Federal agencies have clearly gotten the cloud memo. Agencies are storing and running more mission-critical workloads in the cloud than ever, typically relying on the “big three” federally authorized cloud providers. While there are undeniable benefits of running workloads in the cloud, agencies also have begun to experience the frayed edges, including unanticipated costs and performance bottlenecks. In many cases, these issues are a result of the way the first major cloud providers originally built their cloud infrastructure. At the time, the idea was simply to create as much efficiency as possible, which they accomplished by developing a model that shared servers among multiple parties. While this does increase efficiencies, this approach also can cause unanticipated latency.
During the first few years of cloud services, Oracle evaluated how the first-generation cloud performed, and then took a step back and redesigned its cloud offering from the ground up, taking the best of what existed and adding features and capabilities that would address the issues head-on. The result is Oracle Cloud Infrastructure(OCI), a FedRAMP-compliant second-generation cloud service designed to support high-performance, scale-up workloads of all types at the lowest cost possible. Agencies have begun to take note. The U.S. Treasury, for example, chose this path to reduce the costs associated with managing a massive shared services HR application in a private cloud. The agency migrated its HRConnect application to Oracle’s public government cloud with all customizations intact and ported the database itself to Oracle’s Database Cloud Service. The result has been millions in cost avoidance.
Evaluating the options
So how can you make sure your agency is using the right cloud for your mission-critical workloads? Before considering any features or specific cloud providers, the first step is truly understanding your workloads, says Clarke Colombo, director for enterprise cloud architects in Oracle’s Public Sector division. “It’s important to know exactly what makes up the application, along with its dependencies,” he explained. “If you don’t take time to do this first, you can run into unanticipated costs and other issues over time.” But that’s only the starting point.
There are plenty of other factors to consider, including:
- Performance: For mission-critical workloads, latency and speed issues simply can’t be tolerated. For the most performance-sensitive workloads, consider moving away from the typical cloud services model, where oversubscription can have an effect on performance, to one where a full core is reserved for each subscriber. That model, employed by OCI, has produced some impressive results. One test, for example, found that Oracle was up to five times faster than a leading competitor, with much lower latency at peak performance. When it comes to performance, faster is always better, but it’s not the only factor. It’s also important to be able to ensure predictable performance. Most cloud providers don’t guarantee this, but Oracle actually provides an SLA for performance, with penalties, as well as an SLA for manageability. It can provide these guarantees because of the way OCI is architected—especially its focus on off-box network virtualization. This approach puts the network virtualization layer in the hardware instead of the hypervisor, resulting in much better performance of servers running workloads, as well as the movement of data across the network.
- Cost: While the upfront costs of moving workloads to the cloud seem straightforward, hidden charges can add up. One example is egress charges—the fees cloud service providers charge for how much data is used versus how much data is stored—can add up. AWS, for example, begins billing per GB immediately, while Microsoft begins billing after the first 5GB each month, Colombo noted. Oracle’s fees start at 10TB per month, resulting in few, if any egress charges. For example, the Treasury Department’s HRConnect has never seen an egress charge. Overall, this approach reduces cloud costs dramatically; one report found that OCI can provide up to more than an eight-fold reduction in cost for a given amount of capacity.
- Ease of integration, migration, and implementation: Most agencies migrating workloads to the cloud have experienced bumps along the way as they need to re-architect applications to work in the cloud, which adds costs and risks. Agencies can avoid this by choosing a cloud infrastructure that enables applications and workloads to be “lifted and shifted” wholesale, without any changes, to the cloud. For example, Oracle has designed OCI to run applications identically to the way they run on-premises, eliminating the learning curve as well as migration frustration. Agencies also have access to a suite of OCI tools designed to help smooth and automate the process even further.
- Multilayered security: While all cloud service providers with federal customers have proven and certified security processes, there are differences in how effective these security measures can be. For example, although all cloud services providers use encryption, some go much further. For example, everything on OCI is FedRAMP authorized and encrypted to the FIPS 140-2 level—not only all data at rest but all data in motion. Agencies also should check that cloud services providers have designed their services with a defense-in-depth strategy—one that provides core-to-edge protection and shields all data traffic. OCI does this by isolating computer and network resources to ensure that personal data and traffic are shielded from other users. In addition, OCI employs data security, internal threat detection, and automated threat remediation.
Where to start?
When considering where to turn for cloud services, it’s often best to start with a service provider associated with the application you’re dealing with. If it’s a Microsoft application, start with Azure. If it’s an Oracle application, start with OCI. That’s the route the Defense Department took when migrating Oracle eBusiness Suite, the system that manages its financial and human resources data, to the cloud. It chose to migrate directly from its private cloud to Oracle’s DOD cloud, which is certified at the highest SRG DISA impact level. The U.S. Sentencing Commission, a bipartisan, independent agency, did much the same, migrating its Oracle Analytics Server from an on-premises environment to Oracle’s Commercial Region.
In addition to getting better performance and cost-benefit from applications, there are many other ways to get value from modern cloud services infrastructure. In the testing and development arena, for example, it’s not uncommon for agencies to spin up a dozen different development environments, each with full versions of applications and data. By moving the testing and development environment to the cloud, it’s much easier to spin up and shut down test and dev environments as needed. Many federal agencies, including the Department of Commerce, Health and Human Services, National Gallery of Arts, and National Academies of Science, already do this today using Oracle Application Express (APEX), a low-code application development environment built directly inside the Oracle database, in the cloud.
“Things have changed. There is no need to be locked into a cloud provider, pay more than you have to, or deal with substandard performance,” Colombo said. “There are so many possibilities with cloud services today, and it’s time to take a second look.”
