An Overview of Cloud Services and What you need to know

Introduction

In simple terms, Cloud computing refers to the on-demand delivery of IT resources and applications over the internet. Over the last decade, cloud computing has grown in leaps and bounds compared to any other industry. It provides enormous opportunities for all and I am sure in the next 10 years over 95% of the companies, individuals will be using the cloud. Cloud computing is very flexible – It allows you to provision and consume what you need, pay as you go with no upfront costs or long term commitments. All the cloud services are programmable artifacts. This means you have multiple options to consume the services – from web portal/console provided by the cloud vendor or using the mobile app or CLI – Command Line Interface or SDKs available in several languages (Java, .Net, Python, Go, NodeJS, Php, Ruby etc) or APIs. This also allows you to scale based on the demand, continuously monitor your resources, automate many operations, admin tasks so that you can focus more on your business needs. Cloud has different types of offerings: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (Software as a Service). This style has been adopted by other types of offerings: FaaS (Function as a Service), CaaS (Cognition as a Service), TaaS (Testing as a Service), LaaS (Lifecycle as a Service), MBaaS (Mobile Backend as a Service) etc.

The name of the service, features available within each service (depth or maturity of the service and configurations), the total number of services available (breadth of services), service availability in a given location, cost varies from one cloud vendor to another. There is an overlap in some services and few services look similar though they are meant to serve a different purpose. Many of the services can be integrated and work seamlessly to serve the business need. While we have virtually unlimited options available and can get XaaS (Anything as a Service), the flexibility comes with a high risk, if you don’t know how to select the right services suitable to your needs, associated pricing models, provision and configure them following the best practices, recommendations by your cloud vendor. The common risks include over provision of resources leading to higher costs, poor configuration leading to security & vulnerability issues, high TCO, poor ROI, performance issues, scalability issues, meagre customer satisfaction, messy governance, non-compliance etc. You also need to know the associated limitations with the service, available options to secure, monitor and automate. The good news is that the cloud has all the tools, services required to proactively mitigate all these risks allowing you to reap the benefits when used properly. Most of the cloud services are already complaint and certified in their field of service - PCI DSS, SOC 2, ISO, FIPS, ITAR, CSA, FISMA, HIPAA etc. All popular cloud vendors offer free tier or give $ credits so that you can get started quickly, without any investment. Let us look at several services, features offered by the cloud vendors to better understand what cloud can do for us and its capabilities.

Which of the below are factors that have helped make public cloud so powerful?
A) No special skills required  
B) Not having to deal with the collateral damage of failed experiments  
C) The ability to try out new ideas and experiment without an upfront commitment D) Traditional methods that are used for on-premises infrastructure work just as well in the cloud 
E) The global infrastructure of cloud makes it easy to run applications or store data near to your customer

Ans: B, C and E. Public cloud allows organizations to try out new ideas, new approaches and experiment with little upfront commitment. If it doesn't work out, organizations have the ability to terminate the resources, stop paying for them and reduce associated risks. 
Cloud requires special skills to optimize costs, to secure & protect your resources without compromising on the scalability, performance, high availability, fault tolerance, durability etc. 
There are 500+ services available and each service has several configurations that can be tweaked based on your needs. It is really important to understand the differences, cost implications, pros & cons. 
Cloud services are available globally which allows you to deploy resources in multiple regions to achieve high availability or reduced latency or for regulatory & compliance needs or for cost optimization (cost vary based on the region).

