IT as a Service (IaaS) is generally understood to mean the delivery of a standardized catalog of applications and platforms to end users within one organization, without traditional lengthy IT and business-unit approval processes. In other words, IaaS is supposed to answer to the question of how corporate IT can compete with the agility of public cloud services such as Amazon's and Google's while maintaining control over sensitive data behind a firewall.
The obstacles between enterprise IT as it exists today and achieving the IaaS vision are manifold: converting to a virtual infrastructure suitable for automation; implementing automation itself; and finally, bringing existing corporate policies in line with IaaS workflows.The uncharted waters of infrastructure automation
Assuming an enterprise has overcome the hurdles that many organizations still struggle through to put the entire data center onto a platform suitable for automation, tools that automate and monitor performance remain in their infancy today.
VMware's vCloud Director is an example of the way new automation mechanisms require complex integration into existing environments, have confusing gaps and overlaps compared with existing products such as VMware's Lab Manager. And they are still loaded with lots of fine print.
I don't think [VMware's] vCloud Director is ... right for us.
senior hosting center engineeran accountancy and professional services firm
Meanwhile, the creation of standardized service catalogs, rather than maintenance of infrastructure customized for each application, is another major shift for IT to grapple with. So far, for Clint Johnson, systems integrator for the Mississippi Department of Transportation, the closest thing his organization runs to IaaS is a test-and-dev environment based on VMware Workstation and "beefed-up desktops" for developers. Otherwise, "we need to create templates with security variables accounted for, and a service catalog -- you can't just let users spin up [a] box if it's not something you can support."
Some organizations require more granular enforcement of policies through self-service portals than available tools offer. "I cringe at the idea of someone provisioning their own SharePoint server from the company 'app store,'" said Rick Vanover, a virtualization expert at a financial services firm in the Midwest.
His organization requires strict controls on the size of files uploaded to SharePoint and other applications such as Oracle databases. But currently, Vanover said he hasn't found a tool that would allow him to set limits at a level as granular as file sizes within virtualized applications.
Trying to fit a new IaaS paradigm in with existing skill sets among an enterprise's IT staff can also be tricky with current product options. "I don't think vCloud Director is the product that's right for us," said Chris Dearden, a U.K.-based senior hosting center engineer for one of the world's largest accountancy and professional services firms. "We have a fairly large investment in skills in Microsoft's System Center suite, and vCloud Director requires Oracle skills,. We'll most likely build our own self-provisioning portal based on SQL."
Then there's the matter of making sure automated processes execute properly. Point tools from multiple vendors, which are often distinct for physical and virtual infrastructure as well as for different aspects of virtualization management, are the status quo. Automated data collection, as well as automated coordination of statistical data for faster troubleshooting, are clearly needed to achieve ITaaS, but products in this area are also nascent and can be tricky to work with at scale.Policy orchestration with automation: an even thornier issue
Despite all the technical hurdles to achieving virtualization and automation, many IT pros say the technology is the easy part, compared with trying to reconcile IT as a Service with 'the way things have always been done."
Purchasing shared resources to create an IaaS environment may require an organizational overhaul.
One issue that plagues enterprises as they virtualize is friction between previously specialized, separate IT groups, and wrestling over management control. Purchasing the shared resources to create an IaaS environment can require an organizational overhaul where the process is typically handled separately for different business units. "The whole purchasing process can also act as a brake on VM sprawl," said Adam Baum, an IT architect at the City of Mesa, Ariz., which wants to pool resources for a private cloud with other local governments. "Even if you have a site license for the VMware hypervisor, every server comes with costs for security software and the operating system -- you don't want to see them popping up everywhere."
Cost also comes into play when it comes to fitting chargeback for shared virtual resources into existing corporate policies. (This system of IT accounting applies the costs of services, hardware or software to the business unit in which they are used.) "Chargeback in and of itself can be a daunting beast," said Jason Boche, a virtualization evangelist and VMware customer, "But trying to calculate it by megahertz used on a processor, percentage of a CPU or bytes used on a disk is not something large organizations are accustomed to."
It can be difficult to reconcile IT as a Service with 'the way things have always been done.'
For corporate governance and regulatory compliance purposes, infrastructure management control, auditing and enforcement are paramount, but clarity on these issues within the virtualization world is hard to come by. For example, according to Gregory Rosenberg, the CTO for Red Hat value-added reseller RICIS Inc., time synchronization between audit logs is important for his financial clients to remain in compliance with various regulations, but precise time synchronization between virtual machine (VM) applications and their underlying physical hardware is rendered nearly impossible by the fundamental nature of a hypervisor, which exists to intercept and redirect instructions between applications and hardware resources.
Organizations will also need to perform more audit logging at the virtualization administrator's level to ensure confidentiality of sensitive data, something Edward Haletky, the CEO and a cloud analyst at the Virtualization Practice LLC, said is not common practice today.The path forward: Slow and unsteady
Organizations in fields less subject to regulatory issues, such as higher education, have already found success in offering IT as a Service. "We have 1,600 VMs, half dedicated to central IT, and the rest for our school's departments, which we sell as a service," Rob Lowden, the director of enterprise infrastructure at Indiana University. Users of the IU cloud, accessible via the Web, can run whatever they want on the infrastructure, even though this means Lowden mages about 250 TB of data associated with those 1,600 VMs. As a public university rather than a corporate entity, Lowden said, "we don't have to factor in profit, and we set service-level expectations rather than being legally bound to service-level agreements."
But for other users, the "jury's still out" on the whole IaaS concept. That's how Scott Checkoway, the manager of network and operations services at Northeast Georgia Health System, put it when asked if his organization would consider moving to an IaaS model in the future. "For clinical applications, instantaneous access is a big, big deal, and [the] healthcare [sector] is leery right now about security."
Ultimately, experts predict that IaaS will follow the path of virtualization itself, stepwise, beginning with test and development, progressing to the "low hanging fruit" of non-critical apps, and from there encompassing the entire enterprise. "It will be an exercise in a gradual process of replacement rather than conversion," said Jeff Boles, analyst with Milford, Mass.-based Taneja Group. "There are plenty of people out there with scars on their backs from handling server virtualization as a single conversion."
Beth Pariseau is a senior news writer for SearchServerVirtualization.com. Write to her at firstname.lastname@example.org.