Get your apps and business strategy on the same page.
Nine Strategic Considerations
pplication workload placement involves assessing and analyzing applications to find the optimal location for target workloads. To achieve optimal functionality and service delivery, applications should be placed where they will be most effective in three key areas: performance, security, and price.
- Hybrid IT environments create a complex mixture of infrastructure and technology.
- Underutilized, unmonitored, and duplicate applications lead to server or cloud sprawl.
- Shadow IT proliferates enterprises when users’ application needs are not met.
- Cloud-first strategies.
- Perform data center discovery to uncover applications and their dependencies.
- Assess and analyze current state infrastructure to plan for future-state requirements.
- Score and assess application workload placement options based on availability, security, scalability, performance, and cost.
- Develop target state options and analyze future requirements (both corporate plans and regulatory environment).
Hybrid IT is the industry-standard practice of spreading workloads across data centers, including corporate-owned, colocation facilities, and cloud providers. For hybrid IT enterprises with these mixed IT and business environments, applications can become out of control, with redundant, unused, and often unmonitored applications taking up critical resources. With a strategic approach to application workload placement, an organization is positioned to put their apps in a secure, reliable environment where they can deliver ROI and scale (or perform) to meet demand. These nine considerations for application workload placement will help further your understanding of both your IT and business environment and assist in developing your strategy:
01. Process precedes technology
New technology will not solve a bad process. An organization may have achieved the pinnacle of technology, but without the right processes and procedures in place, the technology will not deliver ROI. For example, IT can provision a server in a matter of minutes, but processes and procedures can create bottlenecks and prevent rapid provisioning. A major culprit is the agility or lack thereof in your change control board/process. How responsive is that process, procedure, and/or workflow in your organization? These processes should be audited, and, in some cases, consolidated or removed, where possible, to increase agility and speed.
02. Corporate strategy should drive cloud strategy
Corporate strategy should drive cloud strategy—not the other way around. Moving to the cloud is an attractive option for OpEx organizations that want to focus on customers and the core business, rather than running a data center and managing IT operations. For CapEx organizations such as banks and utility companies that want a highly CapEx-centric portfolio, cloud is less attractive because the public cloud provider owns the infrastructure.
Too many organizations are moving to the cloud because cloud is trendy. But, this is not a legitimate business reason to move applications to the cloud. From Amazon to Microsoft to IBM, cloud vendors are luring enterprises to cloud with an abundance of services and promises of scalability and cost savings. In some cases, cloud could add to your operating expenses and provide no cost savings compared to keeping applications on premise. For example, in organizations with legacy infrastructure, many applications are not candidates for a cloud migration, and those that are, require additional licenses, preventing cost savings and increasing operating costs. Additionally, refactoring an application could be required and be cost prohibitive unless the organization has taken steps to understand the long-term benefits of scalability, availability, and future cost savings.
If the corporate strategy outlines increasing security and compliance for sensitive data, then identifying the most secure environment for data-sensitive, critical applications should be part of your workload placement strategy. Cloud might still be an option, but it is a secondary consideration compared to the organizational goal of increasing security. Likewise, if the corporate strategy is to bring new products to market quickly, then cloud could be an option for applications that can be safely moved. Cloud-based solutions (IaaS, PaaS, and SaaS) have begun to normalize and become a viable long-term solution, but achieving ROI and business objectives should be the ultimate driver for moving applications to the cloud. It needs to be intentional by design.
03. Agility and risk: Finding a balance
A key question to ask when considering moving an application is, “How reliable is your current environment compared to the environment the business is considering?” Concerns over latency and availability of applications should be a key concern when making workload placement decisions. Below are some example scenarios:
- An on-premise application might be reliable in its current location, but if it takes a week to provision a development and test
environment, then it would be more agile in the cloud.
- Moving an application to the cloud may affect the reliability of
certain applications. To realize any potential benefits of moving
it to the cloud, the application needs to be assessed for latency prior to becoming a candidate for cloud migration.
- Is the cloud environment being considered more secure than your current environment? If your security patches and operating systems are not up to date, then your environment may be less secure than some cloud providers.
