While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
When it comes to adding information technology resources to an existing infrastructure, businesses typically acquire servers, storage and applications on a project-by-project basis. It's easier and more logical than having to take all existing IT assets into account because the requirements will be smaller and bounded. But while the cost of such an equipment acquisition might be low, the complexity of supporting many resources remains high.
Industry analysts estimate that ongoing technical and end-user support of the systems infrastructure accounts for up to 80 percent of IT operating costs. That leaves 20 percent for server and storage capital acquisition. But if consolidation of an agency's IT assets would net a return on investment (ROI) of fixed costs in one year, then re-evaluating the entire IT infrastructure is compelling.
I've worked on such projects at my consulting company for two dozen years, and during that time, I've figured out what works and what mostly does not when it comes to consolidating an organization's servers and storage. When done right, server and storage consolidation can dramatically reduce support costs, application support demands and license costs.
Determining which of an agency's servers and storage farms to consolidate demands a step-by-step approach. The following eight-step action plan provides guidance before, during and after the consolidation.
Figure out which resources are redundant.
The first thing an agency must do is identify resources that support or handle duplicate functions and that can be concentrated at fewer physical locations. In this instance, redundancy means duplication of services; it does not mean resources that mirror sites or function as backup and disaster recovery sites.
To do this, collect server and storage profiles. These should include configurations, usage logs, storage layouts, application data sets and user group information.
If the agency duplicates business functions for two or more resources, then those servers and storage devices are consolidation candidates. A caveat: If resources are located remotely, check to make sure that centralizing those resources won't degrade performance or response times.
To prioritize which resources are the best candidates for centralization and consolidation, an agency must take into account functional boundaries, system availability needs and performance considerations.
The consolidation team will need to look at whether network bandwidths will be sufficient to support the possible infrastructure change. When calculating the total cost of ownership (TCO), also be sure to fold in design phase expenses.
Next, the agency should make sure the consolidation will preserve required security Â for authentication, authorization, audit and accounting, integrity and confidentiality. In some cases, a consolidation will require different methods of security or increased security levels. Also, make sure that this data is part of the TCO calculations Â and takes into account any expenses for the design phase.
Finally, using the TCO figures, the agency should perform a cost analysis of the existing infrastructure that determines capital acquisition, depreciation, maintenance and support costs for the next three to five years. Using this data, the agency can estimate cost savings for resources it might consolidate.
Make a business case for consolidating resources.
It is critical to include representatives from each department or functional area that the proposed changes would affect. (It is prudent to include these people from the start so the IT team can get consensus and buy-in on its consolidation plans.)
In the business case, the agency should first present a cost-benefit analysis along department and business process boundaries, summarizing variable and fixed-cost savings. This analysis should show how the team calculated its TCO and projected ROI figures.
Next, the business case should detail the design and implementation phases of the consolidation plan.
Above all, the consolidation plan must include backup and disaster recovery support. Should systems fail, the project must not expose the agency to a disaster scenario that was nonexistent in the preconsolidated infrastructure.
Design and get buy-in for a consolidation plan.
The next part of the project requires getting the agency's business process managers behind the consolidation plan. Meanwhile, the IT team also will finalize a road map for the project's execution.
This road map needs to lay out the physical and logical topologies for all affected systems. If the agency has already implemented load-balancing rules for its servers and storage, then the team must figure out whether it will need to adjust the load-balancing scenarios for the new infrastructure and to what degree.
Once the agency determines which systems it can collocate and the load-balancing and uptime requirements necessary for its reconfigured server and storage nodes, the agency can outline a data and resources migration plan.
It must take into account potential failure scenarios and prioritize their probability of occurrence. This will mitigate risk and help the agency prepare a failure response plan to avoid downtime.
And, even though the agency checked its network bandwidths and security requirements during the initial analysis, it should check them again as it develops the migration road map.
Develop policies and procedures.
Although an agency will no doubt have policies for its infrastructure, it must create a new set for the consolidated environment that specifically assigns who is responsible by department and business process.
The IT team must also rewrite its process support policies and account for cost and support needs for systems availability, backup, restoration and disaster recovery. In essence, the agency will write its own service-level agreement with itself.
This agreement will spell out the technical support procedures for the newly architected environment, document data migration procedures and capture security policies and procedures.
Implement the new infrastructure.
Now, it's time to develop the "go live" plan by notifying each department and business process manager of the schedule for testing, checking quality assurance and implementing the new environment.
Once the schedule is dispersed, the team can begin the phased execution of the consolidation plan.
After rolling out the pre-production environment, the next step is to test or burn in the newly acquired and configured resources. The time to burn in will vary, but a general rule of thumb is three to five days for each resource.
If the new consolidated resources are stable, it's time to bring them online into a production environment. As this occurs, the IT team will continue to test for accessibility and performance.
Finally, the agency must do any load balancing where appropriate for the new architecture.
Evaluate the consolidation implementation.
The work doesn't end once the new infrastructure goes live. After the consolidation, the IT team should conduct a debriefing session with each department or bureau affected to make sure the service levels are meeting the preconsolidation plan. Obviously, functionality and performance levels must be the same or better than they were for the preconsolidation environment.
If the metrics degrade, then the team must revisit the resource allocation to figure out where the problems are occurring and make adjustments.
Monitor consolidated resources.
This is the logical best-practices step after the implementation and evaluation steps. A historical record of behavior, availability and performance will show areas for improvement or modification.
To adapt to changes in the processing environment, an agency should use network, systems and storage management tools to capture records about systems events and normal operations.
To make the information manageable, it's best to track data in a series of daily, weekly and monthly reports. A combination of time periods will likely be necessary; it will depend on the complexity and size of the infrastructure and the varying applications and services it provides to the agency's users.
Make adjustments to the new infrastructure as needed.
The monitoring reports will pinpoint any weakness in the plan and its implementation. An agency should expect that it will need to make changes to the model as business needs and priorities shift. Moves, additions and changes are part of the everyday fabric of any IT data center.
After a short period, the agency will be able to determine where improvements are needed and the cost impacts that will result from any iterative changes.
Another important thing to remember to do is revisit the TCO and ROI documents so that they reflect these changes. That way, senior management won't face any ugly surprises about costs or future spending requests.
As during the initial planning phases for the consolidation, the IT team needs to prioritize changes and make them based on cost-benefit analyses to avoid project requirements creep and budget overruns.