah, I was just going to ask you, there aren’t really industry-standard definitions of cloud services as you mentioned. Actually, I’d be interested in your description of some of the primary cloud services available today.
Jeff Gilmer: Yeah, so when we start to talk our clients, or at a seminar we talk about, we do simplify, is probably the right word, the cloud offerings, and we simplify them down into three different categories, the public cloud, the private cloud, and the hybrid cloud are really where we go, and the secondary level infrastructure as a service, as software as a service, or platform as a service can fit into any one of these types of cloud offerings, so that’s where you get this matrix of complexity. But to simplify it for everyone, the public cloud is where you are really in a multi-client environment. So you are sharing that cloud computing with a bunch of other clients. It means you do need to conform to the vendor who’s providing that public cloud service, you do need to accept their security levels, and their different types of infrastructure they’re providing and other factors, and you are being shared in a public-type environment. The advantage is typically lower cost, the disadvantage, it may not meet all of your business requirements for utilization, for security, or other factors that you may have.
Then if you go to the other end of the spectrum, we go to the private cloud. So the private cloud is where a cloud provider is building out a specific infrastructure just for you as a single company. So that company only accesses this infrastructure for your environment. Now there is still some shared opportunities in the network area, maybe in the core network, within the data center facility side of it, with some of the management and monitoring and other aspects are all being shared, but you have dedicated private infrastructure for you. The advantages to that, you have security, you can do the scalability that you need, there’s a lot of different things you can do from a self-service standpoint, specifically to your company. Disadvantage, there’s a capital investment that provider needs to make to stand up that cloud environment, and based on that, there is going to be probably a higher cost, or at least an initial higher cost to get that cloud in place.
And then the third one is the hybrid cloud, and the hybrid cloud, you hear a lot of different things, but we really define a hybrid cloud is how the majority of people today are using the cloud environment. So the hybrid cloud still means that you’re managing some of your traditional data center compute infrastructure in your own data center today, on an on premise type of model. But then you might have some in a private cloud, that is somewhat secure, and you put it to a private cloud, and maybe you’ve got some web applications, or some test dev applications that are not as critical, that you can put into a public cloud. So you’re really working in three different environments there, with youron premise, with your public, and then with your private, each one of those a little bit different, a little bit unique. One of the key things that we’ll talk a little bit later is, you have to be careful in a hybrid cloud because the public cloud provider isn’t going to necessarily talk to the private cloud provider, isn’t necessarily going to talk to youron premise.
Because they’re using different infrastructure, and they’re using different parameters, sharing data between each one of those three can get a little complex, and sometimes it’s not possible.
Data Center Spotlight: Okay, that’s interesting. Now that we know that all three of these, public cloud, private cloud, hybrid are all increasingly popular. What are you, at Excipio, observing as far as cloud utilization goes? Are the rates of cloud utilization really growing fairly significantly?
Jeff Gilmer: Well, it’s interesting, Kevin, because if you read the surveys, you’d think that everyone’s using cloud, and you see things where people are using a term like cloud adoption, or people intend to adopt cloud, or cloud utilization, they’re all different terms, right. So, I was reading a survey the other day, and the company said cloud adoption is expected to be over 95%. Well, when you read the details of it, it said over 95% of the companies are looking to adopt cloud. That doesn’t mean that they’re using cloud. It means they’re working to structure the business to adopt cloud. The reality I think of what is out there, when you start to look at cloud usage is completely different than adoption, completely different than building a cloud-friendly architecture or applications. In reality, we’re finding that about probably over 50%, between 50 and 60% of the people are using cloud, but it’s only applicable at the most to 20% of the applications of the services they’re providing. So when you think about that, 50% of the people out there are not really using cloud today. Out of the 50% that are using it, less than 20% of those applications are really in a cloud environment, and that can be one application, meaning less than 20%. It could be one application, or 1%.
So, cloud is being used today. Cloud is growing quickly, when you look at it as an overall growth from a numbers and a use perspective, but from a complete adoption within your entire environment, it’s just not quite there, and we joke when we hear somebody that says, the CIO or the CEO says, I just want to get out of the data center business, I want to go 100% to the cloud. Well, there are some businesses that potentially could do that, but for most of the businesses out there, that’s just not a complete solution. They’ve got to look at all the different options on how best to run their IT department.
