It could be argued that the cloud has proven to be the single largest disruptor in the entire IT industry to date. Cloud has reshaped how we engineer, implement, and maintain complex technology infrastructures. It has empowered enterprise-grade solutions for Main Street small business and enabled the execution of green IT initiatives in a way that we never thought possible. Yet, the cloud has, for so many, failed to deliver on its original tenet: to lower the cost of IT and of IT service provision. To understand what we can do to fulfill this promise, we first need to understand how the situation occurred.
The Old Way of Doing Things (Before Virtualization and Cloud)
Nearly twenty years ago, I was working in IT leadership for a domestic subsidiary of a large global manufacturing organization. Significant changes were on the horizon that would dramatically increase our technology footprint. As a result, I had been tasked with designing new data centers for eight of our facilities.
At the time, virtualization was still considered emerging technology and many organizations, including my employer, were skeptical of its longevity. So, I evaluated multiple physical server platforms from several leading manufacturers. I reviewed watts of energy consumption, BTUs of heat generation, and rack units of space required. I considered the capacity, scalability and redundancy of not only server and network hardware, but also the electrical systems to power them and the computer room air conditioning (CRAC) units that would cool them.
While I wasn’t handed a blank check, this organization was prepared for the huge capital expenditure (CAPEX) that was about to be required – construction of the rooms, physical security controls, infrastructure hardware, licensing, electrical distribution, backup generators, CRACs, hot zone/cold zone air handling, fire suppression systems, etc. And the continued operating expenses (OPEX) would not be insignificant either – maintenance agreements, upgrades, and repairs, but all of these would be dwarfed by the massive energy costs.
Carbon footprint, you ask? Well, that was not exactly a point of consideration. Even though this organization was considered to be a good global corporate citizen, the concept of a green initiative, sustainability goals, and the triple bottom line (3BL or TBL) had not yet entered the mainstream consciousness. Engineering complex technology infrastructures back then also routinely included a measure of “future-proofing” – buying slightly more capacity than was required in case utilization projections were flawed or a rapid increase in demand occurred, which further added to both the financial and environmental consequences.
Although the tangible elements of modern IT have not completely disappeared, this story has a certain antiquated tone, doesn’t it? Corporate data centers have decreased in numbers and many of those that still exist have been reduced both in physical size and environmental impact. Virtualization is now considered proven technology. It’s highly reliable and completely commonplace in the current technology landscape. While some prophets predicted it many years ago, what they didn’t see was virtualization would be the catalyst to usher in the cloud.
How the Cloud Changed Everything
The initial introduction of the cloud to mainstream business would be as Software as a Service (SaaS) – an application delivered for consumption via the web browser – and it was good. IT quickly accepted the tradeoff. While we were apprehensive at being abstracted away from the underlying technology, SaaS allowed us to reduce or altogether abandon our duties that involved installing, maintaining, patching, troubleshooting, and upgrading both the client/server software solutions, as well as the backend mechanisms like database administration. And IT wasn’t the only part of the business that rejoiced. Even though SaaS presented a perpetual subscription model, Finance adored the idea of regular OPEX and the ability to discard the CAPEX spikes that occurred every time we migrated to a new version of conventional software.
Cloud was rapidly winning hearts and minds with SaaS. IT suddenly had additional time and technology resources that could be channeled elsewhere. Finance now had a measure of predictability in IT spend. Even executives were adding “cloud” to their lexicon – which suddenly made it the hottest topic going and everyone had to have a cloud initiative. This was a clear game changer.
SaaS quickly gave rise to Platform as a Service (PaaS) – providing IT with access to cloud-based development platforms and database environments and reducing our reservations with the complete abstraction required with SaaS. IT now had a chance to regain a measure of control and flexibility in this new arena.
The cost-effectiveness and high-availability of SaaS, the reduced abstraction of PaaS, and the level of confidence that virtualization had given us with on-premise virtual machines (VMs) all crystalized into the next leap forward to Infrastructure as a Service (IaaS) – a cloud model that would allow us to construct an entire equivalent data center of VMs and virtual networks in the cloud provider’s platform. Everything that I described two decades ago could be reduced to literally just a few clicks or rendered obsolete or completely unnecessary. And technology solutions that had been previously out-of-reach for small-to-medium businesses due to cost and/or complexity were now totally viable. IaaS would become an IT panacea – or so we thought…
The public cloud providers certainly helped to convince us. They offered us slick calculators to demonstrate how only paying for their technology that we used would evaporate our energy costs, eliminate future-proofing and our expensive hardware investments, and save us a ton of cash. They provided us with utterly simplistic tools to engineer redundant solutions in multiple data center zones, to create high performance web applications within geographic proximity of our customers on a global scale, and to design elastic virtual servers that can spin-up a cluster of VMs when demand peaks – only to be decommissioned and deconstructed when that demand subsides. For those fearful of the necessary time investment required, the cloud providers were happy to give us an easy point of entry – a physical-to-virtual (P2V) tool that can convert a physical server into an image than can then be deployed as a VM in the cloud. And all of this is founded upon a platform of seemingly infinite resources at our disposal.
How Sprawl Defeated the Purpose of Cloud and Where ITIL Comes In
Herein lies the contradiction. For all of the promised cost savings, organizations are spending significantly more than they had anticipated. In some cases, it’s a net zero gain. In the most extreme of scenarios, cloud customers are outspending the physical infrastructures that they replaced. So, what happened? Why did the promise of IaaS not come to fruition?
One term has emerged as the most common culprit – cloud sprawl. Selecting, ordering, configuring, and deploying a physical server took weeks or even months depending upon the approvals required. Even instantiating a VM in our on-premise environment required careful consideration as our computing resources and capacity were limited. The cloud provider now made this too easy. Need a virtual server? Need ten? How about a hundred? Reducing this to a mere few clicks means that we do it with little thought – until the invoice arrives.
