47. IT Services Deployment Model
• Self service model – “immediate” satisfaction
• Guaranteed service attributes (SLA)
• Scalability
• Billing for actual services/resources consumed
• Supported by high levels of automation
• Based on a highly virtualized infrastructure
47
48. Iaas Benefits
• Benefits for consumers
– Dramatic improvements in “time to market”
– Automating backend billing brings a new cost
conscious awareness
– Ability to use OpEx for short term needs
• Benefits for IT
– Recognition of IT as a competitive service supplier
– Now you can say “yes” and here’s what it would cost
– High levels of automation provide savings
– Consolidation provides savings
– Turn on/off OpEx provides savings
48
49. The Journey to the Cloud
• Transition
– So how do you transition an IT operation from 7x24 crisis
with a backlog of incidents and service requests a mile
long to this smoothly functioning Cloud machine
• Foundation
– The foundational answer has been around for some years
– It is called the service provider model (SPM, ref. ITIL)
• Rationale
– Instead of managing 5000 servers running 5000 apps, the
server provider model transitions the management effort
to some 5+/- tiers of service with service level guaranteed
– Managing 5 entities is doable, but it’s difficult to manage
5000 entities
49
50. What is the Service Provider Model
• Service Level Agreements
– A service focus separates the “what” from the “how” of service delivery
– A service level agreement between IT and users of technology providers a
pragmatic basis for alignment of IT capabilities with business objectives
• Standard service offerings
– Standard services and technical architecture
– A stratification of service offerings allows different service level requirements
to be satisfied at appropriate cost levels
• Mature policy and procedure
– Management practices are the processes, policies, and organizational model
used to deliver services
– As process mature, they become repeatable, documented, measured and
finally have continuous review for improvement
• Cost model and key performance metrics
– External and internal metrics define the progress of the service model
– A complete cost models is critical to understanding the true cost of service
delivery
50
51. IT Maturity Model
Understanding and Training and Process and Practice Techniques and Compliance Expertise
Awareness Communication Automation
1 Recognition Sporadic Ad hoc approach to
communication on process and practice
issues
2 Awareness Communication on the Similar but intuitive Common tools are Inconsistent
overall issue and needs process emerges appearing monitoring on isolated
issues
3 Understanding of Informal training Practices are defined, Tool set is standardized; Inconsistent Involvement of IT
need to act supports individual standardized and currently available monitoring; specialists in
initiatives documented; sharing of practices are used and measurement business processes
better practices begins enforced emerges; balanced
score card adopted;
root cause analysis is
intuitive
4 Understand full Formal training Process ownership and Mature techniques are Balanced scorecard Involvement of all
requirements supports a managed responsibilities are set; used; standard tools are are used in some areas; internal domain
program process is sound and enforced; limited tactical root cause analysis is experts
complete; internal best use of technology standardized
practices are applied
5 Advanced. Forward- Training and Best external practices Sophisticated techniques Balanced scorecard is Use of external
looking communications are applied are deployed; extensive globally applied; root experts and industry
understanding support external best optimized use of cause analysis is leaders for guidance
practices and use technology always applied
leading edge concepts
51
52. 7 step plan to build IaaS
• 1 build a service catalog
• 2 create a service level agreement
• 3 Build key performance indicator capabilities
• 4 inventory infrastructure components
• 5 Implement billing per consumable resource
• 6 rationalize the infrastructure
• 7 automate provisioning and de-provioning
52
53. Step 1 –Create a Service Catalog
• Key points
– 3 to 5 service tiers based on consumer facing
attributes
– Tier differentiation will be based on performance
and recoverability attributes
– Cost differentials will be driven by configured
consumable to meet service attributes
53
54. Key takeaways – Create a Service Catalog
• Key Takeaways
– Performance, scalability and protection attributes
are what consumers care about
– Only IT cares about technology specifications and
configuration
– Typically tier cost differentials approximate 50%
– “Right tiering” drives additional savings
54
55. Step 2 – Build a Service Level Agreement
• Key points
– SLA guarantees service attribute delivery
– A written guarantee changes the whole
IT/consumer dynamic
– The service level agreement should include
• The information on both parties
• Each party’s responsibilities
• Mutual responsibilities
• Escalation and remediation clauses
55
56. Step 3 – Build KPI Capabilities
• Key points
– What is happening right now
– Who is using what
– What is available
– Consumption patterns, trends and forecasts
– Alerts and escalations
• Key Takeaways
– If you don’t know what’s happening you will
always be surprised
• Monitor and alert IT’s service delivery capability
• Monitor and alert the supply/demand situation
56
57. Step 3 – Build KPI Capabilities (2)
• Key points
– Metrics separate Fact from opinion
• What is server demand for storage?
