Sergey Verchenov, CROC: Audit of IT infrastructure – the first step on the way to a cloud

Sergey Verchenov: Interest in migration of applications on cloud infrastructure is connected not with the amount of business, and it is rather with specifics of use of applications. If it is about the medium-sized or small company, especially – a startup, then in this case in a cloud it is possible to take out infrastructure entirely. Large business goes to clouds too, but the effectiveness of carrying out in a cloud of all IT infrastructure in this case is not always obvious, and more often it becomes on model of a hybrid cloud. Since simple IT systems, customers gradually transfer to a cloud and components of critical infrastructure. Among customers of CROC there are representatives of medium business whose infrastructure is taken out in a cloud entirely, and large business which placed the infrastructure in a cloud only partially. As a rule, each of such projects is preceded by audit of infrastructure or its components.

Sergey Verchenov: For adoption of the weighed solution it is necessary to consider several important factors according to each application separately. First, financial side of the project. The second important point - technical functionality of applications, more precisely - an opportunity to implement the same functionality in a cloud technical computing architecture, in more modern and high-quality execution. The third factor which it is necessary to consider, – ensuring security of the application that is implemented at placement in a cloud by geographical distribution. The fourth important point – information security support of the application and restriction, with it connected. The fifth moment – ensuring efficiency for business, and in respect of efficiency is meant not only financial side of a question. For example, in the project implemented by us for one federal insurance company, to the customer is profitable to have the call center which is not tied to specific geography of branch that gives the chance dynamically to change capacities of call center depending on current demands of each region. And the sixth factor - satisfaction of business users in respect of use of service from a cloud, technical support and consultation. Here in brief highlights which should be considered at making decision on transfer of this or that application in a cloud, and they, in fact, assume complex audit of own IT infrastructure. The company can conduct it independently or with involvement of external consultants.

Sergey Verchenov: Yes, CROC provides service in audit of IT infrastructure to the customers. I will note that in the market there are not enough companies capable to carry out this procedure with a sufficient depth today. In 25 years of work in the Russian market we created strong competences in IT consulting and examination which allows us to implement projects of the most different scale.

Sergey Verchenov: Development and deployment of management programs for continuity (Business Continuity Management, BCM) for critical infrastructure begins with audit. Existence of such programs allows to save much more in case of this or that incident. BCM programs include the plan for ensuring smooth operation of business processes (Business Continuity Planning, BCP) and the plan of their recovery in case of emergency circumstances (Disaster Recovery Plan, DRP). Developing such programs, we will see off the detailed analysis of the being business processes, classification of their criticality and we correlate to those resources (human, material, IT) on which they depend. Duplication and automation of these resources – guarantee of business continuity and operability of corporate IT systems. Among the industries, most sensitive to any failures, it is possible to select online retail, airlines, an oil and gas sector, telecom operators and banks – where losses can be calculated by millions of rubles. First of all the thought-over BCM programs and plans of disaster recovery of IT systems are necessary for these companies.

Sergey Verchenov: The first that the customer needs to know: cloud applicaions it is not always more profitable than local installations. Operation cost in own IT infrastructure and in a cloud for many applications will be comparable or is even slightly higher in cloud option. But in some cases, the IT resources connected with dynamic consumption, infrastructure in a cloud will be more profitable, - for example, in case of retail of which the seasonality of sales is characteristic. At cloud implementation of IT resources the retailer can reserve the resources necessary in case of peak loads in advance, or be calculated with provider upon the consumed computing powers, in the western terminology it is called by pay as you go. Besides, in a cloud it is profitable to take out the environments for development and applications testing which are also assuming a dynamic load and also IT support of startups when business is only brought to the market and its successful future it is still unevident. It saves the company from need to build own IT infrastructure, buying local applications and the equipment.

