Defining, differentiating and debunking common assumptions when making cloud computing decisions

Christian Teeft, Vice President of Engineering, Latisys

Distinguishing cloud computing reality from cloud hype can be a daunting task. Smart Business met with Christian Teeft, vice president of Engineering at Latisys, to examine some of the key assumptions, myths and drivers that decision makers face as they build their cloud IT infrastructure strategy.

Defined: cloud computing

Cloud computing is IT infrastructure that is delivered as a service, is elastic (users consume as much or as little of a service as they want at any time), is sold on-demand and is fully managed by the provider. In short, cloud computing makes it possible to increase capacity and add capabilities as needed — without the user having to invest in new infrastructure, train new personnel or license new software. Some say the cloud is ‘[anything] as a service’ (XaaS).

The problem with this definition is that it’s very broad — little surprise there is so much confusion and noise in the cloud marketplace. So let’s drill down. There’s cloud ‘Infrastructure as a Service’ (IaaS), for businesses that outsource to data center providers and prefer to spin up and down compute resources to meet variable demand — configuring compute, memory, storage and additional services — without a dedicated physical machine (e.g. online retailers with seasonal demand). There’s cloud ‘Platform as a Service’ (PaaS), for businesses that require pre-integrated application components that they can assemble to quickly create back office systems that run and are delivered via the service provider’s platform (e.g. rich Web, mobile or social media applications). There’s also cloud ‘Software as a Service’ (SaaS), which includes the delivery of a single application through the browser to an unlimited number of customers via a set of pooled hardware resources.

We focus on IaaS as we differentiate and debunk the following assumptions.

Differentiated: private cloud vs. public

In the public cloud, apps and data run on the same shared public pool of resources — available to anyone with the swipe of a credit card. This type of environment is well-suited for certain applications such as test and development, mobility and social media, as well as some e-mail, file sharing and collaboration systems.

But when security and compliance matter, when workloads and applications are mission-critical, or when hands-on expertise is needed to tailor, migrate and optimize your environment, a private cloud solution is best.

Public cloud IaaS is cheaper than private, but you get what you pay for. Your workloads, applications and data may sit on the same server or network as a hacker from China or a spammer from Russia. You also have no visibility into the hardware your environment is running on or control over the Quality of Service (QoS) you receive. Leading private cloud providers build their platform using brand name servers, blades, firewalls and load balancers that are built for multi-tenancy and provide greater security and isolation. They also create separate resource pools so customers can choose the performance level best suited to their application. With the public cloud it’s truly ‘one size fits all.’

Debunked: cloud is best for all applications

Certain applications are clear matches for the burst-ability and elasticity of IaaS cloud: file sharing, social media, testing and development, e-mail, server virtualization and SaaS. But there are many applications where the answer isn’t as clear-cut. Legacy enterprise commercial off-the-shelf (COTS) applications require significant due diligence due to the hierarchical nature of their architecture. These applications might be a good fit for the cloud, but traditional hosting may be more practical and cost-effective. It is important to carefully evaluate the costs associated with transitioning to the cloud and be realistic about what you’re trying to achieve.

Debunked: cloud is cheaper than managed hosting

While it’s true that in the cloud you pay for only what you need to use — avoiding the need to engineer your infrastructure for peak levels of activity — the additional layer of orchestration on top of a managed hosting environment is just that: an additional software component that providers deliver to users to enable self-management, faster provisioning and granular control. This means that the same configuration consuming the same amount of resources for the same period of time is going to cost more in the cloud than it would in a dedicated environment. Cost savings are realized by leveraging dedicated hosting for predictable workloads and the cloud for variable workloads. Be sure to fully understand the ongoing usage and access fees associated with the infrastructure you are deploying to avoid any surprise charges. And challenge your vendor to tailor a hybrid dedicated and cloud solution to your specific needs.

Decision time: develop a chart

There are several important questions that must be answered as you develop your cloud IaaS strategy.  Do you really need to move to the cloud? If so, which applications should be moved? And should those applications be hosted in a private cloud, with more security, reliability and support? Or are your work loads better suited for a cheaper, less regulated public cloud option? What types of templates should you start with, and who on your team will be responsible for the on-demand management of these resources?

It is important to do the research required so you can answer all of these questions, and it helps to align with a service provider that offers hands-on consultative support to right-size a hybrid dedicated and virtual solution. A provider that is equipped to assess your workload history with you and talk through potential solutions, leveraging their experience in terms of business goals, configuration development and the physical migration itself is best.

Christian Teeft is vice president of engineering at Latisys. Reach him at [email protected]


What to look for in an enterprise cloud plan

David Feinglass, Director of Solutions Engineering, Latisys

Moving to the cloud. It’s what everyone seems to be talking about lately. It’s what everyone seems to be recommending. But, it’s not as easy as it sounds. Before migrating to a cloud environment, there are several facets you need to think through.