Our solution for this dilemma is not to “pump the brakes.” That sort of reaction is unacceptable in a high-velocity and constantly accelerating organization. And the associated cost of delay that this creates can actually amplify our cloud-related fiscal losses.
The best answer resides in the ITIL framework for service management and our ability to integrate it collaboratively with our cloud service provider(s) to create mechanisms of governance. Fortunately, the cloud providers are already positioned with a strong sense of service orientation so we should expect to find them agreeable to this value proposition. This will, however, still require that we rethink how we apply best practice to a virtual infrastructure in the cloud and modernize our approaches to a number of workflows.
11 Essential ITIL Practices for Governed IaaS Solutions
There are eleven essential ITIL practices to implement into your value streams to create governed IaaS solutions:
Service Level Management
We’re accustomed to setting clear, unambiguous expectations with our customers in the form of Service Level Agreements (SLAs). But when our ability to successfully achieve SLA targets for our customers is dependent upon a partner like a cloud provider, alignment of these upstream and downstream agreements is essential. The major public cloud providers can be inflexible and refuse to offer customizable SLA solutions, so we must require that they provide well-defined SLA documentation and prove their consistent ability to deliver. Then, realistic modifications to our downstream SLAs can occur.
Service Catalog Management; Service Request Management
In many cases, the services that we purchase from our cloud provider are passed directly through to our consumers; therefore, adding these offerings to our own service and/or request catalogs is an unnecessary duplication of effort. The major public cloud providers are assisting in this area by offering connectors for the common ITSM suites to integrate their catalog with ours and allow for an opportunity to facilitate automated requests for cloud services. One example is the AWS Service Management Connector for ServiceNow. (This connector also helps to enable the necessary improvements to the Service Configuration Management and IT Asset Management practices mentioned later.) We must couple this, however, with a clearly defined means of providing oversight through financial and/or security authorizations before new resources are created or modifications to existing resources are completed.
Change Enablement; Continual Improvement
The ability to rapidly deploy solutions throughout the cloud provider’s global infrastructure can allow us to create a continually evolving IT environment. Changes (and improvements) can now potentially occur within fractions of seconds. If you still funnel all changes, even those that are of an operational nature, through a committee like a Change Advisory Board (CAB), this will quickly create an unsustainable bottleneck. Fortunately, the ITIL 4 Change Enablement practice is already poised for success here. In the high-velocity organization, decentralized appropriate Change Authorities should be established for the various types of change that we undertake – including changes to our IaaS. We also cannot sacrifice documentation in the pursuit of speed, so automation should be considered to create accurate change records.
Incident Management; Problem Management
Especially in hybrid cloud implementations, where we maintain on-premise technology resources and interconnect them to resources in the cloud, Incident Management and Problem Management will require closer working relationships with the cloud service provider than we’ve historically become accustomed to with other partners and suppliers. This relationship must rise to the level of synergy – where the line of demarcation becomes not about assigning blame, but rather about optimal cooperation, communication, and collaboration. If this relationship is not highly effective and efficient, the costs associated with incident resolution and root cause analysis are certain to increase.
Information Security Management
Most public cloud providers utilize a shared responsibility model where the security of the cloud is their responsibility, but the security of what is placed in the cloud is ours. Many cloud customers don’t properly understand this and operate under the illusion that they can remove the security line item from their budgets. When the point of abstraction exposes more of the underlying technology, as with IaaS, our scope of responsibility increases. Assuming that we are no longer required to manage controls like whitelists/blacklists, encryption, patch management, etc. could have devastating consequences. We must obtain a copy of the cloud provider’s shared responsibility model and ensure that we understand every detail from beginning to end and modify our security procedures accordingly.
Architecture Management; Service Configuration Management
Another source of cloud-related soft costs is a result of the ease with which VMs with unique “one-off” configurations can be created. A standards-based approach to deploying VMs can yield much needed consistency, which can reduce the direct costs of over specifying details like CPU and memory and also reduce support time and costs.
Service Configuration Management; IT Asset Management
Our Configuration Management Database (CMDB) is of fundamental importance to multiple practices and our overall service management approach; however, a virtual infrastructure in the cloud will present us with a number of challenges that the conventional CMDB is inadequately equipped to handle. Elastically scalable solutions could spawn highly volatile Configuration Items (CIs) that only exist for a short period of time – perhaps minutes or even seconds – before they are deconstructed and vanish, only to be recreated on-demand again later. Beyond the traditional VMs, microservices – elements of free-standing code executed in a headless or serverless manner – and containers are becoming increasingly popular but represent “non-traditional” CIs that defy our customary means of documentation. Abstraction itself is also equally incompatible with our historical approach to a CMDB and an asset register. The routine CI and asset details aren’t available to us in a cloud infrastructure. How does this impact the fidelity of our CMDB and the ways in which we utilize it? The ITIL doesn’t present us with direct answers for these issues, which means that organizations must adapt an approach based on their unique situation. (Beyond20’s CMDB Workshop can help you determine a bespoke solution to these and other Configuration Management challenges!)
Last Words
Although new “aaS” buzzwords are being conjured up (my personal favorite so far is “XaaS” – Anything as a Service), cloud has become proven technology. It has already irrevocably altered the IT landscape and this trend is absolutely certain to continue due to its compatibility with high-velocity IT and digital business models, as well as its ability to contribute to digital transformation initiatives. What continues to emerge, however, is the thought leadership relative to its implementation and management. AWS has taken the lead among the cloud providers by creating its Cloud Adoption Framework and the Five Pillars of its Well-Architected Framework, but others are certain to follow.
Keep a close eye on this space…