march 2012

Harnessing this technology to
reduce costs and boost agility

800.800.4239 |

A guide to the latest technology for people who get IT

cloud computing reference guide | March 2012

what’s inside: 800.800.4239 |


Chapter 1: Welcome to the Cloud..................................................
• Cloud Clarity
• Break from the Past
• Foundation for Innovation

Chapter 2: Choosing the Right Cloud.......................................... 5
• Four Deployment Options
• Efficiency as a Service
• Client Flexibility

Chapter 3: Scenarios Where the Cloud Delivers................... 7
• Problem No. 1: Continuous Investment Outlays
• Problem No. 2: Inefficient Use of IT Resources
• Problem No. 3: Innovation Stymied by Routine Tasks

• Problem No. 4: Slow Adoption of New Applications
• Problem No. 5: Underutilized IT Expertise
• Problem No. 6: Growing Security Demands

Chapter 4: A Map to the Cloud....................................................
• Prepare for Pushback
• A Virtualized Foundation
• Help with Governance
• Trigger Events

Chapter 5: The Private Cloud..................................................... 22 Visit
for more information
• Is a Private Cloud the Right Choice?
on cloud computing.
• Design Checklist
• Build with Care
• Migrating to the Cloud
• Management Guidelines

Chapter 6: The Public Cloud........................................................ 27 What is a CDW Reference Guide?
• Service Options At CDW, we’re committed to getting you everything you need
to make the right purchasing decisions — from products and
• Security Concerns
services to information about the latest technology.
• Sticker Shock
Our Reference Guides are designed to provide you with an
• Compliance Considerations
in-depth look at topics that relate directly to the IT challenges
• Choosing a Provider you face. Consider them an extension of your account
• Negotiating SLAs manager’s knowledge and expertise. We hope you find this
• Migrating (with Care) guide to be a useful resource.

Glossary............................................................................................... 33
Download a QR code reader on your mobile
device to scan and discover how CDW
solved cloud infrastructure problems for
an international manufacturer.


0 doesn’t necessarily herald the close month-end financial books or Study. government’s become available to other users. For instance. management frameworks has finally respondents to the AMD survey list processing power. while 35 percent exist as pools that systems and acceptance has come. the era of Cloud example. cost reductions as the prime driver memory and other IT capabilities Recent research shows how far cloud for their cloud plans. valuable: Many IT managers see cloud to book server time or reserve The reason? Cloud environments can computing as a model for enabling additional storage capacity. storage. heavy number crunching to Similarly. A good dose of reality is relinquish the extra resources. storage volumes. either automatically percent — highlight how cloud computing go-to reference for formal definitions. end has clearly influenced the IT roadmaps But working definitions are also users could click on a simple menu of a wide spectrum of organizations. achieved mainstream status.0. hosted applications or both. architectures and For these reasons. Done right. Those National Institute of Standards and Self-service: IT resources exist numbers — a combined total of 75 Technology (NIST). Best of address core business and technical convenient. Once demand subsides. Cloud Computing Tracking Poll found move to address specific needs. After years spent can boost the overall efficiency of an provisioned computing resources. CDW’s 2011 identify cloud computing as a tactical users can draw from as needed. the Global Cloud Computing 2. key elements fill out this description. servers. sponsored by AMD in 2011. which for hosting data. the use of cloud shared pool of configurable and rapidly calling in the IT department. which in turn has the including networks. computing is and how it can reshape IT potential to save money and make applications and services. users nearly 40 percent use cloud solutions definitions. enterprises still guard against those who play during the busy holiday shopping are investigating cloud computing and fast and loose with cloud claims and season. chapter 1 Cloud Clarity Break from the Past Foundation for Innovation Welcome to the Cloud The underlying concepts and components of this new computing environment and where it’s headed Call it Cloud 2. on-demand access to a all. IT managers must assisting an order processing system that 35 percent of U. running remotely available from the U. The dynamic nature of these pools that 84 percent of IT managers means users can tap into additional now say their organizations rely on Cloud Clarity power to meet demand spikes — for at least one cloud application.S. 3 . which provides the for the taking. this important collection operations more agile and effective. provisioning happens without goals. Unfortunately. found end of cloud hype.S. of technologies. or by request. The following departments. fully clarifying exactly what cloud IT department. 19 percent of the Resource pooling: Applications.

server online could take months to yet IT managers can keep close tabs Measured service: Usage accommodate procurement planning. ITIL provides the discipline desks. Fortunately. Although generally effective benefits from bring-your-own-device more computing power than typically for giving users the computing power (BYOD) strategies that allow staff needed. drawn from the cloud for clear testing. Software resides in private or public data centers. plagues organizations. resources to a minimum. ITIL defines a services traditional desktop and notebook so as more organizations embrace management approach to IT. whether end users are at their framework that can make processing strategies. IT departments work through lengthy procurement. anytime availability of strategy. means those employees have all the expenditures and keep underutilized In the past. responding to a new opportunity. And the consequences could such as the IT Infrastructure Library data about costs. connect users to cloud resources. ITIL provides the operational expenses more accurate. anytime access and their underlying infrastructure. such as the IT Infrastructure Library to applications. on the road or working from capacity available in near–real time. which is a systems to tablets and smartphones. also dovetails nicely with cloud power. making budgeting for client or user. cloud. and guidance organizations need as a home office. traditional client–server approach often as personal and professional gear. In the past. Clouds provide similar they transition from traditional IT flexibility in the choice of client hardware Foundation for Innovation environments to a cloud future. from a variety of client devices. the mobile devices to serve double duty resources sitting idle much of the time. For example. Depending on the individual cloud proves too rigid for the fast-paced Anywhere. promotes anywhere. demand. service-level be painful — too few resources could (ITIL) and the VCE Vblock Infrastructure performance and consumption result in poor service to an important Platforms. self-service resource need as they transition from traditional networks provide the pipelines that pools overcome these problems by IT environments to a cloud future. implementation and The rise of governance frameworks. data and processing The result is a new computing (ITIL). also dovetails nicely with patterns. the ripple This and many other resources are becoming available for organizations seeking guidance in the cloud. For example. Software resides on client computers. they’re also adopting other new key first step for cloud implementations. on security and data management. Enterprises must support different versions of Users can access mission-critical software applications for PCs and mobile devices. capabilities. drive down idle or underutilized resources. that tied users to dedicated hardware. typically without IT department intervention. services available from a central repository. To boost computing power or roll out new capabilities to New or expanded services can be provisioned on users. which left expensive high-end they need most of the time. or a costly delay in cloud strategies. discipline and guidance organizations Broad network access: High-speed Dynamic. some organizations it was necessary to prepare for storage resources and network are finding concrete operational temporary demand spikes by installing devices. chapter 1 GAME CHANGER: HOW the CLOUD IMPROVES OPERATIONS The Traditional Way The Cloud Way Individuals and workgroups rely on dedicated Users access shared resources that exist as hardware. Overprovisioning of computing capabilities is Dynamically allocated pools of hardware and software necessary to accommodate demand spikes. This breaking the ties between applications The rise of governance frameworks. storage and software resources.  4 . Rapid elasticity: Quick rightsizing Break from the Past effects of today’s more mature cloud of IT resources helps eliminate the Cloud benefits represent a clear technologies are providing a foundation costly overprovisioning that often break from traditional IT operations for other emerging IT developments. provisioning and implementation processes. monitors meter resources being purchasing. an IT department can world in which processing demands enterprise resources via the cloud reduce or even eliminate capital increase without much warning. by accommodating everything from IT innovations don’t arise in a vacuum. bringing a new resources they need on their devices.

