 So the running order for today is that we'll have a brief introduction. I'll tell you a little bit about edgysurf. And then we'll review the various hybrid cloud models that we'll be discussing through the presentation. Then we'll be looking at the skills and knowledge that is required to manage a hybrid cloud, whether it's done in-house or by a managed cloud services provider, followed by the pros and cons and hidden costs of following either model. A couple of case studies where we've deployed hybrid clouds and who's managed what under those scenarios. And then we'll look at some of the barriers to people adopting managed hybrid clouds and some recommendations about next steps. So a little bit about edgysurf. Why should you be giving up your valuable time to be listening to us today? So we're a 27-year-old managed cloud services provider. And we provide services to the public and third sector, mainly central government, local government, and large charities. We were initially part of the University of Bath providing IT services to the university, then shared services to multiple universities. We spun out about 17 years ago and we're incorporated as a not-for-profit organization. We have about 162 staff based between here in Bath and Swindom. We provide a range of cloud migration services to help our customers migrate to the cloud around strategy, planning, architecture, design and migration. We also provide fully managed assured hybrid cloud services from our 24-7 service desk, network operation center, and security operation center. We tend to work with a small number of large clients and some of them are listed at the bottom of the screen there. People are at DFE, British Red Cross, Bristol City Council, et cetera. So that's enough about us. So now we're going to get into the meat of the webinar. So the first thing I'd like to do is to run through the various hybrid cloud models that exist, which doesn't just cover public-private clouds. Public-private clouds are the hybrids that people most commonly think of when you talk about hybrid clouds. So organizations who have virtualized their IT estate may put some of that estate with a hyperscale public cloud provider, people like AWS and Azure, but choose to keep some of their virtualized estate on dedicated hardware, which they run themselves, and they can either run that on-premise or off-premise. Although physical infrastructure isn't really cloud, of course, we include it in the ecosystem because it's an important part of the story as you do cloud migration, and quite often when you have a virtualized estate, you still have to integrate with legacy physical estate. It might be because you want to sweat some assets a bit longer, maybe because the applications are not suitable for migrating to the cloud. Then what's particularly relevant to the public sector, to government, is multiple security domains. So you may have an information estate, and typically somewhere between 70 and 90% of that state is perfectly suitable for placing in a public cloud. But you may have some information assets which you don't want to put in a public cloud, and you need to maintain, for example, on UK shores. Under those circumstances, you need to be able to integrate your public cloud with your UK cloud across multiple security domains and do that in a creditable way. And then you've got multi-cloud, multi-SAS hybrid cloud. So as you migrate your IT estate from being mainly on-premise into the cloud, you'll be migrating to maybe multiple cloud providers and to multiple software-as-a-service providers. As you take your enterprise and line of business applications off of on-premise, you'll then want to migrate them to SAS applications. Of course, all of those need to be integrated, and therefore they're hybrid. So in our way of thinking, hybrid clouds aren't just public-private clouds, but they can be any combination of the versions that you can see on the screen there. So here's an example. Here's an organization that has an on-premise primary data center. And in that data center, they've got physical hardware, but they've also built their own private cloud, and they've integrated the two there. And they have a secondary data center for DR and backup purposes with connectivity between the two. And they've adopted Google Docs, but it could be Office 365, Amazon WorkSpaces, for example. They've migrated their CRM system into a SAS app, which is Salesforce. They've put some information estate in Edgysurf, and they've put their digital services in Amazon Web Services, and all three estates are integrated. And hybrid clouds are particularly useful for supporting a cloud migration journey. So as you go from being largely on-premise to predominantly being in the cloud, very few organizations have the luxury of doing that in a big bang. So you tend to do it in business priority phases. And if you have a range of cloud, hybrid cloud models at your disposal, the hybrid clouds that you use on your journey will change over time to suit your requirements. So you will have an armory of hybrid clouds which can underpin your migration journey rather than your migration journey being dictated by what cloud architectures you have available to you. So you can move from being on-premise to perhaps a staging environment, co-location, closing down your data center, having that outsourced and managed by somebody else, and then migrate from your co-location into hybrid clouds. And then finally to the desired end state, which is being predominantly in cloud to give you the agility, on-demand, pay-as-you-go services that you need. So what sort of use cases can you use hybrid clouds for? So we've already spoken about one. That's your phased cloud migration journey, perhaps via outsourced staging. Multi-partner collaboration and secure information sharing. So as an example, under devolution, more decision-making and financial control has been passed to local authorities. And local authorities are then working in partnership with health and social care providers to deliver frontline services. So you can have your digital services used for delivering those frontline health and social care services in something like Amazon Web Services where it's ideal for any device, any time, anywhere collaboration. But you may have sensitive information which is gathered over N3 or PSN, for example, and needs to be stored either in England or on UK shores, which can be in a UK data center. And then you can integrate the two so you can get the best of those roles. Development and test environments using DevOps. Hyperscale public clouds like AWS and Azure are particularly suited to this in the early stages of DevTest where you need to spin up and tear down environments frequently. You're not using live data. It makes sense to use a cloud service such as AWS where it can be tightly integrated into your DevOps tool sets. And then as you get closer to production, pre-production staging, for example, where live data has to be used, that can be done in a more secure environment on UK shores. Multi-security domain websites, applications, and data centers mentioned before that typically between 70% and 90% of your state can go into a Hyperscale public cloud, but there's some assets which you need to keep on UK shores. Big data analytics. You know, if you need to spin up large Hadoop clusters, for example, to do sentiment analysis, perhaps a new tax legislation has been introduced or a local authority has deployed some new rules around parking and they want to see what the sentiment is amongst their citizens. Then you can take the fire hoses of social media feeds and do big data analytics on that to get a sort of analytic view of sentiment. And that's very well served by Hyperscale public clouds. And of course, seasonally spiky workloads. The classic is the snow server, which gets hit when the snow falls and everybody wants to know whether the school's open or the bus is running, et cetera. You may only want to spin that up for a few days a year. So to have a live workload humming away in the background, doing nothing is not particularly cost-effective. So you may want to put that into a Hyperscale public cloud. And for risk reduction purposes, you may want to have a multi-cloud strategy because you don't want to put all of your eggs in one basket. You may want to use a blend of clouds. And different clouds have different strengths as well. So you may want to play to the strengths of those cloud services. Okay, so we're going to take a slight breather and run a quick poll. Now that we've sort of discussed what hybrid clouds mean, just like to do a quick poll and you should have some poll buttons on your screen right now, could you answer yes or no to the following question. Is your organization currently using any hybrid cloud models? Okay, thank you very much. And the results are that 57% of the people listening on the webinar are using hybrid clouds and 43% aren't, which is pretty representative of the market as a whole from our research. Okay, so what sort of skills and knowledge do you need to be able to run a hybrid cloud regardless of whether it's done in-house or by a managed services provider? What sort of things do you need to, what sort of capabilities are required to be able to run a hybrid cloud? So first of all, there's the onboarding. There is getting your assets into the cloud and getting your people using it. So you need to have some capability to define your strategy and to put a plan together. You need to be able to architect your hybrid cloud models and do the design. Then you need to migrate and adopt workloads into those hybrid cloud environments. Systems integration as you move from enterprise application integration with on-premise systems. It's similar in the cloud with some additional challenges, but you need to be able to integrate your systems, whether the systems you're integrating with are in the cloud as well or on-premise or on physical infrastructure. And then you need your project and program management to efficiently and effectively execute your program. You need some sort of service desk. Somebody needs to be able to log incidents and requests from the users of your services and then to manage those incidents and request apologies through their life cycle. If you're using multiple providers who've got their own service desk, then you may need to be able to integrate your service desk operations or even integrate your service desk technology between different providers. And then somebody needs to be monitoring service level agreements and reporting on those. And then applying service management and continuous improvement so that you're continuously improving the services that you're offering your end users. Then you need to have your operations, sort of a by-network operation center, which covers service assurance and monitoring and reporting, break fixing, patching. And as your estate grows organically, then you need to be able to rationalize and optimize on a periodic basis to make sure that you're maximizing utilization and minimizing capacity. Asset change management as requests and incidents go through their life cycle. Somebody has to implement those changes. And you need to be continuously monitoring your capacity and utilization. So you're neither carrying too much capacity or you're throttling the end user experience by not having enough. And then finally you have your network, your security operations center, where you're doing monitoring and reporting. Thank you, pardon. Sorry about that, press the wrong button. Then you have your security requirements, typically delivered by your security operations center, where you need to undertake security monitoring, reporting, and any remediation due to breaches. Security information and vendor monitoring, including protective monitoring and DDoS protection