Cloud Services Overview

Provision of virtual machines/servers: Whether you want to host a simple website or a powerful gaming application or real-time analytics platform or a mobile app backend, cloud offers more than 175 instance types to choose from based on your workload needs with a varying configuration of compute, memory, storage, GPU. Within minutes you can provision a server instance with RAM ranging from GBs to TBs, vCPUs from 1 vCPU to 400+ vCPUs and with virtually unlimited storage capacity across operating systems. For example, look at the options available on Amazon AWS https://ec2instances.info/. You can choose from out-of-the-box available options or from market place instances or standardize instances across your organization based on your workload. Different pricing options are available like on-demand, reserved, single tenancy etc. You can even bid for unused capacity and save up to 90% on the cost of on-demand instances. Additional options like burstable instances, grouping of instances to achieve better performance, scale-up/down, re-size etc are available. Compare the rigidness of anticipating your workload requirements, coming up with an ideal configuration for your server, procuring from a vendor, setting up in your data center only to stick with it even when your future needs change with this flexibility to provision what you need in minutes, pay based on your consumption, change it or shutdown later and stop paying when you don’t need. This single offering itself makes a mind-blowing difference with the cloud. Common functionalities like monitoring, security, automation, encryption etc are available. As mentioned earlier, if not controlled properly a person can provision 100s of high-end servers in a few minutes with a single click of a button.

Storage options: Whether you want to store your documents, media assets OR need storage to install your applications, software like databases, application servers OR build a data lake for your organization with all structured and unstructured data OR looking for network storage that can be shared across servers OR planning to store back-ups to use for disaster recovery OR require a hybrid storage solution to allow data accessibility on-premises while storing all data in the cloud OR simply archive the data for long term retention to meet your regulatory compliance needs etc. Cloud has several options to choose from. You can select from object storage or file storage or block storage and be able to store any format of data on HDD, SSD. You can select your storage upfront or change it later or opt for elastic storage that can scale automatically. It provides the highest durability (the chances of losing your data are almost nil), availability while allowing you to secure your data. There are many storage options to choose from based on whether you need to access data frequently or infrequently or once in a while or for unpredictable access patterns to save on the costs. You can define life cycle policies to automatically move data among storage options or permanently delete data after some time. Several features are available to enable versioning, encrypt your data at rest and/or in-transit, distribute data to achieve better performance for your global customers, replicate data for high availability, protect data such that only premium/authorized users can access via signed URLs, share data securely with others, provide cross-origin resource sharing (CORS) capability, run queries directly on the stored information to get insights, enable MFA (multi-factor authentication) etc. You need to know the available options and how to optimize & configure to suit your data governance, application and business strategy requirements.

Databases: You can choose from a variety of RDBMS solutions or use NoSql databases or select a combination of both based on your requirements. You can make use of the managed services in which the cloud vendor will take care of all the admin, operational tasks of taking back-ups, applying patches etc allowing you to focus on your database design and requirements. You can also opt to choose a serverless model with some database types. You have the options to improve your database performance, make it highly available, enforce encryption, apply database specific configurations, initiate a point-in-time restore in case of any issues, store snapshots for long term retention etc. By making use of certain features of NoSql databases you can get high performance with a response time in the range of microseconds.

What are the benefits of managed Relational Database Service (RDS)? 
A) Resizable capacity     B) Automated patches and backups       
C) cost-efficient         D) All the above

Ans: D – all of them. 
By using managed services you can off-load many administrative and operational tasks to the cloud vendor.

Access controls: Authentication & Authorization is very critical to protect your account, services while following the principle of least privilege. You can create users, groups, roles and define policies with proper access controls using identity and access management services. You can also define resource-based policies to allow/deny access to various operations one can perform on the resource. You can include complex conditions as part of the policy for better control. You have the flexibility to allow Users/Identities created in your cloud environment OR from other identity providers (your corporate directory/LDAP) OR external users from social identities like Facebook, Google, Amazon etc by making use of identity federation. You can enable SSO (Single Sign-on), provide cross-account access, enable MFA (multi-factor authentication) as required.

Service controls: As you make use of many services based on your need, you need a way to control what services you want to make available, who can provision what along with any limits you may want to impose within each service. Cloud offers services that allow you to define policies, rules to centrally manage, monitor and control your services. You don’t need to open all services for everyone in the organization. You can define controls at the BU level or Account level or based on the tags. You can define a standard configuration that needs to be followed to achieve consistency, monitor resource configurations and receive alerts in case of any deviations Ex: A port is open for traffic which is a deviation from your standards. Cloud’s ability to spin resources on the fly and scale quickly could easily cause your costs to spin out of control. Ex: With a single command/click one can launch 100s of instances if you don’t have proper service controls in place.

