Archive for July, 2011

Recovery in the Cloud Boosts Hurricane Season Preparedness

Hurricane season brings into focus the need for companies to reexamine disaster recovery plans.  As we’ve been meeting with companies on how to prepare for the volatile weather season, we advise organizations to approach hurricane preparedness not as a reactive disaster recovery process but as the opportunity to manage a hurricane as a planned event. The plan process can benefit organizations not just on their worst day, in the wake of a disaster, but every day, by revealing critical gaps in the availability of production environments.

Unlike many other weather-related events, hurricanes have a relatively long warning time-frame, which can allow for the proactive relocation of people and corporate assets in advance of the storm rather than waiting for the worst to occur.

As part of hurricane preparedness, companies should examine the role cloud computing can play as a new platform for lower-cost applications recovery.  Infrastructure recovery is evolving to include a combination of physical, virtual and cloud components, allowing organizations to mix and match to meet specific needs of the applications and systems being recovered.  Incorporating this expanded range of options makes it more critical than ever to be sure your  recovery service provider has proven experience in handling real-life production operations along with designing high availability solutions and managing business continuity plans.

Additionally, recovery plans should include a process to guide operations in moving back to production systems from recovery sites following failures and disaster threats, such as after a hurricane passes.

What’s more, many businesses fail to take into consideration the time it takes to move recovered applications back to a production environment following a disruption. Automation capabilities, and careful sequencing of data resynchronization and service restart, are essential in speeding this process and minimizing the impact on business users.

Among the other drivers behind the trend toward recovery in the cloud are:

•Cloud-based recovery services utilize a shared, not dedicated, IT infrastructure which can help reduce customer costs of having additional capacity available when it is needed.
•Cloud computing provides a service pricing model so companies can ramp up capacity as needed during a hurricane response, without incurring added CAPEX.
•Fully-managed recovery services on a cloud platform can help reduce the cost and burden of recovery planning and testing during a disaster.
•Recovery planning and testing can reveal critical gaps in production environments and help close those gaps for improved daily operations.

What are your recovery plans during Hurricane season?

Designing for Failure Conditions

Today we hear from Chip Childers, product architect for SunGard’s Enterprise Cloud Services and partners with our product management and product engineering teams to drive the overall solution design of the service…CM

I’m a big fan of designing systems to deal with component failures. But let’s be honest, doing that perfectly is pretty darn hard.

In the research paper “Fundamental Concepts of Dependability,” all possible sources of fault conditions have been classified into 16 different categories. In another paper, “Software Architecture Reliability Analysis using Failure Scenarios,” an 8-step failure analysis process is proposed for how to understand a system’s potential failure conditions. All this is about identifying and classifying fault conditions—neither provides any design or logic to resolve the issues

I’m going to go out on a limb, and declare that nobody is doing that type of full and formal analysis for their cloud applications. (OK, perhaps somebody, but certainly not many.)

So that’s the problem in a nutshell. How can you really say that you have fully designed for failure, given all of the possible failure conditions? And for the 90% of the cloud platform population that just want to get their apps built, how much time should they really be spending on solving this problem? And what if you have legacy applications that can’t be designed in a truly “failure proof” way?

This is where an enterprise class cloud infrastructure comes in. An enterprise cloud has the resiliency, redundancy, data restoration, disaster recovery and security capabilities needed to keep your system secure and operating, and the enterprise cloud provider backs those capabilities with a Service Level Agreement. Further, an enterprise cloud also offers 24/7/365 management and monitoring of your virtualized infrastructure.

Failure can not be completely avoided, but you are better off knowing that the underlying platform design was build with resiliency in mind and that you have someone watching your back when things do go wrong.

To what extent could an enterprise cloud transform your company?

Visit our Cloud Solutions Center for videos, white papers and case studies about SunGard’s Enterprise Cloud Services.

DocuSign Bolsters Global Network Infrastructure with SunGard Hosting and Managed Network Services

When you support large financial companies, your data center gets audited. Period. It used to be that clients demanded the audit themselves. Now, with the passage of Sarbanes Oxley in 2002, the U.S. government requires audits on a regular basis. Every 3-party IT vendor for a financial company undergoes the same audit that the client undergoes for its in-house environment. It’s the law.

