Cloud service providers are in the news every day.  Whether it be that Disney or the NFL is “moving to the cloud”, or that a vendor is forcing Cloud adoption with their offerings, Cloud is newsworthy.  And be it Microsoft’s Office365, Amazon Web Services (AWS), or Google Cloud Platform, (three of the main players), Cloud Computing is here to stay.

Rainbow in the clouds - Cloud Technology Services
Think cloud!

This article focuses on explaining some of the technical differences between the “as a service” technology bases you will encounter. The article begins by defining the continuum of primary “as a service” technologies. Next, we’ll explore some of the many cloud computing advantages and disadvantages – for there are many!  Finally, we’ll apply Cloud Computing architecture and describe how real, live businesses use “the cloud”.

1. The “As a Service” continuum

xAAS models are best understood as concentric circles
xAAS models are best understood as concentric circles in a continuum of options

As you explore xAAS solutions for your environment you’ll noticed there are many marketing descriptions for Cloud Services. 
The marketing hype will tend to make this all sound very confusing. However, consider that all cloud services are really one of three defined “As-A-Service” models. What really happens though is that the various Cloud offerings are laying within a continuum, or a set of concentric circles.

The innermost of the models is the Infrastructure as a service and allows the customer to control most of the solution, while the outermost of the models is the Software as a service and levies most of the infrastructure and platform maintenance on the vendor so the customer focuses on their business instead of the technology.

As you read through each of the definitions, consider the necessary functions of the solution. In most cases, the further outbound of the concentric circles (that is, the Software as a service solution) is going to be the least “hands on”, the least costly, and the least configurable.

Bespoke data centers

Before going into the as a service offerings, consider what happens with building a personal data center. Long term capital costs include the land and the building, usually a raised floor, and permits. Shorter term recurring capital costs include servers and networking infrastructure such as firewalls, routers, switches. Operational costs include taxes, power (air conditioning, lights), insurance, physical security, human capital (including the cost of hiring and retaining staff), and a Managed Services Security Provider to monitor the data center.

But wait, there is more — the cost of business continuity. Business continuity and disaster recovery in bespoke data centers is handled by duplicating the data center at a large cost.

With that in mind, let’s define options with an as a service cloud provider.

Infrastructure as a Service (IaaS)

Infrastructure as a Service is the inner circle of the models, the most basic “as a service” model.  IaaS is a solution where the customer is responsible for provisioning storage, networking, processing, and other basic computing components.   The consumer does not control the underlying cloud infrastructure, but does control the infrastructure.  The Hosting company controls the data center including physical access to the infrastructure, heating and cooling, insurance, and other infrastructure costs. The customer may have control over the internet bandwidth, the CPU cores, and the available memory — artifacts normally associated with “infrastructure”.

In yesterday’s model of hosted computing, the IAAS model would be where the customer has direct control of the hardware that is in a “private cage” in the service provider’s data center.

Platform as a Service (PaaS)

Platform as a Service is a solution where the Customer is controlling the platform from the point of view of the Operating System.  In PaaS solutions, the Hosting company often provides Platform Deployment Templates.   For example, a PaaS hosting company may supply templates for Windows 10 or Linux.  The Customer has full control over, and full responsibility for, configuring the Operating System and any associated applications.

Software as a Service (SaaS)

Software as a Service is the most vendor controlled of the “As a Service” solutions. In this environment, the Customer purchases access to a hosted software package.  The hosting company controls the platform and infrastructure.  Typically, Web browsers provide access to SaaS solutions and restrict configuration to options within the web interface. The application service provider tightly controls the application configuration. 

Capacity planning in SaaS is normally focused on transaction counts, or number of users, or other volumetric measures, and are not related to “the number of CPUs” or “the amount of RAM”. Simple examples for SAAS that most of us understand include email providers such as Google’s gmail and Microsoft’s web based email.

2. Advantages of Cloud

Cloud connects everyone
Cloud computing is already working

As with all technologies there a Advantages and Disadvantages to Cloud Compute models. When exploring each artifact, try to better understand whether the artifact affects you, if it does then how the artifact affects you, and if it is a negative situation whether the particular deployment can either accept or otherwise manage the situatio

On-demand

Cloud Compute services are “on demand”.  This means that instead of having to rent a physical location, apply for permits, purchase physical servers, standing up those servers in a physical data center, and hiring engineers and staff to run the data center, the Customer can focus on speed to market and stand up the cloud on demand.  This reduces the large capital outlays and even reduces the risks with associated with long-term leases.

Rapid elasticity

Rapidly expanding and rapidly retiring services is straightforward in Cloud Compute models.  This reduces the concerns for oversizing or undersizing equipment purchases.

For example, if a business experiences a recession or other cut backs, the cloud expenses can quickly be reduced.  Due to rapid elasticity, the business is not at risk of purchasing and maintaining large unused data centers.

Controlling capital expenditures

Employing cloud services reduces the costs, risks, and unknowns of building out a full data center.  In this way, the business owners can focus on the business instead of managing a data center and the staff to maintain it.

Business Continuity Planning and disaster recovery

Cloud compute offers location abstraction, where the Customer does not have need to control the geographic deployment area.  In fact, if properly deployed, Cloud Computing models supply most of the computing infrastructure required to solve business continuity (BCP) and disaster recovery — all built into the deployment. That is, disaster recovery and business continuity are “built-in” by deploying multiple geographically distributed compute solutions — all without standing up independent physical locations.  Although this does not solve the entire Business Continuity plan (click here for a more comprehensive discussion of BCP), it goes a long way in the right direction.