Risk is a significant factor in the decision-making process. When the reliability of your application affects your ability to serve customers and clients, then it is risky to make a move to a less reliable environment. Although shifting responsibility to a cloud provider might seem the right option when they boast high uptimes or perceived cost savings, it may be safer and more cost-effective to stay in your own environment. Conversely, moving to the cloud may provide for better on-demand service, broader network access, better resource pooling, rapid elasticity or expansion, and the ability to measure (meter) services provided to the business. Apprehension about the realities of cost savings and risks of moving out of the environment prevents some from making that final leap to the cloud, and that’s OK. It is not the right call for all applications and systems.
04. Anticipated growth and exit strategy
Understand your organization’s future from a business standpoint. Unless your business is a startup or uniquely designed to be a cloud-based business, i.e., Amazon, Netflix, BBC, Newsweek, Lionsgate, then you need the flexibility to expand and contract your cloud footprint. If your organization is anticipating growth, then an application should be placed where it has capacity to expand and meet demand. The ability to expand and contract is called elasticity, which is easy to achieve in the cloud if an application is designed for the environment. On the other hand, if there is a dramatic change in the direction of the business or significant budgetary reductions, then you need an exit strategy to get out of the cloud to save costs and return to the core capabilities of your environment. If you are locked into cloud across all platforms and all locations, it might not be possible to do that. An exit strategy should take into consideration:
- possible alternate providers;
- technical, financial, and business requirements;
- a plan to ensure continuity during the transition;
- and industry and/or application best practices.
05. Market pressures and demands
With new technology enabling businesses to develop and deploy new products and services to market at a record pace, businesses are in a constant race to keep up. To meet market pressures, demands, and threats, an organization needs to be opportunistic. When the business sees an opportunity, IT needs to be agile enough to say “yes.” Look at the service catalog, understand the cost of building out the new service, and adjust the infrastructure as needed.
Applications that are vital to a business’s ability to meet market pressures need to be flexible, placed in an environment where they can expand without buckling.
06. The big picture
A holistic approach to application workload placement involves understanding the big picture and assessing the entire environment. To do so, there are questions to answer in these five key areas:
- Platform architecture strategy: Are there standard platforms in which IT is going to operate? What capabilities are needed to provide future application features, such as user experience, security, cost, and reliability? Does the current architecture scale up or scale out? What changes are required to achieve the target architecture? What is the current and desired elasticity? What is the resource-demand pattern?
- Application architecture strategy: Is there a plan in place to refactor applications for the cloud? Can you migrate those applications to the cloud, or are there changes that need to be made? What capabilities will the application gain or lose if they are moved to a SaaS (software as a service) solution? Will latency be an issue? How will it impact end users?
- Sourcing strategy: Can the app be placed in the current data center, or should it be migrated to a colocation facility? How much will it cost? Will the business have the bandwidth and capacity in the current data center? Will the data center have a direct connect or VPN to the various cloud providers? Which providers have the resources to successfully deploy the system or application? Are there providers, whether cloud, colocation, or otherwise, that are readily available that meet the demands of your business and technical requirements? Is your team ready to transition from the current legacy mind-set to a cloud mind-set?
- Business continuity strategy: As the business evolves, it is important to be deliberate about disaster recovery (DR) capabilities, building resiliency and recoverability into the infrastructure of cloud environments. What is the recovery time objective (RTO)? What considerations are needed to address the data recovery point objective (RPO)? Has your IT DR plan been optimized to reflect the changing IT environment? Is disaster recovery as a service (DRaaS) an option? Can it scale? What is the right balance between risk and cost?
- Security and compliance requirements: Begin to define different security and compliance levels and map them to different infrastructure and applications. Is it a critical tier-one application with HIPAA or ISO requirements? If so, the security and compliance requirements may greatly differ from vital tier 2 applications with fewer security and compliance requirements.
07. Data considerations
Understanding data is critical to putting the controls in place necessary to optimize operations. Data flow and data sovereignty are key considerations when optimizing workloads for the digital workplace. There are three types of data to consider:
- Operational data: Understand operational data not only from an organizational standpoint but also a financial standpoint. It helps the business understand and control its spend. In a hybrid IT environment, there may be both an owned and operated data center, colocation site(s), and a hybrid cloud environment utilizing IaaS, PaaS, or SaaS solutions with a variety of compute, storage, and networking devices. The CMDB must be up to date. It is critical to understand the workloads, the capacity of those workloads, and any contractual obligations in place with regard to operational data. Costs and profits also come into consideration. Does each application need to be the fastest and the best? Is it worth the added cost? Do you have standard platforms, both on-premise and in the cloud, that match the performance needs and scalability of your application workloads, or is it a custom fit for everything? A custom-fit increases the breadth of skill sets and ability to effectively manage hybrid IT environments.