Smart Business learned more from David Feinglass, director of Solutions Engineering at Latisys, about the key components that make up a smart cloud migration plan.

What does a company need to think through before migrating to a cloud service provider?

Cloud migration is a big step for any organization and, potentially, a risky decision if not planned for properly. There are a few questions that need to be answered before you even think about migration. For instance, why does your business require elastic, on-demand computing? Are you making the move for server virtualization, consolidation, disaster recovery, storage, cost savings, capital expense reduction, etc.? This question rarely applies to an enterprise’s IT infrastructure as a whole — it is more often something that needs to be aligned for each application.

If cloud migration does make sense for an organization, what are the first steps?

Before taking on a migration to a cloud service provider, I always recommend organizations think through three main objectives.

1) Understand what type of migration makes the most sense for your organization:

Staged migration — This requires moving single departments and services over, one at a time, to keep day-to-day business as close to as-is as possible during the migration.

Forklift migration — This requires temporarily cutting out service during the migration process. It’s the quickest and least expensive option, but the scariest for most companies to take on because of that period of downtime.

Phased migration — This requires simultaneously running redundant systems during the physical transition. This is likely the most costly option, but for a company that demands no service interruptions, it may be an essential choice.

2) Understand exactly what you are going to be migrating:

From servers to networking, storage, replication and recovery services, licenses and more, it’s essential that you think through exactly what parts of your infrastructure are going to be a part of your cloud, and whether or not you want to own, rent or buy these capabilities.

3) Understand exactly how much internal and external IT support your migration will require:

It’s probably going to be more work than you think. So, make sure you understand the expertise needed to pull off a successful migration, and partner with the right tools and third-party resources in order to make it happen.

How do you put together the right migration plan for your organization?

There’s a different ‘right’ migration plan for every business. Size matters. Speed matters. But it is what you’re moving that often matters most. Looking at each of your applications and services to understand if they lend themselves to virtual machine migration portability and federated cloud environments is a good first step.

A great way to map the VM migration portability is to put together a matrix.  On one axis, identify all of your applications, such as Web, both external facing and intranet sites, e-mail, CRM, analytics, billing, testing/staging, help desk, document management, etc. And then identify what types of services each application represents. Is it revenue generating, frontline support, analytics, back office support, seasonal services, etc.?

Based on the type of service your applications fall under, you should be able to determine which applications are the best fit for portability and which aren’t really portable. There are many applications that will be an on individual-case basis for your organization, but typically the seasonal or one-time project-based applications are the best fit, along with any application that isn’t revenue generating and the only instance of that application.

What should an organization look for in a cloud service provider?

You really need to do your homework and make sure the service provider is a good fit in terms of data center capabilities, security and support. Assess your workload history together and talk through possible solutions. Understand what their role is going to be in terms of strategy, development and the physical migration itself. And get a clear and conservative understanding of what your downtime, if any, will be during the move. The more their pitch sounds like they think migration is a ‘cookie-cutter solution,’ the more you need to be on guard. This move is a strategic decision for your company, and it’s essential you take the right steps now.

David Feinglass is director of Solutions Engineering at Latisys. Reach him at [email protected]


Why more businesses are transitioning to the scalability and savings in the cloud

Christian Teeft, Vice President of Engineering, Latisys

More and more businesses are making the move from traditional colocation and hosting to cloud-based solutions. But what are the biggest reasons for this mass migration? Is it security? Scalability? Cost savings?

Smart Business learned more from Christian Teeft, vice president of engineering at Latisys, about the key motivators swaying companies over to the cloud environment.

What in particular is motivating this growing interest in cloud computing?

The cloud is really a natural next step in a trend we’ve seen for years as customers evaluate the move from on-premise hosting to colocation to managed services and managed hosting — the desire to transition from capital investments to operating expenses. The more you outsource IT, the less capital intensive your business becomes. The cloud takes this one step further, giving businesses the agility to add and release IT capacity as their needs change without having to oversubscribe for peak usage. This can be a game-changer in terms of cash flow.

Secondly, in a traditional on premise or colocation environment, organizations require a full team on hand — IT personnel skilled in maintaining and optimizing their own equipment. Managed hosting and cloud solutions enable organizations to rely on the provider’s technology expertise, reducing total cost of ownership and allowing precious IT resources to focus on the business.

Does this loss of control through outsourcing keep some organizations from making the move to the cloud?

The beauty of the cloud is that it’s really more of a trade-off. When you own and self-manage your hardware, you are obviously in full control over configuration and performance. But as you outsource more and move toward the cloud, what you lose in direct control over hardware you gain in complete control over IT resources and usage. The cloud enables you to spin up and down virtual instances on demand, tailoring storage, RAM, CPUs and more in ways you simply couldn’t do cost-effectively in a dedicated environment.

How can an organization decide between private versus public cloud solutions?

