Cloud computing overview

lovingbangInternet and Web Development

Nov 3, 2013 (4 years and 4 days ago)

97 views

Cloud computing overview





Benefits, risks and challenges







Page
1

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Agenda


IT challenges and business implications


Cloud
computing overview


Adoption
model


Cloud installation (Rewards and Risks)


Cloud challenges


Audit strategies for cloud implementation


Auditing
the
cloud compliance


Market maturity


Appendix A: Cloud Definitions

Page
2

© 2011 Ernst

&

Young LLP. All Rights Reserved.

IT
challenges and business implications

IT organizations struggle to meet the exponential growth in applications and
data with resources still characterized by infrastructure and organizational silos.



As a result, companies today are faced with a number of challenges, including:


IT cannot keep up with business and application demands


Administration inefficiencies


Misalignment resulting in errors

Inability to provision services seamlessly
across infrastructure domains (e.g
.,
Network/Security, Servers, Storage)

Business
implications

Operational
challenges


Inability to meet service levels


Inefficient, cost over provisioning


Limited business agility

Insufficient flexibility to keep pace with
dynamic business requirements


High TCO


Power inefficiencies


High facilities (space) cost

Proliferation and low utilization of
resource (
e.g., servers
, storage)


Inability to cost
-
effectively meet application recovery
time/point
objective (RTO/RPO) requirements

Expense of traditional disaster recovery

Page
3

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
computing overview

Definition
and key characteristics


Cloud computing is a
pay
-
per
-
use

model for enabling available, convenient,
on
-
demand

network access to a shared pool of configurable computing
resources that can be
rapidly provisioned
and released with minimal
management effort or service provider
interaction.



National Institute of Standards and Technology (NIST)

Rapid
elasticity

Ubiquitous
network
access

Location
-
independent
resource pool

On
-
demand
self
-
service

Pay
per use

Page
4

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud computing overview


Don’t we already use it?


Emails, messengers


Mobile applications


Software


Web applications


Managing servers




Who provides it?


Providers like Google


Amazon, Facebook, etc. have their
own cloud services


Number of providers for customer
-
based applications are entering
the market



Customers

Google

Others

Amazon

Facebook

Page
5

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
computing overview

The
cloud services delivery model

Infrastructure
-
as
-
Service (IaaS)


A highly scaled redundant and shared computing infrastructure accessible using
internet
technologies


Consists of servers, storage, security,
databases and so forth

Platform
-
as
-
Service (PaaS)


A platform that enables developers to write applications that
run

on
the
cloud


A platform would usually have several application services
available for quick deployment

Software as Service (SaaS)


Applications that are enabled for the
cloud


Support of an architecture that can run multiple
instances


Stateless application architecture

Page
6

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud computing overview


Cloud computing is divided into three broad categories


Software as a service (SaaS)
provides consumer the capability to
use provider’s applications running on cloud infrastructure which
are accessible from various client devices(web browser, email)



Consumer

Control limit

Application

Software

Infrastructure
software

Operating
system

Virtualization
layer

Physical
servers

Networking and
firewalling

Data centers

Example.


Example.


Example.


Example.


Example.


Components


Machinery

Microsoft

Office

SQL

server,

Java,

ASP.NET

Windows,
Linux

Vmware, Xen

IBM,

Dell, HP

Routers,

switches,

firewalls

Data center,

mechanical

and electrical
devices

Provider

Page
7

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud computing overview


Cloud computing is divided into three broad categories


Platform as a service (PaaS)
provides consumer the capability to
deploy onto cloud infrastructure consumer
-
created or acquired
applications created using programming languages and tools
supported by provider




Consumer

Control limit

Application

Software

Infrastructure
software

Operating
system

Virtualization
layer

Physical
servers

Networking and
firewalling

Data centers

Example.


Example.


Example.


Example.


Example.


