Cloud infrastructure: Three views from the IaaS sharp end

Rather than charging headlong into putting their IT infrastructure into the cloud, many organisations are rightly taking a measured approach. We talk to the IT leaders behind three recent IaaS migrations.
Written by Toby Wolpe, Contributor

There's no question that many organisations are buying into the idea of moving their IT infrastructure to the cloud. With its promise of lower costs and greater flexibility, infrastructure as a service (IaaS) already accounts for the largest single area of cloud spending.

The IaaS approach leaves the provider with the task of buying and maintaining servers, software, storage, and network equipment, for which customers pay only as much as they use.

Moving to IaaS: An overview

But however much vendors paint a picture of firms stampeding towards IaaS, the reality is the shift is in its early stages — and even many of the companies bent on having a completely cloud-based infrastructure are still in transition between the old and the new.

Some organisations have deliberately gone for a halfway-house, with a hybrid model. Others, such as the Kempinski Hotels group, are for the moment progressing through an interim phase, with a considerable amount of infrastructure provided by the cloud but with the rest remaining on premise.

"We've still got servers sitting here at the moment, but obviously the aim is to get rid of them," says Jeremy Ward, Kempinski Hotels senior vice president for IT.

Kempinski, which describes itself as Europe's oldest luxury hotel chain, is presently in phase five of a cloud migration plan that started in 2011, when it shifted away from the corporate Novell GroupWise email system to Google Apps for Business.

Towards the end of that year the Kempinski group, which has 81 five-star hotels in 30 countries, started looking at its infrastructure, focusing first on the Geneva corporate office where it was hosting 147 physical and virtual servers.

"The utopia we'd like to get to is essentially to have nothing in the corporate office," Ward says.

The company looked at various options, from colocation to infrastructure as a service from the likes of Amazon Web Services (AWS) and a few of its competitors.

Importance of managed services

AWS put Kempinski in touch with London reseller Cloudreach, which importantly for Ward also provides managed services such as testing, syncing and patching. Detailed discussions about how the AWS multi-layered security model could apply to the hotel group helped Kempinski decide that Amazon would be the best fit for its infrastructure.

"One of the concerns of anyone when you're talking about moving to the cloud is how secure it is. We wanted to make sure we could have a discussion with anybody and say, 'Yes, we've put our infrastructure there, but we've done it in such a way that we feel that there's a high level of security around it'," Ward says.

"If you can avoid having the server, the hardware, the capex refresh you need every five years, the backup, the admin overhead, then potentially you could end up actually saving on IT resource as well. To me it makes sense."

— Jeremy Ward, SVP for IT, Kempinski Hotels

"You've got a number of different layers of security — things like routing groups and the ability to get into a detailed level of what can talk to what, what ports can be opened, how you can effectively design your own virtual private cloud."

The proposed model consisted of concentric levels of security with a highly secure environment at its centre, which only AWS services can talk to. The next level was only accessible to AWS and the Geneva corporate office with its 10-strong IT department, with a subsequent level for the hotels, followed by a level for public access for web services and third parties.

The location of the company's data remains an important issue, so AWS's Irish data centre satisfied its requirement for a European site.

The first task for Kempinski was a proof of concept that modelled the security and broke down the infrastructure project into a handful of distinct phases, which each involved shifting applications — starting with the IT helpdesk.

VPNs and technical challenges

The group also faced some technical challenges, such as how to connect up all the hotels around the world, each with their own infrastructures, firewalls and VPN-type devices. The answer was a Vyatta redundant soft firewall that allowed Ward to create a VPN tunnel from all the Kempinski properties.

"We're just moving more and more applications. Of the original 147 servers we started with, we're now down to about 35 left to move. There are a few that I think are going to be challenging. Things like a file server," Ward says.

"We're going to have more of a change and start using things like Google Drive, which will align with our Google Apps setup. So although a file server will disappear from the corporate office, I don't see it appearing on the AWS platform.

"What we tried to avoid, though, was just doing this straight lift-and-shift exercise — and saying we've got 147 servers here, what we're going to end up with is 147 servers sitting on AWS. We actually used the time to consolidate and retire in certain instances."

Although the estimated cost savings over the five-year project stand at about 40 percent, Ward says money was not the only impetus.

How cloud computing changes (almost) everything about the skills you need

"Cost, commercially, definitely. But certainly one of the biggest things for me is we're not an IT company. We're a hospitality management company. We sell hospitality management knowhow for a fee: what we don't do is sell IT services," he says.

"We were building bigger and bigger IT infrastructure and needing more and more resources to support it, and not adding a huge amount of value to the business. We were starting to become this little IT services company."

Administering apps not systems 

By shifting applications to software as a service or infrastructure as a service, the company has been able to move resources from administering systems to administering applications.

"If you can use the functionality of your applications better than your competition, then you're essentially getting a competitive advantage," Ward says.

Kempinski Hotels is working towards a purely cloud infrastructure, and Ward is dubious about the merits of a hybrid approach in which some IT resources remain in-house.

"It depends on your business, how you're spread, geographic locations and that kind of thing. But ultimately the benefit for me is not having to have that infrastructure in the office," Ward says.

"You're always going to need a network and you're probably going to need somebody who can manage the local area network. But if you can avoid having the server, the hardware, the capex refresh you need every five years, the backup, the admin overhead, then potentially — and again it depends on the business — you could end up actually saving on IT resource as well. To me it makes sense.

