Phasing applications into the public cloud

You want to move your corporation into the cloud but you don't know where to start? Gregory Machler offers advice for a steady progression of movement of systems and data within the cloud - in a manner that minimizes risk and maximizes cost savings

By Gregory Machler

January 19, 2011 — CSO —

Where does a 500-million-dollar, mid-sized company go to implement cloud computing? Where should they begin? How should a company phase its deployment in order to reduce risks?

First, let's focus on a global law firm. Most law firms have similar business applications, so a public cloud provider could address this niche for law firms around the globe. What should they outsource first? I'll outline five deployment phases related to risk and information security. The five include network infrastructure, disaster recovery infrastructure, remote offices, core law applications, and critical sensitive data applications.

Also see our cloud security survival guide

Often the first deployment phase — network connectivity — is already outsourced to what could be called a cloud provider. The companies' network connectivity to the main data center (where the law web applications are hosted on web servers) is hosted by one network provider such as AT&T. Their second backup provider may be Verizon. The network connectivity to all of the law offices is also provided by AT&T and/or Verizon.

Phase 2 should focus on outsourcing the functions that are critical for disaster recovery of the main data center. This architecture could be deployed at a disaster recovery site in another major city where it can be tested to make sure it covers all business critical functions. The cloud provider needs to be checked to see if they support these functions so that you can be assured that a disaster is addressed well and that your phase 3 migration will go well. What components belong in phase 2?

The following components are needed to serve all of the future phases of recovery. The encryption host is currently housed on separate servers and is used to encrypt disaster recovery sensitive data on the main SAN and NAS storage subsystems. The LDAP host defines end user role-based access to systems and applications. Network management systems are used to monitor up-time of the various data center systems. Email applications are needed for managing global email. A firewall protects web traffic from internet attack. Application software update tools enable corporations to update critical application features in a controlled fashion. Load balancers are needed to evenly distribute web traffic to various web servers that serve various web applications. Web servers host critical business applications: word processing, spreadsheets, presentations, and law applications. A simple SAN and/or NAS storage subsystem is needed to support only the critical phase 2 disaster recovery systems.

Phase 3 addresses functions that exist in branch law office. In order to see the benefits of cloud computing, the cloud providers must provide web-based branch law office applications. If they are not, the cost associated with keeping branch office support personnel is necessary. Note, it is possible to perform remote desktop functions via a browser so that branch applications do not need to be rewritten. It is becoming more and more expensive to keep support staff in the various branches. Eventually, only browser based software on iPad-like hardware will be needed at remote locations with storage coming from the cloud. Only the branches wireless and LAN infrastructure will be needed at branch locations and it will likely be outsourced to a network provider.

• Print