Cloud IaaS platforms provide hosted virtualized computing resources over the Internet. Many factors go into making a cloud service provider (CSP) selection. Here are three key areas you’ll want to include:
1. Probe the background and expertise of the entire CSP staff. While the IaaS model gives clients more control over their infrastructure than users of either PaaS or SaaS services, your overall success will still depend on having experienced, knowledgeable people supporting your servers, processing power, storage, and networking. Ideally, your CSP should meet or exceed the standards of technical excellence you expect of your own data center, but do not assume that all CSPs are able to assign seasoned professionals to every client.
Make it a point to consult with more than one or two of the prospective provider’s reference clients. Ask for a full customer list and request to speak with a client whose IaaS profile is close to your own. Ask your soon-to-be fellow client how knowledgeable and proactive the CSP’s staff is, and what level of problem solving skills they have displayed. Has the IaaS provider demonstrated that they know the “ins and outs” of deploying applications? It can be invaluable to break out of “sales mode” and get an honest assessment of what human resources will be available on a day-to-day basis.
Other questions for the CSP: On average, how many years of experience do key staffers possess? How long is the longest client relationship (i.e. how long has the CSP been in continuous operation) and what is the average length of client relationships (i.e. have they lost any/many clients, and if so, why).
2. Ask the CSP to discuss their definition of, and adherence to, best practices, policies and procedures for designing, installing, and moving your mission critical applications into a virtualized environment. At the most basic level, be sure the IaaS provider controls their data center. Beyond that, does the provider include a 100% service level agreement for the networking, storage, and hypervisor layers (this is an indication that the CSP thoroughly owns and backs the resources you are using). Insist on routing exchanges with multiple ISPs, firewall functionality, and intrusion detection/prevention, and a meshed switching configuration between the networking and hypervisor layers. To protect your data, everything from power to storage switch fabrics, shelves and individual arrays should provide redundancy. CSP storage should utilize reliable, industry standard RAID configurations. Just as importantly, verify that the CSP’s virtual environment runs on enterprise class virtualization solutions (e.g. VMware).
Because you are using a virtualized environment and resources that are not technically yours, weaknesses in the provider’s security can affect you dramatically. Most mission critical IT systems have commercial or federal compliance requirements. Make sure you understand the regulations you are subject to and verify that the CSP is an expert in the challenges they present (e.g. HIPAA, PCI, or government and FISMA compliance issues). Your CSP should offer to create a customized program that meets your information security management needs.
3. Ensure the CSP is capable of responding flexibly to the changing needs of its multiple IaaS client base. The great promise of IaaS and Cloud Computing is that resources and capacity can be made available at any time, as needs change. Make no mistake, your needs will change over time, sometimes gradually, sometimes quickly—and sometimes perhaps unexpectedly.
Even the very best CSPs can be challenged at times to provide world-class provisioning and resource reallocation. Examine the CSP’s record of mitigating risk for clients by keeping up with—and ahead of—the change curve. While you are obviously responsible for platform updates, your CSP should be able to demonstrate how it rapidly provisions and customizes new equipment and infrastructure that scales in step with growth and supports the latest levels of performance and security technology. (On the other hand, a provider should make it just as easy for you to exit your IaaS services contract as it is to scale up.)