Evolving the ‘Lift and shift migration’ with Identity Management

Many cloud migrations are done with a lift and shift migration. Relocating legacy virtual machines or converting physical machines into a service providers virtual environment. This method is all about relocating the workload, and cost saving by removing the CapEx expense of physical infrastructure (Generally storage, compute and reduced network infrastructure) within the customer environment.

Service Providers are not evolving past this and continue to run large environments with multiple copies of the same server or application dedicated to each customer. Whilst this method will get some efficiencies for the Service Provider, if you are providing management to your customers as well, you still require the same amount of operational resources to manage it.

Let’s bring some numbers into the mix here, to help build out this story and give us some collateral to compare. If the service provider has 200 customers, and each customer has 2 Active Directory services each. The environment is now running 400 Active Directory servers. That’s 400 Microsoft Windows servers that need patching, monitoring, licensing.

A standard virtual machine deployment of a Microsoft Windows Server may be 1 vCPU, 4GB RAM & 40GB disk. Let’s multiply that out, 400 vCPU’s, 1600GB RAM & 15.6TB (16000 GB) disk. That’s a lot of resources for a Service Provider to manage, and a lot of operational costs to include in service cost modelling for recovery.

A typical Active Directory server provides Authentication services, and DNS. If we focus on both of these roles out and consolidated what are the benefits? Can this be cost efficient? Will customers consume these services in a different way? and as a different model?

Active Directory can be multi-tenanted to an extent by modifying the visibility mode, allowing more granular delegation of rights and access. We can also deploy multiple zones into DNS and use them for client authentication.

Depending on the size of your environment, you may be looking at 10 Active Directory servers to service your customers. 10 servers with the same configuration as above (1 vCPU, 4GB RAM and 40GB disk). I have a provided a brief table to outline the comparisons;

Per Customer Method Multi-Tenant Method
Server Count 400 10
vCPU 400 vCPU 10 vCPU
RAM 1600 GB 40 GB
Disk 15.6 TB 400 GB

Utilising the same conceptual method as physical to virtual (consolidation). The service provider is able to differentiate from Infrastructure as a Service, and add new service offerings to their Service Catalogue/Portfolio, Identity Management and DNS.

These new service offerings can be modelled using a different metric, which ‘may’ be more cost effective for the service providers customers. Selling Identity Management may become a Per User/Seat metric, and DNS may be priced based on zones.

For small to medium customers, consuming an Identity Management service may be ideal to reduce further operational expenses and also minimize the amount of infrastructure being looked after by the MSP further reducing cost. The table below compares additional expenses that you may be paying for per method.

Per Customer Method Multi-Tenant Method
Antivirus $10 Per VM ($4000) $10 Per VM ($100)
Monitoring Agent $5 Per VM ($2000) $5 Per VM ($50)
Backup Agent $25 Per VM ($10,000) $25 Per VM ($250)
Total Cost $16000 / $80 Per Customer $400 / $0.05 Per User & $0.5 Per DNS Zone

The example I have used above (to transform Active Directory) shows an easy way to transform a legacy service into a new service offering, reduce excess expenses for both the service provider and consumer and provide differentiation into the marketplace against competitors.

If you do not wish to build your own Identity Management service, consider others that are already out in the market today to help evolve your customers (Microsoft Azure Active Directory, Facebook, LinkedIn, Twitter, Google+).

Comments are closed