- Strategic data: There is data residing in your environment that must not get into the wrong hands. Business and IT need to understand what that data is, where it lives, and to what level it is protected. If the business plans to expand its web presence, for example, then the amount of sensitive data collected and stored could increase. There must be a data protection strategy around your platform, application, business continuity, and industry requirements. Consider the future as well. Look at product roadmaps. How is the data affected by the future of your applications and products that you produce? Governance is also a key consideration. Do you have the right processes and procedures to support your strategy and tactical deployment of technology while protecting the integrity and value of your data across the enterprise?
- Cloud market data: Although the business might be expanding beyond the traditional data center and into a borderless data center, the guidelines and standards should still be in place. Can a cloud solution replace an in-house app? What functionality might you gain or lose if you move the app to the cloud? Does it make financial sense to move it to the cloud?
Data should be the underlying source of decision-making in an organization. The General Data Protection Regulation (GDPR) is now a critical factor shaping the way organizations approach data security. While Brexit might have led some UK organizations to believe they no longer need to be compliant with GDPR, the GDPR will affect us all globally. Effective in May 2018, GDPR will affect any organization that processes and/or stores the personal information of European residents.
08. Understanding your decision criteria
Use the below decision criteria when considering the optimal location for your applications. To determine the fit, build a decision matrix, and weight risk and compliance based on level of importance:
- Optimization: Is there a need to optimize the application to resolve latency or other performance issues? If so, in what type of environment will that best be accomplished?
- Speed to market: Does the application have the capacity to accelerate deploying products and services to market? In what environment will the application achieve that capacity?
- Workload fit: Determine where the workload fits into the grand scheme of your environment. Adding, changing, or removing workloads can negatively impact the performance of other workloads, applications, and systems.
- Risk and compliance: Moving an application comes with risk, and some applications are more critical than others and have compliance issues to consider.
- Investment value: Determine whether the investment in moving the application will help you achieve both your short- and long-term goals. Identify the ROI and your break-even point, and place your applications where the workloads fit.
09. Migration plan
When you decide where you want to place your apps, you need a plan to get there. The plan should include five components:
- Infrastructure and application migration approach: In a traditional data center migration, requirements involve IP addresses, server name changes, load balancing, backup configuration, and firewalls, to name a few. The aforementioned and other requirements still apply in a cloud environment, but there are additional requirements for successfully deploying applications to the cloud. They include (1) cloud utilization monitoring and costs, (2) configurations specific to the service catalog provided by the cloud provider, (3) connectivity and operating system compatibility, and (4) configuring the cloud environment itself. Simply moving an application to the cloud will not make it reliable, robust, scalable, and/or an enterprise-class system.
- Transformation plan: Transformation refers to net-new technology in the operating or business environment that helps you leapfrog ahead of the competition. Develop a plan that will meet the needs of the enterprise and the underlying IT infrastructure. It should give IT the agility it needs to partner with the business and speed applications to market.
- Modernization/optimization plan: In contrast to transformation, modernization refers to new versions of applications and systems that provide added capabilities and speed. If you need to modernize applications, your migration plan should support modern versions of your applications and provide the infrastructure needed to succeed in their environment.
- Sourcing/hosting strategy: IT infrastructure availability should be top of mind considerations when developing a hosting strategy. While high availability has its benefits, it is not cost-effective in all scenarios. It also is not necessary for all components to have high availability. Your sourcing/hosting strategy should consider what is currently available to you and what is most cost-effective. Look at the standard catalog of services your organization desires or currently offers, and match them to the available service providers. Also, consider the DR strategy. It should be optimized and rightsized in support of your transformation, optimization, and modernization plans.
- Data gravity: The geopolitical impact of moving data to another location should not be overlooked. GDPR and the Personal Information Protection and Electronic Documents Act (PIPEDA) are paramount considerations for organizations that house customer data. It is important to understand the impact of moving data.
An application workload placement strategy begins with IT leaders working with business stakeholders to understand the business’s goals. From there, IT can begin to assess its current environment to create a strategy for building the optimal future state where applications can bring consistent value to the business. To get the most ROI from the application portfolio, workloads must be placed where they are most reliable, secure, cost-effective, and capable of delivering on the organization’s strategic goals.