Cloud Strategy

Approving Body

Joel Hartman Chief Information Office
Mike Sink Chief Operating Officer
Chris Vakhordjian Chief Information Security Officer
Aaron Streimish Director of Program Management & Planning
Jim Ennis Director of System & Operations
Michael Scruggs Director of Telecommunications

PURPOSE

In support of UCF IT’s mission to provide reliable, dynamic, and innovative IT services to our students, faculty, and staff, the UCF IT Cloud Committee has prepared the following document to define our official strategy for the adoption of public cloud services.

The primary purpose for defining this strategy is to ensure proper alignment of the implementation of cloud services with UCF IT’s goals, University policies, and related regulatory requirements. A list of associated recommendations to facilitate the successful adoption of this strategy are also provided.

This document should serve as a communication vehicle across lines of business to convey UCF IT’s public cloud strategy and establish executive consensus from all key stakeholders and decision makers within the organization.

The desired outcome of the strategy and recommendations proposed within this document is to transition the organization away from the business of data center management and into the business of outstanding service delivery for our customers.

SCOPE

The overall scope of this strategy is UCF IT and the departments for which it provides services. However, our strategy should also serve as a suggested model and informational tool for those departments who are currently not customers of UCF IT.

The strategy and recommendations provided in this document primarily relate to public cloud solutions. While private and hybrid cloud implementations should remain a key consideration in UCF IT’s long term service delivery roadmap, they are not the primary focus of this strategy document.

Because many of the recommendations in this document focus on beginning the transformation necessary to utilize cloud services, it is important to note that our documented strategy will continually evolve as we reassess our current cloud maturity, available resources, tolerance to risk, and need for agility. This evolution will continue to push UCF IT toward its desired end state to act as an agile-functioning broker and manager for all public cloud services at the University of Central Florida.

OBJECTIVES

The decision to prioritize public cloud consumption is, in itself, not a strategy. It is a tactic for implementing technology to achieve the organization’s overall strategy. The pursuit of cloud services enables UCF IT to achieve many of its desired goals and aligns with its primary business objective to transition away from infrastructure management and towards a more customer-focused service delivery model.

A migration to cloud-based services also supports UCF IT’s core values, vision statement, and mission statement to embrace innovative technology solutions and shorten delivery time for IT solutions by utilizing the economies of scale, resiliency, flexibility, scalability, capacity, and agility of cloud computing.

Additional UCF IT objectives supported through the consumption of public cloud services include:

  • Decreasing deployment time for developing, prototyping, and staging IT environments.
  • Enabling immediate provisioning of compute and storage capacity in extremely large quantities, consume those resources for as long as necessary, and immediately de-provision them when no longer needed.
  • Eliminating the guesswork to estimate the future capacity needed and instead, scale up or down as requirements change.
  • Utilizing the highly durable data center architectures of top-tier cloud vendors to increase service resiliency and reliability.
  • Enhancing business resumption and continuity of operations capabilities by utilizing cloud-based backup and disaster recovery solutions to reduce cost and improve availability.
  • Providing transparent and accurate pricing to departments consuming cloud-based IT services.
  • Transitioning away from capital spending to reduce large IT expenditures and commitments.
  • While minimizing IT costs should not be considered as the driving assumption for transitioning to public cloud services, opportunities over time to optimize our investments in IT services and overall service delivery should be expected as our cloud maturity increases.

STRATEGIC SUMMARY

In alignment with UCF IT’s broader infrastructure strategy to reduce its on-premises data center and minimize the scale of its managed off-site data center, our current cloud strategy is to evaluate cloud solutions first, either when new solutions are desired or existing service offerings require reassessment. Some factors that may initiate a reassessment include aging hardware, unsupported applications, major upgrades, maintenance renewals, and increasing costs.

It is important to note our “cloud first” strategy does not mean “cloud always”. UCF IT will only choose cloud solutions when the benefits align to strategic objectives, unnecessary risk is not introduced, and as current requirements or constraints allow for. Our goal is to identify reasons for not utilizing cloud rather than why we should.

The Educause Center for Analysis and Research (ECAR) Cloud Working Group defines our specific strategy as Cloud Opportunistic. A true Cloud First strategy actively plans migrations for existing services to cloud-based solutions, regardless of whether a reassessment requires it. While some departments within UCF IT may be closer to a true Cloud First strategy, the organization as a whole has not reached a level of cloud maturity capable of supporting this strategy in its present state. Strategic recommendations in this document will also help to address these limitations and increase UCF IT’s cloud maturity thereby preparing us for a true Cloud First strategy.