Components


Machinery

Microsoft
Office

SQL

server,

Java,

ASP.NET

Windows,
Linux

Vmware, Xen

IBM,

Dell, HP

Routers,

switches,

firewalls

Data center,

mechanical

and electrical
devices

Provider

Page
8

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud computing overview


Cloud computing is divided into three broad categories


Infrastructure as a service (IaaS)

provides consumer a platform
that includes storage and network capabilities where they can
deploy and run any software. Customers no longer purchase
servers ,software, data centre space, but instead buy those
resources as a fully outsourced
services






Consumer

Control limit

Application

Software

Infrastructure
software

Operating
system

Virtualization
layer

Physical
servers

Networking and
firewalling

Data centers

Example.


Example.


Example.


Example.


Example.


Components


Machinery

Microsoft
Office

SQL server,

Java,

ASP.NET

Windows,
Linux

Vmware, Xen

IBM,

Dell, HP

Routers,

switches,

firewalls

Data center,

mechanical

and electrical
devices

Provider

Page
9

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
computing overview

The
components
of
cloud computing

Business
demands
:


On
-
demand "
only what
we need
" functionality on a
pay
-
per
-
use

basis


Cost
transparency

and
tangible saving


Rapid

innovation and
service deployment

Infrastructure
-
as
-
Service

Database
-
as
-
Service

Information
-
as
-
Service

Process
-
as
-
Service

Application
-
as
-
Service

Testing
-
as
-
Service

Security
-
as
-
Service

Platform
-
as
-
Service

Management/Governance
-
as
-
Service

Page
10

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Adoption
model

Fundamentals

Scale Out

Considerations

Internal Cloud

Automated

Service

Management

External Cloud

High
Availability

Multi
-
Tenancy

Off
-
Premises

Heterogeneous

OPEX

Rented

Third Party

On
-
Premises

Homogeneous

CAPEX

Owned

Self

Location

Infrastructure

Business Model

Ownership

Management

Page
11

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Adoption
model

Types

Secure
cloud

federation

Publish to
cloud

or
enterprise

Hybrid
cloud

Public cloud

Dedicated/
community

cloud

Private

cloud

Page
12

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Adoption
model

When
cloud computing may be
a
fit


When the process,
applications and
data are largely
independent


When the points of integration
and dependencies are well defined


When the core internal enterprise architecture is healthy


When applications are developed according to platform standards


When the applications are not legacy


When demand variability and uncertainty might impact the underlying infrastructure
and/or resource planning of applications


When rapid time to application and service deployment is essential


When cost transparency is an issue


When OPEX is a preference over CAPEX

Page
13

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Adoption
model

Workload
patterns optimal
for the
cloud

Usage

Compute

Time

Average


Inactivity

Period


On
and off
workloads (e.g
.,
batch job)


Over
-
provisioned
capacity is wasted


Time to market can be cumbersome

Compute

Time

Average
usage


Unexpected/unplanned peak in demand


Sudden spike impacts performance


Can’t
over
-
provision
for extreme cases

Average
usage

Compute

Time


Successful services
need
to grow/scale


Keeping up
with growth
is big IT challenge


Complex lead time for deployment

Compute

Time

Average
usage


Services with micro seasonality trends


Peaks due to periodic increased demand


IT complexity and wasted capacity


“On and off”

“Growing fast”

“Unpredictable bursting”

“Predictable bursting”

Page
14

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Adoption Model

Align supply and demand

IT growth

Time

Excess

Under
supply

Actual load

Allocated capacity

IT growth

Time

Actual load

Allocated capacity

Traditional IT resource capacity
utilization problem

Cloud view


transforming IT

(Align supply & demand)

Page
15

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost

Page
16

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost


On
-
demand self service


No cabling or hardware


Deploy infrastructure with
software

Page
17

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost


Capabilities available over
Internet


Can be accessed through PDAs,
Laptops, mobile phones

Page
18

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost


Add or remove computing
capacity instantly


Control infrastructure as per
application demands


Flexible with variable workload

Page
19

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost


Serve multiple consumers


Sense of location independence


Resources include memory,
bandwidth, virtual machines, etc.

Page
20

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost


Metering capability


Resource usage can be
monitored and controlled


Provides transparency to provider
and consumer

Page
21

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


rewards


Why Cloud ?


