Frequently Asked Questions ...
These are some of the questions we have been asked in our seminars, training classes, workshops and assessment services. If you would like to suggest additional questions, have corrections or better answers, or any other comments, please use our Contact Us form, or email us at info@PurposefulClouds.com.
Check out our Cloud Glossary.
Why do you claim vendor-neutrality yet still have partnerships with Cloud Service Providers and Cloud tool vendors?
We have partnerships with a lot of vendors primarily so we have access. We have access to not only their sales and marketing material, but also to their technical material, technical support personnel, and their management. When we create the requirements for a customer to move to the Cloud, we know which CSPs to send those requirements to, and we know we will get a quick and comprehensive response. Our goal is to be our customer’s trusted advisor. To do that we need comprehensive knowledge of the Cloud market space. See our Partner Page for additional information on how we select partners.
The Cloud is more a concept than a product, implemented in different ways by different vendors (see our Purposeful Clouds Cube). Different workloads have different requirements in the areas of security, performance, and availability. Those requirements determine where in the Cloud Cube that workload belongs, and that leads to the set of Cloud Service Providers that support that region of the Cloud Cube. Until you understand the real requirements in those three areas, you cannot determine how to proceed. Our services are designed to determine those requirements.
We have developed a Cloud Service Bubble to help you do exactly that.
You look for the workloads that have low risk due to security, performance and availability issues, and that have the most obvious financial ROI.
Security issues vary by customer and workload, so the exact method is tailored to each situation. But the general process is to first determine the actual security requirements for the workload based on regulation, compliance, and internal process issues. The second step is to see how the organization has currently satisfied those requirements, or to what degree they are or are not. Then we create a set of requirements for moving into the Cloud and which Cloud Service Providers can meet those requirements. Sometimes we say "no" don't take this workload to the Cloud now.
For many companies, yes. Some companies are already 100% Cloud, with no internal IT other than workstations, and even those may be virtualized out to the Cloud. However, it will be a slow process over many years before the majority of companies will have moved all of their IT to the Cloud.
Does the recent failure of Amazon’s EC2 spell the end, or at least a significant delay in the adoption of, the Public Cloud?
In our view, no. Like any utility, a Public Cloud will go down at random intervals for periods of seconds to a couple of days. In your own facility, you have made a business decision on whether you need a backup generator for power, or even a separate data center. These are all forms of insurance. You need to do the same level of business analysis about any workload you move to the Cloud. For a longer answer, see our Purposeful View on the subject.
What distinguishes a Cloud host from a "regular" host? Is it the same equipment, but a different billing and monitoring system?
In some cases, like a Private Cloud, it may be exactly the same equipment. The things that distinguish the Cloud from managed services or your own server in your own computer room are
Compliance issues are really all about security. See the “How do you address security issues?” FAQ.
There can be. A lot depends on the location of servers and storage you are using. While you may not know exactly where they are, you can usually find out approximately where they are (e.g., Western US). Just going through the Internet can add up to one half second to response time. Most Cloud Service Providers (CSP) have Service Level Agreements about latency within their facility, and choosing a CSP with the correct geographic dispersion of facilities can allow you to meet all but the most stringent performance requirements.
Like everything about the Cloud, it depends. It depends primarily on your requirements in the areas of security and performance. If you can safely use a Public Cloud your savings may be 50% or higher. Even with a Private Cloud, you can see savings as high as one third.
If you are already working in a virtualized environment and don’t have stringent security requirements, it can be fairly easy. A lot of organizations use the Cloud for peaks in demand or as their disaster recovery mechanism. Even with security requirements, in some cases it may make business sense to go that route, balancing slightly higher risk over a short period of time against a significant financial advantage.
The main barriers to the Cloud are security and performance. If you have strict security requirements, such as PCI-DSS, then the Cloud is not ready today. If you have sub-second response time requirements and tens of thousands of transactions per second, then it will be very difficult, and expensive, to move that application to the Cloud. But keep asking, because this answer will change over time.
When you are all done moving to the Cloud you will probably have a Hybrid Cloud environment: some applications in Private Clouds, some in Public Clouds. In general, you have more control in a Private Cloud and hence an easier chance at meeting security and performance requirements. You are likely to get more financial and agility benefit in the Public Cloud. As each application or workload you have is likely to have a different set of requirements, you will probably have both Private and Public implementations and hence a Hybrid Cloud. There is a relatively new type called a Community Cloud. A Community Cloud is a Public Cloud that is restricted to organizations with specific requirements, usually in the area of security. If you cannot use a Public Cloud and there is a Community Cloud that meets your needs, it will likely provide most of the advantages of a Public Cloud at a lower cost.
They can be, but most Cloud Service Providers (CSPs) have controls in place to minimize the impact of another customer’s activities on your workload. The key is to have the correct performance Service Level Agreements in place.
