Moving to the Cloud

A white paper produced by the

Cloud Computing Use Cases Discussion Group
Version 1.0
28 February 2011
Contributors: Salvatore D'Agostino, Miha Ahronovitz, Joe Arstrong, !iz"an
Aha#, $iran%an Davalbha&ta, !a%i 'ogula(ati, )#on# *au, )ugene *uster,
Aurelio A. M. Matsui, Anish Mohae#, Davi# Mos&o"itz, Mi&e $olan, +o
,lun&ett, Sa&shi ,or"al, Arith !a% !a#ha&rishnan, Jean-*ou( !i.het, /has&ar
,rasa# !ial, Dave !ussell, Mar& /. Sigler, 0aala Sreenivasan, ,hilli(
Stratton, !obert Sy(uta, Doug +i#"ell, 0rishna Ven&atraan, an# Mi.hael
Versa.e.
,ubli. .oents on this #o.uent are "el.oe# an# en.ourage# via the
#is.ussion grou(s re1eren.e# at htt(233.lou#use.ases.org.
+his "or& is li.ense# un#er a 4reative 4oons Attribution
Share Ali&e 5.0 6n(orte# *i.ense.
Moving to the 4lou# Version 1.0
1 Overview
4lou# .o(uting "ill .hange the "orl# o1 7+ as #raati.ally as anything sin.e the
rise o1 the 8eb. /e1ore #e.i#ing "hether to ove to the .lou#, it is vital to
un#erstan# the (otential an# the ris&s o1 .lou# .o(uting an# the organization's
re9uireents 1or using the .lou#.
+his (a(er (resents a three-ste( (ro.ess 1or evaluating .lou# .o(uting2
1. Classify our !nformation Assets: 6n#erstan# the 1un.tion an# value o1 the
organization's a((li.ations an# #ata an# the ris&s to the organization i1 they
are lost or .o(roise#.
2. Determine our "e#uirements and "is$s: De1ine the re9uireents o1 the
organization an# #eterine i1 a .lou# (rovi#er e:ists that is .a(able o1
#elivering those re9uireents "hile &ee(ing the ris&s at an a..e(table level.
5. Calculate our "eturn on !nvestment %"O!&: 6sing the organization's
nee#s, assets, ris&s an# re9uireents, .al.ulate the .ost o1 oving to the
.lou# an# .o(are that to your e:isting .osts.
/e1ore #is.ussing the (ro.ess, there are t"o i(ortant to(i.s to .over2 the value
(ro(ositions o1 .lou# .o(uting an# the non-te.hni.al .onsi#erations that .an
overri#e any other .on.erns.
1.1 The Value Propositions of Cloud Computing
/e1ore .onsi#ering oving to the .lou#, it is vital to loo& at the basi. value
(ro(ositions o1 .lou# .o(uting. +he $7S+ #e1inition o1 .lou# .o(uting
1
#es.ribes 1ive essential .hara.teristi.s2
"apid 'lasticity: )lasti.ity is #e1ine# as the ability to s.ale resour.es both
u( an# #o"n as nee#e#.
Measured (ervice: 4lou# servi.es are .ontrolle# an# onitore# by the
.lou# (rovi#er, an# the (rovi#er bills the .onsuer only 1or "hat they use.
On)Demand (elf)(ervice: A .onsuer .an use .lou# servi.es as nee#e#
"ithout any huan intera.tion "ith the .lou# (rovi#er.
1
;ou .an 1in# the 1ull #o.uent on the $7S+ 4lou# 4o(uting (age at
htt(233.sr..nist.gov3grou(s3S$S3.lou#-.o(uting3. +he #o.uent states, <+his aterial is (ubli.
#oain although attribution to $7S+ is re9ueste#. 7t ay be 1reely #u(li.ate# an# translate#.< +he
$7S+ aterial in this (a(er is base# on Version 1= o1 the #o.uent, #ate# 8-1>-0>. +hese
.hara.teristi.s are #is.usse# in ore #etail in the 4lou# 4o(uting 6se 4ases (a(er.
28 February 2011
2
Moving to the 4lou# Version 1.0
Ubi#uitous *etwor$ Access: +he .lou# (rovi#er?s .a(abilities are
available over the net"or&.
"esource +ooling: !esour.e (ooling allo"s a .lou# (rovi#er to share its
(hysi.al an# virtual resour.es a..or#ing to .onsuer #ean#.