Data Center Spotlight: And it’s interesting, I’ve written about this a good bit. I said, there’s no real one right answer for the cloud. You see some major organizations going more or less all in with Amazon Web Services, or another public cloud provider, and then you see other major enterprises pulling out of Amazon Web Services into their own data centers. I guess it just has to do with the technological acumen of that company, what sort of infrastructure they run, what their applications are like, what they’re looking to achieve, what their business goals, etc., etc. and it just seems a lot of people are doing a lot of different things, and it also seems like as you referenced, when you look at the studies, cloud adoption isn’t nearly at the level that some people in the media seem to suggest on this.
Jeff Gilmer: That’s exactly true, but I think it really comes down to, Kevin, is when you see these people going to Amazon, they’re jumping into the cloud because someone said they should, or someone in the organization made a commitment to do it, but they’re doing the complete due diligence and discovery on their side to really understand what it means to go to the cloud. So that’s why they’re in the cloud, then they’re out of the cloud, then they’re in a different cloud, and then they’re out of that cloud.
You really need to spend the time to go through the steps of the discovery side, and also prepare for the migration side to make sure that you’re, number one, choosing the right cloud provider, and number two, making it a successful migration for the long term.
Data Center Spotlight: What are those considerations? If cloud sizing doesn’t have one single correct answer, since every company and every environment is truly unique, what are some of the considerations and the best practices, or better yet, what are the steps of discovery before considering cloud? You talk about going through a discovery process, what does that process best consist of? I know you folks at Excipio do that a lot.
Jeff Gilmer: Yeah, there’s basically, we can talk about it at a high level, we could spend four hours on it getting into the details, but there’s a certain series of best practices that you want to go through, and you want to accomplish, before you pick a cloud provider, number one, and then number two, those steps will allow you to build a migration plan to move to that cloud provider in the future. So, it starts with some very basic things. What are the services your organization is providing, and then identify what applications support those services? And when you get into the applications, it gets a little bit more complicated because one application doesn’t support a service. We’re delivering Service A, there might be five, six, or seven applications that support the primary application to really make that service function. Things from, the database servers, to the utility servers, to the web servers, to the primary application server tying back to storage devices, etc., right? So as you get into identifying those applications, you now need to understand what infrastructure it’s running on, from a servers and a storage standpoint.
You also want to look at the network, and the bandwidth of the network, and that becomes a big issue within certain industries, and we can talk about that a little bit more as we get into the details of.
But bandwidth, and latency, and some of the way the applications are designed, that’s where they’re going to have some faults, is on the network side of it, potentially. Then probably the last thing that people really need to understand is that when you go to a cloud provider, that cloud provider should be providing the redundancy and the ability to recover, with whatever it is you’re providing in that cloud environment, and while many of them tell that from a marketing standpoint, and promote it, and go through it, you really need to be careful and understand what really is happening within that environment. So, looking at your disaster recovery, recoverability is critical and understanding some of those criteria before you pick a cloud provider.
Data Center Spotlight: You talk about what services is it that your organization provides, and that being the first step of discovery towards consideration of what you want to do in the cloud. What does this entail?
Jeff Gilmer: Well, first of all, you need to look at the services you’re providing, right, and every business has services, and those services are going to be, it’s why they’re in business today, right? You’re in business to provide a service, or to provide a product, or to provide a solution, or to take care of customers, or clients, or whatever it might be. So defining and understanding those key business services is critical, but when it comes to looking at those services from a cloud or even from an IT perspective, you’ve got to understand your business operations, and you’re going to have regulatory issues. You’re going to have compliance issues. You might have, if it’s a public sector, state, county, city, state statues, or federal statutes that apply to that, that you have to meet. Some of the big ones that people forget to look at are their insurance and their client contracts. There are many times within insurance policies today that if you don’t have the correct ability to recover, or the correct infrastructure in place, that insurance contract may not have faith that that there’s a default on it.
