CIO: Five ways to save money on your cloud costs

Keeping track of your monthly cloud computing bills isn’t easy. While it is great that cloud providers usually charge you on the resources you consume, the various elements of your bill are very complex and made up of dozens of different factors, such as CPU core, storage units, RAM size and data transfers. Fortunately, there are a number of online services (see chart below) that can help you save money by using a series of clever choices. In this article for CIO (email reg. req.), I will look at five questions that you can ask to try to reduce your monthly cloud computing bill.

Service, link Number of Cloud Providers Expertise Free or paid?
Cloudability AWS Cost monitoring Paid
Cloudorado Cloud Hosting Comparison 27 CPU benchmarks Free (paid by participating vendors)
Cloudyn AWS, Azure, Google Costing trends Both
CloudHarmony CloudSquare 101 Uptime status Free
CloudSpectator Varies Custom analytics Both; paid reports are $400 each
CloudHealth Technologies AWS, Google Costing, performance and security analytics Paid services start at $250/mo
Datapipe Analytics AWS, Azure Management tools Paid services start at $3500/mo
RightScale PlanForCloud 6 Deployment scenarios Both; paid services start at $6000/mo



How to defend the hybrid cloud

If you are looking to move to a hybrid cloud you often hear that it is still an issue when it comes to lack of security or because of compliance problems.

Certainly, cloud-based servers can be less secure than on-premises servers. But that doesn’t always have to be the case: a lot depends on how your servers are configured, what kinds of monitoring tools you are using to ensure that they aren’t breeched, and whether your applications have built-in security or not. The same is true when it comes to compliance.

Maybe the reason why this perception continues to plague the cloud world is the well-publicized security breeches over the past several months. But that is more about insecure Web applications, or bad password policies, or lax network intrusion detection, than anything to do with the cloud itself. Some of these exploits are so old that that pre-dates the birth years of the teen hackers that are using them: remember when SQL injection was first an issue back before 2000?

And there are cloud environments that can be more or less secure, depending on how they are configured, who has access to them, what kinds of encryption methods are used to protect their data and the sensitivity of the data itself. Here are some pointers on how to make your clouds more secure:

  • Employ a cloud management platform. This can help understand where your exposure is and what you need to do a better job with locking down virtual resources. Ideally, your management tool should be able to examine the hybrid cloud and understand how to make adjustments to both physical and virtual resources and workloads, and automate the provisioning and deprovisioning of your entire hybrid infrastructure. This kind of tool also helps to address regulatory compliance requirements and establish security hardening guidelines that can make a decisive difference.
  • Understand your access controls to all cloud-based resources. Back in the days when the mainframes ruled, it was easy to enforce who had access to what data. That needs to be the case with the cloud. In many cases, this access is an all-or-nothing proposition, meaning that once a user authentications themselves to their cloud, they have the freedom to roam around at will, starting and stopping various VMs and causing all sorts of damage. This can be a compliance nightmare, which is why some cloud providers now offer more granular access to their resources. There are a variety of tools that can help improve your security posture of your VMs too.
  • Know how much of your cloud infrastructure is redundant. There are many cloud providers that offer independent and geographically distinct data centers and have ways to duplicate data among them so that your infrastructure will remain running even if one of your cloud data centers fails. This is just good security practice. You pay a bit more for this feature, but it can be worth it.
  • Make your Web-based applications more secure. Certainly, the least secure aspect of any cloud deployment is your Web applications and how they are connected to the rest of your cloud-based infrastructure. The challenge is being able to virtualize as many of your protective devices as you have for your on-premises servers, such as load balancers, intrusion prevention appliances, firewalls, and other gear. The major cloud providers are beginning to add these tools to their list of services so that IT developers can migrate their applications over to the cloud and still maintain the level of security that they have come to expect with the ones running inside their own data centers.