In fact. which is why cloud computing Instead.) better or worse than another. (See Chapter 5 cloud. inside-the-firewall private clouds. Cloud computing appeals to Private Clouds in a multitenancy arrangement. chapter 2 Four Deployment Options Efficiency as a Service Client Flexibility Choosing the Right Cloud How to pick the right model and platform before migrating a single file. maintains close control of the is reduced costs: Multiple tenants Second. it can or in some cases an outside service The main draw of the public cloud make data centers more efficient. foot the bill. privacy. applications and storage systems. First. but the smaller size and and clients typically share resources shared interests of a community cloud 5 . they draw on a pool of shared resource scalability. None is inherently shock of moving hardware. two fundamental (if conflicting) goals enterprise’s internal IT department. fairly similar to share the costs of the underlying capital investments and ongoing how a traditional data center operates. who nevertheless enjoy goals with a one-size-fits-all cloud provisioned specifically for them. A large numbers of public cloud users service provider manages a public cloud. efficiency and increased agility at a — into a diverse set of architectures Private clouds help avoid the culture relatively low cost. security. The result is greater has grown — and continues to evolve resources available on demand. little or no management and maintenance costs. This enterprises can mix and match cloud approach also helps calm uneasiness Community Cloud options to serve the needs of individual about trusting third parties to handle A public cloud variation that alleviates workgroups and departments. which organizations big and small primarily Private clouds tend to be the least means they use compartmentalized because of how effectively it addresses disruptive of the options available. availability and multitenancy concerns is the community regulatory compliance. (Chapter 6 offers a and service models.) of organizations with similar needs share The first step in choosing the right a common infrastructure — and the cloud solution is to understand the Public Clouds associated costs. similarities and differences of the Public clouds are the flip side of The savings may be less than when four primary deployment models. unprecedented levels of IT service and solution. it simultaneously cuts upfront computing resources. in which a relatively small number Four Deployment Options for a detailed look at private clouds. within IT departments. infrastructure. applications and data offsite. The difference is that workgroups infrastructure investment is required IT managers can’t accomplish these don’t use hardware and software of users. An portions of the same servers. In addition. software. comprehensive look at public clouds. provider. app or system.

analyzed and used. principal cloud framework. The Infrastructure as a service delivers storehouses of information on demand options available break down into processing power. storage service catalog. scalability. cost. servers. cloud models will continue to evolve to devoting internal resources to strategic This is possible because of the solve highly specialized IT challenges. instead completely web-based clients. control. customers avoid users to access cloud services. an outgrowth expense viewpoint. Think NASA service. but potentially Client Flexibility of client virtualization trends such as troublesome in terms of flexibility: Flexibility is at the core of all these virtual desktop infrastructure. users access IaaS users don’t directly control or faced with analyzing flight information applications hosted within a service have access to the technologies running in real time during and immediately provider’s cloud infrastructure. and mission-critical activities. For example. wherever and whenever they need them. development share the same acronym. can benefit from this model. data as a service. storage capacity and network bandwidth as on-demand services. languages. but to do so using center investments to do so. an online tool for finding systems and network resources. performance.” massive influxes used option is software as a these components. PaaS offerings IT departments can expect flexibility reside either within an organization’s go beyond delivering a prepackaged to expand further with the evolution of data center or at an external site. of information that must be quickly absorbed. they tools and database support. with little or cloud choices — the ability of users to DaaS lets IT managers rely on service no opportunity for customization. which mixes and matches or use the solution’s programming IT resources. PaaS made available from a public cloud gives users control of the specific The DaaS Duo to weather a demand spike. the cloud following a mission launch. in the offsite infrastructure. But they highlight how services to a third-party provider and clients. which separates physical hardware 6 . public environment to create new solutions. cloud. As with SaaS. offers IT managers must also decide which Infrastructure as a Service users a method for tapping into large services to migrate to the cloud. DaaS. The other new service model is That’s good from a capital desktop as a service.or midsize organizations’ anywhere and anytime there’s a secure reducing the need for in-house data limited budgets and IT staff obviously network connection. the community option can platform as a service. perform quite different IT services. security and Platform as a Service from computing resources such as compliance fears. desktop clients the best elements of private. and provisioning available services. Efficiency as a Service The first. capabilities of their applications as The best cloud deployment model long as the in-house development Two emerging service models have joined will depend on several factors. With SaaS. PaaS and IaaS options. it therefore welcome tool for enterprises that must The most mature and widely can avoid new investments in handle “big data. A core plotting final seasonal orders from or the underlying infrastructure of component of most IaaS offerings is the suppliers based on Black Friday sales. or Wal-Mart Users don’t own the applications provider manages these. For now. security tools. This Applications come as-is. Small.  an enterprise may run a private upfront provisioning costs and cloud for day-to-day operations but ongoing expenses for infrastructure contract for additional resources maintenance and management. including staff is comfortable with the PaaS the familiar SaaS. Browser providing the entire computing platform interfaces will ultimately be the only Hybrid Cloud and solutions stack. operating systems. tablets and smartphones. interfaces. not only access important resources providers to manage virtual desktops. application via the cloud. This form of DaaS will likely be a Software as a Service As an organization grows. This allows technology that users need to connect There’s also the hybrid cloud enterprises to run custom applications their chosen hardware to sophisticated model. Large many types of devices. chapter 2 can mitigate privacy. Similar to a private A step up in cloud sophistication is operating systems and applications. provider’s choices for programming Although the names of both newcomers security and service requirements. Endpoint devices Both DaaS options are so new that enterprises can also benefit from can range from traditional desktop and at present their widespread appeal is this approach by offloading routine notebook computers to diskless thin hard to gauge. three categories. remain the most common way for and community clouds.

Shifting how organizations can solve them IT shops can acquire the services to third-party cloud providers relieves with the right cloud strategy. 1: Continuous Investment Outlays Problem No. many enterprises have management and end users on board. they may budgets. 3: Innovation Stymied by Routine Tasks Problem No. But supporting these poll’s respondents also say they saved for the services they use and can even requests in traditional IT environments an average of 21 percent in annual costs fundamentally alter the role of the IT requires ongoing investments in new by migrating applications to the cloud. department. As IT departments evolve hardware and software. 1: Continuous For example. organizations find themselves clouds can lower the risk of making transform from a cost center to a revenue making hard choices about which the wrong decisions about promising unit with profit-and-loss responsibility. 2: Inefficient Use of IT Resources Problem No. than gamble on a capital investment. Organizations can also gain better Problem No. 52 percent of IT insight into their IT-related costs Investment Outlays executives participating in the CDW through the use of monitors that are a IT departments are under constant 2011 Cloud Computing Tracking Poll cite staple of both public and private cloud pressure to implement new services reduced capital expenses as one of the models. But before embarking expenditures by avoiding investments that offer the most innovative on an ambitious cloud strategy. and clouds) increases the chances that generate higher levels of heat. delay or shelve entirely. 5: Underutilized IT Expertise Problem No. IT in additional on-premise hardware services at the best prices. 4: Slow Adoption of New Applications Problem No. IT enterprises acquire and deliver IT The Solution: Reduce capital managers can choose cloud providers resources. Metering allows for accurate to support the core missions of their top benefits of their cloud strategies. Instead. 6: Growing Security Demands Scenarios Where the Cloud Delivers Cloud-driven solutions can address a variety of network and system problems. contract Cloud technology also offers some potential benefits they can achieve. 7 . these advantages to bring senior that’s easier to justify. to become service providers. chapter 3 Problem No. they need at costs that are in line energy demands and reduces utility bills. Rather a fundamental change in how to prioritize. with their current budgets. managers need a clear idea of the and applications. For example. for cloud services that are paid important ancillary financial benefits and they must be able to communicate for through operational spending not directly tied to capital expenditures. The chargebacks to individual departments organizations. In an era of tight In addition to cost reductions. Cloud computing represents potential initiatives to fund and which but unproven technologies. The diversity of cloud computing seen their power and cooling costs rise One way to make the case for options (ranging from internal private significantly as traditional data centers cloud computing is to focus on six clouds to pay-as-you-go public grow and more densely packed servers long-standing IT challenges.

available within hours. IT Resources Elasticity. public cloud providers dedicate significant staff time to implementing the latest software upgrades and infrastructure enhancements. Read about how two businesses are making use of cloud technology Problem No. and storage arrays. often because enterprises For example. tablets. implement and support these demands in a timely fashion. Access to innovative technologies isn’t the only benefit. IT shops can use cloud services to handle the Stymied by Routine Tasks most complex demands and retain a core IT staff. they have more time to work on strategic initiatives that Many Paths to the Cloud can result in operational and organizational improvements. Unfortunately. via private or public clouds) instantly delivers enterprise- The Solution: Dynamic scalability available class applications for calendaring. 2: Inefficient Use of The Solution: Clouds offer flexible support for new apps. whether they’re periodic demand spikes. scalability and self-service access to on-demand Most traditional data centers suffer the resources in the cloud let IT shops quickly respond to unnecessary costs of underutilized servers changing requirements. e-mail. devices. Problem No. 3: Innovation the data and social networking tools. chapter 3 goes to “keeping the lights on” — slang for maintaining existing IT systems. who can quickly adopt technology advancements even as internal IT budgets shrink or stay at existing levels. 4: Slow Adoption of New Applications in this case study: IT managers face constant pressure from users to support new applications. Case Study Because IT teams spend less time handling routine maintenance tasks. effective resource utilization. 5: Underutilized IT Expertise rather than stockpiling extra components. an IT administrator can use public current operations in traditional IT environments. routine tasks cloud capacity to avoid delays when rolling can inundate highly trained (and highly paid) technology staff. file sharing. IT managers can quickly draw from a shared resource pool. Because so much time and effort goes into maintaining Similarly. collaboration software (available as a service most of the time. including mobile. the IT department simply infrastructure to the cloud can relieve maintenance draws capacity from an infrastructure as a and management burdens. a process that can take weeks The Solution: Moving portions of the IT or months. Similarly. This essential differentiator creates a ripple effect that benefits cloud users. self-service cloud-based portals give mobile purchase excess capacity in anticipation of workers access to essential business services. social networking and web conferencing. this using notebooks. The Solution: In an age of specialization. out new services. instant from cloud architectures can ensure more messaging. What about the remaining 30 percent of the budget? That’s all that’s left to fund innovation and strategic projects that might give the organization a competitive edge or allow it to provide better services. smartphones or traditional desktop expensive excess capacity remains idle PCs. Problem No. Instead of provisioning As a result. collaboration CDW. Traditional IT environments and tight IT budgets make it difficult to quickly procure. or even minutes. The internal Technology research organizations team can then focus on strategic initiatives and managing estimate that up to 70 percent of IT spending any traditional environments that remain in the data center. allowing the organization service provider for on-demand services to use its internal staff more strategically. 8 . This also reduces the need to train staff or hire additional personnel to handle the growing complexity of systems in Problem No. enterprises don’t take full advantage of IT expertise and implementing new servers and storage to develop new efficiencies and improve operations or services.

