Compare the Costs and Advantages of Cloud, Hybrid, and On-Premises

As new technologies and opportunities present themselves, businesses and other organizations must constantly evaluate how to invest their time and resources. In this section, you’ll review the advantages of pursuing different deployment models.

Cloud Deployments

You already know how cloud computing can help reduce costs in maintaining your files and data, while also making them easier to access. Now, imagine that at the enterprise level, where an information technology (IT) department has to support thousands of users and their data, they have a lot more to worry about than just cost and accessibility. Companies use a lot of applications and data as integral parts of their operations.

Important organizational data assets can include content that could be categorized as personally identifiable information (PII), personal health information (PHI), or intellectual property (IP). Not only must organizational data protection requirements be met, but also regulatory requirements governing many types of financial or personal data must be adhered to. Cloud service providers build infrastructure to address these important needs and considerations.

Adopting cloud computing architectures can provide a lot of benefits to an organization. Some of the benefits of a cloud-centric deployment are that it is the following:

• Cost-effective
• Scalable
• Quick
• Reliable
• Secure
• Current

The next sections will look at each of the benefits in more detail.

Cost-Effective

In many cases, cloud services can help save a lot of operating IT costs. Usually, businesses allocate a budget on a yearly basis. This may or may not work out, depending on market changes or large unplanned increases or decreases in business volume (which then may dictate staffing numbers and investment in supporting equipment). Since Microsoft 365 is a subscription-based service, it is easy to predict how your business expenditure may increase or decrease based on the number of users you need to purchase licenses for.

Business expenditures typically fall into two categories:

1. Capital expenditure or capital expense (CapEx): This is an upfront cost, such as purchasing a server, a desktop computer, or a network switch. CapEx is frequently connected to physical items. Additionally, CapEx is typically amortized over an ownership period.
2. Operational expenditure or operational expense (OpEx): By contrast, this is an ongoing or recurring cost, such as maintenance or subscription fees, or other operating costs, such as electricity. Microsoft’s cloud offerings fall into the OpEx category.

The MS-900 exam will contain questions about both types of expenditure, so make sure you are familiar with this vocabulary.

In terms of cloud services’ cost-effectiveness, consider this: on-premises infrastructure requires purchasing and maintaining CapEx such as hardware, building space, security systems, and a host of other items. To that, add OpEx, such as salaries or expenses for engineers, consultants, project managers, as well as electricity, and cooling, that are necessary to support the infrastructure. Organizations frequently have trouble determining how much equipment to purchase, especially if their business model has large activity swings. An organization might have to purchase an incredibly expensive and powerful system to ensure it can meet a peak demand or load situation that might only occur once a month or once a quarter, resulting in a system that will likely sit underutilized much of the time.

If you want to fulfill a demanding need with a cloud services model, you can rent capacity from a provider as you need it. With a subscription such as Microsoft 365, if your organization brings on seasonal workers, depending on your license agreement with Microsoft, you may be able to increase or decrease the number of licenses as your headcount changes. You’re only paying for what you need.

Scalable

Cloud service providers typically allow you to immediately increase or decrease resources or services, depending on the demand.

Consider the following examples:

• You host a website and, based on your usage metrics, you know that the busiest time is 9 A.M. – 5 P.M. during weekdays. During the weekend, however, it is much less active. In this instance, you want to make sure you have enough servers or service instances to support your website visitors during specific busy times. You also want to decrease the server capacity outside of the busy hours to match your business demand. With the scalability of cloud services, you can meet the demand quickly and flexibly while maintaining minimal expenditure during off-peak times.
• You own a retail sporting goods store. You have estimated that you will need 10 seasonal workers on the floor to help assist shoppers. All your staff need basic email, so you choose to provide everyone with Microsoft 365 Frontline Worker F1 licenses. Due to an upcoming winter festival and extended holiday season, your store is busier, and you need to hire more workers. You can simply add additional F1 licenses to provide the new hires with emails without having to invest in additional infrastructure or other resources.

In both of these examples, you can use the flexibility of cloud services to scale and meet your organization’s demand.

Quick

Scalability is a key differentiator of cloud services, but it’s not very useful if it can’t fit your business’s schedule. It’s critical to be able to quickly scale up or down:

• Cloud services enable you to quickly scale up your demand for website hosting resources to meet your peak load times, as well as to scale down when you don’t need the capacity. This frees your organization from having to spend capital on server, storage, or networking equipment.
• As your organization needs email for additional staff, you can quickly add licenses in the Microsoft 365 admin portal and have mailboxes available for them almost immediately.

The speed of scalability is an important factor in evaluating cloud services for your organization.

Reliable

As a consumer, you expect services you access on the internet to be accessible when you want them. As a business customer, you demand reliability for your cloud services to ensure that your organization can continue to operate fully, whether that’s internal operations, hosting e-commerce sites, or another public-facing service.

Resiliency, recoverability, and disaster recovery are high priorities in a cloud service provider’s infrastructure design, which is why providers typically rely on a blend of highly available infrastructure designs. These architectures can include network load balancing, data replication, redundant hardware, multiple network paths, and data backups. In addition, service providers publish Service-Level Agreements (SLAs) that outline their commitments and responsibilities in this regard (for more on Microsoft 365’s SLAs, see Chapter 13, Identify Support Options for Microsoft 365 Services).

Data Resiliency in the Cloud

To read more about Office 365’s data resiliency policies and procedures, please visit https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-data-resiliency-overview.

When looking for cloud service providers, ensure that they are committed to providing a level of availability that meets your business requirements.

