RDCC has a unique business model as compared to other cupcake bakers. Years ago, RDCC discovered that they could simulate the cupcake design and place the simulated cupcakes of various designs into a virtual environment to gauge consumer reactions. They discovered that cupcakes that were simulated and later baked enjoyed four times the sales of “regular” cupcakes.
RDCC corporate headquarters supports 20 retail cupcake outlets. The IT organization has deployed Microsoft Exchange Server† 2007 with Live Meeting. The remote locations use Microsoft Outlook† web access, and documents are e-mailed to all franchise owners. To meet the demands of the cupcake design team, the IT organization deploys LOB applications with a clustered SQL Server 2005 to support the cupcake simulation. The RDCC IT infrastructure consists of seven servers: three support the LOB simulation application and four support core operations. The deployment is as follows:
One server for the LOB with Access Simulation database
One server for Microsoft Exchange Server 2007 with 18 local users and 150 remote web mail accounts
One server for Microsoft Systems Management Server† for application deployment and management
One Microsoft SharePoint† 2003 server
One server running Threat Management Gateway (TMG)
Support of 150 remote mail users with iPhone† and Phone 7
30 WebEx† accounts and 25 GoToMeeting† accounts
RDCC management wants an IT system focused on supporting the LOB applications rather than supporting commodity software. The IT staff at RDCC has submitted a capital expenditure (CAPEX) spending request to upgrade the aging RDCC servers. RDCC management is seeking alternatives to reduce both CAPEX and operational expenses (OPEX).
RDCC’s corporate objective is to make the organization more agile and increase productivity. Management evaluated one of the online alternatives, Microsoft Office 365, to host their core software. RDCC management summarizes their priorities as follows:
100% ownership if the companies intellectual property (IP); no IP rights assignments to use third party services.
Reduce capital equipment expenditures (CAPEX).
Reduce operational expenditures with predictable IT costs.
Work on the business with a focus on market differentiation.
Reduce energy consumption; become more energy-efficient.
Access latest software versions with no server upgrade.
Achieve the ability to share cupcake recipes with the franchises from the internal document storage site.
The following is a summary of RDCC’s IT management requirements with a focus on determining potential commodity products plus a comparison of them with the various business needs to design a solution addressing both on-premises and cloud needs.
On-Premises and Cloud Resource Requirements
Many different arguments are made to justify keeping servers on-premise vs. moving them into the cloud. They range from control over the data (intellectual property rights) to reducing costs. The secret is to look at the problem from a service level, to differentiate services that provide a competitive advantage from those that are a commodity. In other words, identify the business processes, and look at those processes from an IT services point of view that promotes business growth. Differentiate those capabilities from those that are core to the business, but have no strategic value. Commodity services (those that are not core to the business) move to the cloud.
If a cloud migration is approached correctly, you can achieve both objectives—promoting business and reducing cost for core commodity services. This seems like a simple problem, but it is actually very complex. To help address this, we look at the business from a capability point of view, and we will use that point of view to help us in our decision process.
The following core IT considerations are common to all businesses when viewed from the perspective of an IT solution. When looking at cloud solutions, it helps to look at each distinctive business unit and business processes before deciding what is best for the whole enterprise.
Core business software
Requirements for on-premises and cloud data
E-mail utilization and retention
Desktop support and upgrade
Budget: CAPEX versus Operational Expenditure (OPEX)
Hosted web site
What IT elements will help sustain competitive advantage? That is the overriding question in each of these categories. Each business is different, depending on of its needs. An obvious example is the e-mail capabilities for business. A few years ago, a business needed to place on-site servers to have ownership and control of their e-mail (intellectual property). This need drove the Microsoft Small Business Server market. Today, e-mail is a commodity, so unless there is a different business need for an on-site mail server, it no longer makes business sense (see Figure 1-3) to manage.
In all cases, it is wise to seriously look at the cloud and the impact on the business. At KAMIND we looked at our customers, from the small five-person law firm to the larger 2,000-employee business. We looked at the impact from a commodity services perspective, and in all cases, we found that the cloud cost at least 50 percent less than on-premises equipment. The only caveat was bandwidth (the ability to transfer large amounts of data at fast speeds to cloud services). If the bandwidth was not available, then it did not make sense to migrate to the cloud.
Core Business Software
What is core software? Core software has many different meanings depending on the business. As an example, in retail businesses, the core software helps manage point of sale and inventory control. In a marketing company, it is e-mail and web conferencing software. An insurance company’s core software will include e-mail and an application for managing the insurance offerings.
Core software products are usually word processing, spreadsheet, and e-mail software. If you add other application software stacks like web conferencing and presentation software, the core can expand, but this can limit an organization’s ability to exchange information with other organizations.