4239 CDW’s Complete SaaS Portfolio Software as a service (SaaS) providers offer many office productivity  |  800. increasingly sophisticated technology service management. the CDW cloud solutions catalog more challenging than ever.  9 . Software Asset Manager (subscription IT security professionals may want to consider service) offers these capabilities along establishing a unified access management with visibility to all IP-addressable scheme. as IT shops allow access to cloud-resident Manager: Software License Manager (a free applications. as well as customer relationship management. which typically hardens passwords as well). they need to effectively address service) keeps track of software licenses user authentication and identity management. written into the familiar Microsoft Office desktop suite service-level agreements (SLAs). such as Exchange In addition. they’ll need strong assurances. and Office Live Although clouds can relieve some security Meeting for web and video conferencing. sharing. organizations may need to tighten up Online. instant messaging and often find their overall data protection levels improve. But as complexities includes the following SaaS applications: and threat levels increase. existing security and perhaps add additional layers to match the service provider’s measures. e-mail and human resources management solutions.800. • M icrosoft Office 365: This package combines First. Office Communications Online By relying on cloud security experts. burdens. and collaboration tools consisting of The Solution: Competitive pressures force cloud Exchange Online for e-mail and calendaring. must be integrated into a unified protection strategy are just a few reasons why IT security is For example. providers to maintain the highest levels of security SharePoint Online for portals and document with up-to-date architectures and in-house talent. The When making use of multiple cloud services. IT security team can reduce its management burden (and also the number of passwords in use. collaboration services. enterprises still need to do their part. CDW. with options available for New threat profiles. including word processing and spreadsheet programs. calendar. spam cybercriminals and complex technologies that filtering and intrusion prevention. organizations for presence. For • CDW Software License and Software Asset example. that unauthorized with online versions of communications and users cannot gain access to their data. IT managers find it ever • M icrosoft Business Productivity Online more difficult to fund security efforts and maintain Standard Suite: This is a set of messaging the requisite expertise among their staffs. peer-to-peer audio calls. and versions plus start and end dates. Through a single sign-on approach. the hardware and software on the network. Users typically access SaaS applications via a web browser or other thin client interface. SharePoint Online and Lync Online. 6: Growing Security Demands more common. New back-office applications geared for IT departments are also becoming Problem No.

start by moving to an on-demand approach to creating a multiyear plan to identify IT services. requires a healthy dose of upfront planning and adhering to best practices Prepare for Pushback when it comes to implementation. for their organizations. it represents the IT team work closely with senior a significant shift in how people executives. So what does it take to launch a cloud Cross-fertilization of ideas ensures strategy or convert a pilot project into that the cloud strategy isn’t seen as an an enterprisewide implementation? The initiative exclusive to the IT department. growing view can count themselves as part of server and storage inefficiencies. Change IT department and the organization’s management hurdles will arise when business units. it’s important that the IT department. and early buy-in can help and prioritize applications and create a culture able to take on those services that will move to a private hurdles and adjust well to change. according to the But achieving any of these benefits CDW 2011 Cloud Computing Tracking Poll. and a slim but sensible majority. 10 . To do that. Although IT staff may be the best Why? Because cloud computing is ones to sketch out early milestones not only a fundamental change for and timelines. department managers access technology to do their jobs. including antidotes Enterprises that take this long-range to rising capital expenditures. first step is to view cloud computing as which is essential for buy-in from top a long-term undertaking for both the management and end users. and other influential staff members. chapter 4 Prepare for Pushback A Virtualized Foundation Help with Governance Trigger Events A Map to the Cloud What it takes to begin a ramp-up to cloud services Cloud computing has a lot to offer or public cloud environment. Fifty-one delays in bringing new technology percent of cloud users say they’ve innovations to users while those defined a five-year technology roadmap innovations are still new. today’s enterprises.

physical server ratio is possible in resources with other workgroups or Virtualization provides a foundation theory. Once IT because relying on third-party service dynamic provisioning of workloads administrators virtualize storage. This requires combing through invoices and budgets for capital and operations spending that documents hardware investments and fees for software licenses. One of the two primary reasons. CDW. associated data from end users’ physical enterprise is not strictly a technology Virtualization has become a devices. Next. that handle implementation and 40 percent of server infrastructures are Increasingly.4239 No Shortcuts: Calculating Cloud TCO There aren’t any easy formulas to help organizations determine the total cost of ownership (TCO) for new cloud projects. estimate the unnecessary capital and operational expenses associated with underutilized or excess resources common to traditional IT environments. on their minimum requirements at these teams of cross-departmental Many enterprises are well versed in any given time. 11 . Finally. they providers takes away their direct control that are at the core of the cloud can create shared volumes and use thin over how services are delivered. storage among multiple users based work through any initial cultural hurdles. It may take time for a multiyear cloud plan to present a clear cost advantage over the current environment. This lets IT departments venture. Don’t ignore downtime associated with upgrades and routine maintenance or the opportunities lost because of delays in adopting technology innovations. Tech analysts predict turning their attention to desktop that percentage will continue to grow virtualization. But organizations ready for a long-term commitment will see the numbers move in their favor through more efficient operations. but no managers may balk at paying for IT the tight bond between hardware and less significant. Profile the existing environment. service and support activities. mean better capacity management permanent steering committees According to industry estimates. 1. client and application. the IT department will need to successful data center technology for centrally manage and deliver desktop do a fair amount of prep work. Second. Also factor in facilities costs. estimate how the switchover to a services model and the resulting cultural changes will affect staff productivity. Fewer dedicated disks representatives should make up server and storage virtualization today. the shared pools of resources and benefits in cloud environments. including power and cooling. fold in related expenses for IT personnel. exists in traditional IT environments. Finally. storage. First. IT managers must spend time researching their expenses for current IT operations and comparing that information with comparable cost data for launching and maintaining a cloud environment. model. Gather similar statistics for the proposed cloud project. Subscription rates for a public or hybrid cloud solution can come from a service provider’s proposal or industry estimates available from market research firms. lessen ongoing operational costs. Other for cloud services because it breaks numerous variables. upgrades. But don’t ignore hidden costs that exist for cloud services. already virtualized. it enables environments from the data center. Instead. Evaluate investments for hardware upgrades and any virtualization work. increased productivity and greater agility. organizations are governance issues going forward. 2. A 20-to-1 virtual server to heads may initially balk at sharing throughout the  |  800. and routine maintenance. applications and Although rolling out cloud across the security concerns about virtualization. 30 to and optimized storage utilization. Here are two helpful starting points. which separates A Virtualized Foundation as organizations shed management and operating systems. Cloud projects can benefit provisioning technology to allocate disk In addition to helping organizations from virtualization at all levels: server. Here are some examples of biggest technical pushes will involve the large-scale consolidation of physical typical cultural fallout: Department adoption of virtualization technologies servers. server virtualization services (in the form of chargebacks) associated software and data that can slash IT capital expenditures and that in the past appeared to be free. but ratios vary depending on with strangers in public clouds.800. Even IT administrators aren’t immune It’s an essential first step to creating Storage virtualization offers similar to some cloud-induced discomfort.