Security & Protection: Security is paramount to any organization and is a matter of concern when using Cloud where your resources are running remotely. These days, Cloud can be more secure than your on-premises environment if well architected. Cloud platforms provide several security features at all OSI layers that you can utilize without compromising on the performance. In addition to the access controls discussed above, you can implement security at various levels - network, subnet, application, instance, container, service and database. You can encrypt data in transit and at rest, including securing PII (Personally Identifiable Information). You can also protect your application and resources from common vulnerabilities such as Cross-site scripting (XSS), SQL injection, DDoS attacks, BruteForce attacks, Man-In-The-Middle attacks, Trojans. You can restrict access using signed URLs or signed cookies or proactively blacklist certain IPs based on defined rules or configure firewalls. If required, you can manage your own keys and even protect them using dedicated HSM (Hardware Security Module) device. Cloud provides many services free of cost that you can utilize for key management, provisioning SSL/TSL certificates etc. You can monitor security on a continuous basis, setup notifications to alert you or even block the functionality if any major issues are identified. In addition to available security and protection at various levels, you can opt to use threat detection and protection at the account level and install an agent on each instance for continuous security.

Scalability & Performance: Cloud has several options to help improve the scalability and performance of your applications so that you will be able to serve millions of requests with millisecond latency. You don’t need to rely on using just high-end configuration (scale-up) for your resources which is not cost-effective. You can use in-memory cache stores with different caching strategies for read-scaling or write scaling, distribute content across locations using CDNs (Content Delivery Networks) at database level or application level, perform real-time processing of data using stream analysis, use auto-scaling to dynamically provision or terminate resources based on the demand, route traffic to a location with lowest latency or use other routing policies to distribute traffic based on the URL content, enable transfer acceleration feature, use application load balancing, use distributed computing services, use managed services etc. Some services allow you to pre-warm your environment or help you during major marketing or product launch events so that you get guaranteed scalability & performance.

High availability & fault tolerance: Several services are available to achieve high availability & fault tolerance with your data, applications and databases. This is a common trait for most of the cloud services in addition to automation, monitoring and security. You can create snapshots, configure to copy/replicate your data, set up your database, application such that a back-up is available to automatically failover to a working/healthy environment in case of any issues with the existing environment. Various disaster recovery methods like Backup & Restore, Pilot light, Warm standby, Multi-site are available to achieve desired RPO (Recovery Point Objective) and RTO (Recovery Time Objective) based on your needs.

Private cloud and Networking: You can create your own virtual private clouds/networks to provision your resources in the cloud, create public subnets and private subnets within each, provide security at various levels, define rules for incoming and outgoing traffic based on your requirements. Cloud allows to quickly create complex network topologies suitable to your needs. You can set up to allow public access only to your web layer and deny direct access to the application, database layers while still allowing them to get any software updates from the internet. You can peer your private cloud networks to share resources or establish a secure connection with the on-premises environment or create private links to have private access to your other cloud resources outside of private cloud network. You can log and monitor all the traffic coming in and/or going out of your network for the purpose of auditing or analysis.

Automation: Cloud services help you to remove the guesswork, avoid manual tasks & operations. You can use event-based or schedule-based or rule-based automation. You can use these services to automate resource provisioning & management, software updates and patches for several instances, DevOps culture to achieve continuous integration and deployments, implementation of autoscaling for resources or containers (scale based on your workload demand), traffic distribution using load balancing, certain actions on your resources based on defined policies, traffic routing based on pre-defined rules, rollback of deployments in case of any issues, regulatory and license compliance, report generation, best practices implementation etc. You can use IaC – Infrastructure as code for consistent and dynamic provisioning of resources, set up alarms to receive automatic notifications on any deviations from recommended configurations. Examples: Make sure that hard disks/storage drives of all instances are encrypted, Verify that all resources are tagged with a cost center or BU, Make sure to add dead-letter queues as a standard practice to review and re-process any failed tasks, Enable termination protection on critical resources, Enable MFA, Use of approved instance types/images, make sure SSL certificate is always assigned to the load balancer for compliance etc.

