WIXLIB

THE EXECUTIVE GUIDE TO:Multi-Cloud Environments& Management Platforms

What is Multi-Cloud?Benefits Picking the Right Tools for the job Avoiding Vendor Lock-in Better Protection from DDoS Attacks Data ManagementChoosing Between Different Cloud Providers Make use of Independent Industry Advice andStandards Vendor Performance Vendor Lock-inConsidering Cloud Service Models SaaS Building a Hosting EnvironmentPutting it all Together: What does a CloudManagement Platform do? General Services Service Management Finanicial Management Resource Management Governance and Policy SecurityConclusion: Use the Right Tool for the Job

What is Multi-Cloud?At its most basic, multi-cloud describes anenvironment formed from two or more cloudcomputing services. No single provider offersthe solution to completely satisfy a customer’sneeds, so developers often look to several cloudservice providers to build in further redundancy ormaximise processing power. This also eliminatesover-reliance on one vendor, enabling greaterflexibility throughout an enterprise environment.Multi-cloud is often confused with hybrid cloud, but thereare two key differences. Firstly, the elements of a hybridenvironment usually work together, while in multi-clouddifferent clouds are used for different tasks. Data andprocesses interact extensively in a hybrid cloud – in amulti-cloud usage is more contained to each independentcloud.Secondly, multi-cloud always comprises severalpublic clouds and can also include virtual and physicalinfrastructure, including private clouds. Hybrid, however, isalways formed of both private and public.Hybrid-CloudCloudMulti-CloudBasic cloud use: run anAllows you to run anAllows you to use the mostapplication in a single cloudapplication simultaneouslyappropriate or beneficialenvironment, whetherand seamlessly in a publiccloud option – public, on-private or publiccloud and on-premisespremises, or private – foreach separate applicationSo far, most multi-cloud approaches have investigatedthe IaaS layer, overlooking the rest of the cloud stack.However, an increasing number of powerful SaaS andPaaS configurations are beginning to emerge.Multi-cloud is set for explosive growth over the next fewyears. According to MarketsandMarkets, the multi-cloudmanagement market size is expected to expand to USD4,492.7 million by 2022 (from USD 1,169.5 million in2017). And a recent study from analyst firm 451 Researchalso suggests the future of IT is hybrid and multi-cloud,with 69% of respondents planning to have some form ofmulti-cloud environment by 2019.

BenefitsThe four main benefits of adopting multi-cloud are:2. Avoiding Vendor Lock-In1. Picking the Right Tools for the jobOne of the big advantages of multi-cloud is that you canavoid being tied to the specific standards, protocols, andtools of one vendor. In fact, multi-cloud fosters a moreagnostic way of building software, as the fundamentalinfrastructure is typically kept independent of theapplication software stack.Businesses are starting to withdraw from “one-size-fitsall” software solutions. Usually built by the big vendors,these tools still have their place (and a large market share)but are, ultimately, generalist solutions which compromisein various areas.Companies now want specific technologies to helpthem get the best from each area of their business. Forexample, while high performance might be crucial for oneapplication, another – one processing strictly-regulatedconfidential data, say – might need a cloud service thatruns in a specific region. These requirements could be metby the applications running on different IaaS platforms –each one catering to a particular need.Multi-cloud is becoming increasingly popular because itprovides organisations with the ability to merge differentbest-of-breed platforms together, forming one powerfuloverall solution.Reducing dependency on one provider puts you in a muchstronger position to act if, say, a vendor suddenly pushesup prices or stops meeting the uptime levels you need.Cloud computing evolves quickly, so the ability to respondto market fluctuations is vital. And businesses that aren’ttied to a specific vendor can adapt their strategy inresponse to industry changes much more quickly, sincethey don’t have to re-architect their entire infrastructure.

3. Better Protection from DDoS AttacksIf all the resources powering your applications are housedon one cloud, a DDoS attack can not only take thoseapplications down but keep them down. And, accordingto ITIC, an hour of downtime costs more than 100,00 for98% of organisations.With multi-cloud architecture powering your applications,even if one cloud is compromised, others remain availableto manage the load until the service recovers.4. Data ManagementYou probably know that “not all data is created equal”.While some parcels might be part of computations 100times a day for a year, others will just sit in a databasefor their entire lifecycle. By sharing data across multipleclouds, you can use the best service for each function.For example, your HR or legal department might need tostore huge volumes of sensitive records but not actuallyprocess the data. Security features will be key in thestorage of this data. However, when data needs to beuploaded, examined, and downloaded back to a localintranet, processing power and speed are crucial. A cloudprovider that caters for this, more than your IT’s securitysystem, is a valuable ally.

