Thursday, May 09, 2013

Thomas Duryea's Journey to Cloud Part 2: Helping Leading Adopters Successfully Solve Cloud Risks

Transcript of a BriefingsDirect discussion on how a stepped approach helps an Australian IT service provider smooth the way to cloud benefits at lower risk for its customers.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: VMware.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Gardner
Our latest podcast discussion centers on how a leading Australian IT services provider, Thomas Duryea Consulting, has made a successful journey to cloud computing.

We'll learn how a cloud-of-clouds approach provides new IT services for Thomas Duryea's many Asia-Pacific region customers. Our discussion today continues a three-part series on how Thomas Duryea, or TD, designed, built and commercialized an adaptive cloud infrastructure.

The first part of our series addressed the rationale and business opportunity for TD's cloud-services portfolio, which is built on VMware software. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

This second installment focuses on how a variety of risks associated with cloud adoption and cloud use have been identified and managed by actual users of cloud services.

Learn more about how adopters of cloud computing have effectively reduced the risks of implementing cloud models. Here to share the story on this journey, we're joined once again by Adam Beavis, General Manager of Cloud Services at Thomas Duryea in Melbourne, Australia.
The question that many organizations keep coming back with is whether they should do cloud computing.

Welcome back, Adam.

Adam Beavis: Thank you, Dana. Pleasure to be here.

Gardner: Adam, we've been talking about cloud computing for years now, and I think it's pretty well established that we can do cloud computing quite well technically. The question that many organizations keep coming back with is whether they should do cloud computing. If there are certain risks, how do they know what risks are important? How do they get through that? What are you in learning so far at TD about risk and how your customers face that?

Beavis: People are becoming more comfortable with the cloud concept as we see cloud becoming more mainstream, but we're seeing two sides to the risks. One is the technical risks, how the applications actually run in the cloud.

Moving off-site

What we're also seeing -- more at a business level -- are concerns like privacy, security, and maintaining service levels. We're seeing that pop up more and more, where the technical validation of the solution gets signed off from the technical team, but then the concerns begin to move up to board level.

We're seeing intense interest in the availability of the data. How do they control that, now that it's been handed off to a service provider? We're starting to see some of those risks coming more and more from the business side.

Gardner: I've categorized some of these risks over the past few years, and I've put them into four basic buckets. One is the legal side, where there are licenses and service-level agreements (SLAs), issues of ownership, and permissions.

The second would be longevity. That is to say, will the service provider be there for the long term? Will they be a fly-by-the-seat-of-the-pants organization? Are they are going to get bought and maybe merged into something else? Those concerns.

The third bucket I put them in is complexity, and that has to do with the actual software, the technology, and the infrastructure. Is it mature? If it's open source, is there a risk for forking? Is there a risk about who owns that software and is that stable?
One of the big things that the legal team was concerned about was what the service level was going to be, and how they could capture that in a contract.

And then last, the long-term concern, which always comes back, is portability. You mentioned that about the data and the applications. We're thinking now, as we move toward more software-defined data centers, that portability would become less of an issue, but it's still top of mind for many of the people I speak with.

So let's go through these, Adam. Let's start with that legal concern. Do you have any organizations that you can reflect on and say, here is how they did it, here is how they have figured out how to manage these license and control of the IP risks?

Beavis: The legal one is interesting. As a case study, there's a not-for-profit organization for which we were doing some initial assessment work, where we validated the technical risk and evaluated how we were going to access the data once the information was in a cloud. We went through that process, and that went fine, but obviously it then went up to the legal team.

One of the big things that the legal team was concerned about was what the service level agreeement was going to be, and how they could capture that in a contract. Obviously, we have standard SLAs, and being a smaller provider, we're flexible with some of those service levels to meet their needs.

But the one that they really started to get concerned about was data availability ... if something were to go wrong with the organization. It probably jumps into longevity a little bit there. What if something went wrong and the organization vanished overnight? What would happen with their data?

Escrow clause

That's where we see legal teams getting involved and starting to put in things like the escrow clause, similar to what we had with software as a service (SaaS) for a long time. We're starting to see organizations' legal firms focus on doing these, and not just for SaaS -- but infrastructure as a service (IaaS) as well. It provides a way for user organizations to access their data if provider organizations like TD were to go down.

Beavis
So that's one that we're seeing at the legal level. Around the terms and conditions, once again being a small service provider, we have a little more flexibility in what we can provide to the organizations on those.

