There are many aspects you need to consider while deciding to change your vital IT system (like the project management system in a translation office). Some time ago I recommended that you do not even consider software without an API (DataBase Based Integration – a Sackable Offence). In this article, we will concentrate on another important aspect which is the model of how your software will be run, managed, and accessed: On-Premise or On-cloud.
Software Delivery Models
Specialized software requires multiple IT layers to run. Different services combined with business logic and a nice UI under the umbrella of one application provides a user with a unique and complex functionality he/she requires. These layers can be divided into three basic groups:
- Hardware and network access – including server CPU, memory, hard drive (often virtualized) active and passive network devices,
- Operating system and common services – file system, email services, databases, backups and other functionality that is shared by different applications, usually installed and managed individually,
- The actual application – a top element that users interact with, specialized code providing functionality built on top of the operating system, a common (often distributed) service, and other applications.
The traditional software delivery model assumed the software buyer controls the entire stack for the software is installed on hardware and an operating system under his full control. Since cloud solutions gained in popularity, more and more services are moved outside the company office – not only physically also the control (and responsibility) is passed to cloud providers. Servers are more secure and better served in a data center so we started to keep our servers there. It became evident that it is faster and cheaper not to own servers at all but rather use the ones that are owned and maintained by the cloud provider. Hardware virtualization technology speeded up this process even more so now ‘your’ server can be up and ready just a few seconds after placing the order – that is Infrastructure as a Service (IaaS) – a cool thing saving your company a lot of hassles spread between advanced IT hardware knowledge, a screwdriver, and power outages.
Anyhow, using IaaS still requires installation and management of the commodity software – databases, email servers, file system sharing services, and others as well as having to address scalability and security challenges. Platform as a Service (PaaS) vendors promises to provide you with all this stuff. They usually build their offering on IaaS and provide high expertise in a particular area so the resulting service is of the highest quality, hard to achieve by an individual IT specialist and even entire IT departments. We trusted them and gave control of many services (E-mail me if you are not using any :-).
The last element is an application – the core system your company uses to run your business – it may be offered as a Software as a Service (SaaS) and/or as on-Premise. You may decide to buy the system and run it on your own on an IaaS and PaaS infrastructure or let the application vendor take full care of it. There are a few factors worthy of your consideration before making the final decision: legal aspects, business continuity, IT security, deployment, and maintenance and finance – they are described in the following chapters.
On-premise software is installed on the company’s own/managed servers. Cloud-based software is hosted in a cloud and fully controlled by a software vendor, usually, it is accessible through a Web browser.
From the legal perspective, there is a fundamental difference between on-Premise and Cloud-based software.
For on-Premise, you need to license the software. The license gives you access to the application in the form of source code or binaries as far as an allowance to run/use it in the scope and areas described in the EULA (End User Licence Agreement).
There are multiple different software licensing strategies but at the end of the day, you are given the software on an ‘AS-IS’ basis with permission to run it on your own. Except the legal limitations, you have full control over the software and any piece of data you generate while using it. XTRF for instance enables you to run one production instance of the software which can be accessed by a limited number of users. You can also have additional copies for testing purposes – e.g. as a staging environment.
SaaS is quite different. From a legal perspective, it is nothing else but a contract for providing a service. You do not need any software licenses – you are granted a right to use a given service for a limited period of time. By signing-in to SaaS, you grant a cloud provider rights to process your data so they can host your service. The service and the scope of your data usage are described in a document that is usually non-negotiable, called the Terms and Conditions which describes, as far as, the service functionality, usage models, and limitations.
XTRF and our IT partners are ISO 27001 / 9001 certified to provide the highest standard in data security and service quality.
Use your cloud vendor ISO certificates
as your company advantage in contracts and tenders.
Business continuity encompasses planning and preparation to ensure that an organization can continue to operate in the case of serious incidents or disasters. In the context of a system that is critical for a company’s operation, you should consider your business continuity strategies for both on-Premise and Cloud solutions.
Ask yourself two control questions: How do you know the system is not working? and What actions will be taken to solve the problem if it occurs? The first question is usually answered as:
- Somebody (a client, colleague) tells you there is a problem.
- You detected (experienced) the problem by yourself.
- You have been informed by a monitoring system that detected problems automatically.
The last answer is the least common for on-Premise installations. It means that if a failure occurs at night or during the weekend many hours pass before somebody even starts solving the issue. Moreover, the answers to the second question show that application outage time increases even more. Two of the most common answers are:
- You call your IT guy or department – it’s fine if he is on duty and confirms the problem. You are even luckier if he can solve the problem in a minute… but sometimes after two hours, IT calls you back claiming a master hard drive controller failure and asking to buy a new one with express delivery of 48 hours. The system is down for 3 days.
- Sometimes your IT blames the system vendor – a bug in the software – so you call the system vendor and get a famous “it works for me” response. – after a few hours/days it finally turns out that one parameter of your server infrastructure had been changed and it resulted in a failure when the system was restarted. Two days passed before the system was up and running again.
What about a serious power outage, strong storms, or a digger cutting off the internet to the entire office…
System availability is a ratio of the expected value of the uptime of a system to the aggregate of the expected values of up and downtime.