Security

The Host company provides the physical security to the servers and data center.  Depending on the solution, the Customer is responsible for various levels of data security.

Software update management

The business does not have to be concerned with regular software updates in SAAS & PAAS environments.  Instead, the CSP host will maintain the SaaS environment, and the business can focus on the business needs.  Security risks are also reduced since the most recent software package is regularly deployed.

Improved mobility

All forms of cloud computing offer improved mobility for the workforce by centralizing the compute stack into a remote addressable solution.  There is no longer a need to create and protect a DMZ – if your employees have an internet connection, they’ll have access to the CSP.

3. Disadvantages of Cloud

Broken Internet connection always requires a plan!  Cloud Computing requires Business Continuity Planning
Broken Internet connection always requires a plan! Cloud Computing requires Business Continuity Planning

The cloud compute model is highly effective, highly cost effective, highly resilient, and there are many reasonable advantages when moving to a Cloud Service Provider (CSP).  That said, there are disadvantages to any solution, and CSP is no different.  As with any solution, it is important to consider how CSP changes your business dynamics before fully embracing the architecture. This is especially true for the Business Continuity Plan. Here we’ll explore some of the disadvantages.

Service provider outages

Unfortunately, like all cloud stacks, cloud providers also suffer outages.  If an outage does occur, the Customer may feel helpless in relying on the CSP in bringing the system back online.  That said, overcoming Outage risks is easily structured by building multiple cloud stacks with multiple CSP’s providing distributed geographic deployment.

Network outages

Network outages do and will occur.  In a purely on site solution, Internet Service Provider (ISP) failures do not impact the business.  However, in a cloud solution, the ISP is a primary point of failure.  Managing these risks is straightforward by employing multiple ISPs.

Security

While CSP’s offer tremendous Security value, there is a risk that policies are not followed.  Depending on the type of business you are running, contractual language can transfer some of those risks.  For example, in a healthcare environment Business Associates Agreements transfer some risks associated with breaches.

Vendor lock in

Vendor concerns exist with shrink wrapped software, and even more concerns exist for cloud services.  As you engage with a vendor, remain cognizant of vendor lock in risks.  For example, the customer should have mitigation plans in place if a vendor goes out of business, or if a contract ends unfavorably, or if the contract becomes unaffordable.  Test Vendor lock in plans regularly to confirm that all data is recoverable and the business is able to continue unabated.

4. Business use cases

Bring your bright ideas! Light bulb on a chalk board with six idea bubbles around
All bright ideas start with at least one

We’ve covered Advantages and Disadvantages of Cloud Services versus owning your own data centers and platforms. 

This section explores business cases where cloud service providers excel.

Email

Email is a solution that is normally best handled by a cloud service provider. High availability is required when dealing with email. With the advent of Office 365, Google gsuite, and others, cloud email is normally both more secure and less expensive than hosting one’s own email.

Email leans towards the Software as a Service offering, where the customer is not responsible for the infrastructure nor the platform. Configuration is simple: Create an email address, secure it with a password, and then transact with emails.

Websites

Most companies are not interested in managing the physical computers and data center for hosting a web site. Not only would the company have to maintain the web site, but also the infrastructure and network connections related to being online.

In most cases, hosting services such as a web site are better served by a cloud hosting provider. In general, web sites will be provided by cloud providers leaning towards the Platform or Software as a Service options, where the customer is going to be responsible for the content of the site and the service provider will be managing the infrastructure.

Surge capacity for online retail presence

Another example of cloud computing benefits relates to surge capacity. Describing an example, say a company regularly serves 100 customers per day. The company is expecting to run a promotion, and is unsure what kind of traffic to expect. Through a CSP model, the company can rapidly expand services to handle surge, then tear down the services after the surge.  No hardware purchase and deployment is necessary, just lease the potential CPU cycles while necessary to accommodate the potential surge.

5. Where to go from here

Blackboard expressing the idea.... what's next?
What’s next?

As with any solution, it is a good idea to outline individual specific benefits and concerns related to cloud computing.  As a recommendation, I’d say jump to Cloud early and often.  Cloud is an excellent risk reducer.  That said, business and technology risk plans should still be fully vetted and regularly tested.

6. Key acronyms and technologies

  1. AWS – Amazon Web Services
  2. Bespoke data center – custom tailored data center
  3. CSP – Cloud Service Provider
  4. ISP – Internet Service Provider
  5. SaaS – Software as a Service
  6. PaaS – Platform as a Service
  7. IaaS – Infrastructure as a Service

7. References

  1. “The NIST Definition of Cloud Computing”,  http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
  2. “Advantages and Disadvantages of Cloud Computing”,  http://www.levelcloud.net/why-levelcloud/cloud-education-center/advantages-and-disadvantages-of-cloud-computing/
  3. “Google Cloud Platform”, https://cloud.google.com/products/
  4. “Benefits of cloud computing”, https://www.ibm.com/cloud-computing/learn-more/benefits-of-cloud-computing/
  5. “11 Advantages of Cloud Computing and How Your Business Can Benefit From Them”, https://www.skyhighnetworks.com/cloud-security-blog/11-advantages-of-cloud-computing-and-how-your-business-can-benefit-from-them/
  6. “Cloud Computing and Is it Really All That Beneficial?”,  https://www.lifewire.com/cloud-computing-explained-2373125
  7. “Why Move To The Cloud? 10 Benefits Of Cloud Computing”,  https://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html

If you have any questions or comments on this article please leave me a note by clicking here.

Leave a comment