Orchestrate cloud services for business

Because public cloud services are typically based on a pay-as-you-go model, they have the potential to operate under the radar of traditional IT service management infrastructure - for example, in terms of procurement.

Added to this is the increasing outsourcing of infrastructures to the cloud, which IT itself is driving forward, for example from SAP infrastructures to Azure.

Public cloud offerings such as Azure are attractive because they often offer cost-saving potential, can make global deployment of systems easier or are simply "always up to date". But there are also critical aspects, especially when it comes to operation from an orchestration point of view.

The IT organization is challenged to expand its governance capabilities to guide this evolution and make the enterprise adaptable to cloud services.

In this context, the term "cloud orchestration" does not refer exclusively to the technical activities which, ideally, initially combine public cloud services with conventional IT services in a hybrid model.

Even greater are the organizational challenges, which often overburden the IT organization because it is more than busy operating legacy applications.

Orchestration services

Orchestration services are the operating system of tomorrow. The paradox becomes clear in the results of a 2018 study by management consultants Horváth & Partners, which surveyed decision-makers in 190 German companies.

According to the study, 96 percent of the decision-makers surveyed agree that the importance of IT within the overall organization will increase sharply over the next three years.

On the other hand, only one in ten of the respondents sees the IT and organization department unreservedly as a customer-oriented service organization.

A new understanding of the role of the IT and organization department as an orchestrator is needed. And it must be structurally supported by a capacitive relief - i.e., by consistent outsourcing of conventionally operational topics. Only then can the role as a consultant and process enabler (once again) take center stage.

The core competency of such an IT organization is then no longer operational expertise or reliable infrastructure provisioning - Microsoft Azure and other providers take care of that - but the ability to source, orchestrate and offer for consumption multiple pre-configured services in a structured way to unify end-to-end service delivery across multiple cloud service providers and provisioning channels.

An SAP from the cloud is usually only one of many cloud offerings and there are major requirements in terms of integration with other (cloud) services: to maintain and further develop a central service catalog, which is made available to internal customers at any time and from anywhere in a self-service portal; to manage customized IT solutions together with standard and interchangeable cloud services as separate configuration items (CIs) and to apply them in a value-enhancing way in close coordination with the business departments.

The following reference model is intended to set an organizational framework that structures the cloud orchestration role of the IT and organization department.

Technical orchestration: SAP is a central element of the IT landscape in most companies. An SAP in the cloud, for example on Azure, therefore requires multicloud connectivity with multiple regions for public and private clouds. Cloud connectivity describes the extensive process of connecting different cloud delivery models with each other.

The necessary interoperability in cloud environments, on the other hand, refers to the ability of public cloud services, private cloud services and other systems to use each other's APIs to exchange data and thus be able to interact.

Security and compliance

The biggest challenge for public cloud services like Azure is the security and privacy concerns of enterprises. The fact that valuable corporate data resides outside the corporate firewall raises concerns.

Many regulatory requirements also mandate certain controls (for example, strict access controls and audit trails) and require regular reporting.

Azure's stringent certifications help here. Nevertheless, companies must ensure that their cloud providers meet the requirements appropriately in order to fulfill their compliance obligations themselves. After all, the responsibility largely remains with them.

Supervised cloud operation: "Hey Joe" is out. Cloud providers typically don't have a person-centric, round-the-clock service, nor do they sit in a side office. It is important to monitor the service with internal or external tools, and also to have plans in place to monitor usage, SLAs, performance, robustness and business dependency of these services.

The central basis for this should be a coordinated service catalog in the company. This enables companies to reuse these cloud services across applications and make them available in parallel to defined user groups in a standardized manner.

Cloud administration: In mirror image, the service catalog represents the "Cloud Service Provision" offering and describes the flexible provision of cloud services supported by automation.

Subscriptions become more complicated in organizations that use consolidated billing and have centralized control over accounts, subscription creation, and resource utilization. Metering in this context describes the process of controlling, measuring and monitoring the use of compute, network and storage resources.

Ideally, there is a process for identifying the costs incurred, which are billed to the company by the respective cloud provider based on the agreed billing codes.

Cloud IAM

Cloud identity and access management: When using public cloud services, it is important to ensure that the authorization concept is based on a centralized trust model (federation services) in order to simplify identity management across third-party and in-house applications.

In this way, all applications can be used with just one set of credentials (single sign-on). For mission-critical applications, multifactor authentication provides an additional security safeguard.

Monitoring and reporting: The role of the orchestrator is to maintain control over the entire IT environment. This also applies if the environment is wholly or partially in the public cloud, for example in Azure.

Thus, it is important to establish appropriate ex-ante as well as ex-post control mechanisms both to ensure availability and transparency in SLA measurement, but also from a security perspective.