For example, how many of us have e-mailed a Microsoft Word document or a PowerPoint presentation and just assumed that the other party could read the file? The simplest definition you can use for core software is to define it as “those software programs and services that facilitate information exchange.”
Information exchange refers to the action of exchanging information between multiple parties. Examples include e-mail, web conferencing, document storage/retrieval, and instant messaging. Software that assists the user in handling information exchange includes Microsoft Office, Google Apps, and OpenOffice. The specific tools engaged are a word processing application (such as Microsoft Word), presentation software (such as Microsoft PowerPoint), spreadsheet software (such as Microsoft Excel), and an instant messaging application. The business segment does not matter. The core software product is the standard tool for that segment when information is exchanged. As an example, with RDCC, the simulation tool is not applicable to the marketing segments, but web conference and e-mail are. The core products are the commodity products that are used to conduct business. Core products are drivers for efficiency and cost reduction.
More Ready Design Cup Cakes (RDCC) IT Issues
As noted earlier, RDCC was running on Exchange Server 2007 using ISA Server 2004 as a security server. They were deployed on older Dell servers. In this configuration, RDCC did not have Microsoft software assurance, so all software licenses for the upgrades would need to be purchased. Figure 1-3 shows the current service level breakdown and Table 1-3 shows the deployment cost breakdown for the on-premises and cloud options. The support costs are not shown, but the IT professionals who handled on-premises equipment support know that management of that equipment would require at least half of an IT professional’s time. Both options are listed in Table 1-3.
The RDCC IT manager reviewed the support requested and proposed a budget of $123,000, approximately $10,000 per month. The IT manager expects this will consume half of the on-staff IT professional time at a cost of about $70,000. RDCC management looked at the cost and requested the IT manager do a comparison against the monthly costs using a subscription (cloud) model.
The IT manager reviewed the information and was shocked to see that the on-premises solution costs $7,000 per month more than the Microsoft Office 365 solution. He also became aware that he could free up half of his time not having to manage an on-premises server. RDCC’s management reviewed the financials and chose the Microsoft Office 365 solution, saving $150,000 in a one-year period. RDCC management also committed to having all of their franchise users use Microsoft Office applications as the office standard and decided to deploy two distinct offerings for franchises. At the franchise level, they specified the E1 service with Office Web applications. This allowed the franchise owner to use either the web applications or purchase the retail version of the Office software. At RDCC corporate offices, they can either use the Office subscription service (E3) or deploy the Office 2013 software through a volume license.
RDCC’s decision to use Microsoft Online Services reduced the CAPEX and OPEX for the fiscal year. RDCC IT staff estimated that the deployment costs were between $50 and $100 per person in one-time fees, for a total of $6,000. The $6,000 migration cost for the RDCC deployment was one-fifth the estimated cost of the Exchange 2010 deployment. RDCC management realized that the selection of online services significantly reduced the cash outlay for the organization.
Line of Business Applications
LOB applications are unique to a business or a business segment. A good example of a LOB application is an insurance documentation archive system designed to handle insurance agency data. This LOB application is not relevant to, for example, a retail segment that does not handle insurance agency documents. Likewise, an LOB application of a point-of-sale (POS) system would not be a relevant application for a RDCC cupcake simulation.
RDCC’s LOB application consists of the simulation application and the Microsoft Access database that is used in the simulation. The Access database is known to consume network bandwidth. However, with Office 365, the Access database can be shared from the cloud SharePoint service, so the database that is used locally is cached, and changes are replicated to the cloud. The Access database can also be linked to Windows Azure (an extension of Office 365 cloud services) and integrated with Office 365. Thus, the user accesses the database locally, and transaction change records are replicated to the cloud. This allows multiple users to have access to the information in real time without over-using available bandwidth. This is possible because updates are driven to client desktops only as they are “cached.”
RDCC IT staff concluded that the LOB application no longer needed a server to support the application. The IT manager reviewed SharePoint online services and decided that this software only needed minor customization to make it useful. This decision allows the IT management to reduce the server “farm” by one more server, with a savings of about $20,000 on top of the budget savings of $90,000—all made possible by not deploying on-premises equipment.
Requirements for On-Premises and Cloud Data
The final concern for RDCC was how to address backup data issues. RDCC has a business requirement under Sarbanes-Oxley (SOX) that all financial data needs to be recoverable. RDCC has also been involved in much litigation, so they are well aware of the e-discovery impact to the business. In recent litigation RDCC was required to process all of the e-mails on their Exchange server and turn over the e-mail data as part of the litigation. Because RDCC did not have an archive retention policy, they received a federal court order that mandated a freeze in the deletion of data and placed all RDCC hardware on a legal hold. The IT staff had to recall all laptops from the field and copy the users’ personal archives to the server so the data could be processed for electronic discovery. This was extremely expensive.
