26/04/2018
Which cloud solution is right for your organization? What factors make one cloud solution better than another? Between the big two -- Azure and AWS -- what do the experts have to say about the advantages or disadvantages of each?
We recently asked two of our Learning Tree Cloud Instructors to answer questions about two of the most popular Cloud solutions available today to help you decide which cloud platform is right for you.
Our Cloud Experts
Steve Lockwood -- AWS Expert
IT Consultant & Trainer Specializing in Cloud Computing & Web Security
Connect on LinkedIn
Esteban Delgado -- Microsoft Azure Expert
CTO at BIZITSS and Learning Tree Cloud Technologies Instructor
Connect on LinkedIn
Please tell us a little about your background and credentials.
[Mr. Delgado/Azure] I have been working with business technology for over 30 years now. I have been working with Azure for over three years and understand how the requirements of an organization line up with Azure service offerings. I am CTO at BIZITSS, a Cloud Solution Provider, and a Microsoft Cloud Platform Certified Solutions Associate and Microsoft Certified Trainer.
[Mr. Lockwood/AWS] I have been using AWS for almost ten years now. I have helped numerous companies deploy resources and system within the AWS cloud. I am also an AWS Certified Solution Architect.
What should organizations consider in regards to their abilities/resources/environment before migrating to the cloud?
[Mr. Delgado/Azure] A good understanding of a platform's offering is a must. What services are available for Infrastructure, Platform, and Software as a service? Once you are comfortable with how these services match up with your needs there should be a comprehensive evaluation of costs in the cloud compared to continuing with an on-premise infrastructure or a hybrid environment. If it seems like a good fit, then you must do in-depth proofs of concept for all your platforms. This is when you will be able to gauge the abilities and resources required for a migration. Are the resources you already have appropriate for the tasks required to move to the cloud? If you don't feel they are ready you can outsource. If outsourcing, you can still train up your existing staff to maintain your new cloud environment. There are many paid and free training resources for Azure that are available directly from Microsoft and other sites.
[Mr. Lockwood/AWS] Before migrating to the cloud, organizations need to first accurately understand what the cloud is and what it can provide. There are many misconceptions about the cloud due to things people assume or even read. For example, many people will say the cloud is always less secure than an on-premises solution. They assume this solely based on the fact that they are not in control of every aspect of the environment. For most organizations, moving to the cloud can be more secure than what they have today. Very few organizations have the time, money, or people to spend on security like companies like Amazon has. There are still security concerns, but you need to document the specific concerns and then research how they are addressed in the cloud. It is also important to document exactly what resources and environment you have today and then document the resources and environment you need. For most organizations, what you currently have and what you need are not always the same. The biggest mistake I see organizations make, is they move to the cloud and deploy systems that mirror what they previously had. Instead, they should deploy what they need. This is the number one reason organizations do not always see the cost savings they expected.
What should organizations look for when choosing an enterprise cloud solution?
[Mr. Delgado/Azure] Before evaluating cloud solution offerings, an organization should first understand what drives their need or desire to migrate to the cloud. With this information in hand it is then possible to focus on what is important. Cost, security, SLAs, backups and recovery, services offered, and training and support have to align with the reasons for considering the cloud.
[Mr. Lockwood/AWS] When choosing a cloud solution there are several critical items to look for. Find a provider that will not only offer services and features you need today, but also offers services and capability you may need in the future. You want a provider that will allow you to grow without having to migrate to a different solution. You also want a provider with a proven record of reliability, security, and examples of real-life systems that were successful on that solution. Look for case-studies and blog posts where organization outline their successes or failures - learn from others. Provider lock-in is something else to look out for. It is best to utilize open source APIs whenever possible and avoid proprietary APIs and services that may not be offered by anyone else. It is also important to ensure the provider offers physical locations that are close to either you or your users to keep network latency to a minimum. The availability of expertise or training can be important so you can bring staff up to speed on the platform.
What makes Azure or AWS a good cloud solution?
