The dominant trendsetter in everything cloud is often the simple inquiry and knowledge of, “What is the other guy doing with the Cloud?” The deeper we dug into what our own customers at dinCloud were doing, the more shocked and amazed we were. It’s from this “monkey see, monkey do” scenario that the top ten cloud trends for 2015 emerge. Ignore them at your own peril, or, do what everyone else is doing: Jump in and hang on for the ride.
I’ve watched many CIOs lose their jobs for gambling millions on the wrong strategy just as often as I’ve seen them become heroes for trying out their theories in the cloud, then scaling them up, when proven. Here are 10 key trends that will help you be a hero to your business.
1.Virtual Offices for DR
Business Continuity and Disaster Recovery (BC/DR) is a familiar topic, but the way it’s being implemented by leveraging the cloud is not.
Companies with an eye towards the future and which are intent on staying in business no matter what comes their way, are leveraging cloud (almost exclusively) to solve their concerns around potential impacts including, but not limited to:
- criminal activity (internal and external threats),
- global terrorism,
- potential pandemics,
- power outages,
- potential nuclear disasters zones (near nuclear power plants),
- flood zones,
- shifting legal/political landscapes.
Customers choose to setup “virtual offices” in the cloud by having servers, desktops, file shares, and everything synced to the cloud. If a particular branch, anywhere in the world, goes down or just isn’t viable anymore (i.e., can’t get to the office, or all systems were hacked and no longer trusted or must be turned over for forensic analysis – like in the case of Sony – then how do we get back to work?). Technologies like Microsoft Active Directory replication, federation services, distributed file system (DFS), and others make this very easy.
2.Desktop as a Service (DaaS)
This technology is on the rise because, quite simply, the best virtual desktops in the world just don’t come from VMware or Citrix (News - Alert) anymore. As such, many private cloud aficionados are abandoning previous forays into Virtual Desktop Infrastructure (VDI) and looking to the cloud to provide virtual desktops instantly, at lower cost, and with secret sauce that’s not for sale anywhere else, making it easy to have users on virtual desktops anywhere across the globe, from New York to Mumbai, From London to Manila
VDI lost its mojo to DaaS simply because:
- VDI licensing is often expensive;
- VDI in many cases requires or limits certain high end features to specific hypervisors;
- VDI costs skyrocket when you use enterprise infrastructure, thus eliminating any savings;
- VDI upgrades, patching, and maintenance negatively impact Total Cost of Ownership (TCO);
- VDI expertise is hard to come by and the challenges that pop out when you try to spin up thousands of users desktops on a virtual platform can seem endless.
DaaS wins every time because:
- Licensing is very attractive;
- It’s hypervisor agnostic;
- Cloud infrastructure outperforms the enterprise model;
- DaaS includes free upgrades and unmatched SLAs;
- Cloud is full of expertise to deliver a very focused, cost effective, and high performance solution to meet business requirements using technology not found within the enterprise.
3.Regulatory headache relief
Almost no part of the business world is immune to an ever increasing global landscape of regulatory requirements. This is particularly challenging for customers who operate in many different political and legal jurisdictions.
Cloud has become the best way to meet new regulatory challenges because regulatory requirements around physical facilities hosting sensitive customer data can be a real drain on time/money/resources. Security guards, cameras, logs, man-traps, cages, availability, become a real headache. Colocation space at top facilities worldwide is increasingly expensive or impossible to acquire at all in popular areas.
In addition, data handling requirements often invoke the need for virtual environments to utilize dedicated and/or isolated infrastructure, encryption, geographic boundaries, extensive logging, and industry best practice security measures, which have to be constantly updated or can incur liability or disgrace for a company if an incident occurs, and more adds to the headache. Even if you are able to meet these challenges, proving it via recurring audits becomes expensive and often brings operations to a halt until completed.
But, the physical data centers that cloud is hosted in are top tier. The days of building and maintaining quality data centers privately are over. As a result, space at the world’s top colocation sites is increasingly hard to come by. The best way to find a spot is to leverage the cloud. This saves you from multi-year colocation contracts, having to provision your own Internet and gear, professional services costs, and more. Get in and out easily.
The virtual infrastructure of cloud is rapidly adaptable to varying requirements. Dedicated rather than multi-tenant infrastructure, encryption of data in-flight and at-risk, a wide array of software licensing from thousands of publishers on a monthly subscription, and much more. Rapid migration tools in and out of the cloud are hypervisor agnostic. For example you can move as much as 500TB in as little as six weeks to the cloud. You may come in from VMware, but leave on Hyper-V or KVM years later, if you wish – just as quickly.
And, auditors are familiar with how many clouds operate and you’ll find they often complete an audit much faster.
Domain Name System (DNS) is what your website, IP phones, and web surfing all depend on. If this service goes down, you’re out of luck. Putting up DNS servers is easy. Keeping them safe from attack or distributed in an AnyCast worldwide network is something else. 2014 saw a substantial number of attacks against Tier 1 ISPs and almost none could withstand many of them, which topped 400+gbps.
The fact is that most customers have a single Internet provider and either host their DNS servers with that provider or on their own, using that carrier for the upstream path. When the DDoS attack hits and that provider goes down, so do you.
Distributing your DNS servers worldwide can be cost prohibitive. It may not matter anyway; if the IP your DNS resolves a resource to can’t migrate to a new Internet location on another Internet carrier instantly using BGP you’re stuck on an Internet island under siege with no options but to ride out the storm
An additional issue is that 99 percent of IT administrators do not really know how DNS works. As a Cisco (News - Alert) CCIE, I thought I knew – I was wrong, even though I setup and administered DNS servers for years. It wasn’t until I owned a domain registrar that I truly learned how hard it is to secure DNS, replicate it using AnyCast networking for high availability, and the many “best practices” required to run it robustly.
