Get your apps and business strategy on the same page

Effective workload placement requires nine critical considerations; this white paper addresses each one. Enterprises operating hybrid IT environments manage a complex web of technology and infrastructure that demands applications are strategically placed where they won’t buckle under pressure. 

Application workload placement involves assessing and analyzing applications to find the optimal location for target workloads. To achieve optimal functionality and service delivery, applications should be placed where they will be most effective in three key areas: performance, security, and price.

Key Challenges:

1. Hybrid IT environments create a complex mixture of infrastructure and technology.
2. Underutilized, unmonitored, and duplicate applications lead to server or cloud sprawl.
3. Shadow IT proliferates enterprises when users’ application needs are not met.
4. Cloud-first strategies.

Recommendations:

1. Perform data center discovery to uncover applications and their dependencies.
2. Assess and analyze current state infrastructure to plan for future state requirements.
3. Score and assess application workload placement options based on availability, security, scalability, performance, and cost.
4. Develop target state options and analyze future requirements (both for corporate plans and the regulatory environment).

9 Strategic Considerations

Introduction:

Hybrid IT is the industry-standard practice of spreading workloads across data centers, including corporate-owned, colocation facilities, and cloud providers. For hybrid IT enterprises with these mixed IT and business environments, applications can become out of control, with redundant, unused, and often unmonitored applications taking up critical resources. With a strategic approach to application workload placement, an organization can put its apps in a secure, reliable environment to deliver ROI and scale (or perform) to meet demand. These nine considerations for application workload placement will help further your understanding of both your IT and business environment and assist in developing your strategy.

“New technology will not solve a “broken process.”

01. Process precedes technology

New technology will not solve a “broken process.” An organization may have achieved the pinnacle of technology, but without the right processes and procedures, the technology will not deliver ROI. For example, IT can provision a server in minutes, but lousy processes and procedures will create bottlenecks and prevent rapid provisioning. A primary culprit is the agility or lack thereof in your change control board/process. How responsive is that process, procedure, and/or workflow in your organization? These processes should be audited and, in some cases, consolidated or removed, where possible, to increase agility and speed. 

“Corporate strategy should drive cloud strategy—
not the other way around.

02. Corporate strategy DRIVES cloud strategy

Corporate strategy should drive cloud strategy—not the other way around. Moving to the cloud is an attractive option for OpEx organizations that want to focus on customers and the core business rather than running a data center and managing IT operations. For CapEx organizations like banks and utility companies that want a highly CapEx-centric portfolio, the cloud is less attractive because the public cloud provider owns the infrastructure.

Too many organizations are moving to the cloud because the cloud is trendy. But, this is not a legitimate business reason to move applications to the cloud. From Amazon to Microsoft to Google, cloud vendors are luring enterprises to the cloud with abundant services and promises of scalability and cost savings. Sometimes, the cloud could add to your operating expenses and provide no cost savings compared to keeping applications on-premise. For example, in organizations with legacy infrastructure, many applications are not candidates for cloud migration, and those that require additional licenses prevent cost savings and increase operating costs. Additionally, refactoring an application could be required and be cost-prohibitive unless the organization has taken steps to understand the long-term benefits of scalability, availability, and future cost savings.

If the corporate strategy outlines increasing security and compliance for sensitive data, then identifying the most secure environment for data-sensitive, critical applications should be part of your workload placement strategy. Cloud might still be an option, but it is a secondary consideration compared to the organizational goal of increasing security. Likewise, if the corporate strategy is to bring new products to market quickly, then the cloud could be an option for applications that can be safely moved. Cloud-based solutions (IaaS, PaaS, and SaaS) have been normalized and become viable long-term solutions, but achieving ROI and business objectives should be the ultimate driver for moving applications to the cloud. It needs to be intentional by design.

03. Agility and risk: finding a balance

A key question to ask when considering moving an application is, “How reliable is your current environment compared to the environment the business is considering?” Concerns over latency and availability of applications should be a key concern when making workload placement decisions. Below are some example scenarios:

1. An on-premise application might be reliable in its current location, but if it takes a week to provision a development and test environment, then it would be more agile in the cloud.
2. Moving an application to the cloud may affect the reliability of specific applications. To realize any potential benefits of moving it to the cloud, the application needs to be assessed for latency before becoming a candidate for cloud migration.
3. Is the cloud environment considered more secure than your current environment? If your security patches and operating systems are not up to date, your environment may be less secure than some cloud providers.