to protect against malicious attacks. Compliance and auditing, there's the range of ISO standards, CSA, Star Alliance standards, cyber essentials, cyber essentials, plus et cetera that need to be complied with. Regular IT health checks, typically at least once a year, to do penetration testing on your estate. And personnel and physical security as well. And all of that is underpinned by risk management, regulatory compliance. So somebody has to do all of these things if you're going to run an efficient, effective, and secure IT estate. So now we're going to look at target operating models. This is a very simplified view. So given all of those capabilities that are needed, where does that get split between when you're undertaking your own self-management of hybrid clouds versus a managed services provider doing it for you and perhaps a blend somewhere in between? So regarding people, organization, and processes, if you're self-managed, you maintain your complete IT function. So everything on the previous slide is done by yourself. Including multi-supplier SLA management. If you're integrating hybrid clouds, you're typically procuring services from multiple providers, and you'll need to manage the SLA's from those providers. If you've got a fully managed, outsourced hybrid cloud environment, then you would typically be managing your strategic roadmap. You'll be asking your managed services provider to work with you on that strategic roadmap and then to hand over for the implementation of it. And you would have a stronger supplier management function. And you would typically work with a small set of providers, possibly not one as in the old days with the large SIs, but you'd have a small minimum viable number of providers. Small enough that it's manageable, but large enough that you've got spread of your risk and you're not putting all your eggs in one basket. And a blend that we've typically seen is a SIAM function, Service Integration and Management, which keeps the higher level functions, a supplier management function, some sort of user desk, help desk for end users, which is integrated with the service providers service desk. On the governance, if you're doing it in-house, then the customer completely owns security, information assurance, green ICT, business continuity and regulatory risk. All of the risk profiles are owned by the customer. If it's outsourced, then the majority of the risk can be outsourced where you can benefit from the service providers' economies of scale, where they're doing the same thing with multiple customers since they're able to invest in a lot of the risk mitigation requirements. And in a blended environment, then you'll partially outsource some of the risk and maintain some of the risk in-house because you've got your own in-house SIAM function. So the more you outsource, you shouldn't just be looking at outsourcing to reduce costs. You should be looking to your service providers to reduce risk or at least underpin your risk stance. And as far as technology and services concern, if you're doing it in-house, then you've got to run your service desk, you knock, sock, build and run your multiple hybrid cloud models, manage and deploy the complete service stack from infrastructure to platforms to software as a service, and undertake systems integration across your hybrid cloud. If it's outsourced, then your supplier will provide a technology agnostic, fully managed service with a single point of contact for billing, technical support, implementation, etc. So you get a service level agreement for your overall service that's been provided, and it's over to a managed cloud services provider in collaboration with you, with your knowledge to choose the most appropriate technology and cloud service to support your requirements. And in a blend, you may keep the end user service desk, high level functions like service strategy, enterprise architecture, systems integration, and then manage a set of providers. Okay, just to give me a chance to have a glass of water. Another poll. So again, if you could answer yes or no, given everything you've heard about what it takes to manage a hybrid cloud, do you today have the skills in-house to manage those hybrid cloud models? Okay, thank you everybody. So 71% say yes, they have got the capability, and 29% say no. Again, that's actually slightly surprising, and it may reflect the... I'm going to come onto it at the moment when in-house self-manages is preferable to a managed service, but typically the bigger you are, the bigger an organization, the greater your capability to be able to run that function yourself. Okay, so now we're going to look at some of the pros and cons and hidden costs of self-managing hybrid clouds and outsourcing the management of them. So first of all, pros and cons. So if you're doing it yourself, pros include the fact that you retain 100% control and you develop your own 360-degree capability. You have a team that's readily accessible, and it's fully flexible, so they can respond quicker, typically, but tends to be in a little less structured way because they are so near to hand. Another pro is that you don't have any supplier lock-in or change control costs for changing from one supplier to the next. Some of the cons are that you need to skill up and have ongoing training to maintain that capability. You need to build your full managed operations stack and you still probably will require some consultancy for specialist areas. You may take a class consultant, for example, to manage your security policies. And of course, if you've got your own in-house capability, any staff churn, if it's significant, can destabilize that function and then backfilling them. There's a recruitment cost associated with that. And it's quite difficult to right-size your team. If you need to expand quickly or contract, it's quite difficult to do, typically undertaken by having a core set of permanent