The key to a successful Cloud Computing deployment is to choose the right provider for the right application. For example, if you are handling credit card transactions, computing performance is much less of a concern than security and compliance. Cloud Builder is Compare the Cloud’s resource for helping you to decide what is important for you in the context of what your Cloud Service Provider (CSP) can deliver.
1. Pricing Model
Cloud computing can be purchased on a reserved or unreserved basis with billing based on hourly, daily or monthly contracts. Different charges apply with different suppliers – for example, latency and/or traffic might affect prices.
This means it is essential to look beyond the headline costs and play close attention to the detail of each pricing model and any variable costs within that. It is also important to understand whether the service requires ‘reserved instances’ where you will need to pay a fee in order to secure the capacity you desire. If these charges can apply and you chose not to pay them, this can impact the performance you receive. In such a circumstance – if it matters – then you will need to factor in the higher cost.
How is your CSP’s cloud built and managed? It is important to ask any potential CSP to explain the underlying technologies deployed, the network infrastructure serving the data centre, their change control policies, security policies and practices, geo-resilience, disaster recovery plans, the physical location where your data resides and how that is managed, what management tools are available to you and, more likely than not, their green credentials.
The transparency of your CSP will have implications for risk, contingency and future planning (including portability and interoperability) so obfuscation in the early stages of negotiation is a warning sign. Don’t be afraid to dig beyond the marketing hyperbole.
3. Service and Service Level Agreements (SLAs)
Moving your computing to the cloud does not mean that you should lower your expectations in terms of the quality of service you receive.
Sure, more price-competitive cloud computing service providers may strip back the service element to a bare minimum but if this doesn’t suit your business requirements you may need to consider paying a bit more to secure the cloud computing service that best delivers the service level you require.
You SLA must match or exceed the expected level of service were you to operate these services internally. In addition, the demarcations between your business and the CSP for the responsibility for service provision, security and management must be firmly – contractually – established.
Post-Snowden, the location where your data resides is an important piece of the puzzle. Geography also matters in terms of connectivity – do you choose a CSP in your region? How does the data centre sit within the wider Internet Infrastructure? And what can the CSP guarantee in terms of geo-resilience and geo-redundancy?
Cloud computing technology allows for a lot of resilience and redundancy since virtual servers are separated from the underlying physical hardware. But what if physical failure wasn’t confined to a single component or group of components within the provider’s cloud? What if the whole data centre facility was affected? Perhaps by power outages, human error, terrorism or a natural disaster? Some CSPs will build in a geo-resilient component to their service offerings in order to offer the benefits of a dual data centre strategy. This is most commonly a secondary back up service that is turned on in the event of the primary site going down, but could also include a load-balancing agreement.
It is important to understand how your CSP has built their cloud offering so you can understand the risk and then jointly – or independently – implement a strategy for disaster recovery.
5. Lock in
If the vision of cloud computing as a magical realm of endless computing power, of limitless potential in a place where the customer is king, is to be realised then the customer must be able to port from one CSP to another with relative ease – or even be able to deploy seamlessly across more than one cloud.
Consequently, it is important to understand the degree of portability and interoperability of your cloud computing service. Lock in is greatest if you are using a proprietary SaaS software which is delivered exclusively by its developer, and some CSPs will lock you into using their cloud service by insisting you use their proprietary software to establish your cloud computing environment. Others may allow you to export profiles and VMs at will. Lock in may also arise in the guise of a lengthy minimum term on your contract.
Some commentators suggest that it is best practice to plan to move at the end of your contract term in order to ensure that you are aren’t susceptible to price hikes and service changes. Whether you follow this advice or not, it is important to compare vendors in order to select the service most appropriate to your requirements.
6. Deployment Model
A cloud can be deployed as ‘public’ (multi-tenant), ‘private’ (single tenant) or a combination of the two (‘hybrid cloud’). The debate about the merits of each cloud deployment model tends to focus on security – itself a heavily debated topic in cloud computing. However, there is no reason why a public cloud is necessarily less secure – or less customisable – than a private cloud; it depends on how the cloud is built, how it is secured and what purpose it is serving.
The key is to ensure that the cloud deployment at a minimum matches – or, ideally, exceeds – the expected service levels and security that you would have if operating these services internally.