Cloud Computing

Best Practices
Bluepi Consulting Services

Contents
Business Drivers

Page No. 4

Business Continuity/Disaster Recovery

Short Term Extension

Seasonality

Application upgrades or resource constraints

Compliance and regulatory challenges

Dev/Test and UAT workloads

Move to Opex

Uncertainty and Change

Selection of Cloud Provider

Page No. 6

Flexibility

Interoperability & Portability

Degree of Automation

Service Dynamics

Costs

Price Model

Service Charges

Scope and Performance

10

Technology

10

Software

10

Performance

11

IT Security & Privacy

12

Datacenter Security

12

Network Security

12
13

Reliability and Trustworthiness

Contents
Migration Strategy

Page No. 14

Identify Business Drivers

15

Assessment

15

Roadmap

15

Migration
Optimisation

15
15

Operations

15

Business as Usual

15

Security aspects
of Cloud Computing

Page No. 16

Licensing Considerations
Contact us

Page No. 17
Page No. 18

Why Businesses
move to the cloud?
Different Enterprises have different
drivers for adopting the cloud. Some
see cost as the primary driver while
some others consider agility as the
prime criteria. We at BluePi have seen
customers adoption being driven by
one of these eight reasons.

Business
Drivers
1

Business Continuity/
Disaster Recovery

A classic reason that is driving the adoption of hosted

compute and storage resources is BCP & DR. The
idea of being able to run the mission critical applications even if the on-premise data centre is unavailable
is lucrative. In this scenario the cloud computing could
be either primary or secondary site eliminating the
dependance on the on-premise availability.

Short Term Extension

Occasionally enterprises need a short term augmentation to their existing data center. Given that procurement times are usually in months to add extra capacity , the cloud provides an on-demand opportunity to add scale.

Seasonality

Many organisations, especially in B2C industries like leisure, hospitality, entertainment and retail, run
regular one-off campaigns, special events, Managed cloud hosting help by allowing these companies to
scaleondemandandthenscaledownasdemandsubsides.Thiselasticity theabilitytocloudburst
isa huge driver for many businesses and will be significantly more cost-effective than buying hardware
that is only used for a short portion of any given year.

Application upgrades or resource constraints

Organisations often wait before upgrading to the latest versions of software which require expensive
changes to the existing hardware. Sometimes current hardware is reach its end of life and are reaching
their limits in terms of resource usage. This presents an opportunity to organisations to focus on managing the applications while outsourcing the current hardware reach, upgrade and maintenance challenges
to an MSP.

Compliance and regulatory challenges

Security and Privacy of data is a significant compliance, legal and regulatory issue for organisations.
Some organisations require HIPAA compliance for healthcare data and some UK based organisations
require ISO27001 complaint data centres. Cloud providers help by ensuring compliance to these regulatory requirements. For example AWS provides HIPAA compliance and provides CloudTrail for capturing
detailed access and audit logs.

Dev/Test and UAT workloads

Organisations looking to adopt the cloud with minimal risk move their development, test and UAT environments to the cloud. These environments are usually on demand and significant cost savings can be
accrued without any impact to ongoing business.

Move to Opex

One big financial benefit of adopting the cloud comes from the move to a predictable monthly recurring
model of IaaS costs as opposed to cape spikes. This also leads to removal of hardware ownership and
lets organisations focus on their core competencies.

Uncertainty and Change

Cloud provides an instant ability to provision new resources and this acts as a safeguard against the
uncertainty and unpredictability of the future growth of business.

In summary more often than

not it is a combination of the
above reasons that leads to
the adoption of cloud
computing. If you need help
to identify your business
drivers drop us a line at

info@bluepi.in
We run a free survey that
helps organisations define
their business drivers accurately.

Selection of
Cloud Provider
What are the considerations for
evaluating the cloud providers?
One of the primary challenges that organisations face while deciding to move
to the cloud concerns the choice of the cloud provider. What criteria should be
applied to shortlist vendors and how to discern the qualitative difference between these is a mammoth challenge. Below we provide a best practice criteria
for addressing the same.

