DevSecOps

AI

Search

Cloud Service Provider Tips & Tricks

Our understanding and experience with key AWS and Azure architecture differences to help decision makers determine which CSP is a best value option for an application based on many key factors such as: design of the application, deployment strategy, maintenance, and the concept of operations to support end-users needs.

Share this

White Paper

There is no looking back, cloud computing is here to stay for a very long time. Whether it’s private companies or the Federal Government, cloud computing provides decision makers a viable alternative to traditional on-premise data center facilities to buy and deliver massively scalable Information Technology (IT) services to meet changing customer demand. The global adoption of cloud computing will accelerate applications modernization and transformation to the cloud to make the organization more advanced, more innovative and lower life-cycle costs by benefiting from one or more of its capabilities: on-demand self-service, rapid elasticity, resource pooling, Internet accessibility and measured service. Along with hosting or developing applications in the cloud, companies that traditionally provide software licenses are providing these as a service directly in the cloud.

With all the potential cost savings and technical benefits of the cloud, why haven’t we seen more organizations aggressively moving to the cloud? Cloud computing is not perfect as there are risks that must be considered. Unlike traditional on-premise data centers that are owned and managed by the same entity providing services to their customers, the cloud is most likely a shared infrastructure that is owned by a commercial provider(s) and services are provided to many different customers, some of whom may not have relationships at all. Cloud Solution Providers (CSPs) address the cybersecurity issue in a shared cloud infrastructure by employing industry standard cloud specific cybersecurity protection tools and offering cloud security monitoring to protect customers’ data. Of course, there is the option for a private cloud that is physically isolated and built just for one tenant, but it will not be nearly as scalable as a shared cloud that has an economy of scale. The security concern over how the cloud protects data is one of the main reason for the slow adoption. The benefits and cost savings achieved via a cloud infrastructure will drive Cloud Solution Providers to provide stronger cybersecurity protections than we see in traditional on-premise data centers. Because Cloud Solution Providers are providing a “service” they can adjust   cybersecurity protections dynamically as the threat environment changes.

As CSPs mature their technologies and the Federal Government introduces regulations and policies such as Federal Risk and Authorization Management Program (FedRAMP), Department of Defense (DoD) Instructions, Joint Chiefs Instructions and United States Cyber Command Communication Tasking Orders (USCC CTOs), cloud security is less daunting and decision makers are more confident their data will be secure in the cloud. CSPs such as Amazon Web Services (AWS) and Microsoft Azure, two of the largest, are competing aggressively to increase their cloud security posture, lower costs and offer new value add services.

TechTrend offers AWS and Azure cloud services to our commercial and federal clients. We also provide IT professional services to help our clients modernize, transform and migrate their applications to the cloud. This white paper touches on our understanding and experience with key AWS and Azure architecture differences to help decision makers determine which CSP is a best value option for an application based on many key factors such as: design of the application, deployment strategy, maintenance, and the concept of operations to support end-users needs.

Secure Cloud Service Providers

Organizations are looking to the cloud to improve cost controls and to increase overall agility due to rapid increase demand for storage and access to larger volumes of historical and new data. Because the cloud supports the storage of larger volumes of data, the demand has increased for big data analysis capabilities within and external to the cloud. Whatever the value proposition might be, institutions of all shapes and sizes have either researched, acquired or migrated their on-premise applications to the cloud. The migration approach can be as simple as a utilizing the cloud virtualized compute, storage and network to host applications and data without modernizing or transforming the application (i.e. Infrastructure-as-a-Service), or it can be as complex as re- building the application on modern cloud platforms with pre-built hooks to leverage cloud services such as auto scaling of resources to meet changing demand (Platform-as-a-Service) or completely use cloud application services (Software-as-a-Service). Figure 1.0 below is a pictorial representation of the relationship between an ”On-Premise Legacy Application Infrastructure” and a “To Be Cloud Computing Service Model.”

 

 

 

In a very competitive environment where innovation is rapid and cloud costs are driven downward annually, institutions have a great opportunity to transform their businesses (process optimization/standardization, operational changes, organizational redesign, culture change, and training) and transform their applications (re-deploying, re-placing, re-architecting, and re- building) to leverage cloud services. To realize their transformational goals, there are many CSPs to choose from.

In accordance with Gartner 2016 IaaS comparison, the two dominate CSPs are Microsoft Azure and AWS. Despite AWS being many more times larger than Azure based on IaaS consumption, both infrastructures provide customers with the benefits of cloud services. In many ways, these CSPs have very similar capabilities to host a wide variety of applications. Figure 2.0 below is a comparison of AWS and Azure cloud service benefits.

 

Figure 2.0

 

Comparison of AWS and Azure

There are differentiators that may be more optimal for certain use cases or application’s availability, compute, networking and storage design criteria requirements. The table (see Figure 3.0) below provides a comparison against a limited set of use cases and key factors with the goal of providing a high-level guide to which CSP is a better choice to host the target applications, independent of the life-cycle costs for cloud services. Although cloud services cost is a key factor, staff productivity, agility and user experience should be other key criteria to select the platform for an application. Understanding AWS and Azure architecture differences will help decision makers to determine which CSP is the optimal solution based on the design of the application, deployment strategy, maintenance, and the concept of operations to support end-users needs.

Key Factors / Use Cases AWS AZURE
Application Diversity Supports most Use Cases that run well in a virtualized environment and for applications that are potentially challenging to run in a multitenant environment Supports a hybrid architecture and integrates well with Microsoft-centric technologies, cloud native applications and batch computing
Price Flexibility Does not budge on prices and charges by the hour More agile to support requirements for Enterprise applications and charges by the minute
Service Level Agreement(SLA) Does not budge on SLAs thus weak in supporting single instance SLAs More flexible for the need of the Enterprise
High Availability within a Region Across multiple logical data centers in a region that are synchronously connected. Disaster within one data center will not impact availability. Within a single logical data center in a region. Disaster within one data center will impact availability. More than twice the regions.
Load Balancer Native from Layer 4 to Layer 7 Native at Layer 4 but must rely on application gateway for Layer 7
Telecom to the CSP Infrastructure Inter Region only within CONUS Global Inter Region connectivity
Load Balancer Static IP Address Does not support static IP address Supports static IP address
Protection of PII/HIPAA AWS GovCloud can support PII/PHI categorized as Controlled Unclassified Information (CUI) and stored/processed at Level 4 (L4), whereas East/West support Level 2 (L2) Azure Government can support PII/PHI categorized as CUI and stored/processed at Level 4 (L4) and supports Level 5 (L5)

Figure 3.0 – AWS/Azure Comparison for a limited set of Use Cases and Key Factors

Conclusion

Depending on the applications’ technical and business requirements, most can be hosted on AWS, Azure and many other CSPs such as IBM, Oracle and Google. These CSPs have foundational IaaS offerings of compute, storage, networking and security that are now considered commodities, thus can host a wide variety of applications. For more complex enterprise or mission critical applications, a much deeper analysis of each CSP architectural differences is necessary to determine the optimal cloud solution. AWS and Azure are the two largest due to their broad range of service offerings and competitive pricing. They are starting to become the top two platforms that customers select for a multi-provider strategy to best match each application with the optimum solution and to help lower the risk of a vendor lock-in.