Melpomene - Fotolia
Self-service provisioning is a key trait of cloud computing. But to prevent the risks that come with that model -- such as shadow IT -- admins need some level of control. The answer for many IT shops is a cloud provisioning portal.
But how exactly should cloud administrators build and support that portal? It takes the right mix of technology and policies, according to experts.
Buy vs. build your cloud provisioning portal
One of the biggest motivators for cloud is improved business agility through self-service, and a cloud provisioning portal -- sometimes known as a catalog -- helps make that happen. Some portals live on premises, while others are SaaS-based, and organizations can choose to buy one or build their own. In either case, that portal should integrate with APIs and major cloud provider platforms.
Most cloud vendors have a default standardized catalog, or customers can pick and choose offerings, said Lauren Nelson, private infrastructure as a service cloud lead at analyst firm Forrester Research.
Karolyn Schalkcloud and cognitive solutions advisor, IBM
That ability to customize your self-service portal is important, since organizations have multiple kinds of users. Especially for developers, there is no single or typical portal.
"We look at the range in our research," Nelson said. "Some of those developers will want to employ containers to accelerate test and development and they usually want to have control over the choices made when provisioning." It's best to have the flexibility to craft your own cloud self-service options to fit the unique needs of your users.
After admins build or buy a cloud provisioning portal, the work doesn't stop there.
"That still leaves the implementation of many specific processes and policies for companies to handle," said Rodrigo Flores, managing director of product innovation, architecture and management at Accenture, an IT consultant and integrator.
The Cloud Standards Customer Council (CSCC) offers some specific advice on self-service cloud provisioning portals. In a recent report on hybrid cloud, the CSCC suggested admins need to consistently maintain any catalog content that describes cloud offerings, including links to company policies and other guidance. It is incumbent on the organization itself to ensure that any services it makes available to users meet corporate requirements.
Karolyn Schalk, a cloud and cognitive solutions advisor at IBM, who coauthored the report, explained that it is easy to rush into self-service because it can reduce the load on IT staff. However, she warned, admins must continuously monitor the self-service process.
"[Self-service provisioning] could reduce the load on your staff now, but end up creating a mess later," Schalk said.
A cloud provisioning portal must offer access to services and enforce policies, Flores agreed. For example, before users provision a VM, they should have to take certain steps, such as naming that resource with an agreed-upon convention.
"Otherwise, what you get from the cloud provider is just some mysterious combination of letters and numbers that doesn't tell you much," he said.
Admins can also enforce policies for resource consumption. After provisioning a resource, a portal could enforce helpful practices, such as backup and monitoring, or enrolling the resource in the configuration management database to help admins keep track.
In addition, rather than count cloud instances, admins should insist that users adhere to a budget -- and ensure they receive warnings when they near their spending limit.
Help users avoid the shadow IT temptation
After admins set up a cloud provisioning portal and enforce usage policies, they still need to convince people to use it. Even organizations with solid cloud self-service portals still have a problem with shadow IT, Flores said.
To combat this, IT teams again need to recognize that there are multiple types of potential users. Developers will most likely want the most direct access to resources, and want to operate through a continuous integration/continuous delivery mechanism so they can implement changes multiple times each a day.
On the other hand, typical enterprise end users might value more simplicity, and only need to deploy changes quarterly. Once IT teams recognize those different needs, they can find the right balance between freedom and control for each user type.
For either group, complex approval processes tend to be self-defeating, and often encourage more shadow IT. Try to keep things as simple as possible.
"Don't make a five-minute process into a week-long process," Flores said.
Optimize your self-service portal for private cloud
Compare and contrast cloud provisioning and orchestration
Avoid overprovisioning in cloud computing