US blogger and writer Nicholas Carr (who recently published the article “Is Google Making Us Stupid?”) wrote the controversial book Does IT matter? in 2004. In the book, Carr questioned the value of corporate IT and instead proposed that IT services should be delivered like electricity — as a utility.
The question of whether IT matters was put to a speaker panel at Computerworld’s Utility Computing event, held in Auckland last week.
The panellists — Jeff Shaw, information systems manager of North Shore City Council; Tim Chaffe, enterprise architecture manager at the University of Auckland; Henare Howard, executive manager of information services at Te Roopu Taurima O Manukau Trust, one of New Zealand’s largest kaupapa Maori disability healthcare providers; and Eric Svetcov, senior manager at KPMG — concluded that IT is a service and that it needs to deliver what business wants.
IT matters, said the panellists, but organisations could make significant savings by outsourcing selected parts of their IT — something both North Shore City Council and Te Roopu have done.
“IT is a service to your customers, whether they are internal or external,” says Howard.
While his organisation has “transformed” through partnering with datacentre outsourcing company Revera, who sponsored the event, some applications don’t fit into the utility model and still have to be managed internally, he says.
Svetcov recommends selective outsourcing, to look at what makes sense to the specific organisation.
Shaw says his role has changed as a result of implementing utility computing. He may still be known as the information systems manager of North Shore City, but now his position is better described as customer services manager, he says.
Residents come first
Since North Shore City Council migrated to the utility model, also using Revera, Shaw no longer spends time worrying about servers, disaster recovery or power and cooling. He doesn’t waste time arguing with IT sales representatives (except for sport), or getting his head around complicated support arrangements, he says. Instead, Shaw and his organisation can focus on delivering services to customers — North Shore City residents, he says.
Before the migration, North Shore City had 95 physical servers, a limited test environment, no disaster recovery, and was struggling to provide an efficient power and cooling solution for its server room. In addition, “zinc whiskers” were growing from the tiles of the server room floor, causing sparks and blown fuses. The whole room had to be cleaned out.
Shaw realised this was not what his team should be spending its time doing. “This is not our core business,” he says.
The organisation migrated to an outsourced datacentre over five weekends, says Shaw.
“Our customers didn’t know it happened. On Monday morning, it all worked,” he said.
North Shore City now has 24 blade servers in Revera’s datacentre — 14 for production and seven for testing — running 214 virtual servers, he says. The remotely hosted solution has increased the reliability of IT, while at the same time reducing its cost. It has also cut the amount of time spent managing IT, says Shaw. The solution costs less money, less time and has reduced Shaw’s stress levels, he says.
Uni goes virtual
The University of Auckland had to physically relocate its datacentre in 2007 as the real estate was to be used for a new development. The university made the decision to embrace virtualisation and managed to relocate the servers with zero downtime.
“The university didn’t notice,” says Chaffe.
The project, part of a drive towards creating a virtual ICT utility to service the institution’s many departments, reduced over 350 physical servers in its datacentre, with no disaster recovery, to close to 500 virtual servers running on 33 physical boxes.
The organisation now has disaster recovery for all critical systems, fast provisioning on demand and happier staff, because they have to work less overtime, says Chaffe. In addition, the university has made significant savings on servers it no longer had to buy, he says.
However, don’t expect the technology to work on Day 1, Chaffe warns, and anticipate a long learning cycle for staff. It is difficult to change the way things are done in-house, he says.
“Old practices die hard,” he says. Look out for the “hug-the-hardware-syndrome” when the new virtualised environment changes the way technicians work, he says. Technicians no longer have the full control of the boxes.
Chaffe warns that Microsoft licensing could be an issue. He recommends making sure you read the licensing fine print. The University of Auckland had to go back and re-license all servers in the datacentre, he says.
Chaffe says the “credit card model” in the US allows users to buy server-space over the internet in minutes from, for example, GoGrid, clusterondemand.com and Amazon. While online utility services are becoming the norm in the US, this space is still limited in New Zealand, primarily due to the cost of broadband, he says.
“We are not there yet,” he says.
Te Roopu transformed
Utility computing has helped transform Te Roopu Taurima O Manukau, says Howard.
The organisation signed a three-year contract with Revera last year. Before that, Te Roopu’s IT infrastructure was made up by a number of products, provided by vendors in an ad-hoc manner, he says.
He describes the 2006 infrastructure as “a couple of servers in a couple of cupboards”. The infrastructure was not robust, it was not supported, and it was coming to a stage where it needed to be replaced, he says.
But there were few in-house resources, so the question was whether to invest in-house and build the infrastructure, whether to outsource or whether to look at a utility computing model, he says. Financial and staffing constraints meant upgrading Te Roopu’s own IT systems was out of the question.
The organisation’s core business is to provide healthcare, not to provide IT, he says.
Te Roopu was also growing after winning additional contracts with the Ministry of Health, so the new
solution had to be robust and scalable, Howard says.
Classic outsourcing was ruled out due to cost and inflexibility, but with the utility model, Howard started “ticking the boxes”, he says. It would give the organisation access to the latest technologies, to a secured and managed network, to servers, backups and disaster recovery.
The new system was implemented in 2007. Te Roopu got rid of all its old hardware and installed new desktops and laptops. With a mobile workforce — and a laptop-desktop ratio of 60-40 — remote access via VPN was a success for the organisation. Wireless access points at all sites further enhanced the environment.
The utility computing model delivered capacity, security and a far more stable IT environment, says Howard. The move has also minimised data loss and has helped make staff more productive, he says.
Te Roopu pays a monthly fixed price for these services, which gives the organisation a good idea of exactly how much IT is going to cost each year, he says.
KPMG’s Eric Svetcov, however, says there are a number of business — and security — challenges around the utility model. Whether an organisation decides to embark on an internal utility computing project, or whether it decides to outsource, there are many concerns to keep in mind, he says.
While hurdles for an internal solution include, for example, staff training, information security and user management, issues to consider for an external solution include, for example, making sure the data is secure.
Both internal and external solutions will have to deal with data privacy issues and compliance issues, Svetcov says.
Svetcov also warns about some of the online software-as-a-service offerings that are out there, including marketing, payroll and accounting services. Line of business may think a particular SaaS offering is a good idea, and implement it without bothering to tell corporate IT.
Looking at Microsoft’s recently launched HealthVault service, which lets users collect, store and share medical information, Svetcov says he isn’t sure if he wants to outsource his health information to either Microsoft or Google.
When it comes to utility accounting software, Svetcov points out that insiders at the outsourcing company could have access to sensitive information. Could the SaaS provider be regarded as an insider if it trades on information it has gained about your organisation? Svetcov asks.
To manage risk, Svetcov recommends doing a risk assessment and aligning practices to a framework, such as ISO 27001/27002.
He also recommends requiring a report of the provider’s control objectives and control activities, such as the SAS 70 (Statement on Auditing Standards).