Services Data Center Virtualization & Cloud Infrastructure DevOps

Cloud Governance . . . shouldn’t be an afterthought


Bill Irvine
Strategist – Advisory Services

Ensuring governance and control over cloud service provision is critical to the success of any digital transformation, for every company, in any vertical.

VMware Advisory strategists work with hundreds of customers assisting in the development of their strategy and programs for the adoption of cloud services. This naturally includes the optimal use of technology to support their business goals. What is often surprising, is the limited focus and emphasis put on governing the use of the services and minimizing the business risk associated with adopting this new delivery model.

New cloud technologies and architectures are changing the nature of service provision and creating new governance and compliance challenges for IT leaders and practitioners. Today’s IT organizations are typically driving towards becoming a more consultative service provider/broker to the business. This requires enhanced streamlined governance capabilities to support this evolving delivery model.

Cloud Governance Capabilities

Cloud governance is based on the underlying tenets of enterprise and its governance as it applies to cloud-based service provision. These elements, for example, security policy, compliance needs, legal requirements and business drivers, shape a pragmatic set of governance capabilities that are compliant while being dynamic and innovative to respond to the agile needs of the ongoing digital transformation.

The areas of our customers’ focus form a lifecycle methodology. This approach ranges from defining the initial strategy for the potential use of cloud-based services to managing the operational aspects and continuous improvement of services. This process ensures that cloud governance is aligned to the business needs.

Service Provider, Brokerage, and Portfolio

Some cloud adoption strategies have been based on the “build it and they will come” approach.  VMware advocates that IT and the business stakeholders must partner to determine the services required for ensuring they are appropriately aligned to strategic corporate goals, tactical development, and support needs.

As the services are designed, IT as the Service Provider should make use of all internal IT capabilities but also incorporate publicly available hosting and Software as a Service (SaaS) type services to optimize the business benefit and associated service costs. This brokerage approach is becoming common a practice, which enables the construction of a comprehensive and holistic service portfolio.

Cloud Services Steering Committee and Center of Excellence

A lack of structured decision making around cloud service provision is a common issue we find in many organizations. A leadership structure is required to guarantee that the services are governed effectively. This includes ensuring the appropriate resources (technology, people and financial) are applied to the management and operation of the services. They must also ensure the service design meets the Enterprise and IT governance standards and compliance requirements. This requires leadership commitment and backing for the key decisions that will come up throughout the evolution of your cloud practices.

Moving to a dynamic private or multi-cloud-based operation will require new capabilities and redefined roles & responsibilities. In most cases, IT organizations are looking to break down the pre-existing silos associated with their existing technology disciplines. Moving to a more integrated, horizontal team structure, reduces the internal hand-offs, increases effective cross communication and speeds-up the provision of services. Typically, new skills are also required to support the cloud technologies and methods, provisioning of automation, and the integration of virtualized service components. The Cloud Steering Committee will be key to evolving the organization in support of the new service’s mission.

Multi-Cloud Governance, Controls, and Workload Management

A challenge for many internal service providers is how to capitalize on the many benefits of public cloud computing and “software as a service” capabilities while minimizing the potential risks. The cloud team has many decisions to make regarding their use of external cloud-based services.

  • Where should or can a workload reside?
  • Will you be able to effectively secure and protect the application, its data and personal information while ensuring regulatory industry compliance requirements are met?
  • Can you provide the performance level required despite potential latency and integration requirements?
  • Do you need the ability to move and/or replicate the application and data between on-premises and public data centers for resource flexibility and backup?
  • How do you migrate data to off-premises and ensure data sovereignty and integrity?
  • Can you centrally manage the application and workload remotely?
  • Can you meet the cost and business value expectations?

Workload management and placement policies need to be defined to address these and related questions for each service in the portfolio.

Service Architecture, Automation, and Security

The tactical development of service offerings for the strategic services portfolio requires a structured architectural approach and development of service definitions. This will guarantee that all components of the service are understood, effectively integrated and engineered to address a specific business needs. These services typically range from foundational Infrastructure as a Service (IaaS) elements to complex Platform as a Service (PaaS) environments. The more complex services require the amalgamation of applications, load balancers, web servers, database servers and potentially the integration of external SaaS-based services to create a valuable and functionally rich consumer ready experience.

The ability to create these complex services consistently and in a timely manner using manual methods is becoming impossible. Automated provisioning is now a de-facto expectation and critical in meeting the business and governance expectations. Most organizations have already developed the ability to automate the provisioning of the basic virtual infrastructure components (e.g. CPU, Memory, and Storage) but to be “consumer ready” all aspects of the service must be included (e.g. network configuration, security controls, applications, test datasets, configuration between PaaS components, etc.).

This automated service provisioning capability should enhance overall governance of the environment through the creation of repeatable, identical configurations that ensure policies are “baked-in” to the environment.