In the public cloud, apps and data run on the same shared public pool of resources — available to anyone with the swipe of a credit card. This may make sense for some of your IT outsourcing. But when security and compliance matters, when workloads and applications are mission-critical, or when hands-on expertise is necessary, the private cloud often makes the most sense.

What part of an organization’s IT makes the most sense to move to the cloud?

Certain applications are clear matches for the burst-ability and elasticity cloud solutions provide: file sharing, social media, testing and development, e-mail, server virtualization and SaaS. For these types of applications, organizations should investigate how best to migrate these to a dedicated or multi-tenant cloud platform.

But there are many applications where the answer isn’t as clear-cut. Specifically, legacy enterprise commercial off-the-shelf (COTS) applications require significant due diligence due to the hierarchical nature of their architecture. These applications may be a great fit for the cloud, but traditional hosting may be a more ideal solution. More than ever, it’s essential for companies to carefully evaluate the costs associated with transitioning to the cloud and be realistic about what they’re trying to achieve.

What should an organization look for in a cloud service provider?

The service provider must be a strong fit with what is most important to your organization. This might be:

  • 100 percent uptime and stability
  • Multi-tenant isolation
  • Granular control over access and traffic
  • Performance analytics for smarter decision-making
  • Maximum scalability with no capacity thresholds
  • Modular integration that can build for the future
  • Or all of the above

But they also have to have the ability to support you in the planning and migration process. The move to the cloud will be one of the most important IT decisions your organization makes. Make sure your partner has the resources, expertise and commitment necessary to make it happen.

Christian Teeft is the vice president of engineering at Latisys. Reach him at [email protected]


What to look for in an IT optimize solution for infrastructure, applications and support

Christian Teeft, Vice President of Engineering, Latisys

When it comes to maximizing the performance, scalability and value of their IT infrastructure, corporations want the best of both worlds: the features, functionality and benefits of their business applications without the headache of managing and running them.

It has been a challenging proposition for enterprises to optimize their outsourced investment and the performance of their IT spend. Increasingly, however, these companies are turning to providers of colocation and managed services for an IT optimize solution that extends beyond the infrastructure to provide above platform-level support and services.

Smart Business spoke with Christian Teeft, vice president of engineering at Latisys, to help executives determine what to look for in an IT optimize solution, and how they can gain the comfort and assurance needed in turning over ownership and management of their IT infrastructure to a colocation and managed services provider.

What is the most significant difference between an IT off-load solution and an IT optimize solution?

The primary distinction between ‘off-load’ and ‘optimize’ has to do with the responsibilities around the compute layer of an IT infrastructure. With off-load, an IT organization is responsible for the procurement and support of the server hardware, as well as the hypervisor and operating system. With an IT optimize solution, the server hardware, hypervisor and operating system components become the responsibility of the service provider. The provider will capitalize the hardware purchases to leverage their economies of scale, utilize ‘Service Provider Licensing Agreements’ to provide the software in a cost effective and scalable fashion, and provide advanced around-the-clock support for both — all for a predictable monthly expense.

What kind of requirements do companies that are ready for an IT optimize solution have?

Given that these profiles build upon each other, the functional requirements from clients that are classified within the off-load and off-site profiles are similar. Organizations within each profile require highly robust platforms from which they can deploy the critical IT services needed to operate their businesses.

The primary distinction we see between optimize and other profiles is the need for an organization to further optimize their operation by:

  • Moving even more dollars from CapEx budgets to OpEx budgets by shifting hardware and OS/hypervisor software licensing responsibilities to the provider.
  • Optimizing head count through eliminating the need for IT staff to manage the tactical care and feeding of the network, hardware, hypervisor and operating systems.
  • Filling knowledge gaps for server hardware, hypervisor technology, and operating systems by leverage the expertise and support of the service provider.

What are the key benefits of an IT optimize solution provided by a colocation/managed services provider?

Optimize enables an IT organization to focus on meaningful, strategically important IT initiatives and better utilize available IT budgets. This holistic approach allows the organization to spend time innovating the systems, processes and procedures that improve operational efficiencies and drive hard dollars to a company’s bottom line, which not only simplifies the conversation between the business and technology leaders, but also improves the overall reliability of the infrastructure.

How can an IT optimize solution ease the burden of the capital investment required to adopt the latest data center technologies?

IT optimize eliminates the capital burden altogether. This cost is shifted over to a predictable monthly expense that encompasses all costs for the technology — from initial acquisition to ongoing support. On top of the server, hypervisor and operating system costs, the optimize profile has the potential to eliminate all of the big-ticket items typically found within the SME infrastructure, including Storage Area Network (SAN) and data protection platforms.

Many firms are dabbling in virtual servers, but managed virtualization is different. How?