+hese .hara.teristi.s (rovi#e t"o signi1i.ant a#vantages2
,ower costs: +he ability to a## virtual a.hines, storage an# other
resour.es #ynai.ally eans .onsuers .an buy har#"are base# on their
noral "or&loa#s instea# o1 over-buying to allo" 1or their heaviest
"or&loa#s. +he organization .an #o the sae aount o1 "or& "ith 1e"er
a.hines. +hat eans lo"er .osts 1or buying har#"are an# so1t"are, lo"er
.osts 1or &ee(ing a.hines (o"ere# on an# .oole#, an# lo"er sta11ing
.osts be.ause 1e"er a#inistrators are re9uire#.
More responsive organi-ations: 7n any organizations, re9uisitioning a
ne" a.hine, #atabase or other resour.e .an ta&e #ays, "ee&s, or even
onths. 8ith .lou# .o(uting, those resour.es .an be a.9uire# @an# later
release#A as nee#e#. )ven better, that (ro.ess .an be autoate# so that
no huan involveent is re9uire#.
1.2 Non-Technical Considerations
Although ost #is.ussions o1 .lou# .o(uting 1o.us on the te.hnologies
involve#, there are t"o non-te.hni.al .onsi#erations that overri#e any other
.on.erns. +hese shoul# be .onsi#ere# be1ore any #e.ision about .lou#
.o(uting is a#e.
1./.1 Organi-ational Challenges
4lou# .o(uting is .hanging the "orl# o1 7+ 1orever. As "ith any te.hnology
tren#, an organization a#o(ting .lou# .o(uting "ill en.ounter .hanges to the
ission, authority, 1un#ing an# sta11ing o1 various #e(artents "ithin the
organization. +he sta11 o1 any #e(artent 1a.ing a #e.line in their in1luen.e on
the organization "ill alost .ertainly resist those .hanges.
Most #is.ussions o1 .lou# .o(uting 1o.us on the te.hnologies that enable it an#
the value (ro(ositions #is.usse# earlier. /ut "ithout e:e.utive-level su((ort,
oving to the .lou# "ill not be su..ess1ul. 7t is vital that any ne" .lou#-relate#
(ro%e.t be s(onsore# by a anager "ho is enlightene# an# (o"er1ul2 soeone
"ho .an both a&e the right te.hni.al #e.isions an# a&e the ha((en. 8ithout
that su((ort, any "i#e-ranging atte(t to ove to the .lou# "ill 1ail.
28 February 2011
5
Moving to the 4lou# Version 1.0
1././ "egulatory Concerns
Another non-te.hni.al issue is the (resen.e o1 governent an# in#ustry
regulations. For a variety of reasons, governments around the world are
concerned about the use of cloud computing. As an example, many
countries have strict privacy laws that prohibit certain data from being
stored on a physical machine located outside that country. An
organization from such a country storing sensitive data in the cloud
must be able to prove that their cloud provider followed those laws.
In addition to government agencies, many trade and industry groups
create regulations as well. While those regulations might not be
required by law, they represent best practices.
Following these laws and regulations will tae precedence over all
other requirements. A new law might require an organization to spend
its resources changing an application!s infrastructure instead of adding
features to it. "ew laws and regulations will be created on an ongoing
basis# the $I%!s o&ce must be alert for changes to the regulatory
landscape as they emerge.
/ Classifying our !nformation Assets
/e1ore a thorough investigation o1 oving to the .lou#, it is vital to #eterine
e:a.tly "hat in1oration assets your organization has. 8ithout an un#erstan#ing
o1 those assets an# their value, assessing the re9uireents, ris&s, an# bene1its
o1 oving to the .lou# is i(ossible.
+he in1oration assets o1 an organization are o1ten ore valuable than its
(hysi.al ones. +hose assets .an .onsist o1 intelle.tual (ro(erty, tra#e se.rets,
resear.h, 1inan.ial #ata, an# (ersonal in1oration, aong other things. Soe o1
that in1oration is .ru.ial to the su..ess o1 an organization @or even its .ontinue#
e:isten.eA, "hile other in1oration ight be sub%e.t to .o(yright, (riva.y, or
e:(ort .ontrol restri.tions.
8hen #e.i#ing "hether to ove an asset to the .lou#, a vital (art o1 the ris&
assessent (ro.ess is .lassi1ying that asset. +here are three basi. (arts to this
(ro.ess2
1. !dentification: +he organization ust i#enti1y the in1oration, "here it
.urrently resi#es, an# the (oli.ies an# regulations in (la.e 1or storing,
a..essing, an# #eleting that in1oration.
