For many years, companies had limited options for infrastructure capabilities normally requiring massive capital investment. This created a significant barrier to entry for new technology innovation; however, the introduction of physical abstraction by VMware opened the door for commoditization of infrastructure. This has given rise to public clouds that have created massive cost pressure on traditional infrastructure – lines of business that have a reduced barrier to entry are driving a rapid speed of technology innovation, the focus of which has been driving revenue. To support this outcome, fifty percent of traditional infrastructure spend is now directly controlled by the lines of business and funneled to public clouds. With velocity being the key driver of cloud adoption, another pattern that has risen is frictionless innovation, which enforces the path of least resistance to achieve velocity. This takes form by allowing developers to choose what tools, languages, and clouds they use to achieve their goals. Historically companies have optimized and standardized to promote cost benefits. Frictionless innovation escapes from the previous constraints of the company, allowing best-in-breed to be deployed. Frictionless innovation does generate negative operational cost and security.
Reality Today
Traditional infrastructure teams have been put in an uncomfortable position of justifying their value by cost with an ever-decreasing budget. Cost pressure is a symptom of a greater problem: lack of engagement and perceived value to the business. Infrastructure has become utility thanks to abstraction and mega providers. Engineering infrastructure provides no value to the business because it’s not differentiating, and operating infrastructure needs to become a utility regardless of location. Public clouds are designed to be easy to adopt and hard to leave. To change the paradigm, infrastructure groups need to provide services to fill gaps in the new reality.
Services in multiple public clouds
The gaps created by the new consumption patterns allow for services that should be cross-cloud. It’s important that tools provide for cloud-agnostic and cloud-specific capabilities, thus not removing the unique capability the line of business initially desired. The tools should not impact frictionless innovation, but instead surround them with capabilities. There are four common services that central infrastructure can provide without impacting frictionless innovation:
- Asset management
- Financial management
- Operational governance
- Security and incident management
Asset Management
You cannot manage the unknown. In the past, the lifecycle of a resource was measured in years but today it could be seconds. In this dynamic, high-velocity world, traditional asset management based on configuration management databases (CMDB) or ITIL processes fall apart. Visibility becomes the first pillar of asset management, and discovery of deployed services is a critical first step in a multi-cloud world. The new pattern dictates that your discovery tool must be able to provide visibility across multiple clouds and accounts. The removal of the CMDB creates a visible gap in the ability to categorize and sort resources. In highly dynamic environments, only metadata can provide the correct abstraction for dynamic resources. To develop a well-designed method for metadata application, tracking and compliance is a critical value in multi-cloud worlds. Metadata is used to drive all other services inside the multi-cloud including financial, governance, and security.
Financial Management
Lines of business are only concerned with velocity of value until they get the bill; many organizations have seen ballooning cloud costs as they remove all constraints on velocity. In this new pattern, infrastructure takes a role of providing the business with data-driven insights and recommendations for cost control. Infrastructure teams can approach financial management with three capabilities:
- Budget, limit & trending
- Cost optimization
- Right sizing
The process of managing a budget in clouds is complex, as a single business unit can span multiple clouds and accounts. Budget monitoring is a reporting function that can help lines of business better control cost, but this role does not deny provisioning – they only communicate when established boundaries are being crossed. Similarly, they provide trending and analysis if patterns change. Cost optimization means understanding the cost of your resources per cloud so you can quickly identify efficiencies available across your portfolio. Efficiencies in the form of reserved instances or different locations/clouds are valuable capabilities that improve the relationship with the line of business. Savings of 25% or more on total spend are available from this type of optimization. Right sizing is the process of reducing or increasing a resource based on usage trends. Right sizing recommendations can help the business reduce costs and better scale the service.
Operational Governance
The process of building new value with velocity does not consider operational challenges. Many of the non-functional requirements for operation have long been the value proposition of traditional IT. For example, a large software company with thousands of developers recently shared the battle between governance and innovation like this: “I don’t care what tools my developers use but when they request cloud resources, I need some way to establish some level of governance.” For companies in a similar situation, there are three realms of governance:
- Source control
- Cloud request management
- Resource automation
Regardless of the tools used to produce code, everything gets checked into the same source control repository before being deployed with release management. This central location for code, managed by the infrastructure team, allows for many added services including code scanning, code audit, compliance checking, audit tracking, and a consistent method to roll back changes. Cloud request management provides a central point to manage by exception. Management by exception considers what is not allowed. A perfect example is when you may have to deny deployments to China due to regulatory requirements or may not want your developers using a certain instance size. Another common use case for central request management is to ensure you don’t exceed software license counts. This management by exception gives the consumer a high degree of freedom while still protecting the business from known concerns. The process of resource automation takes two forms: idle removal and leases. Having a process that automates removal of idle processes with communication can result in 15% cost savings. Similarly, scheduling resources to run only when utilized like development during working hours can affect a 40% cost savings.
Security and incident management
Due to the increased number of consumers and many different silos of operation, security has become far more complex. Misconfiguration, lack of audit, and lack of central access controls increase a company’s exposure to brand-impacting events. There are three roles that traditional IT can provide in a multi-cloud world:
- Configuration auditing
- Access controls
- Audit logging
Having an automated method to scan each cloud and provide recommendations and risk analysis provide a huge value to the company. This helps reduce the exposure caused by the increasing number of untrained consumers. Central access controls allow the company to enforce password policy, thus reducing the potential for brute force attacks, and also assure the company can access all assets even after someone leaves. Providing a central location for all audit logs allows security teams to trace bad behavior through the whole enterprise, which reduces the incident management time.
Operational model
The operational model for the cloud is one of frictionless consumption via API. This means the two things that cannot change are the outcome and the API call; everything else is decoupled from the consumer’s expectations. While working with our largest customers, we have found that three roles still exist in infrastructure of the future:
- Architect – designs the architecture for the service to meet service owners’ specifications using tools and capabilities available
- Engineers – build and operate the service
- Integration & automation developers – creates the code to integrate services and automate operations
The operational model calls for all of these roles to be at least partially assigned to each service to ensure it meets the needs of the company.
Tools
It is easier to discuss tools once we have established the processes that can be operated by IT without impacting the agility and innovation of the lines of business. VMware tools provide for many of these needs across public and private clouds.
Cloud Health can provide for asset discovery, visibility, metadata grouping, and financial management across private, public and hybrid clouds. vRealize Automation is used by thousands of organizations as a central point of request management and resource automation. VMware Secure State provides for configuration auditing and vRealize Log Insight can be used for audit logging.
Conclusion
Operating many different silos of infrastructure is a reality of most businesses. While each cloud provides unique capabilities that empower the business, there are a series of functions that can be shared, operated, and bring value to the lines of business. This inverts the cost centric nature of IT into a value-added provider partnering with the business.
VMUG Office
450 Rev Kelly Smith Way, Nashville, TN 37203
[email protected]