Ease of deployment


Broad network access


Elastic scalability


Efficient resource sharing


Measured services


Lowers cost


Pay as per usage


Avoids maintenance cost for
servers


No contracts or buying servers

Page
22

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


Security issues include but are not limited to:


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support


Page
23

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


What security issues?


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support



Sensitive data processed outside
the enterprise


Outsourced services bypass
physical, logical and personnel
controls

Page
24

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


What security issues?


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support



Customers ultimately responsible
for security and integrity of own
data


Traditional service providers are
subjected to external audits and
security certifications

Page
25

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


What security issues?


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support



Consumer won’t know where the
data is stored.


Service provider may not be
storing and processing data in a
specific jurisdiction

Page
26

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


What security issues?


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support



Data is present in a shared
environment


Encryption is effective but is not
full proof

Page
27

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


What security issues?


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support



Data might be lost in disaster.


Provider may not be able to do a
complete restoration in a short
duration

Page
28

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud installation


risks


What security issues?


Privileged user access


Regulatory compliance


Data location


Data segregation


Recovery


Investigative support



Investigating inappropriate activity
with data may be impossible


Data for multiple customers may
be co
-
located and spread across
changing set of hosts and data
centers

Page
29

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
challenges

Dark
cloud overview


Data management at rest
and in transit


privacy
, regulatory
violation, legal implication,
cloud
contract termination



Security vulnerability
and visibility


authentication
, authorization,
access control, cryptography, data protection, monitoring



The threat of
“monoculture




diversity
, resiliency, disaster
recovery and business continuity



Licensing and
vendor
-
support restrictions


unclear
and could
prove to be an unexpected impediment to moving packaged
applications into the
cloud



Multi
-
tenancy


the
degree to which it mattered based on the nature
of the firm and type of data being exposed

Page
30

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
challenges

Dark
cloud overview (cont’d.)


Connectivity and bandwidth


inherent
constraint (availability,
performance and cost ) on
cloud
model
scalability



Service
-
level agreements


whether
vendors offer flexible,
negotiated, customer
-
specific SLAs or only cookie
-
cutter versions



Providers’
technology and
service
-
offering perception

whether a vendor provides an on
-
demand and rapidly provision
services and pricing model is based on pay
-
per
-
use



Heterogeneous
cloud
-
computing environments


the
ability
to integrate with internal
cloud
and other (external)
cloud
vendors



IT operation and
service management


cloud and
virtualization meet
legacy thinking in problem IT environm
e
nts


Page
31

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Remote Users

Business Process

Logistics

ebXML

Customer

Warehouse

Credit

EDI

SOAP

ERP

SCM

Customer

Master

Accts

Purchasing

CRM

Notify
Sales Rep

Premium
Customer?

Update Call
Center

Update
Contracts

Customer
Hits “Buy”

Check Credit
History

Credit
Approved

Pack &
Ship Order

Deliver
Order

Process

Order

Ship

Order

Check

Credit

Bill

Customer

Update

Cust Svce

Process

Order

Check

Credit

Ship

Order

Bill

Customer

Update

Cust Svce

Check
Customer DB

Initiate
Billing

Check Account
Balance

Procure
Material

Credit Override
required

Check

Credit

Check
Availability

Update
Inventory

Enter

Order

Confirm

Shipment

Order
Complete

Billing
Notification

Update

Records

Check
Inventory

Cloud
challenges

Security

Boundless Trend & Security Implications


Page
32

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Network:


The replacement of the established model of network zones and tiers


Managing access and utilization of
cloud
applications


Confidentiality and integrity of your
organization’s
data
-
in
-
transit to and from
public providers (e.g
.,
FTPS, HTTPS, SCP)


Access control (authorization, access,
auditing and so forth)
to whatever
resources you are using at your public
cloud
provider


Availability of the
internet
-
facing
resources in a public
cloud
that are being
used by your
organization or
have been assigned to your organization by
public
cloud
providers

Cloud
challenges

Security


Page
33

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Host:


The dynamic nature and underlying infrastructure of
cloud
computing bring operation
challenges from security management perspectives (e.g
.,
virtualization
)

Application:


Web application vulnerabilities in
open
-
source
as well as custom
-
built applications
account for almost half of the total number of vulnerabilities discovered


The organization’s existing application security practice/standards and
enforcement

in
the
cloud

Data
at rest
:


Whether data in the
cloud
is encrypted or not, you need to know exactly where the
data is specifically located within the
cloud


Cloud
challenges

Security (cont’d.)