The big difference, aside from the subject matter expertise that comes along with the service provider offering (24-7-365 access to more than one expert) has to do with the way the costs are structured. Off the shelf, the hypervisor software often costs as much as the hardware costs. The optimize profile reduces the economic stair function associated with scaling out virtual machine infrastructure. This allows for managing capacity based on actual resource utilization as opposed to the need for avoiding uncomfortable conversations with the CFO.

How can firms that are hesitant to turn over ownership and management of their IT infrastructure pick the right partner?

Many organizations think they give up strategic control of their operation if they don’t own the hardware.  This simply doesn’t have to be the case. Here is a short list of tips for picking the right partner:

  • Ensure there is rapport. IT professionals should want to engage your team members, inherently supporting the transfer of knowledge that makes the IT organization stronger.
  • The adoption of services should not be adversely disruptive. If you have to change every process and procedure in the book, it’s probably not a good fit.
  • Maintain control. Engaging a service provider isn’t about giving up control but changing the perspective from tactical to strategic.
  • Don’t make your decision based solely on the lowest bid. Consider all costs variables to understand the implications of selecting a particular partner.

Christian Teeft is vice president of engineering at Latisys. Reach him at [email protected]


What to look for in an IT off-load solution

Christian Teeft, Vice President of Engineering, Latisys

IT resources are often pulled in several directions, with more time spent on the ongoing maintenance and monitoring of the core IT infrastructure in place than they would prefer. Projects that would position the company for more profitability or greater efficiency are not always achieved in a desired time frame.

Smart Business spoke to Christian Teeft, vice president of engineering at Latisys, to help define the business benefits of off-loading routine IT services to a provider of managed services, and what to look for in an IT off-load solution.

How does IT off-load differ from off-site and how does a firm know when it is ready to transition?

IT off-load solutions, which are designed to enhance the performance, reliability and security of an organization’s core IT infrastructure, are delivered as fully managed services so an organization’s internal resources can focus on strategic IT initiatives and critical server infrastructure.

IT off-load solutions allow organizations to better control their hardware, system and personnel costs by alleviating tactical day-to-day management operations and converting the capital dollars needed to procure these technologies into operational expenses for the services.

The IT off-load profile enables an organization to build upon the robust infrastructure provided in the off-site profile by leveraging IT staff from the data center provider for the maintenance and monitoring necessary to fully support the infrastructure.

The following are characteristics of organizations that fit within the IT off-load profile:

  • Human resources constraints within the IT organization
  • Internal or regulatory requirements to maintain full control of compute resources within the infrastructure
  • Subject matter expertise gaps within the IT knowledge base
  • Massive data growth that exceeds capital availability

What specific applications and services can an enterprise leverage with off-load?

Commonly leveraged managed services include:

  • High-performance primary storage
  • Enterprise data backup
  • Firewall
  • Load balancing
  • Site-to-site and client-to-site VPN
  • Intrusion detection

Additionally, IT organizations can leverage a team of highly trained network and system engineers to validate and escalate issues within their IT infrastructure, improving the signal-to-noise ratio of monitoring activities and reducing fatigue and workload from key internal IT personnel.

How can an off-load solution free up a business’s resources to focus on its core competencies?

A large amount of time is spent on the ongoing maintenance and continual improvement of IT systems. From configuration changes, firmware upgrades, change-control meetings, managing multiple vendors and training on specific technologies, there is often little time for anything else. In organizations that have limited staffing resources, these routine — but very necessary — activities divert critical thought cycles away from solving more strategic IT challenges.

Why can it be beneficial to off-load data protection, system security, monitoring and maintenance of your IT infrastructure?

The infrastructure needed to support these capabilities is typically very expensive. Aside from the associated capital expenses, a huge amount of due diligence is typically done to ensure the particular technologies you invest in perform as expected within the specific environment they are to be deployed in. Off-loading these types of services not only relieves internal resources of the management tasks, the associated Service Level Agreements (SLAs) mitigate risk for the business.

On top of the risk mitigation benefits, off-loading security and monitoring tasks typically increases the visibility for most organizations, as they receive 24-7 support from a staffed network operations center.

Are there different types of companies that provide managed services?

Indeed. As with all industries, there are providers that have different variations within their service portfolios, different levels of investment within their infrastructure, different demographics and different specializations that their staff focuses on. These variables ultimately mean that organizations that are considering an IT off-load strategy need to be diligent when identifying the right partner. They need to make sure that partner aligns with their own business needs and is positioned to grow with their business over the term of the relationship. We recommend that CIO’s consider the following:

  • Ensure the partner you choose is focused on the services they are offering you.  Many firms are willing to stretch beyond their area of expertise in order to secure new business.
  • Understand the associated SLAs, and make sure they support your business needs.
  • Understand your infrastructure growth path, and make sure your partner can support it. Don’t overlook potential future regulatory needs, or the regulatory needs of your own customers. Also keep in mind that while you may want to maintain full control over certain aspects of your infrastructure today, consider that you may not have that requirement tomorrow.
  • IT is a 24-7 business, regardless of industry.  Make sure your partner can support you 24-7.

