Moving to IaaS: Big Changes Required
There are some huge opportunities for improvements in moving enterprise services to the infrastructure-as-a-service (IaaS) cloud, but there are some equally daunting challenges -- both technical and operational.
Demand for public cloud infrastructure, or IaaS, is expected to grow 36.8% in 2018, according to Gartner. IaaS refers to the basic computing, networking, and storage services supplied by the big three providers: Amazon, Microsoft, and Google. The cloud allows your infrastructure to scale dynamically but requires a fundamentally different approach than premises-based infrastructure. You cannot do everything the same as you did in a private data center.
Comparing IaaS and a private data center is fairly difficult in itself. There are more differences than there are similarities. The similarities essentially end after you refer to them both as virtual environments. An argument could be made that this is not even similar, as most private data centers only virtualize the compute and storage, whereas the major IaaS providers virtualize nearly everything, including services, network, and the data center itself.
These differences require your IT operations team to have a very different approach and skill sets, but at the same time, IaaS opens the door for some significant improvements to operational efficiencies and costs.
To improve operations, agility, and scalability, there are three most important differences that enterprises can take advantage of:
- Infrastructure as Code
- Software-Defined Networking
- Multitenant Services
These differences will require IT operations teams to step back and develop a well-thought-out design and approach.
Infrastructure as code (IaC) is the process of managing and provisioning systems using either scripts or declarative definitions, rather than manual interactive processes. The big three IaaS vendors provide a Web interface to facilitate the development of the scripts, but it’s the scripts that set up and configure the systems. Tightly coupled and usually fully integrated is the concept of software-defined networking (SDN). SDN is an approach to managing and provisioning network configuration and data flows, replacing traditional network functionality. The big three IaaS providers have developed their own SDN implementations that function differently but offer some significantly new functionality. The SDN implementations are a complete recreation of the network stack that allows for new forms of expanded redundancy with discreet segmentation of networks in a multitenant environment.
Zeroing in on Opportunities
At first glance, moving to IaaS may not sound like a significant advantage to an organization. However, the move presents a significant opportunity for operational improvements. Most importantly, it will allow IT operations staff to deploy systems in a very repeatable way. A simple example: For a system that requires more than one Web server to handle the organization’s capacity requirements, multiple identical Web servers can be deployed by simply re-running the same script.
IT operations can take this a step further and incorporate automation with these scripts to programmatically grow or shrink the enterprise infrastructure on demand. A further step down this road would allow IT operations to prepare a series of scripts that could deploy all of the systems required to run the company. An added benefit is that the big three IaaS providers allow you to extend this concept across multiple physical data centers for geo-redundancy. This should improve disaster recovery (DR) and simplify many IT aspects of business continuity plans (BCP).
Multitenant services is perhaps the biggest difference, with the most potential for operational efficiencies. As the big three IaaS providers have matured their services, they have developed a wide range of multitenant services that can be incorporated into enterprise operations. These services are clustered, highly available, fully segregated between tenants, and can provide significant savings to IT operations.
These multitenant subscription-based services vary between providers but often include basic services like DNS, systems logging, and monitoring. Some offer expanded functionality like robust authentication, communications, database, IoT, and artificial intelligence (AI) systems (to name a few). The basic services will simplify data center deployment, and the expanded services can be exploited for improved operations throughout the organization.
These multitenant services are made possible by the new SDN and IaC technologies that allow them to be segmented and isolated between tenants. Enterprises can take advantage of operational efficiency gains from these services, as they can be dynamically deployed and scaled, and have low operations overhead, as new features, patching, and upgrades are included in the services.
However, IaaS is not without its challenges. As already mentioned, the IT operations team will need to embark on some significant professional development, but there are some technical challenges too.
The most significant challenges will likely be:
1. Provisioning of Network Capacity: The major cloud providers can provide good network performance up to about 1Gbps per individual data path. This is in stark contrast to the 100+Gbps data paths private data centers have available through hardware-based networking. The solution is to use the parallel connection stream capabilities of SDN. This requires the scalable use of parallel load balancers, firewalls, and server instances to deploy networks in a parallel fashion.
2. Application Compatibility: The fundamental change in design to use parallelized network systems for capacity will also require changes at the application level. Applications can no longer rely on session state to maintain the unique experience for an end user. Applications must store state independently from network sessions, which may require fundamental changes to applications and databases. This change could enable geo-redundancy of application services.
3. Security: A common myth with respect the IaaS public cloud is that security is taken care of by the cloud provider. The major cloud providers do provide tools for security, but the tools are relatively simplistic in comparison to the next-generation security tools being deployed in many private data centers, particularly with respect to perimeter security (firewalls). Many of the next-generation firewall providers have developed firewall virtual appliances that can be incorporated into the public cloud provider’s infrastructure to improve perimeter security. Keep in mind that these systems also need to be parallelized with multiple instances. The security upside is that most of the cloud IaaS providers have other security tool sets, such as security logging and monitoring capabilities, included or available in the platform. There are also new security providers that are designing fresh approaches to security that take advantage of the parallelized nature of the cloud data centers. Many of these are early stages but should be watched as they mature, as they may offer some significant opportunities.
The IT industry is seeing a fundamental shift to the public cloud providers to enable agility and scalability. Don’t get caught up in the industry hype. Step back and develop a well-thought-out approach to the migration and make sure your management and operations teams understand the potential opportunities and challenges.