Given that a cloud service is normally provided over the Internet, for scale, the solution will be located in a handful of data centers owned and managed by the service provider. They will provide everything we need to run the solution, from physical servers to networking and application software; however we are not be able to directly access this. We use the interfaces they provide for the services and the service provider manipulates hardware, software, and configures the network for us. The key thing is that it is a highly replicated solution that has a level of management that is taken care of for you. The different cloud computing models and what is managed for you, versus by you, will be discussed later in this chapter.
The following diagram demonstrates the items that could move from a distributed to a centralized solution with cloud services. We can see that with a centralized solution, more resources are required in an IT function rather than repeated in each department. While the boxes are not drawn to scale, we should get economies of scale as things are centralized. Centralization can take place on our premises or using a cloud services provider where some of the IT functions in the diagram are, in effect, outsourced to the cloud service provider.
 |
With Windows Intune, all the information about each Windows computer is centrally stored in multiple Microsoft data centers and can be managed by us, no matter whether a server, the network, or even the entire data center fails. The application that runs on this infrastructure is the Windows Intune management software and it is maintained and upgraded without needing to be involved in the process. We will also have client software that connects to this infrastructure that is provided by Windows Intune, but the installation onto each client computer still falls to us to manage. When we make a change using the management tools at the data center, this will automatically be distributed out to the client computers provided they are connected to the Internet, implementing our changes without having to visit or touch these machines.
While Windows Intune centralizes the management function, storage and applications are still provided in the same way as previously delivered.
The Internet is a big place and the demands on services can be tiny or massive and this is expected to change over time, sometimes within minutes. A cloud solution should have that flexibility built into it. When we deliver computing resources in our own offices or data center, we have to buy the right number of servers and storage to enable us to meet the peak demand. Probably, because it is too complex to do anything else, most organizations simply leave these servers on all the time, consuming electricity, but adding no value to the business. In a cloud environment, servers are started and stopped as needed to deliver the solution, often by the service provider on our behalf. We can see all the opportunities that an elastic service can simply scale up or be turned off according to our business needs in the following diagram:
 |
In the case of Windows Intune, this is the application that Microsoft manages and they start up and stop the servers as required to deliver the information to the Windows Intune client software on the PCs and the management interfaces.
There are two elements to the pricing of cloud solutions that need to be discussed. The first is that by virtue of the elastic number of servers used, the cost of the service is lower than purchasing for peak capacity. The second is that rather than paying for servers, power, cooling, storage, and people, we now pay for utility. This may be a fee per user, compute hour, storage, and so on, but it is nothing like the traditional buy or lease models for IT where we paid for the hardware and software rather than usage.
The low fee we pay for Windows Intune relates to the fact that the service is delivered at Internet scale with elastic scalability that means that the actual computing required is right sized for all the users of the service at any moment. Our usage would be a fraction of the IT required to deliver ourselves because we do not actively interact with the management system 100% of the time. Beyond the scalability, Microsoft is also able to deliver greater efficiencies in managing the whole solution. This enables Microsoft to charge a flat rate per user for the services that is lower than the cost of acquiring the software, hardware, and people to manage by a significant amount.
Protocols describe the way machines talk to each other. Some of these are defined by standards bodies and others are known as de-facto standards as they have been popularized by the organization or organizations that use them. Either way, they need to be Internet friendly so that they can be routed, inspected and secured by firewalls and received by different client device types where appropriate.
Windows Intune uses a combination of standards based and de-facto standards, but all the protocols are published and known, enabling routing and securing via the Internet. Windows Intune uses a standard web browser to deliver the management interfaces and then a well-known set of protocols to deliver the rest of the information to the client PCs.
The term Cloud is often used when describing solutions that are often hosted and certainly connected to over the Internet. What used to be an Internet service is now often referred to as a Cloud service, but the terms are often interchangeable.
The final technical facet that all cloud services should have relates to security and privacy. The service needs to be as trustworthy as if we were running it ourselves. This means that our data is not shared or leaked, and that the communication protocols are secure. This is often not something we can test, but we should look for a privacy statement from the service provider.
Windows Intune's privacy statement can be found by following the link: http://davidoverton.com/r.ashx?20.
All quality cloud services should have a Service Level Agreement or SLA for short. This will need some careful analysis as this is one of the areas that differs the most from running the technology and delivering the service ourselves, and having it provided as a cloud service.
Service Level Agreements consist of two elements repeated for each different feature or function of the service being offered. These two elements are Availability level and Service hours of a time period and, as a customer, we get some form of Recompense if the level of service is not delivered. As we are managing multiple users, the number of users impacted, or the proportion of them that were impacted is often also included in the calculation.
Availability is often described as a number of nines, such as "three nines" meaning 99.9% availability or uptime. Don't be fooled by the number of nines by themselves as a service interruption (known as downtime) as it could still have a major impact if it was in the middle of our busiest day. The following table shows us what the downtime implications are:
|
99% uptime |
1% downtime |
99.9% uptime |
0.1% downtime | |
|
Day |
23h 45m 36s |
14m 24s |
23h 58m |
1m 26s |
|
Week |
6 days 22:19:12 |
1h 40m |
6 days 23h 49m |
10m 5s |
|
Month |
30 days 16h 33m |
7h 26m |
30 days 23h 15m |
44m |
|
Year |
361 days 8h 24m |
3 days 15h 36m |
364 days 15h 14m |
8h 45m |
The first consideration is the time period of which the measure is taken. Consider the preceding table which shows the time period of which certain availability levels are considered acceptable. It may all look relatively rosy, but if the availability is over a year, then there can be over a working day without the service at 99.9% availability (that of Windows Intune) and over 3 days if a service is provided at the "two nines" level of 99%, that of many services. Depending on the service, this will either be acceptable or unacceptable. Some cloud services do not have availability levels at all and these can be offline for months without recompense.