Risk is a significant factor in the decision-making process. When the reliability of your application affects your ability to serve customers and clients, then it is risky to make a move to a less reliable environment. Although shifting responsibility to a cloud provider might seem the right option when they boast high uptimes or perceived cost savings, it may be safer and more cost-effective to stay in your own environment. Conversely, moving to the cloud may provide better on-demand service, broader network access, better resource pooling, rapid elasticity or expansion, and the ability to measure (meter) services provided to the business. Apprehension about the realities of cost savings and risks of moving out of the environment prevents some from making that final leap to the cloud, and that’s OK. It is not the right call for all applications and systems.

04. Anticipated growth and exit strategy

Understand your organization’s future from a business standpoint. Unless your business is a startup or uniquely designed to be a cloud-based business, i.e., Amazon, Netflix, BBC, Newsweek, and Lionsgate, you need the flexibility to expand and contract your cloud footprint. If your organization is anticipating growth, then an application should be placed where it has the capacity to expand and meet demand. The ability to expand and contract is called elasticity, which is easy to achieve in the cloud if an application is designed for the environment. On the other hand, if there is a dramatic change in the direction of the business or significant budgetary reductions, then you need an exit strategy to get out of the cloud to save costs and return to the core capabilities of your environment. If you are locked into the cloud across all platforms and all locations, it might not be possible to do that. An exit strategy should take into consideration:

1. possible alternate providers,
2. technical, financial, and business requirements,
3. a plan to ensure continuity during the transition,
4. and industry and/or application best practices.

05. Market pressures and demands

New technology enables businesses to develop and rapidly deploy new products and services to market, so businesses are constantly racing to keep up. To meet market pressures, demands, and threats, an organization needs to be opportunistic. When the business sees an opportunity, IT must be agile enough to say “yes.” Look at the service catalog, understand the cost of building out the new service, and adjust the infrastructure as needed.

Applications vital to a business’s ability to meet market pressures must be flexible and placed in an environment where they can expand without buckling.

06. The big picture

A holistic approach to application workload placement involves understanding the big picture and assessing the entire environment. To do so, there are questions to answer in these five key areas:

1. Platform architecture strategy: Are there standard platforms in which IT will operate? What capabilities are needed to provide future application features, such as user experience, security, cost, and reliability? Does the current architecture scale up or scale out? What changes are required to achieve the target architecture? What is the current and desired elasticity? What is the resource-demand pattern?
2. Application architecture strategy: Is there a plan in place to refactor applications for the cloud? Can you migrate those applications to the cloud, or do changes need to be made? What capabilities will the application gain or lose if moved to a SaaS (software as a service) solution? Will latency be an issue? How will it impact end users?
3. Sourcing strategy: Can the app be placed in the current data center, or should it be migrated to a colocation facility? How much will it cost? Will the business have the bandwidth and capacity in the current data center? Will the data center have a direct connection or VPN to the various cloud providers? Which providers have the resources to deploy the system or application successfully? Are there providers, whether cloud, colocation, or otherwise, that are readily available to meet the demands of your business and technical requirements? Is your team ready to transition from the current legacy mindset to a cloud mindset?
4. Business continuity strategy: As the business evolves, it is essential to be deliberate about disaster recovery (DR) capabilities, building resiliency and recoverability into the infrastructure of cloud environments. What is the recovery time objective (RTO)? What considerations are needed to address the data recovery point objective (RPO)? Has your IT DR plan been optimized to reflect the changing IT environment? Is disaster recovery as a service (DRaaS) an option? Can it scale? What is the right balance between risk and cost?
5. Security and compliance requirements: Define different security and compliance levels and map them to different infrastructures and applications. Is it a critical tier-one application with HIPAA or ISO requirements? If so, the security and compliance requirements may significantly differ from vital tier 2 applications with fewer security and compliance requirements.