E-Mail Utilization and Retention
RDCC management sought to avoid this type of expense in the future and to make any discovery process more automated and less labor intensive. RDCC policy is to have a 10-year compliance archive segmented into different groups: the factory workers archive is one year, middle managers are two years, and sales and management are 10 years.
Microsoft views an archive as a duplicate mailbox where data is copied from the primary mailbox. In the E1/E2 versions of Office 365, the archive is 50 GB; in versions E3/E4, it is unlimited in size.
There are three types of archives in Office 365: personal archives (local PSt and cloud), shown in Figure 1-4, and compliance archives. Personal archives (local or PST) are files in which the content is controlled by the user. A compliance archive must have data immutability; the user cannot change the data. The Office 365 (versions E1 and E2) personal archives are limited to 50GB. Office 365 archives in E3 and E4 are unlimited in size and can be made immutable (for compliance requirements). The compliance archive is controlled by business policies governed by the organization business processes and federal regulation.
RDCC has a large, robust network infrastructure to support user requirements of 200-plus employees and franchise owners. The franchise owners’ businesses run seven days a week, from 5 a.m. to 10 p.m. (Pacific Standard Time).
To keep the network capability as it is, RDCC IT staff was faced with upgrading an aging on-premises data center with the latest Intel® processor-based servers from Intel, Dell, or IBM. The IT design staff proposed replacing the data center in Figure 1-5 with an Intel Server. The RDCC IT staff felt that this approach would provide the most comprehensive set of features for the cupcake virtualization and would accommodate growth. The unresolved issue was how much to deploy on the Intel Server vs. the cloud.
The Intel Server is 6U in size and allows up to 14 high-speed SAS drives to be arranged in a data storage pool. RDCC IT staff is planning to use the 1TB SAS drives, which allows a storage pool size of 14,366GB, with an online hot spare. As far as RDCC IT staff is concerned, this allows them to reduce the size of the data center (Figure 1-5) to a single 82-inch rack. RDCC IT staff selects the Intel Server over other vendors’ products based on the following considerations:
Lower power consumption
More flexibility in adding computing capacity
Intel Xeon 6-core processors will enable support up to 12-24 virtual machines with a combined memory size of over 256GB
Fault-tolerant compute module support with auto failover
Fault-tolerant storage module with external SAN support
To help them in their decision process RDCC IT staff modeled storage pool consumption on the Intel Server test drive site (see
). This site allows them to try different configurations and out-of-band management systems to develop the best solution. Figure 1-6 shows a storage pool view of the Intel Server with a modular server with a RAID 1 and a RAID 5 subsystem.
The Intel Server allows for organizing the Storage Access Network (SAN) or the attached SAN into a set of storage pools. The storage pools are then allocated to the individual compute module. In Figure 1-6, they added two SAS drives to the storage pool. However, when they built their virtual drives, they decided to organize the data in a RAID 1 configuration. KAMIND recommends that the RDCC IT staff deploys the Intel Server storage with a global hot spare.
Desktop Support and Upgrade
The RDCC IT staff needs to complete not only a data center upgrade, but also a software upgrade. In the past, they purchased a Microsoft Open License that did not include software assurance, so they had a group of deployed desktops using Office 2003 software under Windows XP. Some of the newer software uses Windows 8, so RDCC is faced with replacing all XP systems before the end of support from Microsoft, which is less than a year away.
RDCC IT examined the different pricing options for the new software. The software deployment cost is the same in all cases except for the retail product. The retail product requires that the IT staff physically enter a different serial number for each version of Office 365 software installed.
Office 2013 prices ranged from $432 to $699 (see Table 1-4) for Office 2013 software. The software that cost the most was the retail version. The cost was higher since it required an IT professional to install the software on every desktop and deploy a unique serial number key; RDCC IT staff could not do an automated “push” install for mass deployment of the software and upgrades.
RDCC’s information security requirements are similar to those of most companies. RDCC wants to make sure their data is kept private. They want to control access to their data and the computing resources. These are their business needs. RDCC doesn’t want to use any cloud service that required an intellectual property transfer. Some cloud services companies use IP rights assignment as a way to sell additional product and services to the companies’ employees.
All of us have heard of reports of credit card numbers being stolen from retail store point-of-sale computers. How about a government employee leaving a laptop that contains thousands of social security numbers in a car and that laptop is stolen? There are countless stories of identity theft. The stories all come down to this: How safe is your data? The safety of your data is what information security is all about, and the crux of the problem is data access and control.