staff and maybe some, you know, a flex force of contractors. The pros of outsourcing is that you have, on demand, always skilled and evergreen service. You can transition to an OPEX model from a CAPEX model. You can manage the service around SLAs and because there's an SLA boundary and service boundary between yourselves and your service providers, the SLAs become even more important. It allows your in-house resources to focus on core activities. You can benefit from a provider's economies of scale because they're doing the same thing for multiple customers. And it may result in a faster cloud migration because you're working with a partner who has done it before. But the cons are that, obviously, you're giving up some skills and knowledge that are no longer inside your organization. This is if you move to a fully managed operation. So those skills, you're relying much more on your partners, your suppliers to provide some skills and knowledge. And you have to move to a supplier management model. I've experienced with some central government departments who've moved to a more outsourced model. They've retained in-house strategic capability but they have a bit of a gap in the implementation capabilities today which they're now looking to insource to build that capability back up again. And typically working with a provider requires some more upfront planning because you're basically handing over some requirements that are implemented. Change management reduces perceived agility. So going back to the point about your team if it's in-house being close to hand, there's a trade-off between outsourcing and insourcing. If you're outsourcing, it does require a little bit more planning and control and you've got your change management. That can be perceived to be slower and often is but the total effect may be more beneficial because you have fewer ad hoc changes and they're more structured changes aligned to a longer-term change strategy. And of course if you're outsourcing then it increases your supply dependency and potential lock-in which we need to be careful about. So given those pros and cons, what about the hidden costs? So if you're doing self-managed, what people think of more often than not, 80% of the time I'd say, is that they need to think about building the capability and the staff costs and the fact that they need to do all the hardware, software procurement themselves because it's not in a hybrid cloud. And typically when people think about a managed services provider we're moving to a monthly subscription fee and we need to focus on supply selection and management. But the hidden costs that you also need to think about when building your business case is for doing it in-house is team churn and the resulting recruitment that is required for that and ongoing training to keep your team abreast of latest technologies. You need to think about the security accreditation of your staff and your services. Team opportunity costs. Could your team be working on higher level functions rather than keeping the lights on? Business opportunity costs. Is your business to be an IT company or is it to deliver public benefit? So if it's a distraction, is there an opportunity cost to running your business? It takes up office space because you've got personnel, you've got your data center, that is a cost. Potential downtime because you're not maybe managing to a strict SLA as you would be with a provider. Results in security breaches because fixes, patches and upgrades may not be happening in a timely manner because you've been unable to invest in the operational processes and procedures. But there's also a hidden cost going to a managed cloud services provider. Everybody talks about converting a capex to an OPEX. And I get slightly vexed when I hear providers say that we can save you 70% OPEX. But there is a cost transitioning from one model to another. Just in the same way as there was a cost from transitioning from mainframes to client service architectures, there's a cost transitioning from physical to virtual environments as well. So the onboarding costs I shouldn't be underestimated. I'd like to think the total cost of ownership over a two to three year period will be lower and you get additional benefits such as agility and right sizing. But there is a cost to moving to a hybrid cloud model. And then you've got to manage your suppliers which is if done effectively is a significant undertaking. So you need a supplier management function so managing them against their SLAs making sure you're getting the service credits back when needed, for example. Change management going through that process of formally requesting changes, going through change control boards, etc. There's a cost to you as an organization involved in that because you need to provide some people around the table. And if you need to change suppliers there's a cost associated with that as well. You can't simply take the lowest cloud loads unless they're the simplest things and simply lift and shift into another environment at zero cost. So now I'm going to switch to a couple of case studies just to make hybrid clouds a little bit more real. They are case studies that eduServe has worked on. The first being with our customer Bristol City Council and Bristol City Council have used a hyperscale public cloud, AWS and eduServe hybrid cloud. So their latest website is hosted in AWS. It sits on top of the Life Ray content management system and they deliver their digital services to their citizens via the website. But it connects over a cloud connector over the internet to the services which we host in our data center where they can access back office systems such as postcode lookup, parking services and taxi licenses information. And as they deliver their roadmap of digital services some of the information they're going to be accessing is going to become more and more sensitive. So the key part in this is the cloud