How dual-speed IT impacts private cloud architecture

An intriguing insight / hypothesis from Gartner is that IT can be more successful when it clearly demarcates ‘agile’ IT and ‘traditional IT”. According to Lydia Leong:

Traditional IT is focused on “doing IT right”, with a strong emphasis on efficiency and safety, approval-based governance and price-for-performance. Agile IT is focused on “doing IT fast”, supporting prototyping and iterative development, rapid delivery, continuous and process-based governance, and value to the business (being business-centric and close to the customer)

The idea is that “agile” IT is better served with cloud : either IAAS or PaaS while traditional IT could stick to their knitting and do business as usual. At some point, agile IT figures out how to do ‘cloud’ right and helps the other gang adopt the cloud. Of course, there’s dissent: Simon Wardley argues for trimodal IT, with the middle group mediating the extremes.

Lydia goes on to argue that:

Bimodal IT also implies that hybrid IT is really simply the peaceful coexistence of non-cloud and cloud application components — not the idea that it’s one set of management tools that sit on top of all environments.

Non-cloud application components are (my guess here) the domain of traditional IT, cloud application components are the domain of agile IT. The dichotomy also argues for 2 types of infrastructure: cloud and non-cloud.

A somewhat unrelated insight comes from Geoffrey Moore, that there’s 2 kinds of IT systems: Systems of Record (“Enterprise IT 1.0”) and Systems of Engagement (“the next stage of IT”). Systems of Record are:

global information systems that capture every dimension of our commercial landscape, from financial transactions to human resources to order processing to inventory management to customer relationship management to supply chain management to product lifecycle management, and on and on

Systems of engagement by contrast:

the focus instead will be on empowering the middle of the enterprise to communicate and collaborate across business boundaries, global time zones, and language and culture barriers, using next-generation IT applications and infrastructure adapted from the consumer space.

Systems of Record are the cost of doing business. They need to be highly optimized, low risk, rock solid and rely on a processes such as six sigma to deliver the quality and efficiency demanded by business. It is unlikely that these will be moved into the cloud in the near future.

The hypothesis (mine) here is that the systems of record are hosted on traditional IT / non-cloud infrastructure and private/public cloud hosts the systems of engagement.

Obviously the newer systems of engagement whether deployed on private clouds or public clouds may need access to the data held by the system of record.

If you have a private cloud for agile/systems of engagement, then the interaction looks like this:

Slide1If you use a public cloud for your systems of engagement, then it looks like:


Yet another way to look at it might be the “pets vs. cattle” schema.


Public clouds make this interconnection “easy” by providing required infrastructure. For example, AWS provides VPN Gateway and AWS Direct Connect. These facilities allow applications hosted on instances in the AWS cloud access resources that are “on-prem” (and vice-versa).

Theoretically the interconnect should be dead simple in the private cloud case. After all both parts of the infrastructure are hosted on the same local network infrastructure; presumably a single administrative domain. Complications can arise from:

  1. Business needs
  2. Artifacts of the private cloud implementation.

First the business needs: integrating systems of record and systems of engagement often involves crossing security boundaries: the former is guarded like Fort Knox; the latter has more fluid requirements. So, the solution might involve for example, inserting security devices in the path.


The challenge is that the system on the right is extremely fluid: the network is constantly being reconfigured. Each change in the right might require changes in the security devices. The required level of network automation (to automate the security policy) is an unseen cost of implementing this architecture.

Private cloud networking brings its own complexities: it is often the most challenging part of implementing a private cloud. While the private cloud software stack might provide a solution that works within the cloud, it won’t provide a solution for the security policy automation problem mentioned above.

Bimodal IT is an interesting idea but can lead to ‘gaps’ between the modes, including the infrastructure domain. In a future post I hope to convince you that Apache CloudStack has some tricks up it’s sleeve to solve some of these problems.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s