Choosing Between Different Cloud ProvidersWhen evaluating different vendors, there are three thingsto bear in mind:1. Independent industry advice and standards2. Vendor performance3. The risk of vendor lock-inGartner provides one example of worthwhile industryanalysis with their Magic Quadrant and CriticalCapabilities services.For example, the below represented the status of the PaaSmarket in 2016:Every cloud provider has different strengths, andunderstanding them can help you choose the besttools for the job.1. Independent Industry Advice and leOutSystemsRed HatAbility to ckBaseMIOsoftCybozuZohoNICHE PLAYERSCompleteness of visionSource: GartnerVISIONARIESAs of March 2016

Unsurprisingly, Microsoft and Salesforce were shown tobe leading the way. Analysing the cluster of visionaries ismore interesting – here’s an extract from the Gartner MagicQuadrant report:In the PaaS market, the visionary vendors include manyof the classic enterprise software vendors as theyinvest to reinvent themselves for the next generationof application developers. Generally, visionary vendorsare investing in leading-edge enterprise aPaaS servicesnot yet readily adopted by mainstream enterprisecustomers; thereby adding support for capabilities suchas big data and stream analytics, IoT, event-driven andin-memory platforms, and offline mobile computing.Other Visionaries excel in understanding enterprisedemands on the road to cloud adoption and support:high productivity for LOB users; polyglot high-controland continuous integration/continuous delivery (CI/CD) through containers for IT developers; integration,orchestration and API management for compositeapplication services; and self-service management forhybrid application deployments.Critical Capabilities reports complement Magic Quadrantsby providing deeper independent insight into a vendor’sproduct and service offerings, which can be comparedagainst a set of critical differentiators. You can alsocompare products and services based on the specific usecases needed by your business.Industry standards can provide added confidence whenevaluating different vendors. The following are most likelyto be useful: ISO/IEC 27017:2015: This is a code of practice forinformation security controls applicable to the provisionand use of cloud services. The Cloud Data Management Interface (CDMI): Thisis a SNIA standard that specifies a protocol for selfprovisioning, administering and accessing cloud storage.It defines the functional interface that applications willuse to create, retrieve, update and delete data elementsfrom the cloud.

2. Vendor Performance3. Vendor Lock-inIt’s a good idea to seek information about vendors’past availability and platform performance levels whenbeginning procurement. And service level agreementsand compensation levels for service downtime are anessential part of any contract. The performance level of thecompany itself is also important, since any provider thatgoes bankrupt or gets acquired will substantially disrupttheir customers’ businesses. So it’s a good idea to obtaininformation about the company’s ownership and auditedfinancial statements.As mentioned, not being tied to a specific vendor is apowerful benefit of multi-cloud, but some contracts canmake flexibility hard to achieve. To ensure you don’t findyourself locked in, consider the following questions whenevaluating providers: What happens if you need to move provider – is there amigration service or any support? Exactly how will company data be stored, used, backedup, and how can it be extracted? Does the vendor have a data extraction utility, and whatformats does it support? What will be the cost of data transfer?These are all areas that can reveal whether there’s a highrisk of lock-in with any vendor.

Considering Cloud Service ModelsMulti-cloud environments are generally composed of some,or all, of the following elements: The main three cloud service models: Software as a service (SaaS) Platform as a service (PaaS) Infrastructure as a service (IaaS). On-premises environmentsAfter we’ve looked at how to approach the question ofSaaS adoption, we’ll consider the alternative – buildinga hosting environment (as PaaS, IaaS or on-premises).As there are so many ways in which software can beinstalled on a hosting environment, rather than skim overtechnical pros and cons, we focus on the risks that comewith each choice. This is the line of inquiry used in a paperby ICAEW: Cloud adoption: a risk-based approach tochoosing a cloud platform.Due Diligence RequirementsTo mitigate the risk of software lock-in, ask yourself thefollowing when considering SaaS: Is it possible to trial the service before committing to acontract? Is migrating data to other platforms feasible, or will it bestored in a supplier-specific format? Does the vendor offer a private version of the softwarein case you want to adopt an on-premises instance?Check the following data security issues: If the provider has responsibility for backing up data,how often do they do it, how quickly can it be restored,and where is it backed up? What SLAs are in place for data loss or periods ofsoftware inaccessibility?SaaS Is there any insurance in place for cyber-attacks?The decision of whether to adopt SaaS can be divided intotwo phases:Finally, think about business continuity and disasterrecovery:1. Does the SaaS provider and platform meet the duediligence requirements of your business? How long could you potentially go without access tothe software before it becomes a critical issue for yourbusiness?2. Are there strategic or commercial benefits that would belost by adopting SaaS? If data is compromised or lost completely, how long willit take to rebuild data sets and at what cost?