Bottomline is that there is no one size fits all in selection of the cloud
provider. Knowing your cloud computing needs hold the key to the selection of
your cloud provider. First step is for you to identify whether a SaaS or IaaS model
works best for you.

For example if you are running exchange/outlook in your private data
center it is primarily a choice between using a SaaS email solution like Office
365, gmail or hosting your exchange on an IaaS provider. While Office 365 or
Gmail would provide you significant abstraction and automation thereby reducing your maintenance overhead, they also limit the control you exercise on the
environment.

We recommend each organisation develop their own provider selection
model based on their own priorities and criteria. However we summarise some
of the criteria under different headings to help you develop your own model.
Most of the section is structured in order to help you identify and frame the important questions.

Flexibility
Interoperability & Portability
Interoperability and portability may be a significant criteria for
organisations to ensure that there is no single vendor lock-in.

Data Portability
A key criteria for selection is to ensure that the
data at rest hosted within the cloud is portable
and can be moved on-premise or to another
provider at a moment notice. Data could be in
form of object storage like files, backups and
archive or in the form of block storage like hard
disks. Even data stored in the form of audit/access logs and message queue temporary data
should be considered.

Standardisation
A cloud provider may choose to implement an
API or functionality that is completely proprietary in nature. Sometimes this becomes necessary due to the lack of an existing standard
in the area. Often times these API or functionality can evolve to be the de facto standard -for
example the AWS Simple Storage Service (S3)
API has evolved to be a standard and other
providers have now developed S3 interopera-

ble APIs. Another example is CloudFoundry that is

an open source de-facto standard in the area of the
PaaS.
Bottomline is though standardisation is important,
other criteria like feature richness and capability
should also be considered during the selection.

Virtual machine instantiation

and portability
One of the most basic resources which CloudComputing delivers is the Virtual Machine, which is a
physical metaphor type of resource. VM Mobility is
that feature in a particular hypervisor which allows a
running system to be moved from oneVM to another VM. As far as the running system is concerned
it does not need to be reconfigured, all of the elements such as MAC and IP address and DNS name
stay the same; any of the ways storage may be referenced stay the same. Whatever needs to happen
to make this work is not the concern of the running
system. VM mobility has been implemented with
several hypervisors but there are limitations

Degree of Automation
Sometimes the primary reason of moving to the cloud is to benefit from automation. This therefore becomes a critical criteria and
needs a great deal of study.

Changes/Updates
Do changes to the VM require downtime?
Can we update the resources on the database
without causing a downtime?

Scalability
Some providers allow the automated scale-out
, scale-in of the application environment driven
either by schedule or performance metrics.
This could lead to not only automated commis-

sioning of resources to address unexpected peak

load scenarios but also lead to significant cost savings due to the optimisation of resource utilisation.

Systems Management
Can backups/restoration & upgrades be automated
for the database resources? Are security patches
automatically applied on the OS ?
Providers do provide varying degree of automation
in these areas. More automation of course means
lesser involvement and greater peace of mind.

Service Dynamics
The services provided need to be evaluated to get an
understanding of what the organisation is signing up for.

Provisioning time

Contract Length

It is important to be able to provision a

VM very quickly when needed. This metric
becomes critical especially during a metric
autoscale scenario.

It is is critical to determine whether there is

a time bound tie-in or it is truly pay as you
go. Also some providers have discounts for
longer service periods.

Costs
In depth analysis of the costs associated with the cloud adoption
needs to be carried out. The sad truth is that there is no easy way
to do an apple to apple comparison of the costs between different
providers. The problem is aggravated due to a variety of pricing
option, SLAs and transparency.

Price Class

Price Resilience

Some cloud providers aim at the higher end of the

pricing spectrum but provide a very high degree
of automation, services & resilience. The balance
between cost and resiliency varies from organisation to organisation and application to application
within an organisation.