Once our legal team sits down and agrees on what they're looking for and what we can do for them, we're able to make changes. With larger organizations, where SLAs are often set in stone, there's no flexibility about making modifications to those contracts to suit the customer.

Gardner: Let's pause here for a second and learn more about TD for those listeners who might be new to our series. Tell us about your organization, how big you are, and who your customers are, and then we'll get back into some of these risks issues and how they have been managed.

Beavis: Traditionally, we came from a system-integrator background, based on the east coast of Australia -- Melbourne and Sydney. The organization has been around for 12 years and had a huge amount of success in that infrastructure services arena, initially with VMware.
Being a small service provider, we have a little more flexibility in what we can provide to the organizations.

Other companies heavily expanded into the enterprise information systems area. We still have a large focus on infrastructure, and more recently, cloud. We've had a lot of success with the cloud, mainly because we can combine that with a managed services.

We go to market with cloud. It's not just a platform where people come and dump data or an application. A lot of the customers that come into our cloud have some sort of managed service on top of that, and that's where we're starting to have a lot of success.

As we spoke about in part one, our customers drove us to start building a cloud platform. They can see the benefits of cloud, but they also wanted to ensure that for the cloud they were moving to, they had an organization that could support them beyond the infrastructure.

That might be looking after their operating systems, looking after some of their applications such as Citrix, etc. that we specialize in, looking after their Microsoft Exchange servers, once they move it to the cloud and then attaching those applications. That's where we are. That's the cloud at the moment.

Gardner: Just quickly revisiting those legal issues, are you finding that this requires collaboration and flexibility from both parties, learning the road that assuages risks for one party, but protects the other? Is this a back and forth activity? This surely requires some agility, but also some openness. Tell me about the culture at TD that allows you to do that well.

Personality types

Beavis: It does, because we're dealing with different personality types. The technical teams understand cloud and some love it and push for it. But once you get up to that corporate board level, the business level, some of the people up there may not understand cloud -- and might perceive it as more of a risk.

Once again, that's where that flexibility of a company like TD comes in. Our culture has always been "customers first," and we build the business around the longevity of their licenses. That's one of the core, underlying values of TD.

We make sure that we work with customers, so they are comfortable. If someone in the business at that level isn't happy, and we think it might have been the contract, we'll work with them. Our legal team will work with them to make sure we can iron that out, so that when they move across to cloud, everybody is comfortable with what the terms and conditions are.

Gardner: Moving toward this issue of longevity -- I suppose stability is another way to look at it -- is there something about the platform and industry-standard decisions that you've made that helps your customers feel more comfortable? Do they see less risk because, even though your organization is one organization, the infrastructure, is broader, and there's some stability about that that comes to the table?

Beavis: Definitely. Partnering with VMware was one of our core decisions, because their platform everywhere is end-to-end standard VMware. It really gives us an advantage when addressing that risk if organizations ask what happens if our company doesn't run or they're not happy with the service.
It's something that SaaS organizations have been doing for a long time, and we’re only just starting to see it more and more now when it comes to IaaS.

The great thing is that within our environment -- and it's one part of VMware’s vision -- you can then pick up those applications, and move them to another VMware cloud provider. Thank heaven, we haven't had that happen, and we intend it not to happen. But, for organizations to understand that, if something were to go wrong, they can move that to another service provider without having to re-architect those applications or make any major changes. This is one area where we're well getting around that longevity risk discussion.

Gardner: Any examples come to mind of organizations that have come to you with that sort of a question? Is there any sort of an example we can provide for how they were reducing the risk in their own minds, once they understood that extensibility of the standard platform?

Beavis: Once again, it was a not-for-profit organization recently where that happened. We documented the platform. We then gave them the advice of the escrow organizations, where they would have an end-to-end process. If something were to happen to TD, they would have an end-to-end process of how they would get their data, and have it restored on another cloud provider -- all running on common VMware infrastructure.

That made them more comfortable with what we were offering, the fact that there was a way out that that would not disappear. As I said, it's something that SaaS organizations have been doing for a long time, and we’re only just starting to see it more and more now when it comes to IaaS and cloud hosting.

Gardner: Now the converse of that would be that some of your customers who have been dabbling in cloud infrastructure, perhaps open-source frameworks of some kind, or maybe they have been integrating their own components of open-source available software, licensed software. What have you found when it comes to their sense of risk, and how does that compare to what we just described in terms of having stability and longevity?