What about the SaaS model? Cloud providers offer service-level agreements (SLA) that guarantee a certain amount of uptime. In the case of a problem you can call/email/raise a ticket at your provider helpdesk and be informed that they have already detected the problem and provided an estimated time of system restore, which is usually far below the SLA agreed. If a problem occurs at night you probably will not even notice it.
Total system downtime as a function of declared availability in different time frames.
How is it possible to achieve 5 minutes unavailability in a year? In mature cloud environments the monitoring system automatically informs about problems, it can detect the problem and reacts much faster than any user. SaaS providers operate in 24/7 serviced data centers that can fix broken hardware in minutes or automatically migrate the system to new hardware.
Average availability on XTRF Cloud for Q1 2017 was 99.95%
i.e a downtime of 20 min/month used for system updates.
In the XTRF Cloud, we not only monitor our systems but also react to system failures in an automatic way. There are multiple rules defined that can automatically restore your system operation with minimum downtime. If the automation fails an SMS notification is sent to an administrator on duty.
Control questions for your IT
Do you and how will you monitor the new software?
Who will be informed and what are the worst-case problem resolution scenarios?
What would be the cost for your IT to provide 99,95% availability?
Disaster recovery involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. To recover from a disaster you need access to your data. You can buy new hardware, you can get all the systems and program binaries from vendors but access to your backed up data is essential for your company to recover from a real disaster.
You may have been told that your data are backed up – it is not enough – make sure one can restore the data from the backup. There were companies that made regular backups but in a critical moment, the restore process failed – nobody remembered the password to a backup copy or backups burned in a server room together with the servers. It is a matter of life and death for your company – check twice or go SaaS.
The XTRF Cloud Database is backed-up every 24h, all backups are stored offsite (in a different country).
Control questions for your IT
How frequently are the backups done and where are they stored?
When last was the restore procedure tested?
Deployment and Maintenance
SaaS service deployment and maintenance are easy – you order a service and it works.
On-Premise installation requires much more attention. The SaaS provider uses the optimal hardware and operating system configuration for the software it offers. Your IT may want to reuse an existing server (does it conform to the requirements?) and install the operating system, database and other services according to their preferences that do not fully match the software vendor’s recommendations. Having selected the hardware, the following actions need to be performed:
- configuration of a (new/rented) server (operating system, basic software, internet connection, security),
- installation of the new software (+ additional elements – database, proxy server, SSL certificate etc).
- testing, including performance tests,
- fine tuning of the system,
- configuration of a monitoring subsystem.
When the above steps are completed you should be informed about the stability of the final installation and what availability can be guaranteed.
Software deployment and maintenance require advanced IT knowledge and time.
All IT systems require regular maintenance. Server security has to be properly managed, system and software patches installed, monitoring alerts verified, system health checks performed, minor hardware failures, power, and Internet outages addressed. All these actions take time and require competent IT specialists.
Control questions for your IT
What is the time required to complete the new software installation?
What is the time required monthly for system maintenance?
How stable is the installation – who is responsible it runs 24/7?
A cloud-based system can easily grow (and shrink) with your organization. Into every business, there will come spikes. Those days when suddenly everyone wants access to your data and they want it now. What to do? You can buy enough servers to meet the maximum possible data demand, but that’s a waste of money when the servers are sitting idle. Imagine you have a big project starting next month and need to hire 3 extra people only for this project for two months – would you invest in a server upgrade and 3 additional software licenses? Being able to scale up and down is a huge competitive advantage. It’s also extremely cost-effective.
Control questions for your IT
Can we increase the number of users/projects – what is the cost of each additional user?
Can we reduce our IT costs if we have fewer users?
There is a temptation to compare on-Premise and SaaS costs in a simplistic way. For on-Premise, we assume one-time spending on licenses and compare this with yearly spending on the Cloud. Let’s make a comparison using the current XTRF Professional pricing for 10 users.
The above model is entirely wrong. It is like comparing buying a car and using a taxi but including only the total price of the car – forgetting about fuel consumption, service cost, insurance policy, and parking costs. The right approach is to compare the Total Cost of Ownership. TCO is a financial estimate intended to help buyers and owners determine the direct and indirect costs of a product or system. So what are these additional costs of on-Premise?
If we include the above factors the TCO can be calculated over 10 years following the purchase date.
Even we do not include: the interest rate on the initial investment, Opex/Capex benefits, lower risk, flexibility, adaptability, and SLA – the calculation clearly shows the cloud is cheaper and requires half of the initial investment. It includes some extra benefits not available (or not included in the price comparison), moreover in the ten years the following situations are of high probability:
As your comfort and sense of security are priceless, the final comparison gives the Cloud an even better advantage.
On-Premise installation requires significant spending, mature IT processes and highly paid professionals to ensure stability and security – full control has its price.
Cloud-based solutions can provide the highest availability and data security due to mature data protection policies and processes. Flexible pricing plans, adaptability, and benefits, gained from the economy of scale result in lower TCO than maintaining your own software as far as decreased initial investment risk.
Moreover, cloud usage allows your IT not to concentrate on more server/software administration but instead, they can focus on business-value oriented tasks that better address your company’s mission.
“Continuity of processes and data security in a distributed translation management system.” Project co-financed by the European Regional Development Fund under the Operational Program Innovative Economy.