/. Classification: +he organization ust .lassi1y the in1oration a..or#ing to
its value an# the (otential #aages i1 the in1oration "as lost or a..esse#
ina((ro(riately.
28 February 2011
B
Moving to the 4lou# Version 1.0
0. +rotection: +he organization ust .reate a se.urity .hain 1or ea.h .lass o1
in1oration.
Cn.e the organization's assets are i#enti1ie# an# .lassi1ie#, the se.urity .hains
shoul# be #e1ine# an# (ut into (la.e.
A se.urity .hain ust (rote.t the organization's in1oration assets at all levels,
in.lu#ing (hysi.al se.urity, te.hni.al se.urity, an# (ro.e#ural an# legal ste(s.
,hysi.al se.urity in.lu#es easures su.h as restri.ting a..ess to #ata .enters,
shre##ing (a(er #o.uents an# #estroying ta(es an# har# #rives. +e.hni.al
se.urity in.lu#es everything 1ro the basi.s o1 1ire"alls an# a..ess .ontrol
systes to ore a#van.e# te.hni9ues su.h as #isabling 6S/ (orts. Finally,
(ro.e#ures 1or han#ling in1oration assets ust be .learly #e1ine# an#
a#e9uately e:(laine# to all e(loyees o1 the organization. 7n soe .ases, the
(ro.e#ures ay in.lu#e legal re9uireents su.h as la"s .overing the retention
or #estru.tion o1 #ata.
Cn.e the organization has .lassi1ie# its in1oration assets an# #e1ine# the ris&s
an# re9uireents 1or using the, the #e.ision to ove to the .lou# "ill be ore
straight1or"ar#. Moving e:treely valuable in1oration to the .lou#, es(e.ially a
non-(rivate .lou#, .an (ose ris&s that out"eigh any bene1its o1 using .lou#
.o(uting.
7n soe .ases the legal restri.tions i(ose# on .ertain .lasses o1 in1oration "ill
a&e it i(ossible to ove that in1oration to a non-(rivate .lou#. 6sing a
(rivate .lou# ight still be an o(tion, but a (rivate .lou# has ris&s as "ell. Moving
in1oration to a (rivate .lou# ight in.rease the nuber o1 the organization's
e(loyees "ho have a..ess to the a.hines that store an# (ro.ess it. +he
se.urity .hain ust be o#i1ie# to in.lu#e everyone "ith a..ess.
2.1 Candidate Applications for Moving to the Cloud
8ith the bene1its o1 .lou# .o(uting in in#, there are several &in#s o1
a((li.ations that are goo# .an#i#ates 1or oving to the .lou#2
+ilot +ro1ects: A .lou# (ilot (ro%e.t is a goo# "ay 1or an organization to
evaluate .lou# servi.es to see ho" use1ul, reliable an# .ost-e11i.ient they
.an be. A (ilot (ro%e.t shoul# be a non-.riti.al a((li.ation that has a liite#
s.o(e, a short tie 1rae an# loosely #e1ine# estiates o1 its !C7. /uil#ing
a (ilot (ro%e.t has the a##e# bene1it o1 giving the organization a .han.e to
learn ho" to use .lou# servi.es.
2ariable 3or$loads: Soe "or&loa#s have lo" re9uireents the a%ority
o1 the tie, "ith o..asional (erio#s o1 very high re9uireents. An
organization ust buy resour.es to han#le the a:iu "or&loa#, even
though ost o1 the tie those resour.es "ill be i#le. Moving that "or&loa#
to the .lou# .an 1ree the organization to buy only the resour.es to han#le
28 February 2011
=
Moving to the 4lou# Version 1.0
its noral re9uireents. 8hen the "or&loa# (ea&s, the organization .an
use .lou# .o(uting to (rovision the resour.es it nee#s, then release those
resour.es "hen the "or&loa# returns to noral.
*on)'ssential 4as$s: 4ertain a((li.ations an# #ata are essential to an
organization's .ore issionD they ty(i.ally have u.h higher re9uireents
1or resour.es an# u.h tighter restri.tions on ho" an# "here they are
use#. 71 there are lo"-ris& a((li.ations an# #ata that .oul# be (ro.esse#
o11-site, oving the to the .lou# "oul# 1ree resour.es 1or the rest o1 the
organization.