More comfortable

Beavis: Especially in Australia, we probably have 85 percent to 90 percent of organizations with some sort of VMware in their data center. They no doubt seem to be more comfortable gravitating to some providers that are running familiar platforms, with teams familiar with VMware. They're more comfortable that we, as a service provider, are running a platform that they're used to.

We'll probably talk about the hybrid cloud a bit later on, but that ability for them to still maintain control in a familiar environment, while running some applications across in the TD cloud, is something that is becoming quite welcoming within organizations. So there's no doubt that choosing a common platform that they're used to working on is giving them confidence to start to move to the cloud.

Gardner: Do you have any examples of organizations that may have been concerned about platforms or code forking -- or of not having control of the maturity around the platform? Are there any real-life situations where the choice had to be made, weighing the pros and cons, but then coming down on the side of the established and understood platform?

Beavis: More organizations aren’t promoting what their platform is, and we’re not quite sure that it could be built on OpenStack or other platforms. We're not quite sure what they're running underneath.

We've had some customers say that some service providers aren’t revealing exactly what their platform is, and that was a concern to them. So it's not directed to any other platforms, but there's no doubt that some customers still want to understand what the underlying infrastructure is, and I think that will remain for quite a while.
As they are moving into cloud for the first time, people do want to know what that platform sitting there underneath is.

At the moment, as they are moving into cloud for the first time, people do want to know what that platform underneath is.

It also comes down to knowing where the data is going to sit as well. That's probably the big one we’re seeing more and more. That's been a bit of a surprise to me, the concerns people certainly have around things like data sovereignty and the Patriot Act. People are quite concerned about that, mainly because their legal teams are dictating to them where the data must reside. That can be anything from being state based or country based, where the data cannot leave the region that's been specified.

Gardner: I suppose this is a good segue into this notion of how to make your data, applications, and the configuration metadata portable across different organizations, based on some kind of a standard or definition. How does that work? What are the ways in which organizations are asking for and getting risk reduction around this concept of portability?

Beavis: Once again, it's about having a common way that the data can move across. The basics come into that hybrid-cloud model initially, like how people are getting things out. One of the things that we see more and more is that it's not as simple as people moving legacy applications and things up to the cloud.

To reduce that risk, we're doing a cloud-readiness assessment, where we come in and assess what the organization has, what their environment looks like, and what's happening within the environment, running things like the vCenter Operations tools from VMware to right-size those environments to be ready for the cloud.

Old data

We’re seeing a lot of that, because there's no point moving a ton of data out there, and putting it on live platforms that are going to cost quite a bit of money, if it's two or four years old. We’re seeing a lot of solution architects out there setting those environments before they move up.

Gardner: Is there a confluence between portability and what organizations are doing with disaster recovery (DR)? Maybe they're mirroring data and/or infrastructure and applications for purposes of business continuity and then are able to say, "This reduces our risk, because not only do we have better DR and business continuity benefits, but we’re also setting the stage for us to be able to move this where we want, when we want."

They can create a hybrid model, where they can pick and choose on-premises, versus a variety of other cloud providers, and even decide on those geographic or compliance issues as to where they actually physically place the data. That's a big question, but the issue is business continuity, as part of this movement toward a lower risk, how does that pan out?

Beavis: That's actually one of the biggest movements that we’re seeing at the moment. Organizations, when they refresh their infrastructure, don’t see the the value refreshing DR on-premise. Let the first step cloud be "let's move the DR out to the cloud, and replicate from on-premises out into our cloud."

Then, as you said, we have the advantage to start to do things like IaaS testing, understanding how those applications are going to work in the cloud, tweak them, get the performance right, and do that with little risk to the business. Obviously, the production machine will continue to run on-premises, while we're testing snapshots.
DR is still the number one use case that we're seeing people move to the cloud.

It's a good way to put a live snapshot of that environment, and how it’s going to perform in the cloud, how your users are going to access it, bandwidth, and all that type of stuff that you need to do before starting to run up. DR is still the number one use case that we’re seeing people move to the cloud.

Gardner: As we go through each of these risks, and I hear you relating how your customers and TD, your own organization, have reacted to them, it seems to me that, as we move toward this software-defined data center, where we can move from the physical hardware and the physical facilities, and move things around in functional blocks, this really solves a lot of these risk issues.

You can manage your legal, your SLAs, and your licenses better when you know that you can pick and choose the location. That longevity issue is solved, when you know you can move the entire block, even if it's under escrow, or whatever. Complexity and fear about forking or immaturity of the infrastructure itself can be mitigated, when you know that you can pick and choose, and that it's highly portable.

