Availability, availability, availability. If you’re going to focus on one issue, AVAILABILITY is key. The promise of quick, easy, cheap access to software and services in the cloud is coming true. But if your system isn’t available, it’s useless. If you have a little time to think about other things, think about security and scalability.
The Cloud is here and it’s time to figure out if you need it or just want it. While it’s hard to define the exact boundaries of the Cloud, every network administrator I have spoken to has given me a very practical definition – “the cloud is everything I don’t control.” They don’t spend a lot of time trying to identify various unique characterstics – in practice the Cloud is technology out-sourcing, pure and simple. You are acquiring hardware, software and services from a vendor instead of hiring staff and providing them yourself. How I get access to those services is a technical matter of developing the proper networking which is the vendor’s specialty. Understood this way, you can treat the Cloud the same as any other out-sourcing relationship. Make sure that you are getting what you pay for and that the service you get meets your needs. Here are a few issues that are particularly important in a Cloud environment.
The Issues & A Few Ideas
- Availability is all about making sure that the hardware, software and communication systems you are paying for are there when you need them. You can be simple or complex but the key point is that it doesn’t matter what part of the system goes down, for you it is a binary equation. Either it works or it doesn’t work. You’ll have to expect some downtime, that’s just reality, systems fail.
- Figure out what you need. Are three 9s sufficient (99.9% uptime – 43 minutes of downtime a month) or do you need five 9s (99.999% uptime – 25 seconds of downtime per month)? The higher the guarantee the higher the cost, so spend some time figuring out exactly what you need.
- Keep an eye on response to downtime. If you thought dealing with internal IT was bad, wait until they are just the middle man managing an outside vendor’s help desk. Make sure you get regular updates on progress and the right to escalate the problem within the vendor’s organization within a set time. No manager wants to get an escalation call at 2am because his support group hasn’t solved your problem
- Security is more than just making sure your password is a mix of 9 or more mixed-case alpha-numeric characters and symbols. If you are collecting, processing and storing information it is likely there is someone watching what you do.
- The big standard that is becoming impossible to avoid is the PCI DSS. The payment card industry (read here Visa and MasterCard). Credit card information is valuable and this detailed and expensive standard defines how the card providers want you to handle the data.
- The secret? PCI is a system for allocating risk and liability. The purpose of it is to identify the source of any security breach and make the operator of the source responsible for the costs. Get a copy of your cloud provider’s security certificate and make sure you keep tabs on their compliance so that they are responsible for security failures.
- Part of what you are paying for in the cloud is the excess capacity that is sitting there, ready for you to use on demand. If you already know the size of the system you need to service your business then is the cloud really for you? The reports I have from hosting service providers is that if you are comfortable with the size and power of the system you need, it is likely cheaper to build it out yourself in your own data center or as part of a private cloud. You can still use the tools developed for the cloud to manage the system.
- That said, if you haven’t got the confirmed traffic numbers or the capital to sink money into your own build-out use a cloud provider that can guarantee you additional resources. Just make sure they guarantee the additional resources.