In the fine print

Ry Crozier

Confused about the cloud?

You have a right to be. In just 12 months it has gone from being a graphical representation of the Internet on vendor architecture diagrams to the next generation of computing.

Amazon, Google, Microsoft, IBM – some of the industry’s biggest players are already involved, and many more are circling with ideas and strategies that are high on vision, but scant on detail.

What you as a reseller should be asking yourself is that by taking on these vendor marketing messages and promoting a Cloud Computing model to your customers, what else are you really advocating for both them and you down
the track?

These are what could be called ‘side effects’ of the cloud.
One of the lesser-known side effects is the potential for fewer hardware sales and lower margins.

The hardware vendors themselves might not be too bothered, but large cloud environments could spell bad news for resellers in terms of future sales opportunities, according to Tim Smith, marketing manager A/NZ at Hitachi Data Systems.

“It’s not in the channel’s interests to have these large cloud environments, because they aren‘t going to be buying from a local reseller,” said Smith.

“It’s taking out the top 10 to 20 percent of the marketplace for the local channel to engage with. There might be some opportunities in local communications or WAN equipment, but that’s 75 percent less revenues and sales opportunity than you’d otherwise have.”

There’s other potential issues, too – SLAs, contractual terms and conditions, quality-of-service, management, security, usage accounting and jurisdictional complications with the physical location of cloud-based data.

Your success in the cloud space comes down to how you negotiate these potential issues and help give your customers the computing flexibility they want, at a margin you can live with.

Know your customer

The Cloud Computing model may result in a changing of the guard in terms of who your customer is and how you sell to them.

In his recent visit to Australia, VMware’s global chief Paul Maritz outlined his company’s vision for a future in the cloud.

Central to this vision is that once customers use virtualisation to decouple their applications from the underlying infrastructure, it’s not a big step for them to completely offload their hardware infrastructure as well and run their entire business from inside the cloud.

Maritz said early talks locally had resulted in ‘a lot of extreme interest’ in VMware’s vision, though he admitted the ‘wheels [of change] are going to turn slowly’.

“I met with a large bank and the CIO’s strategic challenge is to reallocate resources to fund the development of new banking products,” said Maritz.

“To do that, he wants to get out of the [hardware] ‘plumbing’ business, but there are big challenges to do that.”

If VMware is right, the future of hardware sales could be radically different from today. No longer will it be about selling to a large number of individual customers, but to a presumably smaller pool of larger outsourced infrastructure providers.

These companies will have the economies of scale to demand significant bulk discounts from whomever they engage.

“Cloud vendors are going to be in a very cut-throat business,” said Michael Harries, director of technology strategy at Citrix Systems.

“Large clouds will be operating on very tight margins.”

The key hardware vendors seem largely unconcerned by the prospect.

IBM’s business development manager for System X in A/NZ, Peter Hedges, claimed he wasn’t scared by a shift in the balance of purchasing power.

“I personally think we already have a small number of large providers who are doing something like this,” said Hedges.

“Will there be some drift from customers buying one machine to a larger provider of a cloud who has better negotiating power? Yes, but I can’t quantify the differences in how you supply, service and support them versus
smaller accounts.

“In a free market environment, I don’t believe any shift will be to the exclusion of small market operators,” Hedges said.

Hedges cited the new Polaris data centre in Springfield, Queensland, as a case in point.

“In a way, Polaris is and isn’t a cloud,” said Hedges.

“Could it become a Queensland state government cloud? Yes. Does that change how we sell to the Queensland state government? Not really, we sell on large contracts anyway.

“I can’t envisage a world in the short-term where everybody divests their own internal IT infrastructure to go to the cloud, in the same way there wasn’t a massive swing to utility or grid computing,” explained Hedges.

This view is backed by HDS’ Tim Smith: “We’re quite used to dealing with very large global entities that have a strong emphasis on price,” he said.
Smith believes that an upfront loss in margin can be smartly recouped in reducing the total cost of ownership of the hardware purchased.

“For every dollar you spend on storage it costs you $6 to own,” said Smith.

“Our focus is not on getting that dollar down to 90 cents but how to get the $6 down to $3, and that’s where we’re strong.”

Dell refused to talk margins but appeared to refute the possibility of a bank ever outsourcing its entire hardware infrastructure.

“I don’t see banks – or any customers for that matter – going to a fully outsourced environment where they don’t have any hardware [on-premise] anymore,” said Justin Boyd, enterprise marketing manager A/NZ at Dell.