Or from a client contract perspective, just looking at your client contracts, you maybe have committed certain things with these contracts that you need to meet. So really going through and understanding compliance issues, things like HIPAA and PCI, CJIS, and some of those other factors. The regulatory, the statutes, the insurance contracts, the client contracts, those are all critical before you go and look at what your cloud options are, because they’re going to be driven by meeting those requirements. Now, the second part of it, though, that a lot of people forget is, just because the cloud is compliant for HIPAA, doesn’t mean you are compliant for HIPAA, because as important as it is, the infrastructure, you’re responsible for the data, and the data has to be compliant as well, whether that’s data that’s encrypted in the storage environment, or it’s encrypted in rest, or it’s encrypted in motion, whether how that data is, recoverability of that data, how it’s retained. You can get into all these other things around data management, and data management still falls unto that company’s responsibility, not the cloud provider. So those are the first things you are going to look at, those business services, and more importantly, the critical business services, or the critical business functions is a common term before you even start to see, will it work in a public cloud? It may not, you may have to go to a private cloud to meet some of those compliance issues, or regulatory issues.
Data Center Spotlight: That’s interesting, and after that first step, how do you identify the applications that are being used to support the services that the business is providing?
Jeff Gilmer: Well, that’s an interesting discussion. I spoke at a seminar just last week on very similar topics to this, and there were about 250 attendees in the audience, and I asked the question, who in the audience has a very good understanding of their applications? A few hands went up.
Then I said, so who has a true inventory of their application, and I think 3 hands out of 250 went up. So one of the key instances, you’ve really got to have a solid idea of those applications, and identify those applications as they relate to running your business services. So we have Service A over here, you have to know what applications are supporting Service A. That’s a problem in today’s environment today, and while there are a lot of tool providers out there that will go and they’ll run, and they’ll tell you they’ll map all the applications when they’re going through it, they’re only really applicable to certain percentages, I think how we would word it. You might get 50, 60, 70% of the data, but it’s the other 30% you’re not getting, or 40% that you really need to understand. Then the only way you’re going to understand that data is to put your application people, put your server people, put your storage people, lock them in a room, sit down, and start identifying, this application touches this server, and your server person’s going to be able to say, yeah, but that server also touches this server, and the storage person’s going to say, but that touches this storage, this storage, and this storage, and then you can start to really understand it.
So, step one, we’ll talk about those other parts is, identifying all the applications that you have as related to running your business services, and that means what operating systems are they running on it? What versions are they? What databases are they tied, what versions of the database? All of those areas need to be really understood.
Data Center Spotlight: What’s the next step, Jeff, after you’ve isolated the applications, how do you proceed with the next step, and what is that?
Jeff Gilmer: Well, just because you go through and you get an inventory of your applications, doesn’t mean that application can run in a cloud environment. That’s the next step to it, and just because the primary application can run in a cloud environment, doesn’t mean the secondary applications can operate in a cloud environment, which means are you really going to be able to deliver that service if you move the primary applications to the cloud environment? Maybe, maybe not.
So you really have to look at, what we would call move groups. What are those application move groups, and all those interdependencies between that move group before you can move it to the cloud? So if you select application A, you need to know that application A is also supported by application 7, application 8, application 9, application 11, application 15, whatever it might be. Well, all of those secondary applications, and the primary application need to be grouped together to function as your move group. Sounds pretty simple, like this application, like I tried supporting it. Where the complexity comes in is I’ll try supporting one, one of them might be a database, and you might be supporting two different applications as well. So now you’ve got all these interdependencies between your applications, and the secondary applications, and in most organizations, as they’ve grown up over time, they’ve just brought up additional virtual sessions. They’ve brought up additional applications, they’ve brought up the needs from the database, they’ve brought up web servers, they’ve integrated and they got the applications to function, but they haven’t realized the impacts of all the interdependencies with all those other applications that they’re now connecting to. So, you’ve really got to back and map that and understand that before you can even make a decision, can I move those applications to the cloud? Can I move the service to the cloud? If I can’t move 100% of the applications, including all its interdependencies, probably can’t move that to a cloud environment successfully.