Page
34

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud computing won’t be successful without governance
and visibility
:


Manage access and utilization of
cloud
applications


Manage
cloud
applications that need access to internal data and services


Protect and monitor applications in the
cloud


Manage the
life cycle
of assets or the same virtualization sprawl will occur in the
cloud


Provide assurance of internal
controls/provide
secure connectivity

Cloud
challenges

Governance


Cloud Service
Providers

Enterprise
on
-
premises
IT

Page
35

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
challenges

Service
-
level agreement


System availability
and response
time


Disaster recovery plan
and RTO/RPO


Problem resolution (system down vs. workaround)


Criteria for the quality and timelines for professional service


Proactive communications including CM


Methodology for measuring performance


Contract termination




Data ownership
and
migration


Privacy policy and
breach investigation


Auditing the
cloud
compliance (e.g
.,
SSAE 16)


Third
-
party
security
and penetration testing


Control

Business
risk

Operational
risk

Page
36

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Investigating inappropriate activity with data may be impossible


Data for multiple customers may be co
-
located and spread across
changing set of hosts and data centers


Investigating inappropriate activity with data may be
impossible


Data for multiple customers may be co
-
located and spread
across changing set of hosts and data centers

Page
37

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Identify control
requirements

Risks considered:


Incomplete requirements


Overly optimistic business case

Page
38

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Vendor Evaluation
support


Review updated
business case

Risks considered:


Incomplete selection criteria


Excessive cost on one sector

Page
39

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Data Migration
assessment


Vendor
Management
Review

Risks considered:


Design is not secure, fault tolerant
or traceable


Controls not considered

Page
40

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Assess Migration
of processes or
areas to the Cloud

Risks considered:


Inadvertent exposure of private
data

Page
41

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Data Migration
Assessment


Project
Assessment

Risks considered:


Inadvertent exposure of private
data


Business process don’t work as
expected

Page
42

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Audit strategies for Cloud implementation


Audit strategies consider the following aspects


Organizational issues


Security and privacy issues


Legal and compliance issues


Performance issues


Auditing for Cloud is a challenging process, it plays role at
each stage in cloud implementation


Requirements
gathering

Vendor
selection

Implementation
planning

Pilot

Migration

Embed, settle,
validate,
operate


Control Review,
Assessment/Test

Risks considered:


Loss of financial records

Page
43

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Auditing the
cloud compliance


Cloud computing architectural framework


Governance


Legal and
eDiscovery


Data center tiers, business
continuity
and disaster
recovery


Infrastructure
and application
security


Servers and storage
infrastructure (e.g., multi tenant)


Information
life cycle
management


Cloud operations
and
service management


Portability and interoperability

SOC 1 ,
SOC2 & 3

PCI DSS

Safe
harbor

SANS
GIAC

Page
44

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Market maturity

Cloud
long
-
term trend


service utility model


Centralization,

standardization

Increasing business agility

Economies of
scale

Consolidation

IT
service
integration

1998

2001

2004

2010

2014

2018


Virtualization of infrastructure and
computer
resources will be facilitated by
grids/clouds


Virtualized computing is the first stage in achieving a true utility computing model


The migration to a full utility computing model
(internal/external clouds
) is incremental, and so are the
costs.

Silo of
virtualization

(e.g
.,
VMware)

Cost
reduction

End
-
to
-
end
IT
resources
virtualization

IT
service

efficiency

Service
-
oriented
infrastructure

IT
service
automation

Service
-
oriented
business
application

Business
service
orchestration

Consolidation

(Cost
saving
)

Agility

(Speed
and control
)

Sourcing

(Cloud
computing
)

Page
45

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Appendix

A: Cloud Definitions


Page
46

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
computing overview

Defining IaaS


The
cloud
offers scalable
hardware resources
(e.g., CPU
cycles, storage,
networking)
as a
service.