Data Mining: Data ining ty(i.ally re9uires substantial har#"are to 1in#
(atterns in assive aounts o1 #ata. Done in-house, the organization ust
buy, aintain, (o"er an# .ool all o1 that e9ui(ent. Moving that tas& to the
.lou# .an (rovi#e substantial savings. +he a.hines re9uire# .an be
virtual a.hines that run only "hen nee#e#.
Development and 4est: Develo(ent an# testing re9uire substantial
resour.es "hen #one on in-house systes. Develo(ers ust have the
sae level o1 #evelo(ent tools on their a.hines. +esters ust aintain
any #i11erent a.hine environents an# test a((li.ations on all o1 the.
Moving #evelo(ent tools into the .lou# ensures that all #evelo(ers are
using the sae level o1 tools, an# u(gra#ing the organization to a ne"
version o1 the tools re9uires one u(gra#e in one (la.e. Doing testing in the
.lou# allo"s the organization to #e1ine a single set o1 virtual a.hines 1or
testingD those virtual a.hines .an be starte# "hen nee#e#, then shut
#o"n "hen the tests are .o(lete.
0 Determining our "e#uirements and "is$s
As "ith any igration, oving to the .lou# .arries "ith it soe re9uireents an#
ris&s. 7n ost .ases, oving to the .lou# #oes not intro#u.e ne" ris&s, it erely
.hanges the nature o1 the e:isting ones. 7n a##ition, the threat (ose# by ea.h
ris& varies #e(en#ing on the ty(e o1 .lou#. Se.urity is al"ays a .on.ern, but
se.urity in a non-(rivate .lou# involves ore variables than se.urity in a (rivate
.lou#.
Although this (a(er .overs a broa# set o1 .oon ris&s, re9uireents an#
s.enarios, ea.h o1 those .an be a11e.te# by the ty(e o1 .lou# being use#. For the
(ur(oses o1 this (a(er, ris&s an# re9uireents "ill be #is.usse# in ters o1
(rivate .lou#s versus non-(rivate .lou#s. All o1 the resour.es o1 a (rivate .lou#
are insi#e an organization's 1ire"allD all other ty(es o1 .lou#s @the (ubli., hybri#
an# .ounity .lou#s o1 the $7S+ #e1initionsA have at least (art o1 their
resour.es on a share# net"or&.
28 February 2011
E
Moving to the 4lou# Version 1.0
3.1 ecurit!
Se.urity is .onsistently entione# as the ost i(ortant .on.ern 1or
organizations oving to the .lou#. Although the .lou# #oes not intro#u.e any
ne" se.urity threats or issues, it #oes in.rease the nuber o1 (eo(le "ho have
a..ess to the organization's resour.es. +he ost signi1i.ant #i11eren.e "hen
.onsi#ering se.urity 1ro a .lou# (ers(e.tive is the organization's loss o1 .ontrol,
not any (arti.ular te.hni.al .hallenge. 8ith an in-house a((li.ation, .ontrolling
a..ess to sensitive #ata an# a((li.ations is .ru.ial. 8ith a .lou#-base#
a((li.ation, a..ess .ontrol is %ust as i(ortant, but the #ata, in1rastru.ture,
(lat1or, or a((li.ation is un#er the #ire.t .ontrol o1 the .lou# (rovi#er.
+o a#e9uately se.ure any syste, a nuber o1 se.urity .ontrols are ne.essary.
Soe o1 the ost .oon se.urity .ontrols in.lu#e se.uring #ata, storage,
net"or&s an# en#(ointsD #e1ining i#entities an# roles an# the a..ess .ontrol
(oli.ies 1or theD an# &ey an# .erti1i.ate anageent. +he servi.es o11ere# by a
.lou# (rovi#er ust su((ort all o1 the se.urity .ontrols the organization nee#s.
For ore in1oration, se.urity is .overe# in e:tensive #etail in Se.tions E an# F
o1 the 4lou# 4o(uting 6se 4ases "hite (a(er.
3.2 Privac!
,riva.y is a .on.ern 1or any a((li.ation that #eals "ith sensitive #ata. Many
ty(es o1 #ata are sub%e.t to (riva.y la"s, .o(yright (rote.tion or e:(ort
restri.tions. An organization's nee# 1or (riva.y o1ten goes beyon# the basi.