Monitoring: You cannot control what you cannot see. Many services are available to continuously monitor the health of your resources, services, traffic, logs, resource usage, costs, vulnerabilities etc and take the required action. You can have aggregated monitoring to understand overall performance, define and monitor budgets for cost control, spend optimization, log analysis for better understanding of usage patterns or to detect anomalies and take required actions. Cloud uses API based resources and each API call is logged which can be monitored to understand what has been done, why something is broken, why we see poor performance, why few applications or services are not available, why costs went up suddenly etc. This helps to identify and troubleshoot issues within a reasonable amount of time.

Cost Optimization: Optimizing costs is very critical for any business and cloud services can help you with that. You can compare the TCO (Total Cost of Ownership) with on-premises VS cloud, find out the cost estimates based on your workload requirements, forecast expenditure based on the current usage, figure out where most of the money is being spent, get recommendations on how to optimize costs, setup alarms for your budgets, combine several accounts within your organization to get additional volume discounts on aggregated usage. You can track and optimize costs at various levels - organization or account or BU or Project/Program.

Best Practices Recommendations: When it comes to Cloud Computing, following best practices recommended by the cloud vendor is the key to optimize costs, achieve better performance, high availability, security & resilience. Cloud provides several tools & services you can use to verify, review your resources to ensure that you are following the best practices while provisioning and using them. This provides a consistent approach to evaluating cloud architecture including foundational areas which are often neglected. You can receive a notification when there is any deviation from best practices. Continue to optimize over time as new services and features become available in the cloud, reassess your existing architectural decisions. Get the most value from your cloud investment.

Organize resources/Resource management – With many options to choose from and with the deployment of services to meet the needs of multiple BUs, before you realize, the number of resources may quickly become out of control and difficult to monitor if not organized well. Practices like Resource tagging, Resource groups, Naming conventions, BU/Department wise organization of resources etc can help you to better manage your resources. This will greatly help in automation, monitoring, audit and compliance efforts.

Serverless and cloud-native: Serverless applications don’t require provisioning, maintaining, and administration of servers for backend components such as compute, databases, storage, stream processing, message queuing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. There is no need to provision or maintain any servers. There is no software or runtime to install, maintain, or administer. This helps to lower the total cost of ownership (TCO) as you pay for consistent throughput or execution duration rather than by the server unit. Cloud provides serverless technologies which provisions required resources, scaling, performance, fault tolerance etc automatically. You can choose to go serverless where appropriate. Several services are available to write serverless functions, to maintain container registry, host your containers, host your APIs etc. You can build, deploy and run cloud-native container-based applications, utilize orchestration to effectively deploy and run microservices.

Hybrid Cloud: Based on your business requirements and migration strategy, you can choose to have a Hybrid cloud setup utilizing on-premises resources along with cloud resources to meet your business needs. Several cloud services are available using which you can have hybrid cloud storage, configure VPN connection over the internet, establish a dedicated private connection between your on-premises network/data center and your cloud environment, route traffic between the two. If you have multiple off-site locations that need to be connected to your cloud environment, you can make use of hub and spoke model of services.

Multi-Cloud: You may want to use different services from different cloud vendors. You may be using CRM, ERP systems from a cloud vendor you are satisfied with for example but would like to make use of analytics or data visualization or data warehouse or data lake services from a different cloud vendor(s). Since all cloud services are programmable resources you can easily provision your resources in a multi-cloud setup and take benefit of best of breed features.

