Cloudy but fine

While it is hard to find a private sector organisation that is not developing a cloud computing strategy, to date public sector organisations have remained more resistant to the hype.

That hasn’t stopped some public sector agencies pushing ahead with strategies. The Australian Government Information Management Office (AGIMO) is still determining its policy on the use of cloud computing in the Australian Government, buts its policy is close to being finalised. AGIMO is exploring options for data centres as a service and in 2011 will be looking at options that don’t have a high capital expenditure footprint.

---

Public vs private

Paul Allen Unisys

According to Unisys’s Director of Data centre Transformation and Cloud Computing for Asia Pacific, Paul Allen, public sector organisations are taking a very pragmatic approach to the cloud messaging of suppliers, and deciding for themselves the role of both public and private cloud models.

“They are just sorting through all that,” Allen says. “They have come to the realisation that some of their data needs to be in the public domain, and there is now less resistance in putting that into a public cloud. But when we get into citizen data, that has to be protected and can’t go into the public cloud.”

Hence there is significant interest in private cloud solutions, a model which retains many of the attributes of traditional data centre operation, but with the added benefits of flexible workload management and self-service provisioning.

In September, Centrelink issued tender documents for a $40 million storage upgrade that would support a private shared cloud storage-as-a-service model for other government agencies.

The Northern Territory government is also pressing ahead with its evolution to a cloud computing model for 22 government agencies, based on its VMware and Hitachi Data Systems utility computing and application hosting service. A project is currently underway to use VMware’s vSphere cloud computing operating system to provide a cloud computing environment.

“The intention will be to construct a NT Government public cloud in the first instance and then provide agency clouds, in essence provisioning virtual data centres for agencies to use,” a spokesperson said. “Many agencies are moving away from owning and administering business application servers to a more centralised model. The cloud computing offering will allow individual agencies to have total management over their systems by simply purchasing processing resources.”

Business systems that require an enhanced level of security will be offered a virtual private cloud to meet their individual needs.

Under the cloud model, agencies will receive protection from spikes in demand for resources, with resource allocation closely monitored and load sharing used when required. The new environment is also expected to significantly decrease the time required to commission new servers, which has already been reduced from more than 13 weeks in 2003 to less than 30 minutes today.

“The commissioning of VMware Lab Manager and LifeCycle Manager will further add value to clients by allowing them to provision their own systems within the cloud and have the server automatically removed, if no longer required, after a set period of time,” the spokesperson said.

Cloud school

If there is one group of public sector organisations that is pushing ahead rapidly with cloud computing, it is the university sector. Many have now adopted cloud computing solutions for student email, using Google’s Gmail or Microsoft’s Live@edu services to simplify the addition and deletion of thousands of email addresses each year.

The Chief Information Officer of Curtin University of Technology, Peter Nikoletatos, says that numerous universities, including Curtin, are considering Microsoft’s Business Productivity Online Standard (BPOS) suite. Curtin is also utilising Microsoft’s Azure cloud computing environment for new application development. 

Rajesh Pamawar, University of Melbourne’s Technology Architecture Group	Nick Race Arbor Networks	Wissam Raffoul Dimension Data

“We’ve already completed our student email and our staff email in the cloud, and we are looking at what containers we can put in the cloud that are the first steps towards moving more and more of our data into managed services,” Nikoletatos says.

The University of Melbourne is also implementing a cloud strategy as the next stages of a virtualisation technology roadmap that it commenced with VMware back in 2006. The University’s lead for its Technology Architecture group, Rajesh Padmawar, says the University has developed a technology roadmap that will take its information services on a five-stage journey from ‘siloed’ to ‘shared’ to ‘simplified’ to ‘dynamic’ and then finally to a cloud-based model.

He says the goal is to create an internal private cloud infrastructure that can be augmented with public cloud services. A self-service portal will enable users to commission resources from a service catalogue without the intervention of administration staff.

“We are moving the resources that we have, which are disparate and separately consumed by the business services, and putting them in a pool and using them as required, so that we have room to grow,” Padmawar says. “It will enable us to go to IT as a service, and basically, that is our goal. Not to be a cost centre, but to be an enabler and a partner with the University.”

Today, he says, the University is somewhere between steps two and three. Every time a new application is needed, the University looks at its requirements and where it fits in, and asks whether it should be developed in-house or outside.

New processes

“We are trying to simplify the processes right now, and we do have a virtualisation platform that we are trying to enhance with the latest offerings from VMware and the like,” Padmawar says. “These steps can go in parallel, but once you are on the journey, there is no looking back. But for legal reasons, there may be some reasons from a University perspective why we can’t put things into the cloud.”

Padmawar says thinking about IT as a service opens up numerous opportunities for collaborating with other universities, as well as affiliates and partners.