As with desktop approach to IT and can be integrated SAN Volume Controllers and IBM virtualization. governance resources built on fully redundant Cisco from one another and underlying exist that embrace a services storage area networks. self-service cloud practices that aid the transition to and alert users of backup errors. Establish trust zones: An additional way to mitigate inter-VM threats is through the use of virtual security software that creates trusted network segments. Data encryption: Encrypting data is essential for protecting sensitive information while at rest or when traveling to and from private. maintain processes will lay valuable groundwork ITIL offers service delivery best offsite copies of data. systems and apps an organization of ITIL resources can help implementers CDW can install and configure any has. they face a host of new security challenges unique to these environments. public. hybrid or community clouds. a successful initial implementation of Similarly. IT administrators should also consider using proxy servers that intercept sensitive data for local delivery rather than via the cloud. 1. among high-performance. no the enterprise. desktop Help with Governance CDW IaaS: virtualization eases upgrades. IBM Storage operating systems. organizations need a solid governance framework to ensure and Backup matter the client being used. place security controls within virtual servers to harden them individually on the same physical host. planning. computing environment. primary a central console. Also. patching and policy enforcement. dynamically provisioned services. IT shops and cloud providers will need to standardize on the cloud-specific security technologies. These segments group VMs with similar trust levels and let IT administrators monitor VM-to-VM traffic and enforce security policies. virtual instances also means that no Infrastructure Library. Here are four areas to focus on. 4. Hybrid cloud challenges: Organizations need to upgrade security in any private cloud segment they manage to match levels in associated public cloud services they procure. 3. The extensive list IBM tape and disk infrastructure. as-you-go data storage capacity virtual services that run in isolation Fortunately. Hypervisor security: Traditional firewalls and intrusion prevention systems (IPSs) cannot monitor traffic within the virtualized environment. IT staff can manage into an organization’s processes disks arrays. for identifying. 2. For IT administrators. Because cloud computing is a long- term initiative with an influence across Data Storage For users. it supports access to needed IT services and data. which can ensure that IT administrators follow the organization’s policies and track their actions in a central repository as they create and deprovision virtual 12 . chapter 4 4 Four Keys: Securing Virtualized Assets As enterprises increase their use of virtualization and gradually adopt cloud computing. Users can choose each app’s virtual instances from for managing cloud technology. to secure the hypervisor. the central control center for virtualized resources. required backup software. Isolating apps as One of the oldest is the IT storage and archival solutions. Organizations need to use a combination of configuration and management policies. delivering and Tivoli Storage Manager and an Regardless of how many end-user supporting IT services. application virtualization their cloud services and a method for CDW’s IaaS portfolio includes pay- turns physical applications into managing these services over time. easing deployment and migration in a wide range of cloud areas. and monitor for a dynamic. It supports change management. including virtual firewalls. a set of guidelines CDW backup service uses the IBM two will conflict with each other. plus specialized hardware and software tools.

sets of pretested applications or services will likely recoup Options range from advanced virtualization. initial candidates. computing. the Open Group often need to spin up a test bed to and establishing a cross-functional Architecture Framework offers evaluate a new software or service steering committee.  Its Cloud Computing Work Group IT managers can build on early is now developing a secure cloud pilot successes by demonstrating 13 .800. in multitenancy environments. Programmers By promoting early achievements Finally. a consortium new business process or an expansion help relieve the burden of formed by Cisco Systems and EMC. day-to-day maintenance. security and management from a move to the cloud. These Services transitioning to private cloud can include large-scale hardware or CDW provides several levels infrastructures may also benefit from software upgrades. monitoring and patching of VCE created Vblock Infrastructure IT staff need to determine what types of virtual and physical servers. ITIL guidelines for IT service architecture based on open systems. with of the organization’s activities. technologies. VCE also offers open candidates will also include services application programming interfaces for in the organization that must scale building capabilities according to ITIL rapidly or require variable workloads. an organization IT managers a methodology for and then swiftly reconfigure that will lay the groundwork essential for a designing enterprise architectures. Likely availability management. When it’s time to take that first step.4239 machines. the fastest returns on investment performance monitoring to full storage. investments from Intel and VMware. and chargebacks and metering development department are good without racking up new capital costs. networking. CDW. catalogs will also let technology CDW IaaS: managers determine which of their services are best provisioned Trigger Events Particular situations or “trigger Managed from a cloud self-service portal. gradual rollout of its cloud strategy. how one department benefits from guidelines for service catalogs. tiered Activities in the application dynamically allocated services  |  800. Organizations looking for help events” may induce an enterprise to start down the cloud path. Platforms. environment for their next project. the need for a of managed services to the resources of VCE.

for an organization. IT normalcy. 22 . A re you prepared to give users organizations still need to overcome the autonomy they’ll expect? cultural reticence because the cloud Q uick provisioning of IT resources concept challenges some users’ ideas of should be available to end users. storage resources and accounting and legal departments might dedicated network bandwidth. This familiarity may be important even considered. multitenancy For example. there are many other to managers and end users who questions that need to be answered about aren’t ready to trust outside service whether a private cloud is the right fit providers with important applications. But before this concern is firewall. Another attractive facet of private Is a Private Cloud the Right Choice? clouds is that IT departments have First things first: IT managers need likely already laid the foundation to honestly assess their enterprise’s for this computing model through private cloud readiness. chapter 5 Is a Private Cloud the Right Choice? Design Checklist Build with Care Migrating to the Cloud Management Guidelines The Private Cloud Reaping the core benefits of cloud computing while keeping precious assets secure. data and performance promises. Internal private clouds deliver on much run in the same virtual pool as programs of the cloud vision. The answers to widespread use of commodity x86 server five particular questions will go a long hardware and standardized operating way toward making that determination. pay-as-you-go pricing and staffs. systems and software platforms. For example. 1. unprecedented levels of scalability. Having to address these types And they offer an additional advantage: of concerns can leave IT managers There’s a comfort factor that comes wondering if creating a private cloud is with being inside the organizational worthwhile. That idea may unnerve some users. developers may rules are integral to fully realized private decide they need four virtual clouds. But even with these advantages. including on-demand for the facilities and human resources resources. meaning that applications for the machines.

administrators to manage and optimize cloud Organizations that follow ITIL guidelines for IT service delivery and application performance. I s the organization ready to charge IT usage fees? provides the underpinnings for the pools.  is process also serves to increase awareness Th among departments and users of the true costs  e goal is to have automated processes available Th associated with IT services. Other options include using products that and-stick incentives to change their habits. train and coax machines to virtualized storage should the need arise. Keep in mind that for mapping virtual-to-physical resources and while metered usage is part of the formal cloud for helping resource managers gather and deploy definition. technology because it abstracts and aggregates data center resources. it’s on the fly to fit their needs. Virtualization is a cloud-enabling long way from fully embracing automation. If the IT department time to examine the existing infrastructure in detail. choice. they’re often a in private clouds. Because of this. H ow far is the enterprise willing to take automation? with chassis filled with blade servers. the organizations will probably find that they have some cloud time may not be right for a private cloud. then appropriate functioning private cloud. CDW. deploying E xtensive automation is important in a private storage area networks (SANs) and boosting cloud for a number of reasons. as necessarily an internal private cloud deal-breaker. the environment. • Dynamic resource pooling: Many organizations rely on Although many organizations have started virtualization as the foundation for resource sharing weeding out manual processes. the easier it is for IT deployment and maintenance capabilities. the focus of design and development efforts 2.4239  successful private cloud will make these A Design Checklist resources available via a self-service portal If all of this cloud questioning indicates that the where users provision and size the capabilities enterprise is indeed ready to launch a private cloud. staff members to accept a model built on shared services? The challenge is that most users like  irtualization may be a go-to technology for V the idea of having their data on dedicated servers dynamic resource pooling. H as the enterprise sufficiently standardized will vary depending on where the organization stands on its procedures? each of the following pre-cloud technology requirements. yet fall short in other areas. enable rapid reprovisioning or high-performance computing clusters in which excess capacity 5. currently use to orchestrate resource assignments whenever new service requests materialize. building blocks in place. Th e cloud’s pay-as-you-go nature means organizations can bill or at least track and report on • Resource management: Automation is the watchword the use cost of IT services. but it’s not the only and storage systems and may require carrot. the more efficient and cost- effective an internal private cloud becomes. in a highly virtualized data A sked another  |  800. is the IT department and senior center.800. For example. Most can’t deliver on these expectations. turning them into logical pools shared 4. well as storage and network resources. the systems operation. failure to charge for that use isn’t operating system and application images. Therefore. The more smoothly network bandwidth by migrating to 10-Gigabit IT managers can move workloads throughout Ethernet (10 Gig-E) network links. service management are more likely to be able to answer this question in the affirmative. 23 . If an IT shop chooses when it comes to managing resources in a fully to initiate a chargeback approach. IT managers metering and tracking software will be part should work to replace any manual processes that they of the cloud’s deployment requirements. W ill end users willingly share resources? among users. O ne way to know if an IT shop has reached this stage is whether or not it has an architectural • Consolidated infrastructure: The more streamlined framework that supports standardized operating. a workload could easily move from virtual management ready to educate.  e IT department can accomplish streamlining Th in these areas by consolidating server hardware 3.