Need help organizing your SAN Storage? Look at Datacore’s SANsymphony-V

If you have a lot of data stored on SANs, you might want to take a look at the latest offering from Datacore Software’s SAN Symphony. I have been testing various versions of this product for more than a decade, and my latest video screencast review can be found here. They make it easier to automatically move data between storage tiers (such as solid state hard drives and cloud repositories) and enable continuous data protection with just a single mouse click. There is also this nifty heat map as you see above that shows your most-active storage tiers.

Network World: Five cloud costing tools reviewed

Certainly, using a cloud provider can be cheaper than purchasing your own hardware, or instrumental in moving a capital expense into an operating one. And there are impressive multi-core hyperscale servers that are now available to anyone for a reasonable monthly fee. But while it is great that cloud providers base their fees on what resources you actually consume, the various elements of your bill are daunting and complex, to say the least.

Separating pricing fact from fiction isn’t easy. For this article, we looked at five shopping comparison services, including Cloudorado, CloudHarmony’s CloudSquare, CloudSpectator, Datapipe and RightScale’s Some of them cover a lot of providers, some only focus on a few.

You can read the full review in Network World today here.

VMware blog: Simplifying Storage Solutions

Storage has seen its share of technology changes in recent years, but the most significant breakthrough isn’t higher capacity arrays, it’s the shift to software-defined storage. One of the reasons many enterprises are embracing this new paradigm is that in recent decades, managing storage has been a specialized skill set which has fostered organizational silos among other issues.

In this free e-Book that I wrote for VMware, I explore:

  • How virtualization and cloud management impact storage management
  • Implications of the control plane transitioning from hardware-centric to app-centric
  • The role of VMware hypervisor in managing storage

Ricoh blog: Is Directory as a Service Right for Your Business?

One of the core components of any modern is its directory service. It usually operates behind the scenes, authenticating users and devices without much fanfare until something goes wrong. Typically, you employ Microsoft Active Directory, LDAP or a Radius server to provide this function. In the past year a number of cloud providers have begun offering directory as a service or DaaS, moving something else to the cloud.

Currently there are three DaaS providers: Amazon has its own Directory Service,Microsoft has its own for Azure, and a startup called Why bother when there are dozens of on-premises directory service software vendors, including what comes built-in to a Windows Server already? A few reasons: First, you may want to scale up your enterprise or move more of your servers and services to the cloud already and want something more capable from your directory services. Second, you may want to make use of a hybrid cloud environment, and this is the enabling step. Next, managing the directory requires some specialized skills, and as you organization grows it may be more than what your existing staff can handle. Finally, it can be cost effective and provide more features too, such as the ability to provide a single sign-on user authentication portal.

Which of the three you might use, if any, depend on your circumstances. If you are already using either AWS or Azure, then you should look at their DaaS offerings first. If you use a local LDAP server, then JumpCloud might be the ticket.

Here are some other questions on how to choose the right DaaS system:

Do you currently have your own on-premises directory service, either LDAP, Radius, or AD? If so, you will have to consider how to migrate to the cloud DaaS or run a hybrid DaaS. If you are starting from scratch it might be easier to implement one of these cloud-based services.

What else besides Windows PC users can authenticate to it? Macintoshes, Smartphones, and apps are the usual kinds of things that you would want to authenticate to a DaaS. All of these cloud-based services offer this.

Is the cloud provider offering it across different geographies? You want your cloud directory to operate at scale and be up across the world. AWS has it running in 5 of its availability zones.

How much does it cost? AWS sells by the hour, JumpCloud and Azure by the connected user. AWS might be more cost-effective if you have a lot of users or devices to connect to and if you already make use of other AWS resources.

Can you integrate with other cloud-based apps? Azure comes with integrations for, Box, and hundreds of other apps. If you are looking for a cloud-based single sign-on tool, you might consider what they have as a good start. AWS is more focused on integrating with its own cloud-based offerings. JumpCloud is more about migrating LDAP to the cloud.

Can you make use of multifactor authentication? This is useful if you want to provide for additional authentication security, such as with a one-time password. Both AWS and Azure offer this, with an extra charge with Azure.