Secure

Security in this context addresses multiple concerns, both physical and logical.

From a physical security perspective, cloud service providers equip their data center facilities with hardware such as cameras, gates, locks, and equipment cages. They will also implement personnel and procedures, such as guards and identification verification, to ensure only people who legitimately require access are allowed into the facilities. Some facilities even use X-ray machines, mantraps (interdependent locking and unlocking door systems), and biometric measures (handprints, retina scans, or fingerprints) at multiple stages to detect unauthorized individuals and prevent them from accessing a facility.

Securing the Physical Side of the Cloud

You can learn more about the security measures Microsoft implements at its data center facilities at https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security.

Just as importantly, computing service providers secure electronic data. To ensure the utmost security, providers implement multiple layers of logical security, including secure protocols and encryption to protect data that is both at rest (sitting on physical media) and in transit (as it is being transmitted between endpoints). These security measures help prevent unauthorized access to data. In the event of breaches of physical security, cryptographic technologies can be used to prevent attackers and thieves from accessing the contents of stolen equipment.

Microsoft uses multiple logical security layers to protect data on disks and other media, as well as data being transmitted between servers, data centers, and end users.

Under Lock and Key

You can learn more about the security tools Microsoft uses in its environment at https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-encryption-in-the-microsoft-cloud-overview.

Up to Date

Cloud services are evergreen, meaning they are constantly under development and improvement. Both security updates and feature updates are constantly developed and deployed. In more traditional on-premises approaches, you might wait for security updates to be deployed at monthly, quarterly, or even yearly frequencies. You would have to wait for the release of a security or feature update, spend the resources deploying the update, and then test it. On the other hand, cloud service customers can focus on other operations, knowing that their environment is being maintained as part of their provider’s commitment.

Features or new tools are made available to customers automatically, rather than requiring them to go through the process of reviewing, deploying, and potentially integrating features.

When using cloud computing services, organizations can spend more of their valuable resources driving or transforming the business, as opposed to just keeping the lights on.

You’ve gone through the six main benefits of cloud computing: cost-effectiveness, the ability to scale, speed, reliability, security, and always being current with the latest releases. In the next section, you will explore some use cases for cloud computing.

Hybrid Deployments

Many organizations choose to initially start off with hybrid deployments due to the existing infrastructure investments or contracts that they already have. Hybrid cloud deployments allow organizations to adopt cloud services at their own pace, giving staff ample time to ramp up on new skills required.

If configured appropriately, organizations can slowly transition on-premises or private cloud workloads to a public cloud service with little to no service interruption. Organizations can also start new projects on a cloud service or platform and leave their legacy private cloud or on-premises infrastructure in place rather than migrating it, letting it retire, or decommissioning it when it is no longer valuable or useful.

While being able to bridge the public and private cloud models has some advantages, it does introduce complexity. Having applications, services, or data split between two locations can introduce confusion and can be a disadvantage for hybrid cloud customers. This complexity can affect both the user and administration experiences, so it’s important to architect hybrid cloud solutions in a way that directs users and administrators to the correct resources.

On-Premises Deployments

Private cloud (or on-premises deployments) is the most traditional deployment model.

When building and deploying an on-premises or private cloud solution, you can easily restrict access to the network to only employees or business partners. This level of control is a draw for many organizations.

One of the benefits beyond access control and overall ownership is the ability to support unique business needs, such as legacy applications or particular regulatory and compliance requirements. With an on-premises or private cloud solution, you control the storage of all the sensitive data in a data center you manage. You can also maintain physical access to the data center and audit who goes in and out—something that isn’t typically allowed with public cloud services. Private cloud deployments allow you to have much more control over your environment. You can implement an unlimited number of security procedures and protocols, and you can customize as much as you need, so long as your budget allows for it.

However, some of these advantages can also become drawbacks. For example, owning your hardware and software means you have the utmost physical control over it. It also means that you must secure the upfront financing to purchase the equipment and support contracts, which can influence your ability to deliver the finished product to your organization. Depending on your organization’s timelines and objectives, you may need to budget time for internal procurement, external financing, delivery, installation, and configuration.

Outside of the physical procurement and deployment concerns, you also need to consider security requirements when building private cloud solutions. If your organization doesn’t already have security access controls, governance protocols, and technology, you may need additional investment in remote access and networking technologies. If your private cloud will communicate externally with partners, vendors, or customers, you may also need to expand your network communications capacity with additional circuits or network capacity, as well as staff or consulting resources to design and implement both the policies and technology.

Availability and redundancy are two additional key concerns for private cloud solutions that organizations must consider. If the private cloud is going to house business-critical data to support operations, you’ll likely need to evaluate, purchase, and configure options for fault tolerance inside your data center, as well as geographically separated sites and external network redundancy to ensure business operations continue in the event of localized outages or disasters.

Choosing the Right Model

When organizations are evaluating what models to use, they frequently try to determine the Total Cost of Ownership (TCO) and Return on Investment (ROI).

When computing the TCO, organizations will likely consider both CapEx and OpEx costs over a fixed period of time to help guide the decision-making process. For example, if the business is estimating costs for the next five years, it would typically include the asset costs (servers, switches, computers), labor costs (developers, administrators, architects, project managers, support staff), and recurring costs (electricity and other utilities, facility lease, insurance, software subscriptions, and support agreements) for each plan and then make a value determination.

When determining the ROI, organizations will calculate the estimated dollar benefits for scenarios and evaluate those benefits against the costs.

Both types of calculations are important factors in organizations choosing one deployment model over another.