Christian Teeft is the vice president of engineering at Latisys. Reach him at [email protected]


What to look for in an IT off-site solution

Evans Mullan, Chief Operating Officer, Latisys

Businesses across every industry face an ongoing need for more power, space and performance from their IT infrastructure. And yet the prospect of spending several months and significant capital investment building out a facility to meet this demand is one many firms find unfeasible.

Smart Business spoke to Evans Mullan, chief operating officer at Latisys, to better understand what a company should look for when considering an IT off-site solution. There are several important considerations when it comes to selecting the right off-site colocation partner that can offer the complete set of capabilities.

What are the primary benefits of an IT off-site solution?

Companies that choose to outsource their IT infrastructure to a data center provider achieve four significant benefits:

More reliability from fully redundant systems for power and cooling, with back-up batteries and generators for continuous uptime.

More connectivity from multiple business-grade bandwidth carriers delivered as a blended network for maximum performance and speed.

More security with several layers of physical security, including 24-7 staff on site, extensive camera surveillance throughout the facility and multi-factor authentication at entryways, such as man-traps, biometric scanners and key-card access.

More capacity and growth potential as data center providers have an inventory of available space for new customers and for existing customers to be able to expand their footprint as their business grows.

What current economic and business factors are driving the business case for colocation?

Capital expenditures to build a world-class facility often exceed the budgets of all but the largest organizations. Outsourcing the physical location of the IT infrastructure allows companies to benefit from the economies of scale that data center companies can provide with regard to Internet bandwidth, cooling and power, as well as security staff and round-the-clock remote hands support. Gaining the increased flexibility and tighter control of costs that come with the operational expenses of colocation make it an attractive solution compared to an investment of capital to build out new data center space.

What size of company benefits most from an IT off-site solution?

Most data center providers have a variety of inventory options available, making them a fit for any size company. Typical colocation packages include partial or full cabinets on the small side, and customizable caged space that can range anywhere from 150 square feet to 10,000 square feet or larger for companies with the need for more space. Some data center companies also provide private suites, which feature fully enclosed data center areas for clients who want additional layers of security, climate control and privacy.

How does this solution help enterprises enhance their security posture?

In addition to the multiple layers of physical security previously mentioned, there are third-party audits that data center providers can achieve that result in the highest levels of reliability and data integrity for their customers.

One of the most significant third-party validations of a data center’s security is the SAS70 Type II audit. This audit is an independent review of the control objectives and activities in place to ensure all controls are valid and enforced. Controls include building access and security, data center access and security, data storage, customer information security and change procedures for equipment and systems. Data center providers that have completed the SAS70 audit can provide a copy of the audit report to their customers to verify that the controls in place are adequate for the customers’ requirements. And the fact that the audit is performed by a third party will alleviate the need for colocation customers to perform their own audits for their IT infrastructure.

How can an IT off-site solution specifically improve a company’s bottom line?

Replacing capital outlays with operational expenses that can be scaled as needed has immediate impact on a company’s bottom line as it faces the need to optimize its IT infrastructure spend. Additionally, the 100 percent uptime service level agreements achieved through a colocation solution will safeguard a company from the financial ramifications of any potential instance of downtime.

Another bottom-line benefit to an IT off-site solution is the economies of scale offered by data center providers. The blended network of premium carriers and shared systems for cooling and security are much more affordable when outsourced and shared amongst multiple clients.

What else should a company look for in a colocation provider?

While an off-site solution comes with many improvements and benefits for a company, it is really just the foundational layer when it comes to the full benefits provided by outsourcing its IT infrastructure. Beyond SAS70 Type II compliant characteristics offered, companies should look for data center providers that also offer growth in terms of additional services and solutions. Common growth requirements include the outsourcing of managed services to improve monitoring and performance optimization systems as well as managed security services. The ability to offer elastic hosting options including managed virtualization and multi-site replication are important factors to look for as well, to ensure that the data center provider can accommodate the maximum scalability for a company’s IT infrastructure now and years from now.

Evans Mullan is the chief operating officer of Latisys. Reach him at [email protected]


How to achieve the most flexibility and scalability for your IT infrastructure

Pete Stevenson, CEO, Latisys

For years now, enterprises and service providers alike have been leasing data center space from wholesale providers to meet their large-scale IT infrastructure requirements. While this model has worked for organizations with the financial and personnel resources to build out space themselves, the growing demand in the industry is for more flexibility to ramp up space and power on an as-needed basis.

To address this recent demand, providers are starting to offer larger colocation areas — something referred to as a Data Center-as-a-Service approach.

Smart Business learned more from Pete Stevenson, CEO at Latisys, about the difference between Data Center-as-a-Service and the more traditional wholesale leasing models.