07. Data considerations

Understanding data is critical to putting the controls in place necessary to optimize operations. Data flow and data sovereignty are key considerations when optimizing workloads for the digital workplace. There are three types of data to consider:

1. Operational data: Understand operational data not only from an organizational standpoint but also from a financial standpoint. It helps the business understand and control its spending. In a hybrid IT environment, there may be both an owned and operated data center, colocation site(s), and a hybrid cloud environment utilizing IaaS, PaaS, or SaaS solutions with various compute, storage, and networking devices. The CMDB must be up to date. It is critical to understand the workloads, the capacity of those workloads, and any contractual obligations in place concerning operational data. Costs and profits also come into consideration. Does each application need to be the fastest and the best? Is it worth the added cost? Do you have standard platforms, both on-premise and in the cloud, that match the performance needs and scalability of your application workloads, or is it a custom fit for everything? A custom-fit increases the breadth of skill sets and ability to effectively manage hybrid IT environments.
2. Strategic data: There is data residing in your environment that must not get into the wrong hands. Business and IT need to understand what that data is, where it lives, and to what level it is protected. If the business plans to expand its web presence, for example, the amount of sensitive data collected and stored could increase. There must be a data protection strategy around your platform, application, business continuity, and industry requirements. Consider the future as well. Look at product roadmaps. How is the data affected by the future of your applications and the products that you produce? Governance is also a key consideration. Do you have the right processes and procedures to support your strategy and tactical deployment of technology while protecting the integrity and value of your data across the enterprise?
3. Cloud market data: Although the business might be expanding beyond the traditional data center and into a borderless data center, the guidelines and standards should still be in place. Can a cloud solution replace an in-house app? What functionality might you gain or lose if you move the app to the cloud? Does it make financial sense to move it to the cloud?

Data should be the underlying source of an organization’s decision-making. The General Data Protection Regulation (GDPR) is a critical factor shaping how organizations approach data security.

08. Understanding your decision criteria

Use the below decision criteria when considering the optimal location for your applications. To determine the fit, build a decision matrix, and weigh risk and compliance based on the level of importance:

1. Optimization: Is there a need to optimize the application to resolve latency or other performance issues? If so, in what type of environment will that best be accomplished?
2. Speed to market: Does the application have the capacity to accelerate deploying products and services to market? In what environment will the application achieve that capacity?
3. Workload fit: Determine where the workload fits into the grand scheme of your environment. Adding, changing, or removing workloads can negatively impact the performance of other workloads, applications, and systems.
4. Risk and compliance: Moving an application comes with risk, and some applications are more critical than others and have compliance issues to consider.
5. Investment value: Determine whether the investment in moving the application will help you achieve both your short- and long-term goals. Identify the ROI and break-even point, and place applications where the workloads fit.

09. Migration plan

When you decide where to place your apps, you need a plan. The plan should include five components:

1. Infrastructure and application migration approach: In a traditional data center migration, requirements involve IP addresses, server name changes, load balancing, backup configuration, and firewalls, to name a few. The aforementioned and other requirements still apply in a cloud environment, but there are additional requirements for successfully deploying applications to the cloud. They include:
   1. cloud utilization monitoring and costs,
   2. configurations specific to the service catalog provided by the cloud provider,
   3. connectivity and operating system compatibility, and
   4. configuring the cloud environment itself. Moving an application to the cloud will not make it reliable, robust, scalable, and/or an enterprise-class system.
2. Transformation plan: Transformation refers to net-new technology in the operating or business environment that helps you leapfrog ahead of the competition. Develop a plan that will meet the needs of the enterprise and the underlying IT infrastructure. It should give IT the agility it needs to partner with the business and speed applications to market.
3. Modernization/optimization plan: Unlike transformation, modernization refers to new versions of applications and systems that provide added capabilities and speed. If you need to modernize applications, your migration plan should support modern versions of your applications and provide the infrastructure needed to succeed in their environment.
4. Sourcing/hosting strategy: IT infrastructure availability should be a top-of-mind consideration when developing a hosting strategy. While high availability has benefits, it is not cost-effective in all scenarios. It also is not necessary for all components to be highly available. Your sourcing/hosting strategy should consider what is currently available and what is most cost-effective. Look at the standard catalog of services your organization desires or currently offers and match them to the available service providers. Also, consider the DR strategy. It should be optimized and rightsized to support your transformation, optimization, and modernization plans.
5. Data gravity: The geopolitical impact of moving data to another location should not be overlooked. GDPR and the Personal Information Protection and Electronic Documents Act (PIPEDA) are paramount considerations for organizations that house customer data. It is important to understand the impact of moving data

“…workloads must be placed where they are most reliable, secure, cost-effective, and capable of delivering on the organization’s strategic goals”

Summary

An application workload placement strategy begins with IT leaders working with stakeholders to understand the business’s goals. From there, IT can begin to assess its current environment to create a strategy for building the optimal future state where applications can bring consistent value to the business. To get the most ROI from the application portfolio, workloads must be placed where they are most reliable, secure, cost-effective, and capable of delivering on the organization’s strategic goals.