HP Australia’s marketing manager for enterprise servers and storage, Angus Jones, agreed: “I don’t agree that all companies are going to outsource their hardware.

“Cloud Computing doesn’t mean a small number of vendors out there providing service to companies.”

So, opinion is divided on whether Cloud Computing will result in hardware being outsourced and a loss of margin for vendors and resellers.

The potential downstream impact of any change is something that will no doubt be closely watched in the coming months.

Mission-critical clouds

Setting aside the issue of margins for a moment, let’s instead consider the minefield that is risk assessment in an external cloud environment.

With the cloud still in its infancy, there seems to be a trend among IT managers to push only non-mission- critical workloads out to services such as Amazon EC2 and Microsoft Azure.

It’s a situation that has been likened to the take-up of virtualisation in the enterprise.

“Roll back four years and substitute the word virtualisation for cloud,” said IBM’s Peter Hedges.

“Customers were saying we’ll test [virtualisation] but we won’t put anything mission-critical on it. Now we’re at a point where they don’t do anything that isn’t virtualised.”

HP’s Angus Jones somewhat concurred: “If we look at virtualisation technology, it’s been around for 30 years, but it’s only been in the last few years that we’ve seen serious movement to it in the market.

“Even today, penetration of virtualisation for mission- critical applications is small. We’re still waiting for organisations to be comfortable with the technology,” said Jones.

Dell provides a similar though slightly more optimistic assessment.

“Four or five years ago no one put mission- critical applications on VMware,” said Boyd.

“Then everyone became comfortable and started deploying more to it. The same thing will happen with the cloud.”

You call that service?

Commentators appear unsure of the extent to which mission-critical workloads will be transferred into an external cloud environment.

Most believe that mission-critical workloads will move into the cloud in some form, but the rate at which they do is largely tied to the emergence of service-level agreements (SLAs) on such services.

“Putting mission-critical applications into the cloud comes down to the SLAs,” said Simon Elisha, CTO of Hitachi Data Systems.

“If something goes down, who do you call? For example, if there’s a Gmail outage, all you can do is sit and watch the forums. Until cloud service SLAs become enterprise-grade, I don’t think significant applications will move across.”

IDC Australia associate director, Linus Lai, agrees. “We’ve run many surveys and we know large enterprises aren’t about to migrate mission-critical applications onto the cloud.

“They’re likely to develop new or non-mission-critical applications on the cloud that require very little integration with existing back office systems.”

Lai cautioned that current SLAs for cloud services could be inadequate for mission-critical enterprise users because any refund from the provider stipulated under a liability clause is unlikely to cover the full cost of the downtime.

“If you pay $1000 for capacity then the liability the operator is exposed to is also $1000,” said Lai.

“That isn’t going to be anywhere near the opportunity cost of being unable to run your business applications.”

Nick Abrahams, a partner at law firm Deacons, urges both vendors and their customers to carefully examine the terms and conditions of a Cloud Computing contract to reduce both parties’ liability profiles.

“We’ve always wrestled with the concept of vendors limiting their liability [exposure], but when you’re delivering a critical part of the business through a vendor you will want a complete rethink of your liability profile,”
said Abrahams.

“In a standard license, you’ve always got a liability cap but it’s OK because you’re using the application internally and you’ve largely got control over uptime. If it doesn’t work it’s a drag but it doesn’t pull the whole business down.

“If you rely on the cloud to provide mission-critical services to the business, you will want to reconsider the issue of liability,” he said.

Where’s my data?

Even though data is officially located in the cloud, the physical location of the underlying server infrastructure needs to be known. This is because different jurisdictions have varying privacy and data management rules that the information may become subject to.

For example, jurisdiction might be critical if your chosen cloud provider suddenly goes out of business, your relationship with them sours, or you become subject to some form of e-discovery process, all of which require you to be able to get your information out of them, and fast.

“The terms and conditions (T&Cs) will have a governing law clause in them, such that if you use a foreign [cloud] provider your data will more than likely be governed by the laws in that place,” explained Abrahams.
“It means enterprises could find themselves subject to laws that they aren’t familiar with.”

According to Abrahams, there are also restrictions under Australian law on the export of some personal information to other countries. HDS’ Tim Smith claims there are some ‘83 pieces of legislation around data retention and document destruction’ locally that could also come into play.