How frequently have the prices changed historically? Are they resilient ups and downs in
the marketplace. For example Amazon AWS
has continuously slashed prices on an ongoing basis and passed on the benefits of scale
to the consumers.

Price Options

Price Transparency

Does the provider allow you to make choices

based on your needs so that you can customise
your environment and therefore your costs. For
example Amazon provides two classes of storage
services in S3 - Standard(99.999999 availability)
vs Reduced redundancy storage (99.99 availability) with different costs.

Are there hidden costs or the pricing transparency and clearly documented? What about
local tax implications? These are some of the
considerations to determine the providers
business ethics.

Service Charges
All providers charge for services that are automated while
using their environments.

Granularity

Type

Granularity determines the blocks at which the

services are priced. For example S3 storage
services is priced at the same rate for the first TB
and then for the next 50 TB. These blocks mean
that it favours organisations with peta-bytes of
storage.

What are the different types of service charges

applied to a service? For example apart from
storage cost AWS charges $.005 per 1000
update requests and $.004 per 10,000 get
requests.

As seen, calculating the costs may not be an easy exercise given the granularity and type of charges
being applied by the provider.

Scope and Performance

It is critical to evaluate the scope of services and capabilities provided. Given that the migration to a different provider is a costly affair it is critical that the due diligence exercise takes
into account the variety of services that are available. In this area AWS leads the market by
adding new capabilities on a regular basis. There PaaS offerings like Beanstalk while at the
same time deployment automation frameworks like Opsworks and cloudformation.

Technology
Load balancers

Virtualisation

How easy is to provision load balancers to the environment? What kind of configuration options do
these load balancers provide? is it possible to use
instance load metrics to define the routing algorithms? Is it possible to provision an on-premise
load balancer (F5 for example) to the provider.

What kind of virtualisation technology is provided

by the provider? Can you extend your current data
centre assets by leveraging a product like vmware
cloud director. Can you choose the hypervisor. For
some organisations these may be critical decision
making points.

Multi-Tenancy

Network Access

Is it possible to create a segregated network and

VPN within the cloud environment? Some organisation provide their services as SaaS offerings to
end clients. It may be a requirement to provide
data segregation for this to succeed given the
compliance and regulatory requirements.

Is RDP or SSH access to the VM environments

allowed? How secure are these? Do the VMs get
patched for security vulnerabilities on an ongoing
basis? Can network access be allowed from specific ip address ranges and on specific ports?

Software
Instance Type

Add-On Services

What are the sizing options available for the instances? What operating systems are supported?
Are there instances available that provide specific
resource optimisations - like CPU, memory or disk
or GPU?

Are there automated lifecycle policies available to

migrate data from one type of storage to another? Are there automated template deployments for
common use cases like LAMP stack, J2EE web
stack or .Net based IIS web applications? Are there
automated audit logs and performance metrics that
can be turned on an as needed basis?

Storage Services
Are there limits to the storage capacity? Are they
available on-demand and via an API? Are tiered
storage options available? Are server and client
side encryption available on the storage tier for
security and privacy available? Is service side latency insignificant compared to internet latency?

Performance
Computing Time

Connection Bandwidth

Is it possible to procure guaranteed computing time? This becomes critical in case of

running a High Performance Compute Cluster
(HPCC).

Are there SLAs available for connection bandwidth between the different tiers? Does the
bandwidth become an issue during peak
load scenarios? Very few providers give clear
answers in this regard.

IT Security & Privacy

Datacenter Security
Hardware Security

Software Security

Security and trust from a hardware perspective is a

complex subject and requires consideration from
a compliance perspective. More often than not
the physical aspect of data security is well taken
care of by almost all the known cloud providers.

