How to select DPC for placement of information systems? TADetails

What advantages of placement of information systems on the partner platform in comparison with placement in local infrastructure?

Key advantage of outsourcing of computing resources is a decrease in capital costs and an opportunity to secure business from jumps of currency rates. According to Maxim Berezin, the head of Virtual data center of CROC company, now it is important, considering almost universal reduction of IT budgets and growth of cost of the equipment which in the main weight is import. Besides, outsourcing of DPC and cloud services allow to reduce time of implementation of IT projects significantly.

Key advantage of outsourcing of computing resources is a decrease in capital costs and an opportunity to secure business from jumps of currency rates

Construction of data center from scratch takes several years, and it is possible to use resources of outsourcing DPC even at initiation of additional deliveries within two-three months. Unroll IT systems in a cloud it is real in even more short time — literally for several days if it is about not the really large volume of data. Additional plus of clouds — providing bigger flexibility to business. It is possible to increase capacities instantly, arranging infrastructure under specific business challenges: start of new services, providing new clients with the necessary services, opening of offices in regions.

"Also quickly there is also a turning of cloud infrastructure if in the large volume of resources there is no need — Berezin adds. — For example, if the customer completes a seasonal action or testing of functionality of a new system". These possibilities of outsourcing are demanded by financial companies, retailers, production holdings and also any other organizations focused on dynamism of business.

What do DPCs among themselves differ in?

Today customers of outsourcing computing powers can select from the whole range of offers what is necessary — depending on the budget and the needs for performance. From a usual hosting, including use of virtual or dedicated servers and placement of own server in DPC (Colocation), leases of the selected zone (Dedicated area), to various cloud services: uses of SaaS, disaster tolerance and backup as service, constructions of hybrid infrastructures.

Until recently physically DPCs of different providers could be located as abroad, and in the Russian territory. Today the carrying out of information out of borders of the country is directly prohibited by the legislation of the Russian Federation. Since September 1, 2015 became effective amendments in law No. 152-FZ "About personal data" according to which storage and personal data processing of the Russian users is performed only in the territory of Russia. Otherwise the resources of the companies placed in data centers of foreign providers can be blocked by Roskomnadzor with suspension of activity before execution of relevant requirements.

The provider can be the owner of own capacities of DPC or the tenant of the equipment at other provider. But it must be kept in mind that the additional chain of intermediaries can have an adverse effect on stability of work of provider and in general on reliability of service.

Possibilities of different providers can also have as internal restrictions — on the computing power or resources of storage, and external restrictions on capacity of communication channels which performance, in particular, is extremely critical for cloud services.

In addition, there is a requirements list to DPC in respect of reliability assurance and safety of data storage. This list includes possibilities of provider on secured provision of reliable data backup, a measure for information security support (reservation of computing systems, storage systems, communication links, backup copies of data, etc.), disaster recovery of data with a possibility of replication between storage systems and so on.

All these questions need to be found out before the final choice for benefit of this or that provider. Except detailed acquaintance to the existing infrastructure of provider, will also not be superfluous to study plans of his development for the guaranteed potential of future scaling of IT infrastructure of the business.

What cloud services can the provider of DPC offer the client?

As it was already told, there is a set of different models of service outsourcing service. Are most widespread:

• SaaS providing access to the application software in cloud infrastructure from the client systems via the interface of the program or the web browser;
• "The platform as service (PaaS) — when the customer independently places standard and custom applications in cloud infrastructure, leaving for provider of a duty of formation and setup of computing environment, database management systems, storages and information transfers;
• "Infrastructure as service" (IaaS) — when the customer himself installs operating systems, managing and the application software, independently manages processing, storages and data transmissions.

Anyway the provider in the degree stipulated by the agreement takes the responsibility for stability of work of services and the round-the-clock stability of information channels, protection and reservation of data of the customer, hardware and program traffic filtering, protection against DDoS attacks and a set of other moments.

Having shifted questions on ensuring operability of DPC to shoulders of partner provider on outsourcing model, the enterprise has an opportunity to provide operability of the information environment at capacities of remote commercial DPC, combining them if necessary with own and/or provider private and public clouds.

What cloud services of providers of DPC are most demanded by clients?

From all cloud services at the moment, according to Maxim Berezin from CROC, infrastructure as service (IaaS) is most demanded. It is about use of virtual servers, disks, networks.

Resources from a cloud on demand is what allows customers to deploy any own services in a short time and afterwards to manage them through a self-service portal. Access to resources of a cloud of CROC is automated, involvement of specialists, by words Berezina, minimum, the capacities selected to the customer meet the highest requirements to reliability and quality of work. These factors in total do IaaS by the most convenient service both for the customer, and for service provider.