Sergey Verchenov: Cost efficiency of expected migration can be estimated at a cloud. Actually, we are also engaged in it on preliminary project stage, namely – assessment of return of investments (ROI). We compare resource consumption volumes the application, the cost of its operation within own IT infrastructure and at cloud implementation. We have special cloud calculators allowing to make necessary calculations. The necessary quantity of resources is driven in, load distribution on time is set and at the exit we receive cost comparison of two options of operation, on the platform of the customer and in a cloud.

Sergey Verchenov: Calculations are most often made for year, three and five years, but there are no problems to make calculations, having made splitting and into shorter periods.

Sergey Verchenov: To number of leaders of cloud migration among applications it is worth selecting: development environments and testings, applications with a dynamic load, startups and pilot projects, the websites or portals, e-mail.

Sergey Verchenov: E-mail often is considered by the companies in the context of migration in a cloud. By estimates among clients in the current year, about 10% of the companies or already transferred e-mail to a cloud, or are ready to make it. Cloud mail is effective in operation, and first of all - in respect of business scaling. The company does not need to control the number of users of a mail system, and, respectively, to be put on new server capacities, only the actual quantity of mailboxes is paid. User data are protected also from the hacker attacks, and in the context of ensuring continuity of receiving service. The last is provided by implementation of geographically distributed system placed on several servers in different data centers. In case of falling of one of nodes, mail automatically moves to another that guarantees the continuity of providing services, performance also does not decrease.

Sergey Verchenov: At this problem two aspects: security of data in a cloud and their security. The security of information from loss is provided how it was told above, the distributed data storage on different nodes of a cloud computing architecture and on different DPCs. So, our company has own network of data centers in two of which we also offer the customer placement of cloud applicaions. We provide to customers of CROC the double SLA on services of a cloud of CROC guaranteeing availability of servers and performance of disks at the level of 99.9% that is extremely important for steady work of any business. In addition special managed services, such as its insurance using the disaster-proof solution – "COMPREHENSIVE INSURANCE for DPC" can increase reliability of cloud infrastructure. Such service provides the continuity of work of IT systems needlessly independently to administer service. And the level of security of data often even above, than at traditional placement of infrastructure in the territory of the customer.

As for information security, the level of concerns of the companies seriously decreases in recent years as protection of cloud applicaions is performed in fact by the same means, as in case of own IT infrastructure. In CROC company these questions the service closes the centralized security host (CSH) – actually the service including all necessary means of ensuring of cybersecurity and, respectively, in the protected perimeter behind which applications of the customer, including taking into account requirements of Federal Law 152 "About personal data" and other legal acts in the field are placed.

Sergey Verchenov: Use of mobile devices does not complicate at all providing Information Security as there are special management tools and protection, and they are used by us if it is necessary.

Sergey Verchenov: Audit of IT infrastructure is booked on a preliminary stage, before start of the project, and it is the first step on the way to a cloud. During audit comes to light what applications and in what order it is reasonable to transfer to a cloud, the strategy of cloud migration is built. If the customer already makes the decision on migration of a number of applications in a cloud, then only examination of IT infrastructure in terms of the solution of a specific objective within this project is conducted - it is the simplified audit option. Based on audit we provide to the customer the detailed analysis and recommendations with optimal scenarios of reliability augmentation and flexibility of infrastructure – using a cloud, resources of outsourcing DPC or HaaS.

Sergey Verchenov: If it is about the large company, then audit can be implemented as the independent project which can last up to several months and on a paid basis. As a result the customer receives the road map of cloud transformation with the set of guidelines for transfer of applications in a cloud or, on the contrary, expediency of continuation of operation on own platform, or the autsorsinogovy platform, including recommendations about reservation of applications and business processes for ensuring continuity of a company performance. But quite often we book audit within the project on migration as the service which is already included in the contract. Everything depends on the volume of transferable IT systems and complexity of the project, but it can be carried out at the same time in the seduced view with focus on inspection of separate components of infrastructure.