• IT service management: The widely used ITIL Nevertheless. processes and service policies. Some organizations matter what changes take place on the back end. • IT expertise: Private clouds need the support of IT talent that’s well versed in virtualization and cloud concepts. 24 . IT shops considering migrating applications with large data sets to the cloud need to guard against such performance degradation issues. users select the service requests based on a range of factors. absence of a service governance tool. One answer: Move end-user clients into the cloud. Typically. demand and performance management. chapter 5 • Self-service interface: Private cloud users should I n addition. Increasingly sophisticated hacking techniques require enterprises to continually invest in personnel and technology to protect their digital assets — a requirement that can be mitigated by finding an outside cloud provider with a staff of security specialists. • Data management: Data sets may be so large that they overburden available bandwidth on some network segments. operational without having to also request the back-end policies and scheduled service demands. Hiring these workers and keeping their skills tuned can be expensive.” Ideally. Private Private clouds aren’t for everyone. chargeback and reporting. I n addition to choosing specific applications from the catalog. monitoring service health. and implementing metering. may not be ready for this level of chargeback at the time they launch a private cloud. but risks remain. • Security: Keeping IT resources within the confines of a private cloud may sound preferable to sending sensitive data out to a public cloud. applying capacity. such as implementations charge departments for the “high speed” or “high availability. Any interruption in these pipelines can bring operations to a Gotchas standstill. High-speed network (think 10-Gigabit Ethernet) and broadband Internet connections are a must. In the resources required for supporting that service. configuration. including creating determine how to use resources efficiently. experts suggest it’s good framework is a good starting point for essential practice to meter service use in order to best private cloud best practices. building the services catalog. Here are some concerns to address before making a move: Cloud • N etwork connections: The weak link in cloud performance is the reliability of network and Internet connections (for hybrid clouds). IT shops will need to handle this orchestration manually. These services they need using an IT services catalog — can include service-level agreements. users should be able to select • M etered service: Most mature private cloud desired performance characteristics. the services they use based on pricing published self-service interface would remain consistent no in the IT services catalog. such as IT service delivery and multitenancy. an internal private cloud requires be able to access services from a self-service a program that acts as a service governor to portal in a manner that meshes with their roles dynamically optimize available resources against in the organization.

Private in developing private cloud solutions for their particular IT environments. and tested hardware and software variety of factors. cloud. ranging from legacy Conversely. There is an option and budget that can bridge the best of these two cloud worlds: hybrid clouds. application’s interface. even slowly.4239 Private Cloud Variation: The Hybrid Cloud Is hyperscalability on your IT wish Getting Started list? Then a private cloud infrastructure CDW account managers and certified specialists can assist organizations might not be the answer. easy- monitoring and network management can build the cloud gradually by to-use interfaces. clouds are far more scalable than a The CDW approach includes: traditional IT infrastructure. configuration and deployment of the chosen solution public cloud service when demand • o ngoing product lifecycle support spikes or other challenges arise. In general. IT and this heterogeneity. consider using new technology acquired boost efficiency. self-service interface and usage-based First and foremost among Build with Care billing as time and resources permit. The trick is to determine workloads that will run equally well in either type of environment. in turn. requirements a public network. The continuous rate of integration hassles inherent in weaving its readiness for an internal private change to the interfaces can prove 25 . consideration criteria is cost- With design goals in place. designs and proof keep the core of its cloud resources of concept in-house while allowing it to tap into the nearly unlimited resources of a • p  |  800. hybrids let an enterprise • d etailed vendor evaluations. It’s more likely to run in that environment. recommendations. apps that require high bundled with cloud components. a shouldn’t require massive scale-out. it must decide which of its to lock down security controls but they’re not always practical given applications will be most appropriate so that service can burst into the real-world constraints. In addition. cost. creates a variegated infrastructure — route. but not as much as a cloud service offered from • a n initial discovery session to understand the goals. public cloud without a delay. they tools are adequate for managing the expanding virtualization and then should run on standardized platforms private cloud infrastructure. automated resource management.800. and they shop may need more specialized tools. the IT organization must be able together mismatched legacy products. The more consistency out the private cloud is the next bringing technical staff and users up to that can be built into a cloud service in a step. apps with similar SLA requirements. the more cost-effective will craft their cloud from scratch their ability to improve IT agility and that service will be. if organizations take that infrastructure. • a n assessment of the existing environment and definition of A combination of private and public project requirements deployments. and commodity hardware. scalability practices and budgets. there are “cloud in a box” is a considerable challenge. But building a private cloud Supporting a large range of SLAs Today. To do so. drives up solutions that offer preintegrated administrators will need to address a deployment and management costs. The IT introducing dynamic resource pooling. IT departments speed with cloud environments and private cloud. Migrating to the Cloud suitable for deployment in an internal From-scratch clouds avoid the Once an enterprise determines private cloud. Additionally. CDW. The most application performance. that IT managers will find themselves IT managers should evaluate cloud The IT team also will need to using legacy infrastructure as a suitability by first considering each determine whether its existing foundation for their private cloud. building This offers benefits by methodically effectiveness. systems There are advantages: Organizations obvious candidates have static. applications and infrastructures to degrees of customization and are such as self-service portals. specifically for the project. continuously targeted for upgrades allocation engines and tools for and improvements probably are not automated resource management. In some cases.

• i ncreased employee productivity These tools should span both the traditional physical components and virtual environments. hardware. too. Some mission-critical apps or are planning to use chargeback mechanisms for that support core operational processes also their private cloud services should look for tools that might need to remain on dedicated resources. A service catalog. will position the in the dynamic cloud infrastructure.  As with any major IT project. maintenance and the IT environment. to think about and plan for adapting apps A goal of continuous improvement should for use in the cloud can negate the benefits underpin private cloud management practices. organizations must carefully examine both the capital and operational costs associated with building and managing a private cloud infrastructure. managers shouldn’t gloss over the Reaping the Benefits possibility that the self-service. including the private cloud management costs infrastructure. computing is only a first step. should be built upon rearchitecting to benefit from migration to interchangeable resources for maximum flexibility. right? But failure of how users will consume the services. IT organizations that have instituted self-service model. chapter 5 too taxing for the dynamically provisioned. of the elastic nature of cloud computing IT managers can ease cloud management burdens by (such as programs that pull information simplifying and optimizing their self-service catalogs. software. • i nside-the-firewall control over IT assets and as appropriate reach into the public cloud. The more automated Identifying legacy apps eligible for cloud this capability. It’s also wise to cull Besides understanding management requirements from the list any apps too rigid to take advantage and picking the most appropriate tools for these needs. or in some is to educate them about the long-term cases to a facility exclusively maintained by an outside benefits available from the private cloud. Organizations need to cultivate a holistic. for instance). private management framework that will make future transition to clouds require ongoing post-deployment public cloud services feasible. coupled with a flexible hardware may prove counterproductive solid understanding of end-user needs. provide real-time usage metering. Cloud management tools present • rapid provisioning of resources and on-the-fly scalability a single view for monitoring and assessing performance of physical and virtual machines as • m ore efficient use of limited IT staff well as multitiered applications and services. Finally. achieve this. the easier it will be to implement. service provider. from multiple databases. Other advantages include: management and maintenance. The antidote resources to an organization’s internal data center. providing services uniquely And any app needing modification or a full suited to the users’ needs. 26 . To of moving services to this environment. the IT staff should constantly assess The same considerations apply to legacy the performance of the enterprise’s processes. Trying quickly to changing requirements. Many organizations start to build a private cloud as an Management Guidelines evolutionary step. as well as how they’ll show ROI. It allows them to establish an IT services Like any complex IT installation. on-demand IT unsettling for the IT staff. In addition. cloud as an invaluable resource for the organization. end-to-end view of • reduced hardware. Seems obvious. less awareness of how the cloud operates. Server updates will happen as part resource consumption rates and usage trends. of the virtualization process. the cloud should be moved down on the list of The IT team also will need to develop an understanding priorities. so organizations Doing so dovetails with one of the primary benefits will likely have newer hardware migrating of a private cloud infrastructure: the ability to adapt into their private cloud infrastructure. An informed to squeeze additional value out of older. automated characteristics of a private cloud will prove Private clouds bring the concept of self-service.