– Interfaces/APIs are needed
• Performance of specific hardware or software components
• Resource allocation, availability, consumption and resource
release
• Resource performance to SLA attributes
• Key takeaways
– Metrics justify your recommendations
– Trended metrics are the first step to continuous
improvement
57
58. Step 4 – Inventory your Infrastructure
• Key points
– Mission critical to know exactly
• What is on the floor
• What is running on it
• What its connected to
• What its dependent on
• Key takeaways
– Change and release management is key to a stable
environment
– Without CMDB, changes will only generate more
incidents and outage
58
59. Step 5 – Implement Back End Billing
• Key Points
– Visibility is more important than charge back
– Cost model provides cost of the deployable unit
– Cost model includes
• Hardware and software costs
• Software licensing
• Hardware and software maintenance
• Facility, power and cooling
• Administration
• Key takeaways
– Basis for cost justification and ROI
– Speak with CFO in the same language
– Visibility to cost impacts resource usage
59
60. Step 6 – Rationalize the Infrastructure
(virtualization)
• Key points
– Not all resources can be automatically provisioned
– Big box unix will require some IT manual effort
– The obvious target today is the virtualized x86
platform
– Storage has been virtualized since the early NAS
• Key takeaways
– Virtualization is key to automated provisioning
– Automated provisioning needs automated de-
provisioning
60
61. Step 7 – Automate Provisioning
• Key points
– Consumers want rapid self-provisioning (time to
market)
• Provisioning is the most important step from the end
consumer viewpoint
• It should be like buying something on the web from a
catalog
• Key provisioning functions allow consumers to
– Search the catalog
– Selection the service
– Receive and accept a price
– Have immediately availability to the resource
– Track usage vs. allocation
61
62. Step 7 – Automate Provisioning
• Key takeaways
– Make a list of provisioning features and functions
– Identify the platforms and APIs your allocations
will need
– Use this list of requirements to compare vendors
– Mature organization may consider self-
development using APIs to native functionality
• Note
– A number of hardware vendors are developing
released front end web based platforms that
provide the end consumer with IT provisioning
62
63. Summary
• Hard parts
– Front end provisioning, backend invoicing, and
virtualization of your x86 platform
• Easy parts
– Building the disciplines and the services to provide a
priced service catalog, service level agreements, key
performance indicators, and mature processes
• Outcomes
– Move from managing 5000 entities to managing 5
tiers of service
– A disciplined framework where you know what you’ve
got and metrics to manage it
63
64. Conclusion
• Internal IaaS is doable
• Much of the work is IT best practice
• Rationalization is the most challenging
• Auto provisioning is least mature
• Next steps
– Build the SPM
– Classify your applications
– Plan the migration
– execute
64
73. Business Model Evolving:
Freemium Model
Offering one level of software for free, and
then charging a premium for additional features
“if you adopt a freemium business model,
your marketing cost is the free users"
COGS=75%=
$400B revenue
73
74. The Journey to Profitability
• IaaS business is like a car racing game
EPS indifference
on a distorted field. Two factors Cash flow Breakeven line
Revenue breakeven
determine the winner:
– Track Track 4
Survival Zone
– Speed
Death Zone
Profit Zone
• Track is determined by :
Track 3
– IaaS size and design - the larger,
the more distorted (higher track).
• Speed is determined by : Track 2
– Contribution margin – the higher, IaaS Size
the faster
– Recurring revenue base Track 1
74
75. The Journey to Profitability
• Two factors determine the journey to
profitability in IaaS business:
$
– Fixed cost Sales
– Contribution margin (CM)
Breakeven Point
• Fixed cost depends on: Cost @CM=50%
– IaaS size and design (Rent, Utility
and Circuit)
Fixed Cost Cost @CM=80%
– Operation efficiency (SG&A)
• Contribution margin depends on:
Fixed Cost
Circuit
– Service mix Utility
– Technological independency SG&A
– Vendor bargaining power Rent Survival or not is pretty
much determined at the
D&A very beginning
75
76. The Journey to Profitability
Sales ($) EPS ($)
CM=50% CM=80% CM=80%
EPS is correlated to
Long term profitability is sales on the journey
largely determined by CM of profitability
CM=50%
Fixed Cost
Gross Profit
50% 80% Sales
Fixed Cost
Gross Margin (%)
76
77. The Journey to Profitability
• The IaaS business is a recurring
revenue business model: 2t
– The previous year’s efforts count t
– Sales growth speed outpaces the Sales base from existing
sales efforts $
recurring customers
• Previous year’s efforts count:
– Do not need to start from scratch Sales
every year Sales growth
outpaces sales efforts
– Less vulnerable and volatile
• Sales growth outpaces sales efforts:
– Explosive growth at upward
economic environment Recurring
– Stable growth at downward
economic environment Time
t 2t 3t
77
78. Does Size Matter ?
Linear growth of COGS
Cost
Cost
Space Utility – A/C
Cost
Cost
UPS/Power-Gen Utility – Power
78
79. Business & Finance Review
• Subscription-based; reduce maintenance cost;
increased reliability
– COGS remained and converted to other liabilities. It
has to be paid one way or another.
– 97% Google’s revenue is from advertisement.
– Majority of cloud services are financed by equity
market, not by product market
• Portability
– It’s decided by business competition/cooperation, not
by technology
• Efficient use of computing resources
– Market prices are largely determined by competition,
not by efficient use of resources
79
82. Causes of Problems Associated
with Cloud Computing
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
– Multi-tenancy
• These problems exist mainly in 3rd party
management models
– Self-managed clouds still have security issues, but
not related to above
82
83. Loss of Control in the Cloud
• Consumer’s loss of control
– Data, applications, resources are located with provider
– User identity management is handled by the cloud
– User access control rules, security policies and
enforcement are managed by the cloud provider
– Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
83
84. Lack of Trust in the Cloud
• Trusting a third party requires taking risks
• Defining trust and risk
– Opposite sides of the same coin (J. Camp)
– People only trust when it pays (Economist’s view)
– Need for trust arises only in risky situations
• Defunct third party management schemes
– Hard to balance trust and risk
– e.g. Key Escrow (Clipper chip) NSA 1993-1996
– Is the cloud headed toward the same path?
source: therepublic.com
84
85. Multi-tenancy Issues in the Cloud
• Conflict between tenants’ opposing goals
– Tenants share a pool of resources and have opposing goals
• How does multi-tenancy deal with conflict of
interest?
– Can tenants get along together and ‘play nicely’ ?
– If they can’t, can we isolate them?
• How to provide separation between tenants?
• Cloud Computing brings new threats
– Multiple independent users share the same physical infrastructure
– Thus an attacker can legitimately be in the same physical machine as
the target
85
86. Taxonomy of Fear
• Confidentiality
– Fear of loss of control over data
• Will the sensitive data stored on a cloud remain
confidential?
• Will cloud compromises leak confidential client data
– Will the cloud provider itself be honest and won’t
peek into the data?
• Integrity
– How do I know that the cloud provider is doing
the computations correctly?
– How do I ensure that the cloud provider really
stored my data without tampering with it?
86
87. Taxonomy of Fear (cont.)
• Availability
– Will critical systems go down at the client, if the provider is
attacked in a Denial of Service attack?
– What happens if cloud provider goes out of business?
– Would cloud scale well-enough?
– Often-voiced concern
• Although cloud providers argue their downtime
compares well with cloud user’s own data centers
87
88. Taxonomy of Fear (cont.)
• Privacy issues raised via massive data mining
– Cloud now stores data from a lot of clients, and
can run data mining algorithms to get large
amounts of information on clients
• Increased attack surface
– Entity outside the organization now stores and
computes data, and so
– Attackers can now target the communication link
between cloud provider and client
– Cloud provider employees can be phished
88
89. Taxonomy of Fear (cont.)
• Auditability and forensics (out of control of data)
– Difficult to audit data held outside organization in a cloud
– Forensics also made difficult since now clients don’t
maintain data locally
• Legal and trust issues
– Who is responsible for complying with regulations?
• e.g., SOX, HIPAA, GLBA ?
– If cloud provider subcontracts to third party clouds
(web2.0, 3.0, ..), will the data still be secure?
89
90. Challenges for the attacker
• How to find out where the target is located?
• How to be co-located with the target in the
same (physical) machine?
• How to gather information about the target?
90
91. Critical Issues from governments
Jurisdiction for cloud services
Business monopoly (e.g. Google, F/B)
Cloud data privacy and security
Protocol development and standardization
Utility model stimulate innovation or impede
creativity
Green environment requirement
By IGF (Internet Governance Forum) 2011 KL
91
93. Policy Rationale
Cloud Computing bring the Opportunity of Industrial Transition
Information industry
Semiconductor industry rebuild
Software industry
Equipment and devices
(TSMC, UMC)
Cloud Device
impact
Service
Cloud Computing
Produce
Produce
vs.