connector which does a step up and a step down and regulated flow of information between the two different security domains. And in terms of managed service here eduServe provides the managed service the estate which we host and we provide some level of managed service around the Amazon estate so we provide a advisory around setting up their DevOps environments and setting up their AWS estate and we do some managed services around provisioning some of those estate elements for them. But a lot of the stuff in AWS is managed by their digital development team so that it can be tightly integrated with their DevOps environment. At the Office of National Statistics we manage up to the operating system level the cloud estate that we host for them and they completely self-manage the AWS estate. They don't procure that from eduServe, they procure it directly from Amazon and they built a development environment where they're deploying Docker containers in both AWS and within our environment so we've provided them with an API so they can deploy Docker into our cloud. What that means is they've got a continuous integration and continuous release environment where they can push builds into AWS during DevTest and they can push them into our environment for pre-prod and prod environments. So again this is a very light-touched managed service most of the managed services is being done by ONS themselves. Clearly eduServe is in favor of managed services. Our mission is to help our customers make best use of technology for public benefit as a not-for-profit organization and we'd like to think that we can help with a lot of the undifferentiated heavy lifting with managed cloud services but as we'll come on to in a moment in the recommendations for next steps we don't advocate handing everything over to a managed cloud services provider but if providing a managed cloud service and organizations utilize no services, freeze them up to do other things, why has it not been adopted more than it has been so far? So some of the barriers have been maybe a lack of hybrid cloud technology knowledge so when formulating strategic phase migration not having knowledge about all of the various models that are out there and the different cloud services providers, the strengths and weaknesses of their offerings maybe you don't have the ability to do that cloud brokerage function for determining the right fit for different workloads and then how to integrate those workloads together so I think there's a lack of knowledge at the moment which is improving and will improve over time but where we are today there's a bit of a lack of knowledge maybe a lack of supply management skills, keeping everything in house means that you don't have to manage supplies in terms of SLAs change requests etc so maybe perceived to be easier just to retain that function in house. Maybe you've done some pilot projects with cloud services providers and got burnt and didn't have a great experience or maybe it's keeping the capability in house is perceived as being less risky along multiple dimensions in terms of skills not outsourcing skills not handing over assets to a third party not having to negotiate SLAs and go through the process of redeeming service credits and making sure you've got service continuity maybe it's perceived that it's better to keep doing it in house so amount of job preservation typically in central government and local authorities and charities they're all under massive cost pressures so people are having to right size at the moment and IT departments may be looking to retain as many of their staff as possible and a good way to do that is to keep the capability in house perhaps you just don't have the bandwidth you're too busy firefighting keeping the business running under very difficult circumstances so you don't have the bandwidth to step out of that and to consider hybrid clouds at the moment so it's much easier to not change it's another barrier so if you are considering hybrid clouds and working maybe working with a managed cloud services provider of which there are many and a good place to search for them is on gcloud what are the recommendations that eduCert would make as you embark on that journey have a transformation plan have a strategy that's going to take you from where you are today to where you need to be in phases and treat it as a business driver, not an IT project so have very clear alignment to your business priorities so have very clear mapping from your business strategy to your IT strategy and do your phase migration according to maximum ROI and reduced total cost of ownership there will be a cost upfront for doing the onboarding typically it's anywhere between 25 and 50% of your first year cloud services OPEX in our experience just to give you a rule of thumb so think about what your ROI period is and make sure that you get a return in that period and don't forget change management you're going through transformation it's probably one of the biggest transformations in IT for some time, as I mentioned before probably the biggest change since going from mainframes to cloud server models and you need to take people on a journey when doing that so there's the biggest challenge with going on a cloud migration journey and adopting how a hybrid cloud is quite often people rather than the technology so in summary I would say that self-managed hybrid clouds doing it yourself is good if your organization is large enough to be able to build and sustain that capability and where it doesn't distract from your core business very few companies these days have a power generation plant and a water purification plant sitting outside their office to serve themselves and that's done by utility companies now and cloud technology is a utility model so if it's not a distraction from your core business and you've got capability then why not do it yourself if not then consider outsourcing and consider