Data Center Spotlight: Okay, so at this point we have discussed step 1, addressing what services your organization provides. Step 2, the discovery process of the applications to support those services. Step 3, discovery of the interdependencies of the applications.
And now, I guess step 4 would be to define the infrastructure that supports those applications. Is that the case?
Jeff Gilmer: Yeah, I mean absolutely, you’re exactly correct Kevin, and if you don’t know the infrastructure that those applications are running on, how can you understand the infrastructure that’s required in the cloud environment to even move them to? Are on a [[UNKNOWN]]? Can they be a virtual session? Are they reliant on an independent physical aspect that you’re not aware of? What are the connectivity aspects to the storage? Does it require a certain type of level of storage, a certain commitment level of storage? Is it running on SAN, is it running on NAS, what is it functioning under in the storage environment? All of those factors come into play before you can go and select a cloud provider, and a lot of people look at it and simplify it way down, those details are critical. So now you need to go back, and you need to look at that application, and all the secondary applications, and you need to map that to the appropriate servers, and the appropriate storage and understand the functionality of that, and make sure that you can provide a comparable environment, within the infrastructure that you’re working in, from that cloud provider.
Now, you may not know what that infrastructure is, you may not have any idea what infrastructure’s being provided by the cloud provider, but you need to work with that provider before you even look at a proposal from them to make sure this will function in your environment, and have them demonstrate to you in one pass or another, how it does function in that environment.
Data Center Spotlight: That sounds like, and I know that to be an amazingly complex process, so I would imagine the different environments in which different applications thrive, I would imagine that’s the reason for the growing popularity of hybrid cloud.
Jeff Gilmer: Well, exactly, because some things can’t migrate to the cloud, so they’re going to stay in that hybrid environment, and they’re going to function in that environment, and while it sounds pretty complicated, if you have the processes that you have, the methodology, if you have the steps to go through this, and if you have the checkpoints along the way, it’s not as difficult as you may think. To give you an example, we just finished with a major retailer in the United States, going through their 90 applications, building a profile, a profile of the applications, of the operating systems, of the interdependencies to the database, and the utility servers, the web servers, and all the other functions, and then tying that back to the infrastructure, and we were able to complete that inventory and mapping identification of all those applications in probably a little bit over a three week period for them. So that now, they can understand all of the combined structure between their services, their applications, and their infrastructure, and really understand what can or could not be moved to the cloud.
Data Center Spotlight: Okay, and I would imagine that since we’ve discussed defining the infrastructure that supports the applications, I would imagine that takes us to the network level.
Jeff Gilmer: Obviously you can’t forget about the network, the network is critical, and you can have the greatest application, you can have it cloud-ready, you can have it in a cloud environment, but if you don’t have the bandwidth, or the application has issues within the network side of it, it’s not going to function properly. Now, I’ll give you an example that’s in the industry today. There are three very common medical records type of solutions within the healthcare industry today. And of those three solutions, one has already been written to the cloud, is offered as a cloud solution, a software as a service solution, it doesn’t have any network issues whatsoever. You can purchase it over cloud. Another one has two versions, either a cloud version or an on premise version, and they [[UNKNOWN]] within their different parameters.
However, if you want to change from on premise to cloud, or cloud to on premise, it’s a major undertaking because they are written completely different and function completely different from an infrastructure and support standpoint. Then you go to the third provider, the third provider is really an on premise solution today and when you even look at the disaster recovery, once you get beyond 100 kilometers with your bandwidth, or with your network and you have to go through a repeater or other device, there’s a huge latency issue that actually causes the application to time out and causes errors. So you’re talking 100 kilometers, 62 miles, that’s the maximum distance your redundancy data center or your cloud service provider can be from your physical location, and that’s 62 miles as the fiber goes, not 62 miles as the crow files, right? So if the fiber winds down this street, and turns and goes down another street, and curves and goes down another street, it might be half that distance, or it might be two thirds of that distance. So, you really need to make sure that that application is prepared and ready to function over that network before you go to migrate it. You could throw a ton of bandwidth at it, you make sure all the security’s in place and everything, but if that application can’t handle that distance parameter, and you have latency issues, no one in your company’s going to be using it, it’ll be seen as a very negative type of solution.