.ontrols 1or #ata se.urity. 7t is vital that a .lou# (rovi#er #eliver the a##e#
.ontrols nee#e# to (rote.t sensitive #ata, in.lu#ing the ability 1or the organization
@or governent regulators, in e:tree .asesA to au#it the .lou# (rovi#er to (rove
that it 1ollo"e# the a((ro(riate (ro.e#ures.
3.3 "ederated #dentit! $ ingle ign-%n
As an organization oves a((li.ations an# #ata into the .lou#, it is li&ely that the
in1oration a user nee#s "ill .oe 1ro #i11erent sour.es, ea.h o1 "hi.h has its
o"n a..ess .ontrol e.haniss. Fe#erate# i#entity an# single sign-on use an
authenti.ation servi.e to vou.h that a user "ith a (arti.ular role shoul# be
allo"e# a..ess to a given resour.e, even i1 the syste .ontrolling that resour.e
has no &no"le#ge o1 that user.
For ore in1oration, Se.tion E.5 o1 the 4lou# 4o(uting 6se 4ases (a(er
.overs 1e#eration, i#entity anageent an# single sign-on.
3.& #nteropera'ilit! and Porta'ilit!
+he ra(i# (rovisioning an# #e(rovisioning o1 .lou# .o(uting #elivers a great
#eal o1 o(erational 1le:ibility to an organization. +hat being sai#, i1 oving to the
28 February 2011
F
Moving to the 4lou# Version 1.0
.lou# lo.&s the organization to a (arti.ular .lou# servi.e (rovi#er, the
organization "ill be at the er.y o1 the servi.e level an# (ri.ing (oli.ies o1 that
(rovi#er. 8ith that in in#, (ortability an# intero(erability be.oe .ru.ial to
(rovi#ing the 1ree#o to "or& "ith ulti(le .lou# (rovi#ers.
7ntero(erability is .on.erne# "ith the ability o1 systes to .ouni.ate. 7n the
"orl# o1 .lou# .o(uting, this eans the ability to "rite .o#e that "or&s "ith
ore than one .lou# (rovi#er siultaneously, regar#less o1 the #i11eren.es
bet"een the (rovi#ers.
2
Cn the other han#, (ortability is the ability to run
.o(onents or systes "ritten 1or one environent in another environent.
As organizations #e.i#e "hether to ove to the .lou#, it is i(ortant that they
.onsi#er intero(erability an# (ortability. +he aount o1 1ree#o is li&ely
#eterine# by the ty(e o1 servi.e use#. An a((li.ation "ritten to use s(e.i1i.
servi.es 1ro a (arti.ular ven#or's ,lat1or as a Servi.e @,aaSA "ill li&ely re9uire
substantial .hanges to use siilar servi.es 1ro another ven#or's ,aaS. Cn the
other han#, there are a nuber o1 o(en-sour.e libraries that (rovi#e a single,
.onsistent inter1a.e to .oon in1rastru.ture servi.es su.h as .lou# storage. An
a((li.ation "ritten to those inter1a.es is 1ar ore li&ely to be intero(erable an#
(ortable.
3.( ervice )evel Agreements *)As+
An S*A #e1ines the intera.tion bet"een a .lou# servi.e (rovi#er an# a .lou#
servi.e .onsuer. An S*A is the 1oun#ation o1 the .onsuer's trust in the
(rovi#er. Aong other things, an S*A .ontains2
A set o1 servi.es the (rovi#er "ill #eliver, along "ith a .o(lete, s(e.i1i.
#e1inition o1 ea.h
+he res(onsibilities o1 the (rovi#er an# the .onsuer
A set o1 etri.s to #eterine "hether the (rovi#er is #elivering the servi.e
as (roise#
De(en#ing on the ty(e o1 .lou# servi.e, a (rovi#er ight nee# to be .erti1ie# 1or
.ertain stan#ar#s @7SC 2F001, 1or e:a(leA. Many organizations "ill also nee#
the ability to onitor an# au#it the (rovi#er to ensure that the ters o1 the S*A
are being et. Finally, the .lou# (rovi#er ust (rovi#e trans(aren.y, noti1ying
.onsuers o1 any outages or (robles that o..ur.
Any organization .onsi#ering or negotiating an S*A shoul# &no" its business
ob%e.tives be1ore agreeing to any ters o1 servi.e. 7t is vital that the organization
&no" e:a.tly "hat it nee#s as it .onsi#ers #i11erent .lou# (rovi#ers.