going for a full managed hybrid cloud if you want to focus 100% on your business and it is a bit of a distraction how to deal with this technology and you want to be able to leverage service providers economies of scale but what we recommend is that you have a blend of the two that you keep some capability in house typically via a SIAM model and in case anybody is sucking air through their teeth at the moment and thinking that's the same as a TOW model which is not advocated by GDS it's not the same thing you don't have to put your service provision into TOW to have SIAM model which is integration and management of multiple providers so we advocate keeping capability in house working with the providers prepared to share knowledge and not bleed knowledge out of your organization so that you're in control of your own destiny and that you've got control of the strategic roadmap and which supplies you choose to work with that's it thank you very much we don't have time for any questions if you want to type into the question pane more than happy to answer those we will be emailing out the presentation within a couple of days I believe so you will be able to go through it at your leisure and share it with other people and there's my contact details on the last last slide if you want to reach out to us and have a conversation alternatively go via our website I do hope that you found it useful thought provoking and I'd really welcome any feedback via email if you be kind enough to share that with me we're very quiet on the questions here we go how does the hybrid cloud differ from web ops or is it simply terminology so web ops presumably by that you mean dev ops web operations the term is different because if you're a green field organization you may not use hybrid clouds at all you may put your entire estate in AWS for example if you're a Microsoft consumer heavy Microsoft consumer you may put everything in Azure so I would say that hybrid clouds is a dimension which sits underneath your web and dev ops and typically people use hybrid clouds because they have they're on a journey and they're partway between where they are today and where they need to be I think in the future hybrid clouds in 10 years time will be very rare even in 5 years time perhaps but where we are today people are migrating to the cloud so they need to be able to do that in phases so they need to have multiple cloud offerings once you've got your estate you can then layer dev ops web ops on top of that whether it's single cloud or multiple clouds okay so ah okay here we go hold on just a second should the technology stack of the cloud provider be considered when comparing vendors yeah absolutely I sat in a very interesting presentation by Gardner very recently who talked about bimodal IT where you have mode 1 which is typically ITIL fixed technology versus mode 2 which is more dev ops high-scale public clouds and one of the things that they were advocating was that you treat the two separately don't try and put a single pane of glass across everything and that extends to the technology that the provider is implementing their virtualized estate with so for example if you're worried about locking with somebody like AWS or as your you need to have a look at the capabilities and find out which of their offerings which one is most suited to your requirements as I say you're a strong Microsoft house and you may go for Microsoft otherwise you might go for AWS and if you've got some UK data sovereignty requirements you may go with one of the main providers on gcloud so you shouldn't be worried about locking you shouldn't be concerned about providing a single pane of glass across multiple providers you should leverage the capability of the cloud provider which means you should consider how they implement their cloud technology so look at your requirements look at the requirements of various providers and unless you're only after pure IS compute storage and networking then there are a range of other services that each provider provides and you need to choose a provider that's got the best match between those services and what you need what Gartner was not advocating was to produce cloud orchestration and aggregation across multiple clouds technologies where you don't have to think about the underlying features of the cloud because then you'll end up pandering to the lowest common denominator and yes you'll be able to migrate your workloads around and you won't have to think too much about what the underlying technology is but you won't be leveraging full capability what they're advocating is look at the features map them onto your requirements commit to how many cloud providers you need to undertake your migration and then if you need to migrate to somebody else later on then bear the cost then so in summary yes you need to look at the underlying technology from different cloud providers to be able to make best use otherwise your work to the lowest common denominator across all of them how do you manage single sign-on and authentication in a multi-cloud environment that is possibly a little bit too technical for me I can ban the sun stuff around but if you don't dug a little bit deeper I wouldn't be able to I could easily be challenged on it but we provide single sign-on via technologies like OAuth and Shibboleth and in fact we have our own single sign-on IAM product in house which we sell to libraries so you can provide single sign-on across multiple cloud providers how it happens I don't know but if you'd like to drop me a line then I can get somebody who can answer that question for you in more detail great so we're up on the 45 minutes now I'd like to thank you very much for your time said I hope you found it useful and if you need any more information or you want to dig a little bit deeper and some of the questions then please feel free to get in contact and we'll do our best to oblige thank you very much