One interesting insight comes from the fact
that most violations in the field of healthcare in the
US appear to be physical in nature and mostly due
to negligence. Some cloud providers allow the installation of a hardware security module. An HSM
may be required due to corporate, contractual and
regulatory compliance requirements.

Software security more often than not needs to be

provided by the organisation itself. Patching of OS,
application servers, unmanaged databases as
well as any application that the organisation runs
is the responsibility of the organisation.

This is called the shared security model.

Network Security
Connection Security
Depending on the criticality of the data on the
cloud it may be necessary to secure the connections between the data centre and the cloud. For
example AWS provides DirectConnect while rackspace provides rackconnect to establish a secure
dedicated private connection between the cloud
and the on-premise data center.

Firewalls play a critical role in the security of
the networks provided in the cloud. How easy it is

to setup a network configuration could be something of vital importance to the data centre operations.
It is important to ask questions like how quickly
could a specific IP range be banned in case of
DOS attack.

Reliability and Trustworthiness

The Cloud Service Provider should have certain safety nets in place
to ensure services whice are consistently available. These include

redundancy of power

redundancy of Internet connection

cooling systems

fire suppression systems
servers
storage

security systems

Migration Strategy
When and how do you migrate
to the cloud?
Migrating to the cloud is a long term strategic investment. We
at BluePI believe the steps below highlighting the staged
approach towards enterprise cloud migrations.

1
Business
Drivers
Define key
business drivers
and measurable
benefits for the
cloud migration.
55% cite business agility
and scalability
as the biggest
drivers
Close behind
is the cost with
48% citing it as
driver

What are your

drivers?

2
Assessment
Assess your
applications/
infrastructures
cloud readiness
Assessment
should not only
evaluate IT but
must encompass process,
people & governance
Bluepi has a
proprietary
framework to
evaluate your
cloud readiness
Are your
apps/IT ready
for the cloud?

Roadmap

Migration

Optimization

Operations

BAU

Identify and
priortise the
appropriate
systems

Make the move,

transistion all or
parts of data,
applications
and services

Scale, improve,
RTO/RPO and
lower costs

Standardise operational tasks,

leverage cloud
services

Define key
business drivers
and measurable
benefits for the
cloud migration.

Identification is
a cost benefit analysis
between speed
of migration,
cost, criticality &
business value

The following
types of applications are seen
to be moving to
the cloud :

Collaboration
Application
Are your ready Web Applicato priortise
tions
services to be Data Backup
migrated
Business Applito cloud?
cations
Have you
started the
process of
migrating your
apps to the
cloud?

Now that
your apps are
already in the
cloud, its time
to focus on
operational
efficiency, recovery, objectives and cost
opimizations.
We have helped
clients reduce
costs by 50%
while experiencing higher performance and
lower response
time.
Do you know
how to scale
your business
and reduce
your costs?

Take enterprise
cloud computing to the top by
managing your
business critical
services.
Intergrate current processes
and systems
with those on
the cloud to
create a seamless experience
Do you know
how to scale
your business
and reduce
your costs?

55% cite business agility

and scalability
as the biggest
drivers
Close behind
is the cost with
48% citing it as
driver
Are you up to
speed on the
evolutin of the
cloud?

Identify Business Drivers

Optimisation

Before embarking on a cloud initiative it is imperative for an organisation to identify and define
the key business drivers. Unless the key success
criteria is clearly articulated and documented, the
initiative cannot be measured and is doomed for
failure.
Often this stage requires involving all the stakeholders (business and technical) to discuss and
agree on their definition of key success criteria.
Please read the section on Business drivers for
further details.

Once the applications are migrated it is time to

optimise the deployment by focusing on the
RTO/RPO and by lowering costs by using tiered
storage and scale-in, scale-out techniques. At
this stage the real benefits of the migration begin
to manifest. This is also a good time evaluate the
migration against the success criteria established
in step 1.