As UCF IT evaluates new or replacement solutions, our goal is to use Software-as-a-Service (SaaS) as the model of choice whenever possible. If SaaS benefits cannot be realized or if obstacles prohibit its use, evaluate Platform-as-a-Service (PaaS) solutions, or if needed, Infrastructure-as-a-Service (IaaS) solutions instead. Our aim is to select services that run as high up the “cloud stack” as possible. This means selecting SaaS over PaaS and PaaS over IaaS. This deployment model enables the most effective use of IT staff resources and allows us to take full advantage of vendor architectures and support.

Should none of these cloud models suffice, UCF IT will consider solutions based on hosted architectures in alignment with our current data center strategy. If hosting is not an option, no value gained, or as requirements prohibit, the organization will instead use co-located facilities such as Data Site Orlando or on-premises resources only if necessary.

Due to UCF IT’s current expertise, high level of technology investment, and strong vendor relationship, Microsoft Azure will be the primary provider for infrastructure and platform as-a-service offerings,  especially where integration with existing internal systems is required (internal networking, identity, SaaS functionality, etc).

UCF IT’s current level of knowledge, experience, and established resources will also be key factors in provider determination. Ultimately, the decision on which cloud provider to use will be based on the services offered that best meet the specific needs of the project.

Departments currently utilizing AWS-based solutions should continue to develop their offerings and expertise with this service provider to enhance UCF IT’s ability to offer a true multi-provider strategy going forward. Supporting additional providers will allow the organization to reduce costs and avoid the potential risks for vendor lock-in. This also allows UCF IT to support flexibility based on customer needs as well as the internal needs of administrators and developers while still providing guidelines and procedures to ensure rapid delivery of services.

A critical component in the successful implementation of this strategy is to ensure that its guidelines occur early in the UCF IT project intake process for all new and existing service and service offering proposals. Applying this strategy successfully will push the organization outside its comfort zone, compel organizational change in IT, accelerate innovation, and facilitate UCF IT’s vision for outstanding customer service delivery.

STRATEGIC RECOMMENDATIONS

  • Form a cross-functional “Cloud Team” and create a new Cloud Architect role as the technical lead. Identify liaisons from UCF IT’s functional units to assist this team as they adopt cloud services. The Cloud Team’s primary responsibility will be managing cloud operations within UCF IT. These duties include consultation, design, administration, and implementation of new cloud initiatives. While this team may need to initially balance cloud duties with their normal work schedule, we must shift non-cloud duties away to support increased cloud adoption.
  • UCF IT must plan and budget for necessary training and support staffing. This strategy is not about reducing staff. Expect roles to change as new technologies emerge and new positions are required to support our transition to a customer-facing, services-based model.
  • To guarantee reliable connectivity to cloud based services, emphasize capacity planning to forecast funding requirements, maintain an effective network infrastructure, and provide for sufficient Internet bandwidth.
  • Early in our roadmap to cloud adoption, migrate low-risk workloads suitable for rapid cloud deployment and utilize process improvement and automation to reduce the time to implement future cloud initiatives.
  • Advocate for the consolidation of cloud-based service offerings across campus to minimize management and support needs, reduce costs through economies of scale, reduce integration complexities, deprecate redundant applications, and simplify our service catalog.
  • Consider integration with existing on-premises and other cloud services, including identity management, networking, storage, etc. Not all cloud implementations need integration, but decisions not to integrate should be deliberate. Preference should be given to systems that have common functional integration capabilities.
  • In alignment with UCF IT’s data center roadmap, ensure that only proximity-dependent hardware remains on campus. Use virtualization and hyper-converged architectures to streamline hybrid implementations and prepare for migrations to cloud-based models as needs or restrictions evolve. In conjunction, develop criteria to determine if any workloads should be off-limits for cloud solutions.
  • To align with security best practices for cloud service usage and compliance with applicable regulatory requirements, ensure all customers follow UCF’s INFOSEC Vendor Risk Management security review for all cloud-based solutions so that acceptable risks are identified and acknowledged by key stakeholders. These procedures also serve to provide recommendations and guidance for customers to reduce their risks as much as possible.
  • Involve University General Counsel and Purchasing in all cloud service agreements, even in cases where no payment occurs. In addition to proper INFOSEC vetting, integrate all approvals as a subcomponent of a wider UCF IT project intake process for cloud based services.
  • Improve UCF IT’s security posture by utilizing cloud services that support specific compliance requirements too costly for the university to pursue internally and improve the confidentiality, integrity, and availability of customer’s data.
  • Begin high-level evaluations of ERP cloud solutions and services offered through our existing vendor and compare these results to possible alternatives.
  • Develop a cloud services communication and marketing strategy for UCF IT and select customers to inform and seek feedback.