Data Center Spotlight: Okay, well it looks like we’re probably, we’ve covered a lot here, and I would imagine that one of the final steps here would be migrating to new and different services and business continuity and disaster recovery solutions. What should someone consider when they’re evaluating whether or not the DR and the redundancy methods established for that organization provides the proper level of recoverability to match the requirements of their business?
Jeff Gilmer: So, when you start speaking with the cloud providers, of course, most people are talking about production, so their conversation starts with their production, and migrating their production to that cloud provider, and what they forget to understand is, the ability to recover, because that cloud provider has their own infrastructure of how they’re going to operate. That infrastructure doesn’t necessarily play well with maybe your on premise infrastructure. It definitely, rarely, plays with another cloud provider, so picking two cloud providers is actually more of a risk than picking one cloud provider and using their secondary site. So really understanding the recoverability, disaster recovery, and the capabilities of that cloud provider is critical before you make a selection of that, and understanding what type of recoverability they can provide to you, from a recovery plan objective, a recovery time objective. What really are they able to do, and able to function? Those have to match if you go back to the compliancy of the services way back in step number 1, that provider needs to be able to recover in the same time period that you have committed to your clients, or in your insurance requirements, or are related to HIPAA or PCI or other factors.
So the point that I’m trying to make here, is when you go in and answer your question about disaster recovery, disaster recovery is not a single piece of the puzzle here. You need to look at this from an enterprise viewpoint. You need to understand production, you need to understand [[UNKNOWN]], and you need to understand the ability to recover, and you need to select a cloud provider who can match all of those requirements for your business, not just for production today, and oh, we’ll worry about the disaster recovery later, but you really need to understand all the components that go into the entire solution, so the production side, and the recoverability side, and you may want to include your test and development as well.
Once you have those, you can go to the cloud provider and you can provide them with what you’re going to need for your RPOs, your RTOs, your ability to recover, any distance issues that we talked about with the network side, and the infrastructure issues from that aspect, and we didn’t even really get into security, security can be a whole another factor that you need to look at, but all of these things are important before you go and look at getting a proposal, making sure you’re cloud compliant, and what type of potential cloud provider you can actually work with in your environment. That’s the key, I think, to some of the steps that we’ve talked about today. You’re going to be successful in the cloud, go through these steps, you’re going to greatly increase your odds of you selecting the right provider. You’re going to greatly increase the odds of the ability to function, put in place the ability to recover if there is an incidence, and you’re going to probably have a much happier customer and internal client base within your own organization when you select that proper cloud provider.
Data Center Spotlight: To review, from my perspective, what you’ve talked about, the six steps here are services that your organizations provides. The applications, isolating all the applications that support those services. The interdependencies component that you spoke about. The infrastructure on which all these applications are going to run on, which may be different kinds of infrastructure for different applications in a hybrid environment. We talked about the network, and then we talked about migration and disaster recovery. Does that complete the circle for our purposes today, Jeff?
Jeff Gilmer: Yeah, those are all the categories that you really need to fully understand related to the service that you’re providing when you go through and make a cloud decision.
Data Center Spotlight: Okay, well, good. Well, I appreciate your time today, Jeff, I know you have done, you and Excipio do an awful lot for different companies and organizations, governmental organizations as well. If someone wanted to talk to you about getting some advice on moving forward with a process in their own organization, what is the best way to get in touch with you?
Jeff Gilmer: Well we have a lot of this information on our website, along with case studies, and some of the other solutions that we provide, and we can get to the point, if you’d like to see clients’ examples of what we’ve done for other clients, and how that’s helped them with their decisions, but the easiest way would be to go to our website, www.excipio.net, and you can find a lot of information available for you on our website.
Data Center Spotlight: Okay, and they can find you, Jeff Gilmer, on the website as well, correct, your contact information?
Jeff Gilmer: That’s correct.
Data Center Spotlight: All right, terrific. Jeff, very informative, appreciate your time today, thank you for sharing that knowledge with us and I hope we have a chance to do it again soon.
Jeff Gilmer: Yeah, thank you, Kevin.