Realistically, it does not matter where your data is located. It can be safe anywhere—with the right precautions. The processes and security around your data and how it is controlled is what matters. As an example, does the network administrator have access to your e-mail? What password policies are in place to ensure that your data is under control? What is the physical security like? Who picks up the trash in the evening in your data center? Who has access after-hours to the information? All that matters is how data is managed. Data loss prevention is critical for RDCC’s business to ensure confidential information stays inside the company and there is no IP rights assignment to use the Office 365 cloud service.
There are many aspects of physical data security. Figure 1-7 is a picture of a Microsoft data center. All server access is controlled and limited to a few select individuals. Microsoft also has controls on who accesses the data. This is a critical aspect of data security that is often overlooked.
Microsoft’s policy is that the customer owns the data, not Microsoft.
Microsoft believes that the data is owned by the customer, and the customer has 100 percent control over the data. To put this in perspective, the customer must grant Microsoft permission to access the data. This philosophy limits data access and establishes the controls necessary for data security.
The next part of data security is built around the standards necessary for access and control of the data. The Microsoft software design philosophy is built from an idea of secure code design. Secure code design means that the software is designed using best practices from the ground up. To put this in perspective, the code in the data centers is built from a best practice software design known as code secure. Michael Howard and David LeBlanc wrote the Microsoft book Writing Secure Code. This is a must-read book if you are doing any software development.
Writing Secure Code walks a developer through the process of software development and describes the way to prevent attacks on software. This book provides examples of how software developers must padlock their code to prevent unknown attacks. The philosophy of Microsoft security begins at the core of the product design lifecycle—the developer. If you do not put the correct processes in place, then the products built on top of those products will not be secure. This philosophy of security permeates modern Microsoft products as well as the data center.
Employ a risk-based, multidimensional approach to safeguarding services and data. All products must go through the secure development cycle to release code publicly. The secure development lifecycle ensures threat development management.
Microsoft supplies a multi-tenant architecture based on Active Directory and built from secure code design. Microsoft has scaled the data security problem and discovered the weaknesses of various security products. Microsoft discovered that when a deployment is scaled beyond certain practical limits, security issues that no one else has thought of emerge. Microsoft deployment of the Exchange data infrastructure goes beyond the limits of whatever has been tested before. Microsoft has greater than 40M mailboxes that use Windows Azure Active Directory security. Microsoft augments the design with data access policies that prohibit the unauthorized access of data. To ensure compliance, these policies are monitored automatically within Microsoft Office 365 software, a feature that meets RDCC design goals.
With its security requirements met, RDCC is ready to use the Windows Azure Active Directory services (see Figure 1-8) to manage the entire business and ultimately move all on-site servers to the cloud and Office 365. The following are approaches to achieving this phased “migration.” RDCC’s long term plan is to move the database to a hosted service in Azure and add a WordPress site that will be integrated to the Office 365 environment. RDCC felt that Azure allowed the company to expand to the cloud for all commuting services in a secured manner.
There are two different monitoring approaches used to manage the on-site equipment and off-site equipment. These involve Microsoft Systems Center and Microsoft Windows Intune. Each has different capabilities and features depending on the needs of the client and the type of existing on-premises equipment.
Microsoft Systems Center
There are several services available for systems monitoring. There are those available from managed service providers like Level Platforms and on-premises monitoring using Microsoft Systems Center (SCC). The objective of both is the proactive monitoring of servers and clients. Why proactive monitoring? The simplest explanation is productivity. As users become more dependent on computers for daily activity, there is an expectation that it “just works.”
SCC is a software management tool that runs on-premises equipment and provides complete monitoring and updates management. This software is typically used in environments with 50-500 client PCs. SCC’s goal is to unify the organization under one management console with the objective of reducing IT costs. From an IT perspective, SCC provides a proactive view of the on-premises network and has the capabilities to distribute patches (temporary fixes), install software updates, and troubleshoot network issues. SCC also has the capability to manage an unlimited number of servers, either virtual or physical. Small businesses can now manage their on-premises desktops and remaining servers at a fraction of the cost per user available to larger enterprises.
Microsoft Windows Intune—Desktop Management
The second type of monitoring product that RDCC is looking at is Microsoft Windows Intune. This is an agent (software that is installed on the device to monitor operation) product designed for small businesses. This product allows the management of updates, limited group policy control, and antivirus monitoring. The monitoring is completed at a host level. Windows Intune is integrated into Microsoft Systems Center or as a separate cloud monitoring service for small companies. Windows Intune directly controls systems updates, addresses virus issues, and manages software licenses and deployment for the business. A RDCC test confirms that all these two environments can be used simultaneously in the management of their systems.