What is Data Center-as-a-Service?

Data Center-as-a-Service is an offering that mirrors the features of colocation — providing access to power, cooling and bandwidth within a secure space inside a 24/7 staffed, fully redundant and highly reliable facility — but is designed for customers seeking 250 kilowatts to 2 megawatts of IT load. This size of deployment is typically ideal for the wholesale leasing arrangement, where tenants within what the wholesale providers consider a ‘turnkey’ facility are still responsible for facilitating their own routing infrastructure, racks, cabling, IP connectivity, etc. Data Center-as-a-Service providers deliver all of this under a service contract, leveraging their investments in equipment, technical experts and premier providers to eliminate the need for any customers’ capital expenditures.

Why would an organization choose a Data Center-as-a-Service solution over a traditional leasing model?

The Data Center-as-a-Service model provides the customer with much more flexibility than traditional leasing models. Most leasing arrangements are long-term agreements, ranging from 7- to 10-year-long contracts. As more and more companies are learning about the advantages of server virtualization and cloud computing environments, locking up a significant investment in a lease over several years can prove to be very limiting with regard to taking full advantage of rapidly advancing technologies that offer improved efficiency and reliability.

Providers of the Data Center-as-a-Service business model are often in a better position to offer more reasonable leasing terms, as well as additional IT infrastructure management solutions. From managed hosting to managed services, including storage, backup, security services, monitoring, load balancing and disaster recovery services, the provider’s ability to align different services and solutions according to the customers’ requirements translates into maximum agility for the customer. They are able to take full advantage of the latest infrastructure technologies.

What are some of the key advantages with a Data Center-as-a-Service model?

  • OPEX versus CAPEX: Rather than investing large capital expenditures in building your own infrastructure or turning up and staffing a leased space, you can utilize the technological innovations, dedicated service professionals and efficiencies of scale that a Data Center-as-a-Service provider delivers. You get space, power, bandwidth, cooling, security, 24/7 on-site staffing and more all under a single service contract and monthly service fee.
  • Service Level Agreement: Leveraging a provider’s Service Level Agreement (SLA) ensures that your IT infrastructure availability and performance sync with your firm’s business objectives. SLAs help guarantee performance delivery by including economic penalties that hold the provider financially accountable.
  • Network redundancy: In a leased environment, you’d be responsible for contracting your own network providers, which usually makes you reliant on a single Internet carrier and susceptible to embarrassing and expensive outages. Most Data Center-as-a-Service providers are able to offer blended bandwidth — multi-gigabit connections through diverse IP providers to ensure reliable connectivity through enhanced redundancy.
  • World-class security: Security processes are essential for the integrity of your mission-critical infrastructure. For the protection of all customers within the facilities, providers typically feature multi-layered security systems, digital video surveillance, network monitors and a 24/7 NOC team.
  • Managed services: Have a single point of contact for all monitoring, reporting, maintenance, performance and availability of the IT infrastructure. And while there may be different specifics per each unique service in place, all solutions are provided under the SLA to ensure the highest levels of reliability and performance.
  • Ultimate scalability: Gain a much more flexible relationship with the provider, as you’re in a place that can scale along with you. Take as much space, power, bandwidth and cooling as you need today — and when you need more, add only as much as you need. Data Center-as-a-Service providers truly become partners, as they are able to grow with you, at the speed of your growing business.

What traits should an organization look for when choosing a Data Center-as-a-Service provider?

All Data Center-as-a-Service providers have different capabilities, so it’s important you find one that not only meets all your current requirements, but that’s building for the future. Make sure the provider you choose is financially stable, has top-notch physical security, clearly defined SLAs, and sufficient growth capacity to meet your data challenges of today as well as the ever-evolving data challenges of the future. That’s when you can be sure you’re in a safe place to grow.

Pete Stevenson is the CEO of Latisys. Reach him at [email protected]


How to achieve the most flexibility and scalability for your IT infrastructure

Pete Stevenson, CEO, Latisys

Pete Stevenson, CEO, Latisys

For years now, enterprises and service providers alike have been leasing data center space from wholesale providers to meet their large-scale IT infrastructure requirements. While this model has worked for organizations with the financial and personnel resources to build out space themselves, the growing demand in the industry is for more flexibility to ramp up space and power on an as-needed basis.
To address this recent demand, providers are starting to offer larger colocation areas — something referred to as a Data Center-as-a-Service approach.
Smart Business learned more from Pete Stevenson, CEO at Latisys, about the difference between Data Center-as-a-Service and the more traditional wholesale leasing models.

What is Data Center-as-a-Service?