2
+he #e1initions o1 intero(erability an# (ortability are base# on the "or& at
htt(233""".testingstan#ar#s..o.u&3intero(GetGal.ht.
28 February 2011
8
Moving to the 4lou# Version 1.0
For ore in1oration, S*As are .overe# in e:tensive #etail in Se.tion 8 o1 the
4lou# 4o(uting 6se 4ases "hite (a(er.
3., Availa'ilit!
Availability is a .lear re9uireent 1or any syste, "hether it is in the .lou# or in
the #ata .enter #o"n the hall. Cne ris& o1 .lou# .o(uting is that the (eo(le
res(onsible 1or #iagnosing a (roble an# getting the syste ba.& online #o not
"or& 1or the organization #ire.tly. 7t is vital that the S*A #e1ine the availability the
.lou# (rovi#er "ill #eliver, as "ell as the re.overy (ro.e#ures in the event o1 any
outages.
/usiness .ontinuity an# #isaster re.overy are also (art o1 availability. An
organization shoul# un#erstan# "hat ar.hite.ture an# te.hnology the .lou#
(rovi#er has in (la.e to re.over 1ro syste 1ailures, in.lu#ing re#un#ant
systes an# sel1-healing in1rastru.tures.
3.- Performance
A#e9uate (er1oran.e is .ru.ial to any su..ess1ul ove to the .lou#. 71 oving
to the .lou# saves the organization oney, yet the (er1oran.e o1 a((li.ations
slo"s to an una..e(table level, those savings are eaningless.
8hen oving an a((li.ation to the .lou#, it is i(ortant to #e1ine the
(er1oran.e the .lou# (rovi#er ust #eliver. +his is #one "ith Servi.e *evel
Cb%e.tives @S*CsA. H+hrough(ut 1or a re9uest shoul# be less than 5 se.on#sI
an# HAt least 1ive instan.es o1 a virtual a.hine shoul# be available >>.>>>>>J
o1 the tieI are e:a(les o1 S*Cs. +he S*Cs shoul# be (art o1 the S*A, they
shoul# be #e1ine# in ters o1 the organization's ob%e.tives, an# they shoul# a&e
it .lear e:a.tly "hat (er1oran.e the .lou# (rovi#er "ill #eliver.
3.. /overnance
)very organization has (oli.ies 1or #e(loying, anaging, ar.hiving an# #eleting
its a((li.ations an# #ata. 8hen oving to the .lou#, it is vital that the .lou#
(rovi#er su((ort those (oli.ies. As entione# (reviously, #ata is o1ten sub%e.t to
la"s an# regulationsD the .lou# (rovi#er's servi.es ust &ee( the organization in
.o(lian.e, an# the (rovi#er ust be au#itable to (rove it has #one so. +he
(rovi#er's res(onsibilities 1or enabling governan.e shoul# be (art o1 the S*A.
3.0 Testing
+he ra(i# elasti.ity (rovi#e# by .lou# .o(uting a&es it relatively
straight1or"ar# to test an a((li.ation as it oves to the .lou#. Stress-testing
ulti(le instan.es o1 an a((li.ation un#er assive loa#s .an be #one by starting
the a((li.ation on any virtual a.hines, then running the test. +his is
signi1i.antly easier an# .hea(er than buil#ing those a.hines an# #e(loying
28 February 2011
>
Moving to the 4lou# Version 1.0
the on internal resour.es. 8hen the test is .o(lete, all o1 the virtual a.hines
.an be shut #o"n.
A((li.ations that use in1rastru.ture servi.es .an be teste# easily as "ell. For
e:a(le, i1 an a((li.ation that uses lo.al storage is o#i1ie# to use .lou# storage
instea#, testing .an vali#ate that any o(erations "ith the .lou# storage servi.e
"or& .orre.tly. +esters shoul# be a"are that .lou# servi.es o1ten (er1or u.h
slo"er than lo.al servi.es. 8riting to a #is& in the .lou#, 1or e:a(le, "ill ta&e
u.h longer than "riting to a #is& in the sae a.hine.
+esters shoul# also be a"are that any .lou# servi.es are assively re#un#ant,
eaning that any .hanges a#e to a .lou# servi.e "ill be re(li.ate# to other
a.hines a.ross the .lou# (rovi#er's in1rastru.ture. /e.ause that re(li.ation
ta&es a .ertain aount o1 tie an# an a((li.ation has no .ontrol over "hi.h
re#un#ant a.hine it a..esses, testing shoul# a..ount 1or the 1a.t that an
a((li.ation .an a..ess stale #ata. +his ight re9uire .hanges to the a((li.ations
theselves.
