Understanding the Cloud/Ops DisconnectJust as ITIL is finally having a positive impact on IT ops everywhere, the "Cloud" comes along and screws it all up.
Cloud computing is a popular topic right now. Some see it as a saviour technology for cost cutting but there is too much thought given to how you will connect at a technical level with a Cloud service provider. Just as important is how you will connect at a process level and at a business level. IT development and solutions staff are prone to waving these considerations away as an issue for the operations people and the suits, but the process and business considerations are more important than the technical ones.
We are speaking here about Cloud computing as the provision of distributed services across the Internet: the ability to process anywhere. This is the generally accepted, current definition of the term. This includes SaaS (software as a service, which was what the Cloud may have originally referred to) as well as infrastructure that moves around the network, including outside the bounds of the organisation to providers of on demand resources.
Using one proposed ontology: software, platform, processing, data and communications are provided as a service. Or we can lump that together in another popular term XaaS. Cloud computing is one of those hyped terms that gets applied to everything so, to be clear, we are not referring to internal grids or hosted computing or the myriad other things that seem to get lumped into Cloud".
ITIL & Cloud
Since ITIL is the lingua franca the accepted common language for IT operations right now, let us use the ITIL framework to consider operational inter-operability between the Cloud service provider and the customer.
Here are some scenarios to consider:
Scenario 1: We have a priority one outage. How do you check their current availability? Can your service desk operator open an incident ticket in their system or must they hang on an 800 number? Can you open it right away so they look at it in parallel with you or will they only accept it once your technical staff have traced the problem out into the Cloud? Can your diagnostic systems open the incident ticket automatically? How do you track the status of the incident? How much information can you see? Who has it, what do they think, what are the estimated times Etc.
Scenario 2: We are preparing the disaster recovery plan (DR) for the new system that includes XaaS. Do you have access to your XaaS's DR plan? Who do you talk to and what is the process to dovetail their plan with yours? If either party changes their plan what does that trigger?
Scenario 3: The XaaS provider has a problem. They are fast running out of resources and your service will be impacted within hours. How do they know who to contact? How do they contact them? What will be your response?
Scenario 4: Your organisation wants to move from per-user cost allocation to per-transaction. Do the reports from the service provider tell you enough to do this? What is involved in getting the reports changed?
Scenario 5: The service provider is planning a major upgrade of their SAN. In theory there will be zero impact. Yeah, right. Do they need to notify you of the planned change? What influence should that have on your forward schedule of change? What contingencies are required at your end? What contingencies have they agreed to have in place?
Scenario 6: Your customer wants an improvement in their service levels, e.g., increased availability or expanded support hours. How do you determine the knock-on improvements required in your agreement with the service provider? How do you negotiate that and what algorithm will they use to price it?
XaaS is supposed to be about increased flexibility but outsourcing has a history of decreasing flexibility at a business level with situations like this. Sometimes the increased charges are prohibitive because the pricing terms for changes were never agreed up front, and you have to go back to the customer to say you cant deliver.
Scenario 7: The auditors are in town. They want to see the physical facilities. How many sites will you need to show them? Can your auditors have access to the XaaS providers buildings? What needs to be done to arrange this?