Almost 10 years after Amazon introduced EC2, there is no standard of cloud computing. OK, you got me, NIST does have a definition of what cloud computing should be, but it's high-level compared to real implementations of cloud computing, similar to the metaphor of the ITIL framework to real IT department operations. With all these differences, how do you to compare cloud providers to ensure you're getting the biggest bang for your buck, and the right partner to help you shift from on-premise to “on-cloud?” In this post, I will arm you with five simple questions to ask prospective cloud providers.
1.) What level of performance should I expect?
Before your cloud provider can answer this question, you should be prepared to demonstrate the level of performance in your current cloud or on-premise solution. Whether the performance you experience is optimal or not, this allows cloud providers to understand what is (or isn't) performing, and what level of horsepower is required to achieve the needed performance. If this is a new implementation, use your legacy solution as a baseline and add an estimate for transaction growth as a buffer. Cloud sizing should be approached with facts, as it's easy to oversize or undersize an environment. Over-sizing an environment results in you paying for more than you need and under-sizing results in you not receiving the needed performance.
At a minimum, here are a few metrics that should be presented to a potential cloud provider:
- CPU Utilization
- Memory Utilization
- Input/Output Operations Per Second (IOPS)
- Data Growth Rate
Ideally, you would provide this data on each server you are planning to launch in the cloud. If your environment's performance is affected by seasonal peaks, talk to the cloud provider about these specifics.
2.) Will my monthly costs be variable or fixed?
Next to performance, cost is the next most-important factor when searching for a new cloud provider. While there are many one-off cost models in cloud computing, the three most popular cost models are: consumption, IaaS subscription and SaaS subscription.
Consumption incurs cost for usage of cloud resources. Most cloud providers define usage as the resource being powered on and accessible. You are incurring costs for every minute that the resource is powered on, regardless of whether it's actually being utilized by anyone or any application. Due to the nature of this cost model, your cost will be variable unless you have all subscribed resources powered on for the same amount of time for each billing cycle.
IaaS (Infrastructure as a Service) Subscriptions incur a set cost that covers all the of the Cloud resources to which you are subscribed. Whether you utilize the Cloud resources or not, the cost remains the same. In this fixed-cost model, you are paying for the dedicated availability of resources.
SaaS (Software as a Service) Subscriptions incur a cost based on a metric. Most SaaS Subscriptions set the cost at a user count, while others may set the cost based upon a transaction count, or some other controllable metric. This subscription model could be fixed or variable.
3.) How safe is my data?
Data is only as safe as the monitoring and safeguards that are put into place to protect it, so it's important to ask the cloud provider what they use to protect a customer's data and what security packages are available as add-ons. Data encryption is a layer of security that can reduce the likelihood of it being compromised, but is the encryption only available at rest or also in transit? Data at rest encryption protects the data where it is stored, on disk drives. If the network communications are not encrypted, then the data is at risk while it is transferred.
Moving further up the stack from the storage and compute resources, what measures are being taken to ensure unauthorized users are not allowed access into the cloud? Security monitoring and intrusion detection tools can look for patterns of failed access attempts and block those individuals from attempting access. These same types of tools can look for strange behaviors and lock down user access whenever an unexpected or questionable event takes place. Overall, it's up to you to determine how much security you need based on whether the data you are housing requires that you meet certain compliances or it is data that is not in need of tight security.
4.) Do you offer backups and/or Disaster Recovery?
In addition to knowing how protected your data is from compromise, it is also important to understand how protected your data is from accidental removal or from a catastrophic event. You must determine the smallest time period you are willing to risk having unrecoverable data. For a real-world example, if backups are made once an hour, on the hour, and a user deletes a file at 59 minutes after the hour, then the last backup that would be available is the one from 59 minutes prior. Assuming that users had worked on that file for the last 59 minutes, all of the work being done to that file is now permanently lost. This may be more than an acceptable risk and therefore a lower frequency may be requested, every four hours as an example. Alternatively, this may be very risky and your business could only withstand a 15-minute interval of lost data.
Backup frequency is only half of the answer. Backup retention is equally as important. If the backups are only retained for 24 hours, and it takes you 24 hours to realize you encountered a data loss, the backups have been already been overwritten before you realize you had an issue. Backup retention could be as short as a day, or as long as a year or more. Backup costs rise significantly as you need more frequent backups and/or backups retained longer since it requires more storage to maintain the volume of data.
Finally, if the cloud has a catastrophic failure, is your data backed up to an offsite facility? Work with the cloud provider to understand what disaster recovery options are included or available, as well the geographic locations.
5.) If I need support, what options are available?
Support packages vary in availability, offering and cost by cloud provider. It's important that you anticipate the level of support you may need and ensure that the cloud provider you choose can offer that level of support. If you are a small shop, you and your users may be in need of support more often than a larger organization that has its own in-house support.
In this post, we covered five important questions that you should pose to prospective cloud providers. Using this information, you can develop a scorecard against which to base your final decision. I hope you have found this information helpful and that you consider Concerto Cloud Services to move your business into the cloud!
For more, check out Concerto's Guide to Comparing Cloud Providers