CLOUD MATURITY

Several references to “cloud maturity” exist throughout this document. A well-designed cloud adoption approach includes defining business drivers, developing proper cloud strategies, building comprehensive assessment criteria, mitigating known issues, and capturing key lessons from each cloud project. Organizations that follow a well-devised maturity plan have the greatest probability of success in adopting public cloud services.

Gartner Research identifies five streams of work and five maturity stages for public cloud adoption. UCF IT will track its progress along this matrix to serve as a high-level framework and tool to assist in advancing its level of cloud adoption maturity. Our progress as of 2016 is shown on the right and will be updated and evaluated annually.

In addition to the strategic recommendations provided, several “maturity milestones” currently exist and will update accordingly to support our ultimate goal of moving UCF IT up the maturity matrix, out of the datacenter business, and into the business of service delivery.

APPENDIX

Definitions

Cloud Computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.


Infrastructure-as-a-Service (IaaS)
A form of cloud computing in which a third-party provider hosts the hardware, software, servers, storage, and other infrastructure components over the Internet, on behalf of the users.

Platform-as-a-Service (PaaS)
A cloud provider delivers hardware and software tools — usually those needed for application development — to its users as a service. A PaaS provider hosts the hardware and software on its own infrastructure. As a result, PaaS frees users from having to install in-house hardware and software to develop or run a new application.

Software-as-a-Service (SaaS)
Software as a service (SaaS) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet. SaaS removes the need for organizations to install and run applications on their own computers or in their own data centers. This eliminates the expense of hardware acquisition, provisioning and maintenance, as well as software licensing, installation and support.

Public Cloud
Based on the standard cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet and usually on a pay-per-usage model.

Private Cloud
This type of cloud computing delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture residing within and managed by the organization itself.

Hybrid Cloud
A cloud computing environment which uses a mix of on-premises, private cloud, and third-party, public cloud services with orchestration between the two platforms.

Hyper-converged
Hyper-convergence is a type of infrastructure system with a software-centric architecture that tightly integrates compute, storage, networking and virtualization resources and other technologies from scratch in a commodity hardware box supported by a single vendor. Similar to mainframe-like architecture, it allows the integrated technologies to be managed as a single system through a common toolset. These systems can also be expanded through the addition of nodes to the base unit.

Acknowledgements

This document was prepared in conjunction with the UCF IT Cloud Committee whose mission is to:

Increase UCF’s cloud maturity, address organizational challenges to cloud adoption, review current and upcoming departmental cloud initiatives, promote collaboration & communication between these departments, evangelize the benefits of cloud, and to continually evolve our cloud strategy and roadmap for current and future cloud services.

Core Representation

Jonathan White, Committee Chair, Cloud Governance Chair Cloud Strategy
Aaron Streimish, Executive Sponsor Strategy & Planning
Bob Mello, Cloud Infrastructure Chair Infrastructure Services
Steve Crowe, Office365 Governance Chair Unified Messaging
Marc Cassidy Enterprise Application Development
Lou Garcia Network Services
Adnan Hameed, Ross Cooper Information Security Office
Vicki Vitale Legal & Procurement

Business Unit Representation

Tim Neubrander, Derek Bernard Communications & Marketing
Ozlem Garibay, Shafaq Chaudhry Office of Research & Commercialization
Thomas Christensen Center for Distributed Learning
Aaron Spies College of Medicine
Bryan Sevinger BRM – Health & Public Affairs
Richard Caldwell BRM – College of Sciences

Consultation Representation

Tim Larson ERP Consulting
Adam Glover UCF Audit

Downloadable UCF IT Cloud Strategy PDF