Did you know that DNS queries aren’t (per RFC) just on udp/53 but also tcp/53? Unauthorized zone transfers on tcp/53 can wipe out your entire zone table, modify it for abuse, or give attackers visibility into your infrastructure? Why do you have two DNS servers when you can have 13 for a top level domain (TLD) such as .COM’s? The list goes on…
Many cloud providers are largely impervious to DDoS attacks. They are attacked frequently, but have the resources to block, scale and migrate under fire. They also have the forensic knowledge to log, locate, and prosecute after the dust settles.
You want a solution that:
- Uses mechanisms block botnet and other malicious attacks right at the Internet Edge based on IPR (IP reputation);
- Has the ability to scan for patterns and block using Intrusion (News - Alert) Prevention System (IPS signatures);
- Uses virtual firewalls, load balancers, and other network components that scale when under attack and are dedicated to each customer (no multi-tenancy for those types of key components);
- Ensures multiple carriers with high capacity and availability of public IP addresses on IPv4 and IPv6, allowing movement between data centers within seconds.
- Utilizes AnyCast networking, making it essentially impervious to DDoS.
Cloud has replaced onsite tape or disk to achieve offsite data protection and archival, but doesn’t come without its challenges, including backup of both physical and virtual servers, offsite spin-up of backed up resources, mobile device access for file sharing, collaboration, and leveraging cost effective storage vs. enterprise arrays for bulk data. Look for a provider that can spin up all your services in the cloud from your backed-up servers or data, ensuring access anywhere, including mobile devices.
Cloud has become a unique way to integrate all your transport requirements. Many clouds offer private MPLS and other options, with a varying range of services across them. The ability to combine your cloud and on-premises networks worldwide transparently is a challenge itself. How you extend that to contractors, vendor support personnel, your own customers, and others is even more challenging, but cloud can help.
- Unify (News - Alert) MPLS carriers to connect all your locations full-mesh,
- Utilize MPLS to connect privately to the cloud,
- Utilize MPLS for backup Internet,
- Utilize MPLS for hosted phones, SIP trunks, and more,
- Create P2P VPNs to get sites/users up quickly,
- Create remote access VPNs for employees and contractors with profiles that can limit them to a single IP, network, or protocol/ports you need them to access.
Large customers requiring full mesh connectivity to all their locations can consolidate any number of carriers to the cloud. This can be done with existing, new or expanded MPLS deployments, making it look like your virtual private cloud looks like an extension of your existing infrastructure, right down to your choice of private IP ranges.
Even for Microsoft-certified engineers, keeping an Exchange server on its feet or mucking with Lync, SharePoint, Office and other products can be a real time waster. Cloud is the place to relieve this pain, without sacrificing availability, security, mobility, or licensing benefits. A beneficial approach is to host communications-oriented cloud resources (phones, email, etc.) separately from your data-oriented resources (servers, desktops, storage) using a multi-vendor approach. A cloud provider with deep market insight and relationships can provide the advantage of acting as a broker.
AAA, Logging, IPS, IPR, ULR filtering, infrastructure and service monitoring, and so many other tools are significantly easier to deploy when leveraging cloud infrastructure and licensing. The problem is that IPS systems can be prohibitively costly, before even factoring in the cost and time associated with upkeep of central and multi-site deployments of all your security elements. It often takes a full team of experts to handle, as opposed to a small IT team, let alone a single administrator.
As with other cloud services, cloud-based security can be licensed monthly and scaled as needed, and there’s a massive marketplace of cloud-based tools to choose from to tackle things like AAA, infrastructure and service monitoring, and more. Leveraging cloud as a junction for all of your connectivity can bring layers of defense in depth, while cloud engineers and partners can add a tremendous amount of veteran advice and analytic expertise when situations occur. Having this lifeline is a must to survive in today’s digital world.
9.Mergers & Acquisitions
A fact of today’s business world, M&A activity can have a detrimental effect on business when acquired staff must be onboarded en masse while infrastructure standardization is taking place and data, applications, servers, and other infrastructure are being integrated. And, while it is easy to believe that different products are interoperable, it’s not always that easy.
With virtual desktops, we’ve seen onboarding after a $3.5 billion acquisition take mere months. Virtualization and cloud make it easy to migrate infrastructure, applications, and data, allowing temporary servers to be spun up for the migration process, which can then be shut down once the migration has been complete, and allowing access to the resources from anywhere.
While any device, an network connectivity and access can be an issue with on-premises technology, the cloud makes it easy to tie servers, desktops and cloud storage to your existing Microsoft Active Directory with full policies and permissions intact across iPhone (News - Alert)/iPad, Android, Mac, Windows, Linux, Chromebook and other devices.
Single sign-on simplified access, which two-factor authentication, IPS, IPR and other security protocols protect and encrypt data from theft, attack, and malware.
What these ten trends mean is, quite simply, find ways to leverage the cloud. If you do, I guarantee you will be amazed and find useful ways to make your life easier. And that is what cloud is really all about: making everything easy!
Mike L. Chase, J.D., CCIE# 7226 ([email protected]) is the EVP/Chief Technology Officer for dinCloud, a cloud service provider and transformation company that helps businesses and public/private organizations rapidly migrate to the cloud through the hosting of servers, desktops, storage, and other cloud services via its strong channel base of VARs and MSPs. Visit dinCloud on LinkedIn: www.linkedin.com/company/dincloud.
Edited by Maurice Nagle