DevOps: Cloud offers multiple services suitable to DevOps/DevSecOps/SRE requirements allowing you to achieve speed, stability, security and reliability for your business & customers. These services include Source code management/Version control management, Build, Deploy, Testing, Containerization, Automation, Configuration management, IaC – Infrastructure as code, Orchestration, Monitoring etc. Use life-cycle hooks during deployments as part of continuous delivery and minimize interruptions during continuous deployments. You can choose from All at once, Rolling, Rolling with additional batch, Immutable, Blue/Green deployment models. You have the option of using relevant cloud services offered by the vendor or continue to use the services, tools that you are already familiar with making using of the integration capabilities Ex: Git, Jenkins. You can easily build CI/CD pipeline involving continuous integration, continuous testing, continuous delivery, continuous monitoring, continuous security and continuous deployments. We will discuss more about DevOps culture, its implementation & tools in the DevOps transformations as part of ETF series.

Analytics & Visualization: Many services are available to perform analytics on your structured or semi-structured or unstructured data. You can perform real-time analytics on streaming data (the data that is generated continuously by thousands of data sources, which typically send in the data records simultaneously, and in small sizes Ex: stocks data, social media data, IoT data, Geospatial data etc). Readymade algorithms are available to help you get started quickly to work on your AI/ML requirements. You can build, train and deploy machine learning models. You can migrate an existing data warehouse solution or use the data warehouse service available in the cloud for your OLAP requirements. You can run queries directly against your data lake based on different dimensions and get powerful insights without the need to provision additional servers. Query services are available to directly query against the data stored in multiple data formats - JSON, CSV, Parquet, ORC, Avro and build powerful visualizations to present the analytics in the form of bar charts, histograms, scatter plots, pie charts, heat maps, pivot tables, tree maps, line graphs etc. Services are also available for your big data processing needs using Hadoop or NLP (Natural Language Processing) requirements.

BYOL: You can bring your own license (OS, DB, 3rd party etc) OR choose to adopt to cloud licensing model. This allows you to meet any existing licensing requirements, quickly migrate to cloud instead of waiting till the current license expires or to meet your corporate compliance requirements. Many cloud vendors provide licensing manager service free of cost to help you manage your licenses effectively.

Use managed services, install your own or just upload: You can choose to install software on your own and manage yourself OR use an available managed service where all admin tasks (backups, scaling, failover, DB updates etc) are taken care by the cloud vendor. Managed services are available in areas of RDBMS, NoSql, in-memory cache, load balancing, search, key management, API hosting, DNS etc. Few services provide the flexibility to just upload your application code (Java or NodeJS or Python or PHP or .Net or Go or Ruby etc) and work with the app. The service automatically handles the details of capacity provisioning, load balancing, scaling, application health monitoring etc.

Migration: It doesn’t matter whether you have petabytes of data you need to migrate or virtual servers or applications built on various technologies, databases or need a solution to migrate your old tape drives, the cloud has several services available to help you with the migration. You can use database migration services or server migration services or services to migrate large amounts of data. You can perform homogenous and heterogeneous migrations based on your need. You can plan and execute your migration in several phases and follow different migration strategies suitable to your needs without interrupting on-going business operations. Please visit my other article to know more about cloud migration and governance.

Support plans: All cloud platforms have different kinds of support plans to choose from. Whether you plan to experiment with new technologies in your development environment or need resources for testing or deploying your production workloads in the cloud or like to deploy complex, business-critical workloads in the cloud, you can select a suitable support plan. Based on the selected support plan you may have different SLA, a dedicated account manager, consulting & architectural guidance etc.

Shared responsibility: While the cloud vendor provides all services and options, it is up to the customer to choose what is required, configure as per the needs of their business and protect them properly. In this aspect, the cloud vendor and the customer will have shared responsibility. Security of the cloud in terms of providing required infrastructure, securing physical locations, making services available etc is the responsibility of the cloud vendor and Security in the cloud in terms of managing authentication & authorization of the services, securing data at rest & in transit, protecting applications etc is the responsibility of the customer.

Global Infrastructure: This is not a service per se, but one of the major advantage and foundational element that is helping the cloud to meet its customer's expectations - high availability, scalability, performance, fault tolerance, resiliency, compliance needs. Cloud infrastructure is spread across data centers, availability zones - AZs (group of data centers), regions (a group of availability zones) and edge locations (CDNs). They are isolated from each other so that one data center or AZ or region going down will not impact others. Microsoft Azure infrastructure is distributed in about 60 regions across 140 countries in the world, for example. You can choose where to deploy your resources. Using the HA, built-in redundancies at various levels you can continue to serve in the event of a data center failure or multiple data center failures or even in the failure of an entire region, which is really fascinating.

