Considerations for catalogs, controls, compliance in private clouds

Last time we met in this space, we talked about the importance of management and resource optimization planning in the path toward private cloud computing (see my last blog on Moving forward towards the private cloud). Today, I want to examine two other important areas for consideration as you plan for more mature processes and technology: service catalogs and controls, compliance and governance functionality.

Service catalog/request fulfillment: Request for services in the private cloud should be treated like all others - as service requests. Service requests are provisioned based on the defined internal approval processes of the enterprise. Requests should be based on a pre-defined catalog of services built upon a set of golden templates to ensure standards are met in a repeatable manner and that the turn-around time between request and release of service to your client are minimal.

So ask yourself this: Do you have a defined series of services from which requests can be made? Do you have the processes in place to ensure each service meets your corporate standards and can be provisioned in a repeatable manner? Do you use golden templates in your virtual infrastructure from which all servers are provisioned? Is the approval process defined and understood by all parties involved?

If the process to create a request, get it through approvals, have it consistently provisioned and customized to the client's specs, and finally released to your client for use is not understood by all parties when you are only dealing with a small set of servers, imagine how difficult this would be if you establish a private cloud and allow your clients to request services on their own.

Controls, compliance and governance: In terms of private cloud computing, the focus on security should be on speed, agility and ease (or automation) of deployment within the private cloud infrastructure to support corporate policy. It's important that you establish controls to ensure that servers are provisioned in a repeatable fashion and that "break-the-glass" scenarios are the exception and well documented. It should be easy to audit these controls and identify areas of weakness that should be improved.

Compliance takes on a few forms in the enterprise, including but not limited to: financial compliance, process compliance and licensing compliance. We have already talked quite a bit about process and the ability to audit processes. Financial compliance requires tools to ensure all parties are aware of the costs to operate a server within the private cloud (more on this in an upcoming article).

When you talk about license compliance, you start looking at some pretty basic questions that become difficult to answer without proper tools in place to keep track of this information. Ask yourself if, at any point in time, you can identify how many licenses of any particular application or operating system are in use. How many are offline/powered off but still require their licenses to be counted because of license agreements? How many servers that were carrying a license for a particular application or operating system are no longer within the virtual infrastructure and, therefore, should have had their licenses reclaimed?

In our next installment, we will look at costing models, chargeback and showback - what they are and which would work in your organization to help make your private cloud a self-sustaining infrastructure.

Remember, "cloudification" isn't just about me telling my story. We can only learn and move forward by sharing ideas and exchanging concerns and questions about cloud adoption. I'd like to hear your thoughts, experiences and best practices regarding how virtualization and the cloud have affected your enterprise and the way you deliver IT services. And, if you have any questions or want to start a discussion, I welcome that, too.

Jean-Marc Seguin is chief architect for Embotics.

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies