Owned hardware vs Azure services
Over the last few years, I have had the pleasure of introducing several clients (new and existing alike) to the wonders of Azure’s cloud, but I would lie if I said that that it was always smooth sailing during the technical pre-sales stages of the various projects.
In this business, introducing new changes (even small ones) means introducing new risks. It’s only natural then that some IT managers are not immediately keen on embracing new radical changes that affect the platforms they are responsible for. Leaps of faith are not an option, and understandably so.
A proof of concept would usually come to the rescue during this phase, but sometimes this luxury is not available, be it for time or budget constraints, so doubts need to be addressed and clarified during project presentations.
In this blog post, I’ll briefly cover some of the perplexities/doubts/questions that tend to come up more often during the aforementioned meetings.
I know this may sound silly, but you would be surprised to hear how much resistance the idea of “the cloud” meets when we are talking about private infrastructure. Generally, the first question I am asked is “how secure is it?” or something along these lines. This is where I end up spending most of my time talking, because security is a (very) broad subject. People often mean just “software security” when they ask this question, however the answer starts from the physical security of your data and spans all the way up to the application layer. Luckily for us, Microsoft Azure’s datacentres are designed and built around security from the ground up. Literally.
Physical access is the first level of security that anybody would encounter, whether they work at the datacentre or are visitors (which are very rarely allowed in). The datacentres are surrounded by protective perimeters, and access to any area inside the perimeter, down to the individual rooms, is restricted and monitored 24/7/365. Objects of any kind are not allowed in (mobile phones, USB sticks, car keys, you name it) and every area is protected by metal detectors. Unless authorised, nobody can be inside the functional rooms, and depending on the task, the authorisation lasts for a finite number of minutes (yes, minutes!).
I can tell you from experience that most of the datacentres do not operate so tightly. I’ve lost count of the times in that I was allowed in datacentres to replace a disk or copy data from servers that were sitting right next to someone else’s servers, and with basically no supervision. Luckily, I had no bad intentions and I never made mistakes while working on-site, but it would have been really easy to cause issues, even unwillingly. Unplugging the wrong server or the wrong network cable can cause mayhem. With Azure you do not have to worry about any of that.
As the concept of cloud has become more widespread, this topic has become significantly easier to review over the past few years. However, I still meet old fashioned IT managers that tend to prefer owned appliances for some reason, so I reckon it is worth discussing it.
When you own a physical tenancy (one or more physical servers, networking components, UPSs, etc) you are responsible for their initial purchase (upfront cost), maintenance and spare parts (recurring costs) and, eventually, their replacement. Not to mention that the initial purchase needs to be enough to cater for your resource requirements from day one, as scalability is not really an option most of the time or can become an unpleasant surprise over time. These costs are typically very high upfront and can limit your options down the line. And if you want extra redundancy (more on it later) you need to double up your budget.
With Azure you do not have to worry about any of the concerns I just mentioned. The hardware is managed, operated, maintained, and replaced entirely by Microsoft. And with regards to scaling, you can choose to scale any time for as long as you want and as high or low as you need. There is also a very valuable added benefit to the cloud model: you do not have to worry about the Hyper-V framework that manages your appliance at a software level. In a private cloud you would have to configure and maintain that too, which is time consuming.
I know that I have mentioned scalability only few lines above, but this concept is broader than most people would think at first, and I believe it requires a paragraph of its own.
When I mention scalability, most of the time I refer to virtual machines or web applications capable of scaling resources (e.g., CPU, Memory, disk capacity) up & down when more resources are required. Scalability may also mean scaling in or out if more instances of these components are required.
While these two methods of scaling are subject to similar logic, their function is different and needs to be planned accordingly.
However, with Azure, the concept of scalability does not stop there. It goes beyond the capability of the individual services to scale across the appliance, and expands all the way up to datacentres, regions, and the global network. This means that you can easily deploy your application virtually anywhere in the world to better cater for your and your customers’ needs without having to worry about the hardware to implement the solution.
This level of scalability also introduces another interesting upside of this worldwide architecture: Redundancy.
Being able to scale from a single server all the way up to a global network also means that you can ensure business continuity even in the event of unplanned outages or disasters. Out of the box, each service on azure offers a certain degree of redundancy and a correlated SLA, but with proper planning the uptime of the services can be increased to up to 100% if required.
Redundancy may also be used when referring to Backups and, more in general, Disaster Recovery Planning (DRP). This is a crucial aspect that should never be underestimated, and lucky for us, Azure makes a great job at providing all the required tools to obtain the degree of resilience that we require from our environment.
Networking is the core component that powers the internet as we know it. A robust networking infrastructure is paramount for the success of pretty much any application designed today. In a tenancy composed of privately owned hardware you need factor in costs for all the networking appliance, and you might be limited to bandwidth capabilities of your hardware or the datacenter’s. Once again, all these costs stack up and require specialized hardware and staff to run properly.
Thankfully, Azure takes care of that aspect for us, with virtually no downside. All the virtual appliance is ready to be used out of the box, it is highly customizable, and it supports a vast array of third-party services and integrations.
Oh, and guess what? Azure networking does that at a scale too! Over the past decade Microsoft have built a global private network to power their datacenters (if you are interested you can read more about it here) that, besides providing basic connectivity, also acts as a perimeter defense for any traffic inbound to Azure. The result is an out of the box DDOS protection service entirely run by an AI that can deal with virtually any attack in near real time, for no added cost.
Compliance has become a recurring topic of discussion in the past few years, and it can vary from a requirement to simple peace of mind. Your line of business may require certain degrees of compliance, or you just might want to know that certain aspects are covered to feel safe. Azure is the cloud provider with the most active compliance certifications on the market, and each compliance is assessed and documented by third-party reports. Without going into too much detail, Azure complies with several sets of requirements such as ISO, SOC, WCAG and CIS to name a few. The average private datacentre cannot get anywhere near this level of compliance.
As with security, compliance extends from the physical premises all the way up to the individual services. Your tenancy is constantly monitored to ensure that your requirements are always met. Should you be interested in exploring all the types and degrees of compliance, you can find them here.
At this stage you probably have noticed the pattern: in the context of a privately owned infrastructure, every topic that I have mentioned above brings in a new set of responsibilities, costs and requirements that can grow out of control very quickly or require a long time to be achieved. With Azure most of these features are implicit and you do not have to worry about spending time and money to design the hardware solution from the ground up because it is all part of the offering.
If you need help migrating from a private setup to a full-scale cloud solution, contact us today.