Roadmap to a Hybrid Cloud

While the hybrid cloud model is widely extolled in both the media and by industry manufacturers, many organizations find themselves challenged to effectively utilize both the private and public cloud components. A successful hybrid cloud requires internal procurement and process changes enabling IT-as-a-Service along with a methodical approach to ensure adequate performance, reliability, security and compliance of off-premise workloads.

The Big Picture

Vendor keynotes and industry blog posts commonly extol the benefits of moving from an on-premise computing model to the cloud, whether internal or public. But while many corporations today have already virtualized their workloads, not many have deployed any significant number of them in a cloud computing environment.

Another name for cloud is IT-as-a-Service (ITaaS).  Whether private or public, cloud utilizes shared resource pools to automate and orchestrate the provisioning of virtual machines, along with the required performance and security components. A chargeback system ensures that the IT provider, whether internal or external, has sufficient monies to support the environment while encouraging optimal resource utilization by users.

Applications should be carefully evaluated to determine which would make good candidates to for hosting by public cloud providers and which should remain on-premise. Economic, security and regulatory compliance are all important pig picture considerations, but tactical issues must be evaluated as well.

Web sites, for example, are an omnipresent example of public cloud applications. But direct links to internal databases may make a web site a poor candidate for off-premise hosting, at least initially. Publicly hosted CRM packages such as and Dynamics CRM have similarly been proven as excellent public cloud applications. But external hosting may not be appropriate when they utilize internal links to large data warehouses.

Even when it is determined that a large off-premise migration is the desired end-goal, organizations can still take “baby steps” and sample the public cloud without a complete commitment. This hybrid solution whereby some workloads are maintained on premises and some off is often a preferred approach. First migrate the easy servers, and gradually shift more workloads to the public cloud as warranted.

Private Cloud

Manufacturers understandably tend to have myopic interests in promoting their own hardware/software solutions. When combined with a penchant for certain brand names or a desire to leverage existing systems and tools, IT organizations often procure equipment and software based upon comfort levels rather than on open-minded analysis.

Deciding upon the appropriate products and platform for private cloud should not be driven by vendor promises, but rather by the architectural requirements to enable the specific identified objectives.  Business should drive IT and not the other way around.

Purchase decisions should reflect the ITaaS objectives of dynamic resource pool provisioning. Compute, storage, network, load-balancing, backup, security, and DR solutions that worked OK in a physical or partially virtualized environment may prove to be highly inefficient in an automated private cloud.

Architectural components should be selected based upon their ability to best support the private cloud platform. Blocks or pods are often an optimal approach due to the ability to easily add to the existing environment as increased capacity is required.

Perhaps the most important metric for gauging the efficiency of the private cloud architecture is the length of time it takes to provision a VM.  Manual VM process creation typically takes around 5 days by the time all approvals and security, network and storage components have been provisioned. Strict compliancy and approval requirements, may even take longer.

Newly virtualized data centers tend to have plenty of capacity; running out of storage, compute or memory is not much of an issue. But eventually the increasing demand for virtual machines combined with inefficient life cycle management results in a demand for additional resources. Provisioning times for a virtual machine are often further delayed when its deployment triggers a requirement for additional resources such as a new SAN, network switch or server chassis.

A 2011 study sponsored by CA Technologies, The State of IT Automation, showed that 47% of the virtualized organizations queried reported taking a week or longer to provision a virtual machine. Despite the overwhelming benefits of virtualization, departments frustrated by lengthy provisioning times of virtual machines may instead purchase their own pizza box servers.


A private cloud reduces the time to provision a virtual machine from days or weeks down to minutes. Choosing the appropriate equipment and tools combined with cloud-friendly processes is essential for success, but constitutes only part of the solution.

Enabling ITaaS also requires implementation of a chargeback, or at least showback, system. This provides IT funding while enabling efficient resource sharing across business units.

Organizations are in the earlier stages of the virtualization journey often fund requirements for new equipment out of the IT departmental budget. IT commonly stalls in fulfilling requests for new VMs by questioning each requestor about the need for a new VM and asking for approval confirmation.

As it becomes increasingly clear to all that lack of budget is the primary cause of VM provisioning delay, IT organizations begin to implement a chargeback system. In some cases, this may involve simple guessing on the part of IT and involves Solomon-like decisions such as how much should each department pay in the case of shared VM ownership.

More effective chargeback systems utilize automated metering policies based upon resource utilization – truly enabling infrastructure as a service (IaaS). Business units access a service catalogue which incorporates available server options along with automated approval workflows.

The server, along with the required network, storage, load-balancing, security and regulatory compliance components is automatically provisioned and presented back to the requestor along with a monthly invoice for the resources utilized. A time limit for the servers is often utilized in order to prevent dormant virtual machines continuing to suck up resources. Requestors are forced to periodically renew their servers or they are automatically de-provisioned.

The chargeback model enables efficient utilization of storage, compute and network resources that can be shared across multiple data centers. It also incorporates costs for services such as backups, redundancy and disaster recovery.

Public Cloud

IT organizations should not succumb to the hyperbole around whole-scale migration of workloads to the pubic cloud. Cloud deployments are not just an IT decision – they affect the entire business including customers, end users and investors.

While the automated server provisioning and chargeback services offered by public cloud providers may provide quick and easy access to new virtual machines, they can also create significant issues around compliance and security. These issues can be compounded when organizations continue to maintain a significant number of workloads on-premise. Passing corporate data back and forth between internal and external virtual machines, increases risk of security compromise.

Public cloud access should not be ad-hoc. It should be incorporated as a carefully monitored aspect of an encompassing hybrid cloud model. Initially, only limited authorized workloads, such as development VMs, should be allowed off-premise. Eventually the type of virtual machines authorized to be run with public cloud providers can be increased based upon acceptable economic, security and compliance criteria.

Development, also known as Platform-as-a-Service (PaaS) is an excellent starting point for utilizing public cloud services. Developers often require servers to run the database and to test their programming.  They may need to adjust the resources, test upgrades and fixes.  Utilizing an off premise solution takes an enormous load off the server administrators while making developers happy. Microsoft’s Azure or VMware’s Cloud Foundry are examples of established PaaS providers allowing easly reference of off-premise databases and objects.  Resources are transparently added on the backend as required.

Developers should participate in the selection of a PaaS provider. Azure, for example, may look great, but if it requires rewriting entire applications, it will probably not be cost-effective.

While public cloud hosted websites are common, database and desktops are not. Significant development investments required by database applications combined with potential regulatory compliance requirements  often makes it difficult, if not impossible, to utilize the cloud.

Complex applications with workflows that link to internal systems still may be able to link common databases, such as SQL or Oracle, to a mirrored instance in the cloud. These mirrored instances can be used as for disaster recovery or simply as a hot standby if maintenance is needed.

Transitioning to a Hybrid Cloud

A roadmap for transitioning to ITaaS should incorporate both private cloud and public cloud components, but the process should begin with first identifying the business objectives desired. This provides the context for selecting the optimal IT architectures.

Determining the time it takes to provision a new virtual machine helps provide perspective around which private cloud components will provide the largest immediate impact. It can also help determine which workloads should be tested for testing off-premise alternatives.

Some organizations ignore the public cloud alternatives, while others plan to jump quickly to a wholesale migration to off-premise hosting. Both options potentially incur the risk of competitive disadvantage. A hybrid model with a careful, well-planned and methodical incorporation of public cloud enables optimal computing resource consumption while ensuring performance, privacy and compliance.

Steve Kaplan @ROIdude at Presidio also contributed to this article.