Most Cloud Service Providers (CSPs) have several kinds of Service Level Agreements (SLAs) that specify different response times, at different price points. You should be able to get the right SLA to meet your needs. Often, your CSP can consistently provide better and faster support than your own internal IT department can because it can spread the cost of having the correct trained staff on duty 7x24 across a large number of customers.
For simple Public Cloud offerings, it can be measured in minutes. But moving an important workload to the Cloud requires planning to make sure that transition is painless to your company, your partners and your customers. Until you actually have a project plan, I would be thinking in terms of weeks or months.
Purposeful Clouds touts vendor neutrality as a differentiator. Does that neutrality extend to training content?
Yes it does. It is essential that our training courses firstly, and always, focus on our customer's needs. If there is no learning neutrality then the course objectives and content value and credibility will be compromised. If a customer, outside of a course, asks our opinion regarding the selection of training beyond our comprehensive curriculum offerings then we will respond based on our exhaustive knowledge of the overall training marketplace.
We totally subscribe to the belief that Cloud Computing decisions must be driven by sound business decisions and criteria. That is why we have courses that emphatically guide decision-makers to make realistic and systematic business need and goals-driven decisions. The more technical Cloud computing course then follow in a logical learning sequence.
We believe that our course content is a concentration of the latest and most effective learning available. The success of the content is highly energized and richly expanded in value due to the delivery and facilitation of the courses by Cloud marketplace experienced and recognized subject-matter-experts who are also experienced trainers and facilitators.
Why does the Purposeful Clouds Academy use learning delivery descriptions that are different from other training providers?
We intentionally use more precise delivery technique descriptors to ensure that the potential learner fully appreciates the learning's value, time usage and level of experiential learning in the various course delivery options available. This allows the best matching of the student's time and money to the desired business goals.
Yes, we do have three course variants based on the same essential Cloud business imperatives knowledge and Cloud overview. Learning value and retention is greatly enhanced if the topical content is focused on the unique needs of a specific participant group. This table should explain the focus differences among these courses.
Today, your CSP will provide very little help with your audits. You may find a CSP that will provide some information to your auditors, but in general they may actually be in the way of doing completing your audits due to their requirements to protect access to other customers' data. There are some Community Cloud offerings that are starting to deal with specific security issues, and may even be able to handle some of your audit responsibilities. We expect significant improvement in this area in the next two years.
The short answer is "lawyers." Security breaches can be hugely expensive, not just in terms of money but also in legal actions. No company can afford to take the security risks of hundreds or thousands of customers. Determining if a security breech was really caused by you or your CSP is difficult, and would almost inevitably end up in a very long and expensive court case. If a CSP did offer security SLAs, they would be capped at your monthly fees. That amount really won't provide any real help to "solving" your security problem.
Is security with IBM Power, SUN Solaris, or HP UX cloud offerings any better than Windows and Linux based clouds?
IBM has built an entire solution system around putting Power into the Cloud, and by its nature it is more secure than Windows and most Linux implementations. Both Sun Solaris and HP UX have also developed Cloud support infrastructures. But the most important thing about security is the processes and procedures by which it is managed. All things being equal, you should be able to get a more secure cloud environment with IBM Power, Sun Solaris, and HP UX than with Windows or typical Linux based clouds. But the real answer will depend more on the CSP than the platform.
Probably not. Most CSPs are paranoid and very good at keeping their environment clean and protected, and they have the staff to constantly monitor network traffic. If you are using Platform as a Service or Software as a Service, then the CSP is also keeping the software they are resposible for up-to-date with all security patches, and with the latest anti-malware updates. Since these best practices can defeat over 90% of attacks on your servers, you probably are at least as secure in the Cloud.
Looking at it from a clinical sales viewpoint, the primary reason you should want to become a trusted advisor is to shorten future sales cycles. You want to become part of the design cycle, maybe even write the RFP, or, better yet, eliminate that step and go right from their need to your order.
The customer wants to be sure that the first Cloud transition will work! You need to help them look for the workloads that have low risk due to security, performance and availability issues, and that have the most obvious financial ROI.
A number of CSPs have data centers in other geographies, including the Middle East and Asia. In our view, backup facilities must be at least 500 miles away from the "base" facility, but should be within the same political environment (e.g., both sites in the US or both sites in the EU). If the data gets further away, either in a political sense or physical distance, then you risk performance and security issues. The CSPs that we deal with might not tell you the mailing address of their data center(s), but they will commit to at least country and, for physically large countries, section of the country.
As part of our services, we determine what the security, performance and availability requirements are for each of your workloads. Those requirements often put location requirements on where your data can be stored. We take those requirements into account when we recommend CSPs. Political issues can also impact availability risk. At the moment, the only reason we would recommend a data center in the Middle East would be if it was necessary to provide sufficient performance or to meet country-specific security requirements for a customer base in that area.