IC design without factory
Software Service
IC Design Without data center
impact
Tier 1 industry
Source: “Above the Clouds: A Berkeley View of Cloud Computing” Feb. 4, 2009 & Revision
93
94. Policy Strategy
Full Scale / 4C Integrated ECO Sytem
G-Cloud SME-Cloud
Solutions Devices Phone
TV
Edu-Cloud HC-Cloud Commerce Client NetBook
Software/service
Hardware
system software Cloud Connectivity
Data Infrastruc 3G/4G
switch storage
Center ture
Fiber WiMax
server Security
IDC, ISP telecommunication
Hardware,software
94
95. G-Cloud Program
G-Cloud
Software as a Service (SaaS)
Agility Shared Service
Agency Transportation SME Healthcare •G2C)
service Service •(G2B)
f E-Tax E-Trade •(G2G)
Education
Shared
Platform as a DB & Mgt AP Dev. AP
Service
Service (PaaS) Platform Platform Validatoin
Consolidation Shared facility
Platform
Infrastructure as a Service (IaaS) GSN , GPKI , N-SOC, shared data center
Management service
SLA & Auditing
Service management & Security management
Data center and network management
95
96. Project Name Budget Lead Organization
Cloud computing technology development plan $3.7B MOEA/DOIT
Research Experimental Data Center plan $0.1B MOEA/DOIT
Cloud Computing Corporation plan $1B MOEA/DOIT
Global Firms R&D Investment plan $1.5B MOEA/DOIT
Cloud Computing Industrial Applications Plan $0.7B MOEA/IDB
Government Cloud Computing Infrastructure $6.5B RDEC
Fire Prevention Cloud Computing Service $0.4B MOI/NFA
Education Cloud Computing Service $1.7B MOE
Road Traffic Cloud Computing Infrastructure $0.6B MOTC
Cloud Computing Promotion for SME $0.6B MOEA/SMEA
Cloud Computing Trade Service $0.4B MOEA/BOFT
Cloud Computing Invoice Service $1.3B MOF
Tax Information System Integration & Reform $4B MOF
Harbor Single Window Service Plan $0.8B MOF
Technology & Research Cloud Computing Platform $0.8B NSC
98. What’s going wrong
• Set the standard
– Policy value should be measurable at specific facets
• Improved constituent value
– Demonstration needed
• Improved operational efficiency
– Demonstration needed
– Lack of Strategy Model
• Value/Cost justification model
• Lack of Cross-agency integration
– Committee driven model
• Committee representative
– IT experts are not professional in financial/business evaluation
• Stakeholder representative
– Committee members have no position to claim construction
for target stakeholders
– Weak causal analysis
• Lack of problem declaration, causal model, reasoning methodology,
solution alternatives, outcome justification
99. Strategy vs. Operation
• Separate strategy and operation issues
– Deal with operations separately from strategy
– Pushing operational performance and making
strategic decisions are distinctive activities
• GIGO (garbage in / garbage out)
– Measure goals with goals indicators
• Goals indicator validation
– Measure performance with performance
indicators
100. Issue Resolution Process
• Issue identification
– Strategic [S]
• Improve performance to target stakeholders
• Reduce cost to target stakeholders
– Non-strategic [NS] : otherwise
– Exception Fallacy [EF] : not a real issue
• Propose solution items, with the following context
– Fact-based : demonstrate how it create stakeholders’ value
– Alternative driven : at least 3 alternatives presented
– Consequential
• Financial implication : how much it cost (CapEx, OpEx ?)
• Performance implication : how well it perform? scale of improvement?
how to monitor?
• Time Scale : Short/Mid/Long-term solution, straw-man proposal,
migration strategy
• Conclusion Validity : Are they causal (solutions vs. issues)
101. The Prioritization Matrix
High Cloud Computing
Cost ofof Implementation
Cyberspace
Cost Implementation
Pursue Strategy
Deprioritize
Opportunistically
Explore ways of Investigate
Improving stakeholders’ further
value immediately TWIX
Low
Low High [S]
High
Issue Strategic Value
Issue Strategic Value
102. Recommendations
• Issue strategic value
– Given the issue resolved, how it improve performance ? How it create
value? A general understanding should be given
• Prioritization Matrix
– [Strategic]>[Non-Strategic]
• Put real choice on the table : alternative driven
• Solve the problem
– Solution and problem should have casual relationship
• Time scaling : phased implementation with coherent strategy
• You can not control what you can not measure