[Mr. Delgado/Azure] Many if not most of the workloads to be migrated to the cloud are Microsoft platforms. This makes Azure a perfect fit to transition an existing environment with little to no changes in the way an organization operates. Extend your network infrastructure using one of the multiple choices of VPN configurations and you have a seamless environment. Even if your environment does not rely on Microsoft platforms, Azure supports Linux workloads as well and has more Platform as a Service (PaaS) offerings than other vendors to provide most solutions required for an enterprise. All of your solutions can be sourced from a single cloud vendor.
[Mr. Lockwood/AWS] AWS is one of the oldest and largest cloud providers in the world. It has been tried and tested by thousands of organizations, including Amazon themselves. It also provides an extremely wide range of offerings and services to accommodate most needs an organization will have.
What customization options are available for Azure/AWS?
[Mr. Delgado/Azure] Azure has hundreds of PaaS offerings making it a true a la carte solution. If the solution you want is not available with the features or configurability you are looking for you can always opt for IaaS and have every choice you would in an on-premise environment.
[Mr. Lockwood/AWS] AWS is a collection of many individual services that can be used alone or integrated together to create a complete cloud-based solution. This allows you to use whichever services that you need and only pay for the ones you use. Additionally, many services provide numerous options to satisfy your requirements. For example, EC2 support all commonly used operating systems such as various flavors of Linux and all Windows server versions back to Windows server 2003. The AWS Relational Database Service (RDS) provides a choice of many databases, including Oracle, SQL Server, PostGreSQL, MySQL, and Aurora. AWS provides a lot of flexibility to implement systems exactly how you need them.
Describe the process of managing an Azure or AWS cloud in regards to the organization.
[Mr. Delgado/Azure] Managing any cloud environment whether in public or private space will certainly have a learning curve for staff who are not already familiar with the technology. When migrating from on-premise physical to Iaa in the cloud, the learning curve is not very different than going from a physical to an on-premise virtual environment. The change is in the "hardware." You are going from physical to virtual hardware in the cloud. Management of your workloads does not change. Windows, application, database, Linux and any other servers still require the same management and should require little or no training for the transition. If taking advantage of PaaS offerings, the change may seem a little more abrupt. Some management tools that your admins are accustomed to may still work, others may not and configuration may be only through the GUI provided by Azure or using Powershell.
[Mr. Lockwood/AWS] AWS provides four main ways to manage resources: A web-based management console, REST API, command line interface (CLI), and programming language API or SDKs. The management console is the best place to start and gain experience with the platform. It also makes it very easy to prototype or create proof of concepts. The REST API and programming language APIs provide the ability to automate the management of resources by developing your own applications or integrating AWS into existing systems. You could also create your own custom dashboards and deployment portals using the APIs. The CLI can be used to easily create automation scripts that can easily be run from virtually anywhere, without having to develop code.
Cyber security is a huge factor in choosing a cloud solution. How does Azure/AWS approach security?
[Mr. Delgado/Azure] Microsoft uses many industry standard encryption methods and protocols to protect data in transit and at rest. In addition to protecting the data as part of providing a solid, secure platform, Microsoft supports an extensive list of standards directly related to compliance requirements of most organizations. HIPAA, DoD, ISO, ITAR, SOC, MARS-E, are just a few of these standards. A more extensive list can be found at https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
[Mr. Lockwood/AWS] AWS approaches security with the utmost importance. AWS was originally developed for use by the Amazon retail store, which has some of the best security developed. When you deploy resources on AWS you are taking advantage of the security controls Amazon has developed and benefit from their vast experience. AWS utilizes an end-to-end approach to secure and harden their infrastructure, including physical, operational, and software measures. The AWS cloud has also been aligned with and adheres to most legal and regulatory compliance standards that exist today. See https://aws.amazon.com/compliance/ for a list of all the assurance programs AWS provides.
How is data encrypted with Azure/AWS?
[Mr. Delgado/Azure] Azure encryption covers every possible data object at rest and in transit. There are multiple options to enable encryption in disks and storage services, databases, SMB shares, RDP sessions, SSH, VPN tunnels, and every other data object and transmission in use. Each of these will give the administrator the option of encrypting data stored in Azure and also in transit. Azure Key Vault is also offered as a solution for managing and controlling access to encryption keys.