“Users need to be vigilant to ensure way that personal information is being protected in clouds outside of Australia,” said Abrahams.

Abrahams urged prospective cloud customers to think through all potential ramifications of data accessibility before signing on to a service.
“What happens if the provider were to go bust? Will the data be in a format that makes it accessible and readable?” Abrahams asked.

“You’re putting a lot of trust in the provider, and while you can try to protect access to data contractually, short of backing it up in escrow or having a bespoke agreement, you will just have to trust the provider to make the data available to you again.”

He also warned customers to prepare for the possibility of a falling out with the cloud operator.

“If the relationship sours they have a massive negotiating position on you because they could effectively stymie access to your proprietary data,” said Abrahams.

Abrahams advised potential cloud operators to pay close attention to the drafting of their standard terms and conditions for use, and potential customers to read the T&Cs carefully and negotiate a bespoke agreement in place of accepting standard terms where possible.

“For the most part, standard T&Cs are used so the customer doesn’t have a great deal of say in what goes into the contract,” explained Abrahams.
He added: “It’s important to note that none of these issues render the cloud business model ineffective. They just need to be considered as part of the risk analysis of having or using some form of hosted solution.”

Shades of grey

One of the other key side effects of today’s environment is the complete lack of standards and reference architectures available to prospective cloud operators.

It surprised even CRN how closely some hardware vendors are keeping to themselves reference architectures that could be used as the basis for a cloud service.

For example, HDS has them – but only under non-disclosure agreement. IBM’s Business Consulting Services division and HP Australia are similar – our attempts to gain access to that knowledge fell on deaf ears.

What could be perceived as a trend towards proprietary cloud knowledge might be the impetus needed to drive development of more open reference architectures and industry standard models for Cloud Computing
moving forward.

“I think there needs to be some open standards,” said Sean Casey, enterprise business development manager for Intel A/NZ.

“Otherwise there is a danger of fragmented mini clouds forming and everyone doing their own thing.”

HP’ Angus Young concurred. “We’re relying on the industry to come up with a standard for Cloud Computing going forward,” he said.

There are a number of models that could vie for industry standard status. In July, Intel, HP and Yahoo! created an open source cloud computing testbed initiative for large-scale, global research projects.

Separately, Intel and Oracle are working together to ‘identify and drive standards to enable flexible deployment across private and public clouds’.
The latter initiative is perhaps a recognition that there may be a number of different types of ‘cloud’ in the not-too-distant future – not just external EC2-type offerings that exist today.

“We see corporates and large organisations having their own clouds within their own environments,” said Dell’s Justin Boyd.

Other hybrid models that skirt the line between public and private are also possible.

“You will see variations to the theme – it could be a private cloud, on-premise or external type service or a mix of all three,” said IDC’s Linus Lai. “There will be grey areas – it’s not going to be all black and white.”

Reseller opportunities

The number of potential business models and side-effects of each presents significant opportunity for the channel from a consultancy perspective.

Managed services also appear a popular early choice.

“Resellers should be looking at a managed services model rather than building or selling a whole cloud scenario,” said Citrix’ Michael Harries.

Tim Smith from HDS added, “There are managed storage opportunities where resellers can offer SMEs a pseudo-cloud approach to managing backup and disaster recovery on an X dollar per Gigabyte per month basis.”

The SME/B market in general appears to be made for the first iteration of cloud-based services.

“We look at Cloud Computing as really being more aggressively adopted by smaller businesses – that’s the consensus,” said IDC’s Linus Lai. “We believe larger enterprises might be more wary because they feel it’s just
a refresh of an old concept [mainframe computing].”

There are some exceptions. “We see demand from government bodies for internal and semi-private clouds due to the legislative requirements not to expose citizen information to external sources,” said Hedges.

Outsourcers are also prime targets.

“Traditional outsourcers have multiple sets of infrastructure for each individual customer. It would make sense for them to buy one infrastructure, virtualise it and divide it across their client base. In that way it becomes like a cloud,” explained HDS’ Smith.

ISVs can also start evaluating the movement of their applications into the cloud – using, for example, an offering such as Microsoft’s Windows Azure platform.

Cloud Computing is a big topic for the channel and your customers. The flexibility it introduces could take virtualisation to the next level. Being aware of the potential side-effects will be the key to making it work both for your customers and for your own business success.

Above all, in its formative stages, remember – always read the warnings.

And if you can negotiate on the T&Cs, don’t take cloud services only as the vendor prescribes.