Data Center-as-a-Service is an offering that mirrors the features of colocation — providing access to power, cooling and bandwidth within a secure space inside a 24/7 staffed, fully redundant and highly reliable facility — but is designed for customers seeking 250 kilowatts to 2 megawatts of IT load. This size of deployment is typically ideal for the wholesale leasing arrangement, where tenants within what the wholesale providers consider a ‘turnkey’ facility are still responsible for facilitating their own routing infrastructure, racks, cabling, IP connectivity, etc. Data Center-as-a-Service providers deliver all of this under a service contract, leveraging their investments in equipment, technical experts and premier providers to eliminate the need for any customers’ capital expenditures.

Why would an organization choose a Data Center-as-a-Service solution over a traditional leasing model?

The Data Center-as-a-Service model provides the customer with much more flexibility than traditional leasing models. Most leasing arrangements are long-term agreements, ranging from 7- to 10-year-long contracts. As more and more companies are learning about the advantages of server virtualization and cloud computing environments, locking up a significant investment in a lease over several years can prove to be very limiting with regard to taking full advantage of rapidly advancing technologies that offer improved efficiency and reliability.
Providers of the Data Center-as-a-Service business model are often in a better position to offer more reasonable leasing terms, as well as additional IT infrastructure management solutions. From managed hosting to managed services, including storage, backup, security services, monitoring, load balancing and disaster recovery services, the provider’s ability to align different services and solutions according to the customers’ requirements translates into maximum agility for the customer. They are able to take full advantage of the latest infrastructure technologies.

How to determine your IT infrastructure outsourcing profile and requirements

Don Goodwin, Chief Revenue Officer, Latisys

As executives well know, the ebbs and flows of growing a business can lead to evolving IT infrastructure requirements. When outsourcing IT infrastructure to a data center colocation, managed hosting and managed services provider, identifying which IT services to outsource and which functions should remain in house is critical.

Smart Business spoke with Don Goodwin, chief revenue officer at Latisys, on how executives can effectively determine which level of IT outsourcing (ITO) would most benefit their organization.

What risks or costs do organizations face when handling IT infrastructure in house?

As companies grow, their IT infrastructure evolves, requiring additional capacity and process efficiencies. The systems and IT infrastructure required to support a company’s operations can quickly exceed available physical space, resources and capabilities provided by the in-house data room or data center. The company might then pursue a path of building additional data center space on site, or place their IT equipment in less secure, less reliable environments within their building — which risks security, reliability and uptime.

In addition to incurring structural and facility-based capital expenses as IT equipment needs increase, companies also must add appropriate staff to monitor and maintain all systems and ensure continuous uptime. They are often specialized for the systems they are hired to manage — and don’t contribute to the core business of the company.

Are there different types of ITO a company can leverage?

There are four ITO profiles enterprises typically align with. The first ITO profile is ‘off-premise,’ which refers to a company ready to move its IT infrastructure to a secure, redundant powered ‘off-premise’ data center facility. The second profile is ‘off-load,’ whereby a company seeks to ‘off-load’ some or all non-core IT systems and software applications. The third is ‘optimize,’ for companies with requirements for additional infrastructure management along with preserving capital. These companies benefit from access to proven support teams, bundled hardware and software, and a service level agreement for a monthly operating expense instead of incurring the capital outlay and headcount expense. Finally, with the ‘outsource’ ITO profile, a company would seek support for its above-platform applications and turnkey support services, in turn shifting segments of their IT systems, process and/or functions to service providers specializing in managing IT functions on a captive or shared tenant basis.

Please describe each ITO profile and the services that would best fit their requirements.

Off-premise: The typical off-premise company is looking for more security, reliability and scalability than what its in-house data center capabilities can provide. It requires a colocation provider that can offer data center space, with redundant power and cooling to ensure 100 percent uptime and 24-7 physical security, where the company owns and maintains its own equipment and software.

Off-load: Companies seeking to off-load IT infrastructure management often leverage managed services provided by a colocation provider to augment their colocation solution. They want to take advantage of managed security services such as managed firewall and VPN, as well as intrusion detection and intrusion prevention services. Companies may want to leverage around-the-clock availability of certified IT professionals for ongoing monitoring and management of core network services for their production environment, as well as managed storage and managed backup for complete data protection. This can often be combined with geographically dispersed data centers for disaster recovery and business continuity plans.

Optimize: As an enterprise’s IT requirements for increased efficiency and consolidation become a strong fit for virtualization and managed servers, it may explore options of how best to achieve the ability to turn up and run its applications quickly with minimal involvement from its own technical resources. To gain the benefits of this approach without incurring significant capital investment, companies can leverage the packaged solutions offered by a data center service provider and turn the associated monthly charges into more manageable operational expenses that permit greater financial flexibility.

Outsource: This company desires the fea-tures, functionality and benefits of its busi-ness applications without the headache of managing and running them. They want to fully outsource their investment in IT infrastructure and day-to-day IT management to achieve the highest level of performance for their spend. They seek a provider or providers who can go beyond the network and equipment, and provide above platform-level support and services.

What questions should an organization ask itself to understand what profile it falls into?