“That is at a later stage though,” he says. “The technology will allow us to do that, but the processes and people have to change at the same time.

“We do have certain projects that are coming up right now, like building a research cloud, where we are going to be a cloud services platform that is going to be available for all researchers.”

Padmawar says he is also less concerned about the security implications of cloud computing, thanks to developments in many of the latest product releases.

The University of Melbourne is also a partner in a shared data centre facility with RMIT University and Monash University, which is operated by Fujitsu. However, this is separate to its cloud computing strategy and will not lead to the sharing of storage and servers.

A global pause

Further examples are few and far between, but the situation does not appear to be significantly different in the US. According to US-based Vice President for Federal Government Sales at the global telecommunications company Verizon, Susan Zeleniak, US government agencies are also trailing the private sector in terms of cloud adoption, although interest is high.

“We have not seen a large amount of procurement activity yet in terms of them asking us to build a private cloud, but we are starting to see that it is all they are talking about,” Zeleniak says. “They are all talking about how they are going to transform to the cloud. It is one of the President’s IT initiatives (announced in September 2009), everybody does see it as a way to control costs and make information available according to more organisations that need it.”

Overall, Zeleniak says the motivations for cloud computing amongst public and private sector organisations are very similar.

“Their priorities are to be more cost effective and efficient, and there is a need to have an environment in place that allows particular agencies a better option for sharing information, and so these clouds may be the way to do that,” Zeleniak says. “When they look at their more comprehensive architecture, the whole cloud environment allows them to fit some standards and controls and architectures that are uniform for everybody.”

Cloud computing also fits with a long-term strategy of reducing the number of US Federal data centres from 5,000 to 2,400. By September 2011, all new government IT investments must complete an alternative analysis of a cloud solution, and by September 2012, all enhancements of government IT investments must include an alternative analysis of a cloud solution, with the same required for all steady-state IT investments the following year.

Zeleniak says the overall leaning is towards private cloud investments, primarily to ensure that data is housed in facilities that meet US federal security requirements. However, for public-facing data where the goal is to encourage greater interaction with citizens, public cloud services may be applicable.

And despite the leaning towards private clouds, there are many examples of where public clouds have been adopted. Salesforce.com counts the US Army among its customers, along with public sector organisations such as the Department of Health and Human Services, the Securities and Exchange Commission and the State of Utah.

Amazon Web Services is also reporting success with government agencies. Through its partner Smartronix, it is assisting the development of the US government’s Treasury.gov Website to support the communications and publishing requirements of the US Federal Treasury, to increase access to Treasury resources and assets.

Amazon Web Services’ Asia Pacific managing director Shane Owenby, points to a recent IDC Government Insights report that argues that public sector agencies must urgently coordinate and integrate their various e-government functions through the cloud as they face renewed financial pressure and an increased demand for service delivery.

“The Australian public sector is now at a crossroads weighing up the pros and cons of owning and operating fixed IT assets versus employing a cloud-based infrastructure,” Owenby says. “As we have seen in the US, their Federal Government is already moving down this path, changing the way business is done and bringing forward a new sense of responsibility to how they manage taxpayer dollars.”

Action is imminent

IT seems government agencies are getting the message. A recent seminar on cloud computing conducted by Dimension Data found a majority of attendees were from government agencies. The company’s General Manager of Consulting, Wissam Raffoul says, however, that there are still misconceptions around cloud computing that need to be put to rest.

“There are risks associated with it, depending on what you are trying to do,” Raffoul says. “If you understand these risks and mitigate them, it will become a viable option. And they were interested in knowing what the risks are.”

Unfortunately, the consolidation of data into much larger centres poses a much more attractive target for cybercriminals. According to the ANZ Country Manager for online security specialists Arbor Networks Nick Race, 55 per cent of Internet traffic now goes through just 100 autonomous systems, including Amazon Web Services.

“Availability is the key to cloud computing, and security is a key component of that availability,” Race says. “So it is not so much the pipes that need defending, it is the data centres.”

According to Raffoul, data security and its location are two or the greatest concerns for public sector organisations.

“There are 26 service providers worldwide, and only five of them operate in Australia,” Raffoul says. “So if you are going to use these, then your data is going to be residing outside of Australia. But it doesn’t really matter where the data is, provided you can legally sue the people if they misuse it, and if you are allowed to do a security audit by a third party.”

He says other common questions were around how differences in cloud service architectures limit data portability, and regarding the maturity of service providers in terms of their ability to operate an outsourcing service model with processes and guarantees for availability.

Raffoul says another issue is simply determining the price-competitiveness of different service cloud offerings.

“None of the government departments have a clue of the unit price for services – they have a budget and they spend it,” Raffoul says. “Would they know how much it costs to process payroll? They’d have no idea. They don’t have visibility at the transaction level, and hence they can’t compare their internal cost to a cloud service’s cost.”