such as service costs. are never caught depends on how well service providers in a resources gap if they need to meet execute their security efforts. On-demand IaaS resources from a Other concerns include fears about public cloud also let organizations scale locking data into a single vendor’s cloud back during lulls. therefore. service-level managers to maintain extra capacity agreements and vendor management. reliable and flexible. idea that multiple customers will The reasons are clear: Third-party share the same servers. applications. One of the biggest considerations and software as a service. that’s typically underutilized much of All of which means that for IaaS the time. this cloud form offers great opportunities for certain computing situations. They just dial up as clouds raise security and regulatory little or as much processing capacity as concerns that may restrict how some they need to meet their requirements. including platform as a service options. service providers deliver pay-as-you. meaning they don’t infrastructure and data formats. chapter 6 Service Options Security Concerns Sticker Shock Compliance Considerations Choosing a Provider Negotiating SLAs Migrating (with Care) The Public Cloud Secure. services securely. But the is a basic element of the public cloud infrastructure as a service model is business model: multitenancy. clear migration plans that include a 27 . organizations use this option. which have to pay for capacity they won’t could make it difficult to switch to another need. databases and storage resources. go processing power. dynamic storage Technologies exist to wall off capacity and scalable network bandwidth. IT shops must formulate closely scrutinized as they are today. And there are environments where long provisioning some deployment issues to consider as cycles for new resources require IT well. Public clouds provide ideal foundations But organizations must carefully for all types of cloud deployment evaluate the pros and cons of public cloud models. the becoming especially attractive. Contrast this with traditional IT provider if problems occur. but success IaaS users. That’s an especially difficult deployments via public cloud to be ROI case to make when budgets are as successful. Public new service demands.

Organizations development and. sales force automation and web hosting. If a user needs additional up or down according to prevailing demand. networks. their older cousins. but cloud storage’s usefulness goes far essential characteristics that make public clouds beyond that. can move entire blocks of services. is holding their addressed security concerns when organization back from adopting or further implementing cloud it moved to a hosted cloud solution: computing. The ability to provision servers from a public cloud allows the IT group to acquire computing capacity on a per- Service Options project basis (and much more quickly than when hardware Public clouds shouldn’t be confused with had to be ordered. such as web Providers also deliver a range of SaaS-based enterprise applications or e-mail. delivered. Third. accommodating high I/O so flexible. on-demand operations per second (from rich-media content or the resource allocation and freedom from having unpredictable growth of digital archives. when asked what. and it’s static. Ranking at the top is security. or fewer resources. and many maintaining and managing services for a client’s IaaS offerings give users choices in the configuration enterprise. CDW. deployment. Organizations to support a predetermined level of capacity can store production files and backup copies on a that customers have earmarked up front. IT managers can scale storage capacity customers. balancing technology and security. Enterprises can choose PaaS solutions IaaS provides a comprehensive range of services to host entire computing platforms and solution that include servers. including self-service. is another area where cloud storage pays off. Learn how an Illinois company For example. public cloud provider’s arrays. stacks needed for an application during testing. Numerous surveys conducted since the rise of Case Study cloud computing show that IT managers have a broad range of concerns that they need to address before public clouds Data Security in the Cloud become a viable option. And as with processing The capacity is dedicated to individual power. At the top of the list in popularity are online office productivity suites and conferencing services. installed and tested). out to an external cloud applications. So how much of an enterprise’s IT needs can Of course. Powering up servers on demand works well in both party providers may perform a similar role in staging and production respondents say their organizations’ management and 28 . Hosting services provide infrastructure Similar benefits exist for data storage. the host must reprovision A great deal of Web 2. What do most applications delivered via public clouds have in common? They’re often general-purpose programs that can easily move off-premises so that internal IT staffers can devote more time to mission-critical projects. The choice of applications grows constantly and and take advantage of almost limitless scalability includes everything from office productivity suites and e-mail without paying for dedicated servers and storage. to collaboration. IaaS isn’t the only public cloud service pubic clouds deliver today? The list is extensive. Security Concerns No matter what public cloud deployment model an organization chooses. Missing in this model are some of the by default. chapter 6 healthy dose of due diligence. but there’s one big difference between characteristics of the servers they’ll be accessing. for example) to accurately gauge capacity needs up front. 41 percent of the respondents in the CDW 2011 Cloud Computing Tracking Poll cite security — specifically. if desired.0 data gets stored in the cloud accordingly. load. the venerable hosting solution and public cloud including operating systems and memory allotments. For example. relying on a third-party provider carries risks. computing. according to the latest CDW Cloud Computing Tracking Poll. model. if anything. storage. hosting services.

Security concerns are understandable. but it shouldn’t be a reason to reject public clouds outright. fearing that an unintended breach or should focus on some core elements that will take a nefarious cotenant may expose sensitive information. How can IT managers bridge the gap between in a Public Cloud healthy skepticism and safe operations? By developing a security strategy tailored for public clouds. CDW. And how do the IT managers themselves feel? Almost as many (40 percent) acknowledge that they also believe their facilities are more secure than the  |  800. and multitenancy the internal security. Get appropriate guarantees if organizational policies or legal requirements mandate that resources stay within the home country’s boundaries. compliance and auditing teams is a key ingredient that providers use to make that to establish security requirements. databases and storage systems with To accomplish these dual goals. The overriding happen. But is multitenancy safe? goal isn’t just to make cloud computing more secure. Also understand whether data and applications will physically reside in domestic data centers or in offshore facilities. • Don’t go all-in: Use public clouds to support systems for information that won’t harm the organization if it’s exposed to outsiders. 29 . intellectual property and employee personal information inside the firewall. • D rill into the details: Get a clear picture of how the provider keeps technologies and security patches up to date. continue to keep nonpublic financial information. This requires The concern is valid. of applications. on new importance with pubic clouds. out of and at rest within the cloud. many start by meeting with members of attractions of public cloud services. Some IT managers balk at the notion of sharing portions organizations also must be able to audit their activities. Alternately. but one of How to Feel Secure the promises of public cloud is that offloading some IT management responsibilities to outside specialists can actually improve an enterprise’s overall security posture.4239 users don’t trust cloud data security. The opportunity to reduce IT costs is one of the main To do so. Here are a few ways that cautious organizations can feel more secure in a multitenant environment: • Trust but verify: Ask a cloud provider to document its technologies and procedures for securely separating tenants and how it will lock down the environment if someone attempts to thwart these safeguards. • Don’t view encryption as just a check-off item: Ask your security experts to evaluate a potential provider’s choice of encryption technology and how well it implements cryptography to protect data flowing into. the security team other organizations.

which can of a public cloud relationship. Will auditors be able to review a mind for many IT managers. including and Accountability Act (HIPAA) and/ mandating that passwords be or Sarbanes–Oxley (SOX) rules. some laws governing data monitoring of new hardware and Tracking Poll protection for public sector agencies software security patch releases. an Finally. IT managers should initial and long-term cost profile. again. some must be addressed by both. What the or excess capacity and the ability are available to customers. such into and out of the enterprise. the data — and how is that monitored a high level of coordination. For example. Organizations also have to potential cloud providers about An IT department will need to look determine how much they value their security strategies and at more than capital investments in other potential advantages. chapter 6 detailed discussions with spent on current IT operations. to free IT personnel from daily It’s also important to identify service and support activities. And don’t make discussions would include: Where does up front if they’ll be able to work assumptions about what’s a standard the data reside? Who has access to with a potential provider to achieve or optional cloud service. focus on strategic initiatives. but the result will be encryption should be in place to cloud provider’s pricing. in multitenancy environments also identify costs for any necessary and as it passes from the cloud Compliance Considerations environment to users and back Depending on the organization. This maintain the existing environment. a provider may offer data recovery as for auditing purposes? What data part of its continuity package. maintenance activities. because some measures will Discussions with cloud providers be the responsibility of service CDW. organizations should providers that can maintain audit redouble security best practices trails to prove compliance with the that have become standard in Healthcare Insurance Portability traditional environments. monitor and control data flow Highly regulated industries. and verification requirements. internal upgrades in networking or Important questions during these IT managers need to determine security technologies. must address any government providers. Data When comparing cost data to a final answer. Get the full results of the CDW 2011 require highly sensitive information The challenge is logistical Cloud Computing Track Poll here: to be stored in domestic facilities. as healthcare and banking. time and research to determine the access cloud resources. be sure any applications determining what’s being model isn’t entirely about cutting that run in a public cloud are easy 30 . of the organization’s IT resources? for managers is accurately Remember. authenticate and regulate users and facilities (including power and Enterprises will need to devote and administrators when they cooling) must also be determined. according to different cloud options and see the are the risks associated with relying to the CDW tracking poll. but By breaking out the hard costs to provider’s overall security practices? cost follows a close second. look beyond a clearer picture of a public cloud’s protect information while stored subscription fees. it may be a costly option. But even this on a single vendor for a sizable portion of the cloud cost challenge analysis won’t tell the whole story. IT managers should also concerns about regulatory look to new data loss prevention compliance may dictate the terms (DLP) technologies. maintenance tasks so they can management controls that upgrades. need Finally. such as whether regularly updated hardware and software to determine the chance to eliminate underutilized certifications of these measures total cost of ownership (TCO). changed every 90 days and daily Cloud Computing Similarly. organization spends on IT personnel. Part likely financial impact. enterprises should address concern ranked one percentage organization can make cost comparisons one other fundamental concern: What point below security. but if protection mechanisms and disaster Sticker Shock that service isn’t listed in the standard recovery strategies are in place? Cloud security may be top of contract. others will fall on the or internal data management and organization’s shoulders. the public cloud First.