"If you go the hybrid model, you actually end up having to support both. The question is what are you gaining by moving certain of your infrastructure while keeping the rest in-house or in your traditional data centre? There'll be good arguments for certain organisations, but our view is where we can do it and it makes sense to do it, let's do it."

The hybrid infrastructure option

One organisation that has deliberately opted for a hybrid infrastructure is major UK charity Action for Children.

Last September the charity decided it needed to change the web development agency and hosting partner for its online operation, after several years sharing a server with other charities.

Part of the reason to look again at hosting was the needed to cope with spikes in website traffic caused by tweets from celebrities such as actor, author and broadcaster Stephen Fry.

"People would flood onto the website and cause it to crash. The issue for us is that to manage that in our previous environment would cost us a lot of money," says Action for Children digital communications-data scientist Darren Robertson.

The process of lifting the website, taking a mirror image of it, and putting it onto a dedicated server for a few days constituted too high an overhead for a charity that's looking to trim costs wherever possible.

Action for Children's decision to move the web operation onto Rackspace's Open Cloud is designed to solve online scalability issues, but also offers the charity a chance to shift some of the massive datasets of customer, donor, fundraiser and foster parent information to the cloud.

"While some of the children's data that we wish to analyse can be put in the cloud, in terms of anonymised and aggregated data, the actual records for children's data can't go out there yet. There's just too much nervousness."

— Darren Robertson, Action for Children

"Fundraising data analysis is a big thing for us. But to analyse the entire fundraising database, that would have to be scheduled over a weekend and would tie up a lot of resources. That does not make good business sense," Robertson says.

"We need to be able to do these analyses when they're needed. This is where the cloud really comes into its own and delivers in terms of cost savings. It means people can still use the infrastructure and the fundraising CRM system, but we can run major pieces of analysis without impeding other people's workloads or slowing down our internal network."

Retaining sensitive data onsite

However, Action for Children has resisted making a wholesale shift to infrastructure in the cloud, retaining hardware on-site for sensitive data.

"While some of the children's data that we wish to analyse can be put in the cloud, in terms of anonymised and aggregated data, the actual records for children's data can't go out there yet. There's just too much nervousness," Robertson says.

"If you think about the kind of data held in a particular type of file like that, it would be irresponsible of us to jump in there. We are slowly looking to move more stuff into the cloud. A lot of the actual CRM systems we use across our organisation — some of them are moving more to a cloud-based system.

"I personally feel the cloud is secure in terms of what it is now, and I have complete faith in it. But obviously until government makes a massive move, other charities are going to be less likely suddenly to jump into the cloud fully, and our own organisation is no different."

Robertson says that the hybrid system satisfies senior management, offering secure storage for sensitive data in-house while still benefiting from the cloud.

"We will move to a fully deployed cloud environment eventually, and we are looking at how we may revamp the internal infrastructure to eventually move that into the cloud as well," he says.

Wariness about IaaS move

That wariness about shifting to IaaS is entirely understandable according to Miguel Garcia, head of technical at horse-racing website and TV channel At the Races.

"There's a certain fear of the unknown, a perceived loss of control as you don't own physical servers. However, you're just moving that ownership out another degree away," Garcia says.

He thinks people are right to weigh up a cloud migration very carefully to ensure it fits their needs.

A common thread in the cloud stories of each of these three organisations is the usefulness of outside help and the need to test and prototype repeatedly.

"It's a large undertaking and there appears to be quite a few people jumping on the cloud bandwagon because it's the latest thing. In our case it was a perfect fit and I haven't regretted the move," Garcia says.

"However, it's a constantly evolving service and keeping up to date with developments can be a struggle. So ensure you have the resources to track those changes and updates or you could be missing out on important developments."

Like Action for Children, At the Races wanted to use the cloud infrastructure for its online operation in order to deal with scalability issues. Before the move to the cloud it had the resources to cope with demand spikes, but consequently its servers were inactive 70 percent of the time.

At the Races was already using Microsoft .NET when it decided to migrate from a third-party hosting service and Microsoft SQL Server 2000 to the Windows Azure IaaS platform, merging data from four databases into one.

A common thread in the cloud stories of each of these three organisations is the usefulness of outside help and the need to test and prototype repeatedly.

"Get some professional advice. It'll pay huge dividends. Our session with Microsoft and [reseller] Black Marble was invaluable. If you have the time try to build a prototype, Azure is cheap enough and easy enough to sign up for to allow this," Garcia says.

Detailed work and documentation

Kempinski Hotels' Jeremy Ward emphasises the same points in the detailed work and documentation provided by Cloudreach.

"If we had tried to just do it all by ourselves we would have run into issues. We've had a couple of security questions — it's a very complex security model that you can implement on AWS — and having the right person who really understands that on the end of the phone is fantastic," he says.

"If we had tried to second-guess that ourselves we could have thought we had implemented something secure but actually we may have left a gaping hole in the system, or we may have closed it so tight that we couldn't get in."

Action for Children's Darren Robertson also stresses the importance of due diligence and testing.

"Stick something together on a cloud instance, test it and see if it works. No, it doesn't, drop it, pull something else out — the amount of time to set it up is less, the amount of money spent on putting it together is less," he says.

Related stories

Editorial standards