Another layer of regulations come into play if a 3-party IT-vendor handles records that contain electronic signatures, whether emails, contracts or faxes. Something called “SSAE 16 Type II” went into effect on June 15th of this year. It requires certain tested solutions have to be in place for the network, and practices, policies and procedures across the whole data center have to meet certain standards.

So, what if you’re DocuSign, the global leader in electronic signature technology for the financial industry, and you expect business to grow rapidly? A cloud infrastructure would be perfect to support that growth—technology ready when you need it without upfront costs. What’s not to love?

The catch is the cloud vendor has to meet the same 3-party IT-vendor regulations that DocuSign and DocuSign’s financial customers have to meet. None of this “it’s the customer’s responsibility to…” nonsense. DocuSign is not about to risk their 100% record for passing audits with their Fortune 500 clients or their 99.99% availability record.

Only an Enterprise Cloud with Internet and private fiber networks with managed network services and multi-location facilities that meet SSAE 16 Type II requirements can provide the security and stability they need.

And now you know why we at SunGard are so proud that DocuSign has signed with us.

Which of your applications could fit into an Enterprise Cloud?

Learn more about SunGard’s Enterprise Cloud Services

What does an Enterprise-Class Cloud Really Mean?

One of the most critical decisions a CTO can make is selecting the cloud environment for his or her company.  It is intimidating, complicated and crucially important.  When making that decision, it helps to know the attributes of the enterprise-class cloud, the “gold standard” for cloud computing.  Here are just a few.

Fully managed and Highly Consultative

By partnering with a leading vendor, you can leverage their IT expertise to architect the high-quality operations, recovery and business continuity processes your organization needs.  Their consultative approach helps to protect you from the many vulnerabilities experienced by companies acting without expert guidance.

An enterprise-class cloud is service-rich and supports fully managed operations for both cloud-ready and non-cloud-ready applications (which require dedicated solutions).  It comes with a holistic Service Level Agreements (SLA) that covers the complete environment—from performance levels for each component to 24/7/365 support, security, production processes, problem resolution steps and required staff certifications, along with ITIL, ISO9001 and governance procedures.


While the vBlock that underpins most enterprise-class clouds is highly resilient and redundant, it cannot prevent a server from crashing or a power outage from occurring.  Consequently, individual vendors are responsible for overall resiliency, whether that means automating failover capabilities or establishing integrated, multi-site, disaster recovery locations.  Similarly, vendors must specifically build into their offerings the security to monitor the access, use, disclosure, disruption, modification and destruction of data by users and programs.  It will serve you well to question potential vendors diligently about their resiliency capabilities.

Different Expectations for Different Use Cases
Different use cases require different levels of quality (reliability, up time, security, etc).  Once you define the requirements for your application, you can determine the price-performance trade offs your company can afford to make.  For example, a commodity cloud (like Amazon) offers:

  • Unlimited capacity,
  • Quick provisioning (turns on fast; shuts off fast.  Swipe your credit care and run your job),
  • Low cost and lots of control (e.g., root access and API-level access) and self-service.

However, the trade-offs include:

  • A weaker security infrastructure,
  • Little, if any, technical support (i.e.,  no consultation on set-up or phone support), and
  • No backup or disaster recovery plan except the one you devise and request.

Use cases for Amazon might include a test site or support for a start-up company that needs a cheap development environment with a high degree of control.

By contrast, an enterprise-class cloud (like SunGard’s) offers:

  • Consulting to assess and deploy applications wisely,
  • High-quality security, uptime and compliance,
  • High levels of customer support,
  • A service-rich environment,
  • Fully managed operating system and VMware for  provisioning, and
  • Architecture with built-in resiliency.

The trade-off for the enterprise cloud is that more time is required to move to the cloud.  Use cases include production environments that need security and compliance capabilities.

Not all clouds are created equal.  It pays to ask questions about every aspect of the cloud environment, carefully identify your company’s needs and match them to the capabilities of the vendor and make sure your SLA spells out the service levels you expect.

Does your company have service level requirements for your data center?

Download SunGard’s white paper,All clouds are not created equal.”

Hybrid Clouds — Use Cases and Considerations

Hybrid clouds are becoming more popular as companies seek to optimize their applications and data based on risk, architecture and business growth.  As a result, hybrid clouds are taking several different forms.