Customers don’t need to own or manage hardware or data
center
facilities.


Applications are built natively in the
cloud
to leverage this
infrastructure,
or

existing Windows/Linux workloads are hosted
as virtual machines in the
cloud.


Enterprises can run their apps on this
cloud
infrastructure,
paying as they go
for raw server resources (e.g., CPU cycles,
storage MBs,
bandwidth)
they
consume.


On
-
premise workloads can tap into the
cloud
for additional
serving capacity on demand (
augmenting on
-
premise
infrastructure
). Enterprise
workloads can be hosted entirely in
the
cloud
(
replacing on
-
premise infrastructure
).





Potential
adoption


Replace your on
-
premise physical
servers/data centers
with
cloud
-
based
infrastructure


Cloud for storage, backup and disaster recovery


Get additional compute capacity (CPU,
storage and so forth)
for on
-
premise
apps
on demand
, i.e., “burst capacity”

Delivered as a
service

CPU pool

Storage
pool

Networking
pool

Page
47

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
computing overview

Defining PaaS


“OS environment in the
sky,” running
in an
internet
-
scale
data center


The hardware,
cloud
operating system and data center facilities are
owned and managed by the
cloud provider and
not by the enterprise


Shared
multitenant
infrastructure offers infinite scale, pay
-
as
-
you
-
go
use model, metered billing, anywhere
access and so forth


Third
-
party
ISVs can also build/host their applications on this
cloud
infrastructure and
expose them as SaaS offerings to enterprise
customers


Enterprises run their apps on this
cloud
infrastructure,
paying as they
go
for the server resources they consume (e.g., CPU, storage,
bandwidth)


Enterprise IT admins mainly need to be concerned about the
application layer.
The
OS and hardware layers are the responsibility
of the
cloud
provider


The
cloud
environment can
coexist
with
on
-
premise IT
or
can

replace
it






Potential
adoption


Build native
cloud
applications
that leverage available
cloud
provider
APIs and services


Host your existing LOB and packaged applications
as virtual
machines in the
cloud


Consume SaaS offerings

from enterprise software vendors

LOB
app

Email

Native
cloud app

Delivered as a
service

Page
48

© 2011 Ernst

&

Young LLP. All Rights Reserved.

Cloud
computing overview

Defining
private clouds

Traditional
on
-
premise model


Servers
are dedicated to specific workloads


Individual servers sized for peak or average capacity
of a given workload


Substantial idle/wasted capacity


An application can’t scale beyond the boundaries of
boxes it resides on


Provisioning new capacity takes time

Private
cloud model


Servers are treated as a virtual pool of resources


Apps consume from the pool rather than having
dedicated resources


Idle servers automatically shut down or
go to
sleep until
needed


Apps can scale to the available provisioned capacity in
the pool


Adding a new server adds capacity to the entire pool for
all apps


Dedicated infrastructure (i.e.,
cloud
resources are only
accessible to your
company and
not shared with others)

CPU
pool

Storage
pool

Networking
pool

Page
49

© 2011 Ernst

&

Young LLP. All Rights Reserved.

CAPEX vs. OPEX


The following infrastructure purchasing and accounting model argues strongly
for the use of CAPEX over OPEX



Companies might select CAPEX as preference which benefit from owning and
investing in assets due to
tax benefit incentives


(
e.g. Both the USA 'Tax Relief Act of 2010' as well as the 'Jobs Act of 2010'
that passed in late 2010 affected Section 179. The “Bonus Depreciation”
increased to 100% on qualified assets. The total amount of equipment that
can be purchased increased to $2 million. This includes most new and used
capital equipment, and also includes software
)



On the regulated side of the some businesses/industries such as utility, most
if not all utilities prefer to treat technology purchases as capital expenditures.
In this scenario, the utility pays up front for the hardware, software and in
some cases even the external services, depreciates these capital assets over
time, and is
allowed by the regulator to recover the costs through rates
as long as they are deemed prudent.

Thank
you