end-to-end cloud infrastructure that would operate in the public cloud IT managers also must analyze or if it outsources portions. • A ssurances. the provider handles server redundancy of normal operations or make up What follows is a checklist of for backup operations and the general occasional spikes. not enough to consider the theoretical provider maintains the complete model and configuration of the servers ratings of these network connections. for any reason. CDW. makeup of individual providers. In addition.4239 to duplicate if the provider goes dark Choosing a Provider technology implementation. associated by mistake — to another tenant’s cause the organization to have to risks and technical considerations. the the performance levels they need. Applications with issues that should be addressed. of the business plan of any potential secure passwords Any glitch in these pipelines could bring provider. Portability of data Following the internal analysis to that one tenant can’t gain and applications is essential to guard determine the appropriateness of a access — either intentionally or against service problems that might public cloud migration. may overwhelm cloud connections. understand the their traffic patterns flowing to provider uses subcontractors. multiple terabytes of information concerns of IT managers. High-speed the experience of the management security updates WAN or Internet connections are a team and the depth of expertise Server infrastructure: Before must for ensuring that users receive throughout the IT ranks is valuable. For example. are appropriate for a public cloud. If a infrastructure.800. Ask how especially large data sets will be part of scrutiny as the prime provider. data on a shared server procure cloud service elsewhere. researching into •R  egular reviews and operations to a standstill. it’s time to focus more closely on the •E  ncryption of data in transit Other concerns center on nuts-and. determine whether the IT team should determine the make. these provider’s replacement procedures for the public cloud to determine if partners need to pass the same level failed or problematic machines. Also. A prime consideration is the •F  irewalls at the network perimeter using an outside service provider provider’s viability as a company. backed by Information on how quickly storage What Works Well in the Public Cloud? The following service offerings have proven to be good fits for the public cloud: • H ighly scalable processing power • Testing and development platforms • Scalable storage for production and backup files • General-purpose and noncritical applications • Storage for digital content that requires high input/output operations per second 31 . geographical regions and environmental intense I/O computations moving Security: Given the ongoing conditions that exist in these locations. It’s as well as on host servers makes an organization completely important to get a thorough explanation •U  se of authentication and reliant on its network connections. setting a deal for cloud  |  800. competency Storage systems: As with servers. in this area will be a chief factor in public cloud customers should have Organizations should factor in the selection process. It’s Also. The following a clear idea of the types of storage performance considerations such as security protocols need to be a the provider uses and the technical these when deciding what services part of any service agreement: reasons that led to these choices. and at rest bolts technology issues.

For example. whole or does it cover each individual machine? IT organizations usually can expect SaaS • H ow often will downtime occur for scheduled deployments to be fairly routine. and at what cost. be sure to get details on frequency. What types receive service credits? What are As with any IT deployment. chapter 6 can be added or removed. all that’s left is moving the remediation options when service levels fall short. After all. Depending • H ow quickly will the cloud services be up and running? on an IT organization’s capabilities and the • H ow quickly can service levels be adjusted nature of the procured public cloud services. Unfortunately. It’s better to know this answer the following questions: before the migration than after. Will users have access to cloud services via a web front end or some other sort of client interface? Should the provider’s back end change. it makes sense to the redemption procedures in each case? ramp up migration. Dig into hosting candidates’ backup procedures. organization’s data to the provider’s infrastructure. But porting • W ill the provider accept an exit clause allowing data and on-premises applications to a cloud termination of the contract without penalty infrastructure will typically be more difficult. As in the case of recurring incidents? part of a migration plan. evaluating services for hiccups • H ow will reports analyzing performance against and making adjustments as needed. will that be transparent from the user perspective? Support: In the cloud. Promises don’t IT managers should make sure that their SLAs always meet reality. with applications maintenance. and how will disruptions be scheduled? quickly becoming ready for use. Backup and recovery: Any hindrance to accessing data in the cloud is not acceptable.  32 . IT shops must test the evolving area in cloud computing. an organization may require advanced support as well. Sticking points include scalability of the infrastructure as well as its how best to assign accountability for problems. is also vital. The SLA sets performance guarantees for Once cloud choices have been finalized and the procured services. location and mean time to recovery. The agreements also spell out an SLA approved. But one thing agreed-upon metrics be provided (and how often)? is certain: The potential points of failure will be • H ow will the cloud be monitored for fewer (if nearly nonexistent). on-demand responsiveness. as use demands rise and fall? assistance from the service provider during • Does the SLA apply to the infrastructure as a the migration process may make sense. an IT organization may • W hat types of service problems result in refunds? need to call on its provider to help optimize apps. that’s a chief regulatory compliance? reason for making the move to a public cloud. Depending on application requirements. Monitoring: Organizations should expect continuous monitoring along with automated alerts. SLAs remain an immature and still Before the migration. real-time dashboard visibility into provided services and access to performance statistics and trend analyses. support from an experienced staff with broad expertise needs to be available 24x7. will the cloud provider help in porting data and applications to its cloud? Negotiating SLAs At the core of the relationship between an organization and a cloud services provider is a service-level Migrating (with Care) agreement. Service interface: The cloud agreement needs to provide details on the service interface.

as storage. In a community cloud. A type of client virtualization. Dynamic resource pooling notebook or tablet systems. storage. DaaS can manage files or data backups are uploaded virtual desktops and reduce the Broad network access and stored on a cloud provider’s need for in-house data center An essential cloud characteristic. It may be a multitenant model. Glossary Application virtualization based on virtualization of computing (see also desktop as a service). with different Cloud computing generally refers to managed by a vendor or other third physical and virtual resources (such a computing environment that enables party and can exist on or off premises. users with similar missions. community or public) that for internal operations. servers. analyzing remain unique entities bound together Cloud providers market trends and improving customer by standardized or proprietary Cloud providers are organizations service. infrastructure). This glossary serves as a quick reference to some of the essential terms touched on in this guide. on-demand network dynamically assigned and reassigned access to a shared pool of configurable Data as a service (DaaS) according to users’ requirements. This is one of two cloud technology. In a cloud storage arrangement. Storage capacity can scale investments supporting virtual broad network access facilitates network up and down on demand. personal which supports a specific collection of This term refers to the massing of a digital assistants and smartphones. processing or memory) convenient. several client platforms. The hybrid model enables that offer a product or platform service models abbreviated as DaaS data and application portability. DaaS providers manage large applications and services). Desktop as a service (DaaS) applications to run as virtual services An outgrowth of client virtualization in isolation from one another and from Cloud storage capabilities (such as virtual desktop any underlying operating systems. A hybrid cloud is a cloud infrastructure and released with minimal management DaaS can help organizations manage composed of two or more clouds effort or service provider involvement. such 33 . arrays. use by heterogeneous thin. resources coupled with a utility- application virtualization allows based payment model. resources (networks.or thick. These can include organizations share an infrastructure. Please note that acronyms are commonly used in the IT field and that variations exist. security service provider’s computing resources requirements. These storehouses of information that they Hybrid cloud resources can be rapidly provisioned make available on demand to customers. massive influxes of information needed (private. governance policies and to serve multiple customers using Cloud computing compliance considerations. This is one of two capabilities and their access through cloud service models abbreviated as standard mechanisms that promote Community cloud DaaS (see also data as a service). environments.