Service Catalog, Innovation, Marketing, and Support

Consumers want the ability to easily request specific pre-defined service configurations designed to support the specific needs of a business unit or functional area. These services should be published in a self-service catalog that provides key information at a glance regarding the appropriate usage, configuration, sizing, service levels, costs and available options (e.g. expanded configurations, leasing durations, locations etc.) of each service. This ensures that consumers expectations are established up-front and that they understand the value as well as the limitations of the service offering.

While the service catalog is the “shingle” IT hangs out to advertise their specific capabilities, there is a need for pro-active marketing of new and modified services resulting from continuous improvement and business alignment activities. This consists of formalized and regular “push” marketing to current and potential future consumers of the service.

As service innovation continues and cloud-native technologies are adopted and evolve, the automated provisioning “scripts” or “Infrastructure as Code” should also be made available to be “called” through APIs to further speed time to market and eliminate manual intervention wherever possible.

Operational & Service Monitoring, Telemetry, and Feedback

A core part of the overall governance mission should be the monitoring of service performance. It needs to ensure provisioning quality, protect the health of the infrastructure and applications, and identify as well as report any issues encountered. This information is key to safeguarding service levels and making sure outcomes are measured and met across the delivery lifecycle. It is also a core part of the continual service improvement review process and a source of recommendations for service enhancement.

As customers look to increase the adoption of DevOps as a discipline, this monitoring approach becomes more relevant. It ensures that developers are provided with the telemetry, feedback and error data associated with their development testing and the “blue/green” deployments in the production environments. It supports the “fail fast” approach to early testing and automated rollback of problematic application features to a known “good” state.

Intelligent Operations, Demand, and Capacity Management

Intelligent operations are based on the premise that each service is managed as a continuum from the initial deployment, using automated provisioning processes and tools to the operational management throughout the life of the environment, VM, or container. Capturing in-flight data is critical to understanding the dynamics of the service, it’s performance profile, the resource utilization and any changes required to the resource allocation due to peaks and troughs in the application demand. Many virtualization operations tools can perform this function in an automated way by dynamically changing the resource allocation to ensure balanced usage of the hosting platform or by moving workloads to a location with more available resources. For this to be effective, governance policies must be predefined to establish what changes are permissible. This includes where a workload can be located and the upper and lower limits of any resource changes.

The success of cloud-based services is often a double-edged sword when there is a surge in demand without the capacity to fulfill the expectations. The assessment of current and future capacity and overall resource usage is another required governance discipline. There is a fine balance between ensuring available capacity for the predicted demand and performance while optimizing the costs associated with new infrastructure. Many governance practices can be brought to bear to ensure resources are returned to the pool when no longer required. Regular assessment of resource utilization, rightsizing of configurations and reclamation of underutilized resources are all factors in a well-governed environment. All services should have a pre-defined allocation of resources to meet the expected workload volumes and performance criteria. Assessment activities can be automated, and consumers informed of any drift from agreed resource utilization to guarantee adjustments are made proactively.

Predicting future demand is achieved through regular communication with consumers regarding upcoming business, project and operational requirements. This demand information is key to ensuring available capacity and the risk of having to slow down service delivery due to a lack of resources. A structured Service Broker model also allows for the use of public resources (typically at increased costs) which can enable short-term relief for peaks and spikes in demand (e.g. seasonal transaction increases) but advanced knowledge of these potential trends is required to enable these resources to be utilized effectively.

Governance Benefits

By adopting a streamlined governance-based approach to cloud services you can realize significant benefits:

  • Provides the structure that links IT processes, IT resources, and service provider capabilities to enterprise strategies, objectives, and requirements.
  • Integrates and institutionalizes optimal ways of planning and organizing, acquiring and implementing, delivering and supporting, and monitoring of cloud services regardless of platform or internal/external provider.
  • Ensures the “built-in” compliance of cloud service provision through the adoption of automation that incorporates enterprise governance policies and security requirements.
  • Enables the enterprise to take full advantage of its brokered service capabilities, thereby maximizing business benefits, capitalizing on opportunities and competitive advantages.

In summary, while governance, controls, and processes are often considered roadblocks to “getting things done”, there is a need to ensure that appropriate oversight and management are applied to at least at a “minimum viable compliance” level. This level is different for each organization and should be formally designed into the overall cloud service provider/broker model at its inception.

The dynamic automation and operations management capabilities available today mean that we can have “speed to market”, business compliance and customer satisfaction at an enhanced level even while increasing efficiency and reducing costs.

The key to success is to consider governance as one of the primary and foundational requirements and design goals at the beginning of your cloud services journey, not as an afterthought when it’s harder to reverse engineer the environment.


Bill Irvine is a Principal Strategist with VMware Advisory and Transformation Services team. As a pragmatic strategic consultant, Bill has developed broad industry expertise while consulting with and delivering and managing services for some of the top Fortune 1000 companies.

Bill has spent many years as an IT practitioner and leader in a variety of industries including consulting services, transportation, manufacturing, healthcare, broadcast media, education and IT and business management services.