Bright Computing blog: The Arguments Every OpenStack User Must Make

For some time now, critics have suggested that OpenStack may offer lower total cost of ownership, but fails to deliver on agility and uptime compared to other cloud solutions.

 A recent story on ReadWrite quoted industry insiders who suggested OpenStack is merely a way to “fool” senior management into believing that a company has moved to cloud computing. TechRepublic, meanwhile, stated that OpenStack remains too complex to offer real opportunities for innovation.

I talk to one of the OpenStack experts, Sam Charrington, about how he sees the role it should play in modern enterprise infrastructures, in this blog post. 

Masergy blog: How Cloud Computing Changes the Role of IT

We are experiencing a significant shift in how corporate IT departments deliver services to the business in this era of cloud computing. IT staffs are evolving beyond installing servers and software towards provisioning services, negotiating vendor relationships and collaborating with business users on application service delivery requirements.

I have some thoughts on what this means for IT staffs, skills and the resulting networking mix for Masergy, a broadband communications management vendor.

You can read my post on their blog here.

Understanding the advantages of tablet workspaces

home screen2The days have long been over when IT could dictate what kinds of endpoint computing devices should be in their end user’s hands. But the notion of “bring your own device” (BYOD) has taken hold in the past few years means having tablets and smartphones perform truly useful business-related work. Now the particular endpoint, whether it is a desktop or a mobile, no longer matters. Indeed, mobiles are being used more and more as the main endpoint browsing device and as the default computing device.

There are some big benefits for IT with BYOD: they don’t have to invest time in their “nanny state” approach in tracking which users are running what endpoints. Or have to research which mobiles will be blessed by the corporate purchasing department. Instead, they can free up these staffers to improve their apps or deliver better service to their end users.

For these reasons, BYOD has been well received. Users don’t want to wait on IT to finish a requirements analysis study or go through a lengthy approvals process: they want their mobile apps here and now. However, the small business market has been largely a poor stepchild and not much of a beneficiary to the BYOD revolution. The SMB IT manager, where he or she exists, doesn’t have a lot of great choices to support improving the productivity of their tablet users. The challenge is that users these days want something more than just processing emails on their mobile devices: they want to be a full participant in sharing files, co-editing documents and presentations, and running corporate apps that in the past have been largely geared towards Windows endpoints.

The IT manager is faced with a series of options to support these new and more advanced tablet users. Each solution makes some compromises in terms of document fidelity, overall security, collaboration features and ease of access. Document fidelity is defined as being able to work on common Windows tools such as Word, PowerPoint, etc. on a tablet and see the same fonts and features as you would see on a traditional Windows PC. Overall security means having policies that can restrict who has access to particular files and apps on the mobile devices, or completely sandbox a business environment from one’s personal app collection. You also want to be able to collaborate on documents among multiple authors, so that they can see in real-time what changes their colleagues have made to their documents. Finally, ease of access means being able to obtain particular files without having to go through many steps or multiple and complex authentication methods.

Over the past several years, numerous vendors have tried their hand at fixing these issues and there are a number of products and services that can be combined together. There are cloud-based storage services or office app suites, custom connection apps that allow tablets to access, transfer and view files and remote terminal sessions that can bring up Windows desktops and their apps. There are also various mobile device management products that can sandbox email and app access.

One other solution involves creating an entire workspace on a tablet, sometimes as a Web service. I recently had a chance to do some custom consulting work for such as solution from NComputing called oneSpace, which compliments these products in a way that you can access both network file shares as well as cloud apps, and do so in a way that seems natural for a tablet or touchscreen user. You can see a short screencast video introduction to how this works here. Workspaces could be the future for corporate tablet usage.

NComputing’s oneSpace improves tablet productivity

NComputing’s oneSpace combines the benefits of tablet style navigation and gestures with fully functioning Windows and SaaS applications, internal web apps and portals, and on-premises and cloud file shares in a single policy-controlled environment that is secure and separate from a user’s personal tablet apps. We tested it on both Android and iOS tablets in June 2014.

Usage of the oneSpace app requires a license to a oneSpace service.

Price: $33/user/month