Assessment
Once you know what your objectives of migration
are the next step is to identify assess the state of
the state of the IT assets. The big question that
needs answering here is whether your infrastructure and applications are cloud ready.
The evaluation should include processes, people
and governance. Questions like skilled manpower
requirements for operating a cloud environment
should be carried out in this stage.

Roadmap
Based on the outcome of the assessment in the
previous step a roadmap should be drawn. The
roadmap should take into account the appetite for
risks as well the business criticality of application
being migrated. A cost-benefit analysis of each
application landscapes migration to cloud should
be carried out. It is also essential to consider the
possibility of consolidation of applications and
retiring some of them if possible.

Migration
Once the roadmap is defined the actual process
of migration begins. Most organisations prefer to
move application low in criticality but with large
footprints. Some organisations move DR environments first before moving the entire production
landscape. Others choose to move
Dev/Test/UAT before anything else.

Operations
Once the roadmap is defined the actual process
of migration begins. Most organisations prefer to
move application low in criticality but with large
footprints. Some organisations move DR environments first before moving the entire production
landscape. Others choose to move
Dev/Test/UAT before anything else.
Once the environments are optimised it is imperative to leverage cloud services to automate operations. This is where the benefits of automated
backup, restore, versioning and lifecycle rules can
be leveraged.

Business as Usual
Its never BAU in an enterprise. However at this
level the stage is set where cloud becomes the
first choice for deployment for any new IT initiative
and a body o knowledge and best practices have
already emerged within the organisation to take
care of routine activities.

Security aspects
of Cloud
Computing
How do you keep your
data/apps safe ?
This area in itself is a significant area of contention and varies from business to business. To ensure that this guide provides best practices for a
large cross-section of industries, this is phrased in terms of action items
that must be carried out .

Review vendors business continuity and disaster recovery plan

Create a Backup plan for data at rest

Evaluate the need to maintain redundancy with the same or a

different vendor

Ensure scheduled outages acceptable both in terms of duration

and time of the day

Evaluate the SLA guarantees adequate system availability

Ensure ability to increase computing resources on-demand

Ensure legislative obligations can be met to protect and manage
data

Sanitisation policy of storage media after EOL

Evaluate if secure monitoring is available

Is Disk encryption available if required

The vendor has a secure gateway environment

Is there gateway certification available

Availability of Multi-factor authentication

Determine the availability of private subnets

Licensing
Considerations
How does licensing work
on the cloud?
Licensing is sometimes is called the achilles heel of Cloud computing.
This is primarily because the old models of software licensing are wholly
incompatible with the on demand nature of cloud workloads.
Enterprise software is in a category unto itself when it comes to licensing. It isnt like drive-by downloads: pay $39.95 through PayPal or a credit card and its yours, deploy at will. Enterprise software licensing is a
complex system of variables and equations that has remained largely
inscrutable.
Even in the simplest CPU based licensing model cloud computing introduces variables that can be prediction of costs very difficult. As it is on
the cloud the number of CPUs that would be run is variable - that is the
definition of the term elastic.
Each cloud provider enters into strategic partnerships with the enterprise
solution providers to bring some level of transparency. However it remains a legal and procurement nightmare to ensure license compliance.
If you have questions around licensing feel free to reach out to us at
info@bluepi.in and we would share our collective experience on the subject matter with you.
We leave you with four documented links on how enterprise product
licensing works on Amazon AWS for different vendors to underline the
complexity of the affairs.

IBM on AWS
Microsoft License Mobility
Licensing Oracle Software in cloud computing environment
http://aws.amazon.com/sap/

Thank You
Bluepi Conculting Services
Phone: +91-9899787871
E-mail: inquiry@bluepi.in

Gurgaon Address:
455, 4th Floor, JMD
Megapolis, Sohna Road,
Sector 48, Gurgaon,
Haryana,
122018
India.

Bangalore Address:
Sierra Cartel Business Center,
Second floor, No.91
17th Cross, 14th main, 4th
sector, HSR layout,
Bangalore 560102
India.