Finally, some services do not count downtime as soon as things go wrong, meaning that a large number of short failures are not considered to be breaking the availability agreements.
The other consideration is serviceable hours. In the preceding table we have assumed that the service has no "planned" downtime or maintenance windows and that it is available and measured for 24 hours every day. Some services have large maintenance windows, as much as 16 hours per day, and during this time if the service is available, that is great, but if not then there is again no recompense.
If we were running the technology on-premise, we could discuss improving the service availability and how we could impact the quality of service. With a cloud service we may be able to pay more to get a higher availability level, utilize more servers, or have no choice but to accept what it given.
Windows Intune, at the time of writing, stated that 10 hours scheduled downtime per year was acceptable and personally I would agree with this as it amounts to 10 hours out of 8,760 per year which is a very high level of availability. While this may sound a little scary, since Windows Intune only delivers management functionality, in the event of a failure it is only this management functionality that stops working. The users can continue to use their computers during this issue.
The balance to the expected Service Level Statement is the Recompense, should the service not meet this level. Again, here we need to ensure that this matches our business needs. Some services will provide usage or service credits, while others will provide us with cold hard cash as compensation.
Service credits can be nice, but sometimes they materialize as an extension to our existing contract period, which is not necessarily useful or desirable. The alternatives include actual refunds or a reduction in our next bill.
Windows Intune, at the time of writing, delivers service credits in the following month and it is quite generous.
We have covered the Windows Intune SLA several times in the preceding text and there is a snippet of this document below. To get the latest version of this, please go to the following URL: http://davidoverton.com/r.ashx?21.
In this snippet, we can see how Microsoft calculates uptime at the time of writing. We can see that Microsoft considers the number of users impacted as well as the number of minutes that they were disrupted to be key to calculating the Availability or"Monthly Uptime Percentage".
 |
We can see that if the service impacts all users for more than 44 minutes a month, we are entitled to a 25% service credit. In my opinion, this is one of the best value service credits available in the marketplace today.
We are now moving on to requirements that are not always present in all cloud computing scenarios, but it is important to understand how they might be useful.
Not that many years ago, the de facto desirable device for all computing needs was a Windows based PC. While the benefits of Windows have increased, as has the use of Windows 7, people want to be able to access information and applications from other devices. We have seen the rise of netbooks, tablets and phones as information access devices.
These devices all have relatively small storage and processing capacity, so the natural thing is to store information and provide the computing power on the Internet where it can be delivered on mass as needed. The services that provide all of this are often delivered using cloud computing solutions as they need the facets discussed in the preceding text.
Once the key information, data, and processing are deployed in the cloud, all these devices can utilize it from a browser or a small application that calls upon these cloud services. This means that rather than having to write complex software for all these devices, which has always been a barrier to deploying on anything but Windows in the past, now it is developed once for the cloud environment and delivered as a simple piece of consumption software for each device type. As the consumption software is lower in complexity because the complex solution is now being delivered by the cloud service, it becomes cost effective to write it multiple times, once for each device.
Now we have a model that allows access from multiple devices from any location provided they have a possible connection to the network with the cloud service on it, normally the Internet.
iPhones, iPads, Android, Windows Phone 7, netbooks, notebooks, Windows XP, Vista, and Windows 7 PCs are now all excellent consumers of cloud services. Each device has its own interface quirks, tools, and other management issues, but for a cloud service provider, they can now address more devices and users than ever before.
Today, Windows Intune is only used to manage Windows PC devices and the management interface is only available through a web browser with Silverlight installed, however, I expect more interfaces to become available over time.
Cloud computing requires a way for us, the user, to interact with it. This may be via a web browser, but if that is not the case, then we need to ensure the device we are planning on using has the software available to download in a marketplace, or application store for the specific device. This could be an application on a phone or computer. Familiar examples would include an e-mail client or music playing software.
In the case of Windows Intune, we need client software on each Windows device that will be managed. The client software communicates to the cloud service and we manage the service via a web browser.
With a cloud computing solution we have much of the data and clever computer processing being done in a data center across a network, which means this now has to be controlled remotely. There are two choices here as to how this is done, either by building the whole service and infrastructure and solution as the vendor, or by enabling third parties to have access to the control interfaces.
For some solutions, having third parties access these control interfaces makes perfect sense as it enables additional benefits to users without having to spend the time building it ourselves as the vendor. For some solutions however, the data is considered too complex to manage or too important to let third parties change, so the interfaces are not accessible.
Windows Intune today does not have publicly accessible programmable interfaces, so no enhancement of the software is possible
If these interfaces are available then the vendor will also have some form of additional shop front or application store to enable us as the user to choose to augment the cloud computing solution we have.