Based on IaaS CROC also builds hybrid clouds, connecting local infrastructures of customers to Virtual data center and also provides the additional level of data protection, offering service of disaster tolerance (DRaaS). In addition are in demand in SaaS service: from corporate mail from a cloud to call center as service.

In 2015 one more service — Cisco Powered IaaS was added to the service directory of CROC. The key difference from the existing service "Virtual data center of IaaS" consists in use of the new platform answering to ideology of Cisco VMDC (Virtualized Multiservice Data Center). It allows CROC as service provider to deploy the additional services Cisco requiring existence of such platform for the work and, as a result, to attract in a cloud of the clients or who are already working with products of vendor, or only beginning to apply them.

In DPC of CROC it is possible to give as an example of Cisco services, admissible to deployment: Unified Communications as a Service, Contact Center as a Service, Desktop as a Service, Telepresence as a Service.

What does the cost of outsourcing of DPC and cloud services depend on?

The cost of cloud services depends first of all on resource consumption volume. Disks, servers and networks are rated separately. Costs for migration are individually estimated. If the customer himself carries out works on setup of operating systems and application services in a cloud, migration is performed free of charge. If the customer charges a task of setup to provider, works are paid.

"At transfer of small IT systems the price is several tens of thousands of rubles — Berezin says. — In process of complication of the project it, naturally, grows". At the same time providers, as a rule, render to customers of service of budget assessment of migration and a sayzing of the moving IT systems and also develop together with customers a network architecture in a cloud and on its perimeter. The last allows to exclude up to 90% of future problems with operation of IT services in a cloud.

When calculating cost of services of cloud DPC it is also considered:

• the type of the offered service is IaaS, BaaS (backup as service), DRaaS and so forth;
• the quantitative indices influencing the cost of licenses (the protected virtual machines in a case about DRaaS, jobs in a case with service of Contact Centre as a Service, etc.);
• the selected resources of cloud infrastructure.

The cost of resources is influenced, in turn, by a number of parameters:

• quantity of the used cores of the processor and amount of RAM;
• the high performance of a disk subsystem provided in CROC thanks to storage systems based on flash;
• volume used storage systems (DWH);
• additional services, for example, providing "white" (public) IP address;
• additional wishes of customers, for example, use of own hardware or creation of a hybrid cloud between DPC of provider and DPC of the client (these are additional labor costs of service provider).

Example of successful project implementation on outsourcing of DPC it is possible to call placement of accounting archive of primary documentation of M.Video company in a cloud of CROC. The cloud model ensures safety of the electronic archive containing copies of accounting documentation from three branches (over 40,000 pages of accounting documents a month), and protected access to them without capital costs of hardware, the software and infrastructure.

One more example — creation of a hybrid cloud for Bistrodengi microfinance institution. The customer places critical applications in the private cloud, but at the same time has an opportunity to be connected constantly to resources of a public cloud of CROC that at the peak moments of activity quickly to increase computing resources, providing a continued access of clients to the online services, and at the same time strictly to control costs for IT.

What responsibility for reliability of work and security of information are born by provider before the client?

The provider bears responsibility for permanent availability of infrastructure and cloud services. It is enshrined in the relevant agreements which are signed between provider and the customer. At non-compliance with parameters of rendering services the provider pays penalties.

It is remarkable that CROC regulates the services not in one SLA as it is accepted in the market, and in two. The first document registers terms of the greatest possible unavailability of virtual services, the second formalizes parameter performance of disk resources.

How in outsourcing DPCs requirements of regulators regarding personal data processing are provided?

In cloud DPCs both standard means of protecting, and means of the information security (IS) from specific cloud threats are used: firewalling, protection of communication channels, antiviruses, protection against unauthorized access to resources.

For the most exacting customers to security, according to Maxim Berezin, CROC can offer placement in the protected cloud — a node of cloud infrastructure with the implemented cybersecurity technologies certified by FSTEC and FSB on personal data processing. If necessary CROC participates in audits of regulators for obtaining by customers certificates of conformity of infrastructure and cloud services to requirements of the commonly accepted standards, such as standard of security of payment cards (PSI DSS). In particular, for check of compliance to security requirements of these bank cards in a cloud environment infrastructure of Virtual data center of CROC underwent audit at placement in a cloud of processing of Platbox payment system. This company renders services to the mobile operator of MTS, developer of the online game World of tanks, other large organizations.