performance guarantees component computing resources. bandwidth The organization or a third party can comparing the cost of a cloud computing or active user accounts). On-demand self-service for monitoring a cloud provider in This essential cloud feature allows meeting a user’s service requirements. human interaction by the service provider. and secure cloud computing. Users can access their virtualized National Institute of Standards desktops from almost any device. network devices (typically within a Measured service refers to how cloud storage area network) that can be systems automatically control and Private cloud managed from a central console. philosophically centered on an applications created using programming organization’s perspective of IT’s languages and tools supported by the Storage virtualization contribution to the enterprise. and can be assigned (and reassigned) storage and deployed applications. processing. an agency within the U. the available resources in a network by listing of available services as well as storage. The user controls operating systems. Infrastructure as a service (IaaS) Network virtualization Service catalog IaaS provides users with the This form of virtualization combines A service catalog is a cloud provider’s ability to provision processing.S. providing transparency hosted on a public cloud failover to a cloud service for load guides aimed at promoting effective systems and applications within balancing between types of clouds. provider. Virtual security for both the provider and consumer. The user controls the deployed This form of virtualization pools applications and possibly application physical storage from multiple Measured service hosting environment configurations. usage can be monitored. that are independent of one another and provisioning instructions. This form of virtualization lets a to a smartphone or thin client. such as host firewalls. capabilities available for as a virtualized desktop on a central provisioning appear unlimited. applications. controlled or offsite. Multitenancy distinguishes Rapid elasticity Virtualized desktop computing cloud services from hosting With this cloud feature. A private cloud can also be and reported. the user. applications running on a cloud infrastructure. infrastructure safe from hackers. provider manages resources for in some cases automatically. Resource manage the cloud. as needed without SaaS lets users access a provider’s IT service management. which can exist on. to servers or devices in real time. running multiple operating 34 . databases or other IT resources. server. users With this form of virtualization. In this cloud model. the user’s client operating system. run by a cloud services provider. TCO is a metric that can be used when service (storage. in which a third-party can quickly provision capabilities. To applications and associated data run the exclusive use of a customer. Service-level agreement (SLA) and (possibly) select networking An SLA establishes the benchmarks components. users share available to multiple organizations and a provider can develop a security portions of the same servers. from and Technology (NIST) Server virtualization a desktop PC or notebook computer NIST. IT Infrastructure Library (ITIL) users to unilaterally provision computing ITIL is a globally recognized capabilities. Commerce Department. such as server time and Software as a service (SaaS) collection of best practices for network storage. networks and other segmenting bandwidth into channels their costs. services. has crafted single server take on the roles of a series of cloud definitions as well as several. service with on-premises deployment. compartmentalized virtual machines. optimize resource use by leveraging A private cloud is an infrastructure a metering capability at the level of operated within an organization to Total cost of ownership (TCO) abstraction appropriate to the particular provide cloud services to its end users. The apps are accessible IT service management (ITSM) Platform as a service (PaaS) from various client devices through a thin ITSM is a systems discipline PaaS gives a user the ability to deploy client interface such as a web browser. The term refers to a theory Public cloud that through the proper use of Multitenancy A public cloud is an infrastructure virtualization technologies in the cloud.

............................. All other trademarks and registered trademarks are the sole property of their respective owners......... 31 penalties for the unauthorized reproduction and distribution of copyrighted materials...... AMD Phenom. Notice of objection to and rejec- tion of any additional or different terms in any form delivered by customer is hereby given..... 31-32 Smart Buy: HP Smart Buy savings reflected in Reducing capital expenditures..... 13....23....... 31 Multitenancy... Centrino 10-Gigabit Ethernet (10 Gig-E)........ readers in making decisions regarding cloud 13................000 Service catalog.25 Security....... 28. 6......... CDW ......... Intel Logo. 3..... 30 sus the standard list price of an identical prod- uct... 11..8-9 ©2012 CDW LLC....23-24 reference guide is designed to provide readers Service-level agreement (SLA)....... People Who Get It ™ is a trademark of CDW LLC. 28 constitute a felony with a maximum penalty of Compliance considerations........ 9. Intel Viiv.. All rights reserved.... This document may Cloud costs.. and other countries..................... Itanium. consequential or IT Infrastructure Library (ITIL).... 5-8..... 4 Private cloud... 8..... 27-28 28......... Savings may vary based on channel and/ Resource pooling (cloud attribute).... 23-26 35 ... 8............S.... This Design a cloud infrastructure....... 13....... Inc.........23.......... copyright infringement is investigated by the Federal Bureau of Investigation (FBI) and may 12-13... 11.... advertised price.... Intel Core.... Criminal Community cloud.... 12.... 23.. 13..... 28..... Itanium Inside.... Software as a Service (SaaS)........ Intel Atom................ The content contained in this publication represents the views of the au- Trigger events... Hybrid cloud......... 28 Intel Corporation in the U.. Intel Atom Inside........ Intel..9........... HP Smart Buy savings is based Cloud Computing Tracking Poll... 25..6.... 12-13. 26 on a comparison of the HP Smart Buy price ver- 28..... AMD Trademark Change management....C......... 5-6........ 10...... 31.. 7.. AMD Sempron. vPro Inside..S. CDW and the Circle of Service logo are registered trademarks of CDW LLC......................... 24-26.. CDW ® reserves the right to make adjustments due to changing market conditions... 24. errors in advertisements and other extenuat- ing circumstances.. 5...... product/service discontinuation....3-4....... Intel vPro. HP Choosing a provider. AMD Tu- rion............ 27-32 Acknowledgement: AMD. Centrino. 6. 4..Disclaimer The terms and conditions of product sales are limited to those contained on CDW’s website at CDW.. or direct standard pricing. 27.... 27. 9..... Intel Inside...... Intel’s processor ratings are not a measure of Broad network access (cloud attribute)..6................. 27. Xeon and Xeon Inside are trademarks of Bring your own device (BYOD)......... 11............... For more information please see intel. 12... with information regarding cloud computing........... 5.......... Core Inside.. 22......... 31-32 CDW makes no warranty as to the accuracy or completeness of the information contained in this reference guide nor specific application by Infrastructure as a Service (IaaS)... 26 fine..... 10-12... Furthermore......... 24 Migration.... IT staff resource allocation......... 25 24-25...6... Right Away. the AMD Arrow.. CDW assumes no liability for compensatory........ 4 Platform as a Service (PaaS).......10.... 24 use of this publication.... 8. Title 17 U.. 32 Inside.... 25 not be reproduced or distributed for any reason.. are registered ® trademarks of CDW 13.. 24. 23 other damages arising out of or related to the 23...............4.. 32 computing.. 24.. 3. Viiv Inside... AMD Opteron. 5.. Intel Automated processes... 12 Self-service (cloud attribute). 8.. Pentium..... 28... Celeron Inside..... Intel Trademark Acknowledgement: Celeron. 22-26 system performance... For all products................. services and offers......... 5-6....... 12 Public cloud.... 12........ 7.... 26 Rapid elasticity/scalability and PowerNow! and combinations thereof are (cloud attribute).........30 23... 11-13. Pentium Inside......... 32 trademarks of Advanced Micro Devices.... 28-30..13 thors and not necessarily those of the publisher........ 27.................. 30-31 up to five (5) years in prison and/or a $250. 6. Storage area network (SAN)...... 4.. 22.... 13 Measured/metered service (cloud attribute).... Sections 501 and 506.... 12-13.. 5-8. Cool ‘n’ Quiet Chargeback.................6.. AMD Geode..... CDW•G and The ® ® Index Right Technology...... 24... 22.... Federal law provides for severe and criminal Cloud in a box........... VCE Vblock Infrastructure Platforms................4.... AMD Athlon.. 13.......... 26........... 12........... 12.... 25-26.. manufacturer price changes.. 24 Virtualization... 29-30 Inside Logo........4.

Paul Schaapman is a solution architect for CDW. 800. technical sales and consulting. He has more than 11 years of experience in IT.4239 | CDW. Paul was awarded VMware’s Virtual Vanguard Award in 2007 for his work on a large virtual infrastructure for the Virginia Farm Bureau.800. Look inside for more information on: • How to squeeze the most value from a cloud deployment • Determining the right cloud arrangement for an organization • Guidance on managing new cloud infrastructures • How bring-your-own-device (BYOD) programs fit into the cloud SCAN IT CDW and VMware get cloud computing. march 2012 about the contributors Nathan Coutinho is a solutions manager for CDW with a focus on virtualization. IT architecture. client and storage virtualization spaces. Download a QR code reader on your mobile device to scan and 120228 108715 . covering various roles in management. server and storage engineering. His current responsibilities include evaluating and educating clients about trends and directions in the server. With more than three decades of experience in IT infrastructure. and IT consulting. he has a strong background in virtualization (server and client).