5 Calculating our "O!
As "ith #e.i#ing to ove ahea# "ith any 7+ (ro%e.t, a thorough analysis o1 the
!C7 shoul# be #one be1ore #e.i#ing to ove to the .lou#. Kere are the things an
organization shoul# atte(t to 9uanti1y2
6ardware (avings: Moving to the .lou# shoul# re#u.e the organization's
nee# 1or har#"are. 7n soe .ases that "ill ean #e.oissioning e:isting
a.hinesD in other .ases that "ill ean buying less har#"are an# so1t"are
going 1or"ar#.
(taffing: 8ith the .lou# (rovi#er buil#ing an# aintaining the
in1rastru.ture, 1e"er sta11 "ill be nee#e#. +he .lou# (rovi#er's sta11 "ill
aintain the a.tual har#"are, a((ly (at.hes to so1t"are an# han#le the
#ay-to-#ay aintenan.e o1 their systes. +he savings in sta11ing shoul# be
evaluate# a..or#ing to the ty(e o1 .lou# servi.e being use#.
+ower and Cooling: +he .ost o1 &ee(ing a.hines turne# on an# .oole#
.an be substantial. Kaving 1e"er a.hines in-house "ill #e.rease those
.osts.
Application Changes: De(en#ing on the ty(e o1 a((li.ation, oving to the
.lou# ay re9uire .hanges to the a((li.ation itsel1. For a((li.ations that "ill
be hoste# in a virtual a.hine hoste# in the .lou#, .hanges ight be
inial. Cn the other han#, a((li.ations that "ill use .lou# in1rastru.ture
servi.es instea# o1 in-house in1rastru.ture ay re9uire substantial .hanges.
Organi-ational 'fficiency: +he ability to autoati.ally (rovision an#
#e(rovision resour.es .an a&e an organization u.h ore res(onsive
28 February 2011
10
Moving to the 4lou# Version 1.0
an# 1le:ible. A ore res(onsive organization has ore o((ortunities to
innovate an# #istinguish itsel1 in the ar&et(la.e. +his is u.h har#er to
9uanti1yD un(lugging 20 a.hines "ill absolutely lo"er .osts 1or (o"er an#
.ooling, "hile 1le:ibility "ill give an organization the potential o1 better
(er1oran.e.
Governance: As .overe# above, using a non-(rivate .lou# eans that the
e(loyees o1 a .lou# (rovi#er "ill be involve# in the se.urity .hains use#
to (rote.t the organization's a((li.ations an# #ata. Au#iting an# onitoring
the .lou# (rovi#er's systes "ill li&ely be ore #i11i.ult. +he organization
shoul# estiate ho" its (oli.ies "ill be a11e.te# an# the .ost o1 .hanging
the. Another .ost to .onsi#er is that a .lou# (rovi#er ight .harge a 1ee
1or au#iting or onitoring its servi.es.
"is$s: A nuber o1 ris&s have been .overe# in this (a(erD those ris&s
shoul# be evaluate# "ith the ty(e o1 .lou# servi.e an# the ty(e o1 .lou#
@(rivate versus non-(rivateA being use#.
8ith these 1a.tors in in#, an organization .an #o a .ost-bene1it analysis an# a
ris& assessent to #eterine "hether oving to the .lou# is "orth"hile.
7 Conclusions
+here are any bene1its to oving a((li.ations an# #ata to the .lou#, but there
are any ris&s as "ell. +his (a(er .overe# the areas organizations shoul# &ee(
in in# as they .onsi#er "hether the bene1its o1 oving to the .lou# are
"orth"hile. +he three-ste( (ro.ess is2
1. Classify our !nformation Assets
/. Determine our "is$s and "e#uirements
0. Calculate our "O!
At every (oint in the (ro.ess, the organization shoul# &ee( its business goals
an# nee#s in in#. Moving to a .hea(er, ore autoate# syste that re9uires
less a#inistration yet 1ails to (rovi#e a#e9uate (er1oran.e, se.urity, (riva.y or
availability is a #isaster.
8ith a .o(lete un#erstan#ing o1 the a((li.ations an# #ata an# their
re9uireents an# ris&s, an organization .an a&e an ob%e.tive business #e.ision
about the value o1 .lou# .o(uting.
28 February 2011
11