A company should first determine whether or not IT infrastructure management is one of its core competencies. The answer to this question goes a long way in determining the ITO profile that fits them best. Companies should consider what infrastructure improvements and additional capabilities can be achieved, and look at areas of IT spend that could more efficiently be managed by leveraging firms that provide IT infrastructure management as their core business. The decision will depend on their immediate and long-term goals and resource availability.

What type of provider offers ITO and what are the primary benefits of this approach?

In addition to the traditional IT consultants and contract firms for monitoring and maintenance services, the outsourced infrastructure providers are typically classified as data center or colocation providers, managed hosting and managed services providers. While each provides a distinct offering, finding a provider that can offer combinations of, or all of, these capabilities will often result in cost savings, as well as increased ease of management and control for the enterprise.

Don Goodwin is chief revenue officer at Latisys. Reach him at [email protected]


How to make sure you’re working with a PCI compliant hosting provider

Dave Feinglass, Director of Solutions Engineering, Latisys

Over the past few years, as online privacy fears and identity theft have become an even greater reality, PCI compliance has grown into an essential priority for online businesses. And now, with the looming financial and PR fears of a data breach on every company’s radar screen, businesses are looking for data partnerships that can ensure them secure payment transactions through PCI compliance.

Smart Business learned more from Dave Feinglass, director of Solutions Engineering at Latisys, about exactly what companies should look for when searching for a PCI compliant hosting provider.

What does it mean for a data center to be PCI compliant?

Actually, that terminology isn’t accurate. It’s what everyone uses. But it’s not accurate. A lot of hosting companies advertise themselves as ‘PCI compliant,’ but the compliance legally rests on the business itself. After all, the business is going to be the one responsible for passing the QSA audit. So, when a data center advertises itself as ‘PCI compliant,’ they likely mean that they can help a business meet all of the PCI DSS (Data Security Standard) requirements.

These 12 requirements include maintaining a secure network with firewall, protecting stored cardholder data, physical security restrictions and much more. All so your data center partner can help you  stay PCI compliant.

How exactly does PCI compliance work within a ‘hosting’ environment?

There are various types of hosting providers, from colocation to managed services to full outsourcing. And any of these types of hosting providers can meet PCI DSS requirements. But, it’s important to dig deeper, past the ‘We’re PCI compliant’ advertisement.

For example, let’s take Requirement No. 1, the firewall requirement. Most any hosting provider can tell you they have a secure firewall to protect cardholder data. But, there’s more to it than that. In order to pass a QSA audit, there needs to be a formal process in place for approving and testing network connections and every change to firewall and router configurations. This implies that a test and development environment, and surrounding processes, are in place.  So, it’s essential for you to make sure that process exists.

How do hosting companies ensure they meet Requirement No. 3 with protecting cardholder data?

In reality, each and every PCI DSS requirement is about protecting cardholder data. Requirement No. 3 specifically relates to how the hosting company goes about protecting ‘stored’ cardholder data. And again, this is where the partnership between the business and hosting provider really comes into play, because stored cardholder data is largely application-driven. While your hosting company can back up and store whatever your client application requires, the  layer of security that the hosting provider must provide, versus what the application itself is managing,  determines who owns responsibility for this aspect of protecting the data.

For example, Requirement 3.2 states: Do not store sensitive authentication data after authorization (even if encrypted).  The service provider may back up any data that a business requests them to, but it’s up to the application itself to not store that data which should not be stored.  This is an example of why it’s so important to walk through each of these steps with your potential hosting provider and understand where each partner’s responsibility lies.

Several of the PCI DSS requirements relate to access control. How should a business evaluate  a hosting provider for compliance with these requirements?

Requirements 8 through 12 all relate to the protection of information, including internal access prevention. These requirements mean assigning a unique ID to every person in your organization with remote computer access, secure physical access restrictions, strict tracking and monitoring of this access, and regular testing of these security systems.  Each hosting provider may handle those requirements differently. Take the time to understand how your hosting provider meets each one of these requirements, and which of these requirements need to have a process that is owned by the application and/or its developers. For example, does the application require the use of passwords that have both alpha and numeric characters, or is this enforced through a policy only? If the application does not enforce this itself, find out how the hosting provider will manage this aspect of the requirement.

What do you suggest a company seeking PCI compliance look for when choosing the right hosting provider?

You need to really do your homework, and make sure the data center can meet all of your specific requirements. Because even if a hosting provider claims to be ‘PCI compliant,’ you’re still the one responsible for the financial realities of noncompliance. So, it’s important to walk through each of the 12 requirements with your potential hosting provider, line by line, and make sure they’re a match for your customer promise. You also need to create a policy with your hosting provider that specifies information security policies for your employees and contractors. It’s a big task. But finding the right provider is worth it.

Dave Feinglass is director of Solutions Engineering at Latisys. Reach him at [email protected]