It's a round-about way of getting to the point of this whole notion of software-defined data center. Is that really at heart a risk reduction, a future direction, that will mitigate a lot of these issues that are holding people back from adopting cloud more aggressively?

Beavis: From a service provider's perspective it certainly does. The single-pane management window that you can do now, where you can control everything from your network -- the compute and the storage -- certainly reduces risk, rather than needing several tools to do that.

Backup integration

And the other area where the venders are starting to work together is the integration of things like backup, and as we spoke about earlier, DR. Tools are now sitting natively within that VMware stack around the software-defined data center, written to the vSphere API, as we're trying to retrofit products to achieve file-level backups within a virtual data center, within vCloud. Pretty much every day, you wake up there's a new tool that's now supported within that.

From a service provider's perspective it's really reducing the risk and time to market for the new offerings, but from a customer's perspective it's really getting in that experience that they used to. On-premise over a TD cloud, from their perspective, makes it a lot easier for them to start to adopt and consume the cloud.

Gardner: One last chance, Adam, for any examples. Are there any other companies that you would like to bring up that illustrate some of these risk-mitigation approaches that we've been discussing?

Beavis: Another one was a company, a medical organization. It goes back to what we were saying earlier. They had to get a DR project up and running. So they moved that piece to the cloud, and were unsure whether they would ever move any of their production data out. But six months after running DR in the cloud, we just started to provide some capacity.

The next thing was that they had a new project, putting in a new portal for e-learning. They decided for the first time, "We've got the capacity seeing over in the cloud. Let's start to do that." So they’ve started to migrate all their test and dev environment out there, because in their mind they reduced the risk around the up time in the cloud due to the success that had with the DR. They had all the statistics in reporting back on the stability of that environment.

Then, they became comfortable to move the next segment, which was the test and dev environment. And all things are going well. That application will run out of the cloud and will be their first application out there.
We have the team here that can really make sure we architect or build those apps correctly as they start to move them out.

That was a company that was very risk averse, and the DR project took a lot of getting across the line in the first case. We'll probably see that, in six to eight months, they're going to be running some of their core applications out of the cloud.

We'll start to see that more and more. The customers’ roadmap to the cloud will move from DR, maybe some test and dev, and new applications. Then, as that refresh comes up to the on-premise, they would be in a situation where they have completed the testing for those applications and feel comfortable to move them out to the cloud.

Gardner: That really sounds like an approach to mitigating risk, when it comes to the cloud, gradual adoption, learn, test, and then reapply.

Beavis: It is, and one of the big advantages we have at TD is the support around a lot of those applications, as people move out -- how Citrix is going to work in the cloud, how Microsoft Exchange is going to work in the cloud, and how their other applications will work. We have the team here that can really make sure we architect or build those apps correctly as they start to move them out.

So a lot of customers are comfortable to have a full-service service provider, rather than just a platform for them to throw everything across.

Gardner: Great. We've been discussing how a leading Australian IT service provider, Thomas Duryea Consulting, has made a successful journey to cloud computing. This sponsored second installment on how a variety of risks associated with cloud adoption have been identified and managed, comes via a three-part series on how TD designed, built and commercialized a vast cloud infrastructure built on VMware.

We've seen how, through a series of use case scenarios, a list of risks has been managed. And we also developed a sense of where risk as a roadmap can be balanced in terms of starting with disaster recovery and then learning from there. I thought there was really an interesting new insight to the market.

So look for the third and final chapter in our series soon, and we'll then explore the paybacks and future benefits that a cloud ecosystem provides for businesses. We'll actually examine the economics that compel cloud adoption.

With that, I’d like to thank our guest Adam Beavis, the General Manager of Cloud Services at Thomas Duryea Consulting in Melbourne, Australia. This was great, Adam. Thanks so much.

Beavis: Absolute pleasure.

Gardner: And of course, I would like to thank you, our audience, for joining as well. This is Dana Gardner, Principal Analyst at Interarbor Solutions.

Thanks again for listening, and don't forget to come back next time for the next BriefingsDirect podcast discussion.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: VMware.

Transcript of a BriefingsDirect podcast on how a stepped approach helps an Australian IT service provider smooth the way to cloud benefits at lower risk for its customers. Copyright Interarbor Solutions, LLC, 2005-2013. All rights reserved.

You may also be interested in:


Post a Comment