The Cloud as Partner

The most common hybrid cloud scenario is one in which a set of applications resides in the cloud with the remaining applications residing in the company’s on-site data center.  This arrangement enables the company to take advantage of the flexibility and cost-savings of the cloud where appropriate, while keeping control over more sensitive applications.

The Cloud as Proving Ground

Another use of a cloud is temporary workspace.  For example, developers can load an application into the cloud, add and test new features without affecting day-to-day operations.  Similarly, they can set-up a newly purchased application, say an ERP or document management system, run it, build it out and size it before moving it in-house.

The Cloud as Extra Capacity

Some companies use a cloud for burst capacity, letting sudden spikes in traffic call into action the additional resources of the cloud to ensure continuity of service.  In other cases, companies mirror their applications in a cloud to provide a hot, stand-by site.

Hybrid Cloud Considerations

Regardless of the type of hybrid cloud your company implements, certain considerations come into play, especially these.

Network connectivity. You will need to consider your connection, bandwidth, firewall requirements and how changes and upgrades will be handled between your on-site data center and the cloud.  You will probably need a Virtual Private Network (VPN) connection to the cloud to provide the level of security your company needs.  Today VPNs typically come in two types. Internet Protocol Security (IPsec) authenticates and encrypts data over the public internet, while Multi-protocol Label Switching (MPLS) VPNs are offered by carriers to provide companies with more secure, but still shared, private IP networks.

User Access. If you are using a Windows or Linux-based cloud, your user identification and authentication can remain the same, but you will need to take into account the fact that your cloud vendor may also have access to the severs they are operating for you.  Consequently, you will need to ensure that your vendor follows access policies that are acceptable to your auditor.

Data Migration.  For small applications, you can transmit your application and data over the network.  However, network transmission is too slow and lengthy for large application, so burning a disk and over-nighting it to the vendor is faster and more efficient for large data sets.

Your hybrid cloud strategy should support your business strategy.   Formulating the right cloud strategy can not only cut costs, but also bring the operational efficiencies and extra capacity your company needs to expand and grow.

How might your company initiate and evolve a cloud strategy?

For more information, visit our Cloud microsite



ZL Technologies Transforms Business Model with SunGard Cloud

ZL Technologies Transforms Business Model with SunGard Cloud

For the last 12 years, ZL Technologies, Inc. (ZL) has provided large-scale record-management services to top global institutions in the finance industry.  They are specialists in records management, archiving and e-discovery solutions.

ZL’s business has a number of unique characteristics.  For example, firms frequently need to search masses of historical emails for specific information for litigation.  Databases quickly grow as institutions generate more electronic data each day and regulations specify how long records are kept.  Regulatory requirements for security and governance are tight, and regular audits of IT-vendor processes are required.

To grow their business, ZL developed Unified Archive®, a new SaaS offering that leverages the cloud.  The cloud enables ZL to grow their business, as well as meet unpredictable customer demand, without the need to build and staff new, costly IT infrastructure.

ZL selected SunGard’s Enterprise Cloud Services, configured as an on-demand, fully managed, virtual private data center, to support its Unified Archive application.  This IaaS set-up provides multiple layers of protection, including redundant firewalls, segregated Layer 2 networking and integrated virtual private network (VPN) connectivity—all critical requirements for ZL.  Under SunGard’s managed services agreement, we will monitor, patch, backup, maintain and troubleshoot to reduce ZL’s provisioning and administrative burdens.

Stephen Chan, ZL’s co-founder, termed our Enterprise Cloud services “a highly secure and resilient platform, based on IT security best practices, and architected for compliance.”  He said we are helping them “break a major price barrier,” which will let them”reshape” the economics of their solutions.

Chen said he looked at a number of competing solutions, but found SunGard’s to be the best fit for making their SaaS business model work. Also, flexible and elastic pricing, which turns IT infrastructure into an operating expenditure rather than a capital expenditure, were essential.

ZL is a great example of how a company can transform their business using the cloud.  We welcome them as a new client.

Does your company have special regulatory and security needs that could benefit from SunGard’s Enterprise Cloud offering?

Visit SunGard’s Cloud Computing Microsite for videos, case studies and a host of cloud computing information.

Unified Archive is a registered trademark of ZL Technologies