Sergey Verchenov: The first stage as we already spoke above, is an inspection of IT infrastructure. At the second stage planning of process of migration of resources in a cloud and preparation of a cloud computing architecture of the transferable solution is performed. In particular, if amounts of data are big, it is necessary to provide the actual loss of a system from operation (so-called downtime) and to plan it, certainly, on time off and actually not to notice migration process. At the same time all critical systems and applications are reserved that allows business of the customer to continue unceasing work. As for a cloud computing architecture, depending on arrangements with the customer, we or prepare detailed documentation, or we make the short plan with oral explanations. The third stage – drawing up and agreement signature on receiving cloud services, and, at last, actually migration of applications in a cloud.

Approach to process of migration is standard – for most of our customers the plan of switching of applications forms, infrastructure prepares, the business and critical systems / applications are reserved, the main amount of data is migrated, test checks are executed and in the approved downtime there is a switching of infrastructure of the customer to capacities of a cloud of CROC.

Sergey Verchenov: If on a minimum, in case of the small application, – one night or even few hours, and actually the customer can begin to use the selected virtual machine in our cloud right after the request for service. If it is the big project, then most often it is performed in several stages, with serial switching of applications within the plan of migration in a cloud, and then the speech can go about month or several months, in case of especially large project.

Sergey Verchenov: The first problem – technical incompatibility at transfer from one platform on another, for its solution it is necessary to consider all features in work of the transferable application. This problem is excluded already at a stage of audit of infrastructure and is reflected in the report with recommendations about its results. The second – planning of temporary 'downtime', correct in terms of business continuity, – shutdowns of a system at data migration of large volumes and work from reserve capacities. And the third - accounting of dependences of information systems from each other in respect of data exchange.

Sergey Verchenov: Satisfaction of users – one of the most important criteria of success of any IT project. And in case our technical support service begins to interact with the final customer, from users we observe increased requirements to which we should correspond. It can be considered a certain complexity, especially at the initial stage of operation of the cloud applicaion. But in process of project completion and its full start in commercial operation all processes build up, and users get stable access to the usual applications.

For example, for one large foreign company we implemented switching of capacities from abroad. The specifics of the project consisted in migration of very large amount of data on narrow data transmission channels. We broke process of migration into several stages. At first carried out migration of big copies of data (tens terabyte of data literally in suitcases). Then made replication of data at the level of backups, and already then springs from backups and synchronization by means of a DWH/hypervisor. Final synchronization and switching in a cloud were made during the minimum downtime, having provided moving of systems, almost invisible to users, to our cloud.

Sergey Verchenov: It is more correct to speak not about an economy segment in which the company passing to a cloud platform, and about specifics of applications which are reasonable for transferring to a cloud works. In any sphere of economy – the banking sector, telecommunication operators, retail – are applications which carrying out in clouds will be interesting and profitable. Development environments and software testings and also applications with dynamically changing loading depending on time of day, month, a season – such applications often take out in a cloud. Completely the developing companies, it is easier for them to subcontract the IT infrastructure to the external supplier with the guaranteed SLA go to a cloud and to be focused on business growth. And for separate problems or local projects with long term of implementation it is optimal to create own IT platform in outsourcing DPC or to go on the way of HaaS (HardWare as a Service). Such services now are demanded by many companies and in the long term we expect increase in demand for them.

Sergey Verchenov: Among implemented projects, with different time limits on switching and technology of data migration. For example, we carried out migration to a cloud of critical business systems for Unistream bank, constructed in a cloud infrastructure for Rusagro holding, helped to start the Russian segment of social network Loqui Business and social service Loqui based on a cloud of CROC. Among the most significant projects – creation of reserve DPC for one large bank with state participation. For them we built the failsafe platform in our cloud and complex service of DR for risk minimization of idle time of systems. It will allow to ensure continuous functioning of the key systems of bank and to raise a customer loyalty among which the largest Russian and international companies.