Migrating Applications to the Cloud: Security, Scalability, and Sensibility Rule The Day

There are many good reasons to move from legacy infrastructure on servers to cloud-enabled solutions.  Most revolve around reducing operating costs and making your business more nimble.  However, moving to the cloud will not solve all your application ills. The benefits, in most cases, outweigh the downs. Depending on the application, vendors need to make a strategic decision as to their target infrastructure – public, private, or hybrid cloud. From there, the business must consider the technical, geographical, and regulatory environments.  Choosing the right service provider can make or break the proverbial application journey to the cloud.

For software vendors, moving their solutions to the cloud can provide significant cost savings because of the increased utilization resulting from sharing resources, standardization and automation required for cloud services. In the past, it was difficult and took companies’ weeks and multiple man-hours to order software licenses. Now users can be managed up-and-down from a single point on-demand. This increased efficiency translates to overall business efficiency, and has the potential to unleash new innovations and opportunities. On the operational side, manageability, performance, and scalability are the typical reasons why businesses consider cloud computing. By delegating the management of infrastructure and software platforms to a cloud service provider, customers can offload operational responsibilities to these service providers and get back to focusing on what they are good at.

A cloud computing environment might offer increased resources, which can lead to performance improvements for certain applications. Applications that are designed to spread their workload across multiple servers will be able to benefit from automated scaling of resources to match the current demand. This is especially appealing for applications with unpredictable or cyclical usage patterns. Cloud providers can monitor usage and dynamically scale resources up or down. This behavior, combined with the pay-by usage characteristic of the cloud, can lead to significant financial savings for application vendors and their customers.

That said, it is equally important to consider what kind of cloud environment  from — SaaS, PaaS, or IaaS—the application is best suited:

Software as a Service (SaaS) – For more mature solutions such as Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), and Supply Chain Management (SCM) solutions SaaS is worth considering, especially for those firms that want a low-cost entry point without investing in their own data center infrastructure. SaaS is more about augmenting application functionality to the cloud and less about  replacing the server provisioned application.  There will still be data and infrastructure considerations, but the efficiencies and ease-of-deployment models remain attractive.

I recently spoke to Julian Box, CEO of Calligo, an upcoming offshore cloud provider, and he cautioned that vendors considering this approach should be proactive in understanding the nuances when negotiating service-level agreements (SLAs) that will cover your organization from an availability, scalability, performance, and maintenance/upgrade perspective.  He mentioned it is very difficult to find a provider that will work with you, as it is nearly impossible to guarantee performance in large distributed environments, but smaller more agile providers are the best bet and will get you close.  Mission critical applications are typically not housed at the large cloud providers like AWS or Microsoft Azure for this very reason.

In addition to application functionality, data portability, security, and data sovereignty requirements, policies must be provided so application vendors can provide the functionality and integration between applications that allows customers to own and control their own data. Bottom line, transparency in a service provider’s service level agreement (SLA) needs to be front-and-center.

The top SaaS providers include:  Gogrid, Google, IBM Softlayer, Netsuite, Oracle, RackSpace, and Taleo.

Platform as a Service (PaaS) –  environments address more of the Application Programming Interfaces (API) to allow data, applications, and users to more effectively have interoperability between environments.  While similar SLAs may be in place, PaaS platforms do not focus as much on application functionality rather how each solution interacts with each other.   Unlike SaaS, most PaaS providers should provide policies for maintenance and version control guidelines at the platform level to ensure there is version control between APIs, the infrastructure, and applications.

In most cases, data is stored at the provider level and data portability can be a challenge as many providers need to have the ability to migrate data to multiple formats.  From a security perspective, PaaS providers might have multiple solutions from different customers on the same platform whereby there may be vulnerabilities across the platform that affect all other applications.

While there are many reasons to consider a PaaS deployment model, the costs, efficiencies, and outcomes can be compared against internal deployments of co-located servers or internal solutions. Integration costs, interoperability, and other considerations need to be addressed prior to considering this migration path, unless you are only deploying mobile and Internet applications.

The top PaaS Providers Include:  Amazon Web Services, Cloud Foundry, Google, IBM, Microsoft Azure, Oracle, RedHat, Salesforce

Infrastructure as a Service (IaaS) – is how applications are scaled up and down based on needs from an infrastructure – hardware, software, and user – perspective. Infrastructure as a Service Migration of an application platform involves deployment of the application on the cloud service provider’s servers. This model focuses more on the operating system (OS) and hardware compatibility. If the hardware is not compatible, the application might need to be recompiled or redeployed for the new platform. Similarly, if the OS is compatible, few changes will be required when the application is migrated. Once again, most of the same criteria that are used for considering a SaaS or PaaS application migration, including SLAs, data portability, long-term costs, user management, and security, should be considered for the IaaS migration.

When considering an IaaS deployment software vendors need to negotiate an SLA for the availability and performance of the server, network, storage infrastructure, and hardware maintenance/management. From a data portability perspective, it is important to understand how the cloud service provider replicates and migrates the block or file storage systems. From a security perspective, IaaS is unique due to the fact that virtual machines on one in infrastructure can belong to different customers being shared on a physical infrastructure. Virtual and physical isolation of data and compliance policies needs to be part of the providers SLA.

The top IaaS Providers Include: Amazon Web Services, AT&T, Calligo, Codero, Dell, Gogrid, HP, Joyent, Oracle, Racksapce, Savvant, Verizon  

Application scalability and WAN optimization are part of the final consideration that software vendors should consider when migrating to the cloud.  Load-balancing, multi-tiering, and the ability to scale up and down sets providers apart from one another.  Enterprise grade WAN capabilities and optimization services can set providers apart, but it is important to ensure the security and data migration/sovereignty policies adhere to your business goals, regardless of which environment one chooses – Public, Private, or Hybrid.

As cloud-enabling applications become more prevalent, smart application providers are recognizing customers will need to have the ability to move back and forth between on-premise and the hybrid-cloud. Cloud migration automation tools are getting better. Cloud brokers and Systems Integrators are establishing compelling, but expensive, services to ensure moving applications to the cloud is “less painful”.  It behooves application vendors to go into this process eyes-wide-open. There is a major difference between simply web-enabling applications and moving to the cloud. We are all going to get there, but understanding all of the variables will be the difference between taking an off-ramp on a highway or a Jeep trail.