EcoSystem: Cloud has a huge ecosystem which is ever-growing that you can leverage for your needs. In addition to the vast number of services, features offered by the cloud vendor, you can consume services offered by partner network or those available in the market place. All popular cloud vendors have this ecosystem available which can be consumed easily from within the cloud vendor platform.

Integration options, tools & frameworks – You are not forced to use new tools, frameworks specific to the cloud platform. You can continue to use with the tools you are familiar with, integrate them to consume in the cloud environment at reduced costs and achieve better performance. A wide variety of options are available in the ecosystem.

GovCloud: Cloud offers dedicated regions to deploy resources for government organizations. If you are a government agency you can make use of these dedicated regions to move sensitive workloads to address specific regulatory and compliance requirements such as Federal Risk and Management Program (FedRAMP) High Department of Defense Security Requirements Guide (DoD SRG) Impact Level 5, and Criminal Justice Services (CJIS).

Specific feature requirements: I know this is a long read. But I would like to let you know that, we barely scratched the surface when it comes to capabilities of the cloud. In addition to all the services discussed above, the cloud offers many services suitable to your specific requirements – IoT, BlockChain, Gaming, AR, VR, Robotics, satellite communication, media services, VUIs (voice user interfaces) etc which makes it easy to work on and experiment with new technologies. This article is not a comprehensive list of all the cloud services but gives you a high-level overview of what can be done or what is possible.

What do you need to know?

With the unprecedented growth of Cloud and continuously evolving services, features the natural question is what I need to know to adopt and become successful? As discussed above cloud has many services useful for any role or business. It is not possible for anyone to cope up with the pace of all cloud services or become a master of every service that the cloud has to offer. You need to pick and choose what is relevant to you.

You can focus on specific services related to your area based on your job role or business domain in addition to the common services available in the cloud platform of your choice. For example, as a solutions architect, you need to have more breadth of knowledge in terms of knowing many services to recommend a suitable solution based on the scenario and use cases, than the depth of knowledge in each service. If you are a developer, you can just focus on the services related to development that help you to code with built-in quality - usage of APIs and SDKs, troubleshooting, debugging, unit testing, automating certain aspects of development to make you more productive and let you focus on the actual implementation. Similarly, if you are a release engineer or DevOps person, you can focus on all related services that help you to build CI/CD pipelines, automate deployments, provisioning consistent deployment environment, orchestrating services with the help of automation & monitoring etc. If you work in the Internet of Things (IoT) space, you can build your expertise and portfolio on IoT related services, in addition to getting hands-on experience with common services. The same approach can be followed for Gaming, Mobile development, AR, VR, BlockChain, Security, Networking, AI/ML etc. Once you choose the set of services that help your business and the role, you need to champion those and keep a tab of the enhancements, new services to make sure you are up-to-date with the changes, to ensure great success.

I hope this was helpful. Let me know if you want me to discuss any additional services. Feel free to share your experience with the cloud. How it helped you as an individual and/or your business? What are some roadblocks or challenges you faced and how you had overcome?

About me

Anand Vemulapati is a seasoned IT professional with over 20 years of progressive cross-functional experience in Software Development, QA, Consulting, Product Management, Project Management, Support, Delivery, Process definition & implementation, Transformation initiatives, Software development methodologies in IT products and services organizations across several technologies. He has over 5 years of experience working in the USA, managed and worked with globally distributed teams, international customers and clients driving enterprise-level products and projects in organizations of different shapes, sizes and forms. Anand is a continuous learner, has a rare combination of business, leadership, functional, process and technical skills with many internationally recognized credentials to his name – Multiple AWS certifications, Pragmatic Marketing Certified, PMP, CSM, DevOps, ITIL, Six Sigma etc.