[Mr. Lockwood/AWS] AWS does not encrypt data at rest by default, however server-side encryption can easily be turned on for most services. Usually, it is as easy as just setting a flag or checking a checkbox. When server-side encryption is enabled, there is a choice to either uses an AWS provided key or a customer supplied key. Either way, it is a fully managed process which means AWS manages the encryption, decryption, and all code required to do so. When using customer-provided keys, AWS never stores the key. You must provide the key as part of each request when storing or retrieving files. If you lose the key, the files cannot be recovered.
Another option would be to use client-side encryption, which means you encrypt the data prior to uploading into AWS. This way you are in full control of all keys and the encryption process, but also means you will need to manage that process as well.
What type of monitoring/reporting capabilities are available?
[Mr. Delgado/Azure] Azure provides many solutions for basic monitoring plus monitoring applications and infrastructure. Dashboards and alerts are easily configured. Premium monitoring services include Application Insights, Log Analytics, Service Maps, Network Watcher, and more. Additionally, Operations Management Suite is a collection of management services in the cloud that integrates monitoring tools and provides automation capabilities to your monitoring solutions.
[Mr. Lockwood/AWS] AWS has a centralized monitoring and reporting service called CloudWatch. CloudWatch can be used to monitor metrics, collect and view log files, set alarms, and can even be configured to automatically respond to events. For example, CloudWatch could be used to monitor the CPU utilization of a group or pool of servers. If the CPU utilization goes above a specified threshold (let's say 80%), CloudWatch can be configured to invoke an autoscaling rule that increases the size of the pool. Then when the CPU metric falls below a threshold, CloudWatch could invoke another rule to reduce the size of the pool. All this can be fully automated. CloudWatch also allows for monitoring of custom metrics generated by your applications and can collect log files your applications generate.
How do Azure and AWS approach disaster recovery and business continuity?
[Mr. Delgado/Azure] There are always at least three copies of any data stored in Azure. This will be the minimum standard for Locally Redundant Storage. There are additional Geo Redundant options increasing the copies to 6. However, this redundancy is mostly to improve Azure's reliability and to provide stability on the back end. Tenants can backup Virtual Machines in the same or different regions than where they are configured. Full replication is also available for on-premises or cloud resources. Most other objects such as databases also have very effective and frequent backups that can be easily configured by the tenant.
[Mr. Lockwood/AWS] The AWS infrastructure is designed to provide you the ability to deploy systems with both high availability and disaster recovery. AWS has organized the cloud infrastructure into geographic regions and availability zones. A geographic region is a physical location where the AWS resources reside around the world. There are 18 regions as of the writing of this blog, with 12 more already announced. See https://aws.amazon.com/about-aws/global-infrastructure/ for a list of all current and planned regions. Each region is then comprised of at least two availability zones, and often more than 2. An availability zone is one or more discrete data centers hosted in separate facilities that do not share common points of failure, such as connectivity, backup power, or people.
Let's talk scalability. How prepared is Azure to scale to an organization's needs?
[Mr. Delgado/Azure] Azure architecture is containerized. As their customer needs increase they can add capacity very quickly to adapt to new demand.
[Mr. Lockwood/AWS] AWS is very prepared to handle any organization's scalability needs. The AWS infrastructure was designed for and is utilized by the Amazon online store. It has proven to be able to handle the scalability required by one of the largest online stores in the world. It should therefore be able to handle the scalability required by most other organizations.
What factors would make Azure the best solution for a particular organization?
[Mr. Delgado/Azure] Although I feel that Azure has the broadest platform of services that will cover most requirements I would refer to my answer to a prior question - "What should an organization look for when choosing an enterprise cloud solution?". Once that question is answered for a specific requirement we can begin to understand if Azure is the best solution.
[Mr. Lockwood/AWS] Factors that often can make AWS the best choice include many of the items discussed above: security, flexibility, maturity, scalability, and performance. As I mentioned earlier, AWS was originally designed to host the Amazon store and includes many features required when hosting one of the largest online stores. Most organizations will not need most features at the same scale that the Amazon store requires, but knowing that it can support that is one of the most important factors for me. AWS is not just a product that Amazon sells; it is also the same infrastructure they use every day.