When the G-Cloud framework was introduced back in spring 2012, its core aim was to shake-up government IT procurement, so that high-value, multi-year hardware contracts awarded to the same old big-name enterprise suppliers became a thing of the past.
Backed by a Central Government-wide cloud-first mandate, the public sector was actively encouraged to use the framework to source cloud-based alternatives to on-premise technologies via the Digital Marketplace (formerly known as CloudStore) and a much larger pool of suppliers.
Initially, supplier contracts were only allowed to last 12-months, to prevent the public sector from falling back into buying habits synonymous with the old way of doing things, but this was later extended to two years.
It was a move that was warmly welcomed by users at the time, as it meant buyers could avoid having to retender for services so frequently, which some suppliers had flagged as a barrier to G-Cloud adoption within certain quarters of the public sector.
Against this backdrop, it’s not difficult to see why the Crown Commercial Service’s (CCS) new 20% rule around G-Cloud contract extensions seems to have caused so much upset within supplier circles.
The regulation, which is set to be introduced when the seventh iteration of G-Cloud goes live on 23 November, means framework users will be forced to retender if they want to use more of a certain service if their proposed contract extension looks set to exceed 20% of their original procurement’s value.
To avoid this, buyers would have to work out in advance how their use of a particular cloud service is likely to take off within their department over the course of the two-year contract, which could lead to over-provisioning and surplus IT being procured, it is feared.
This, suppliers argue, is at direct odds with the pay-as-you-go ethos of both G-Cloud and cloud computing, more generally, and harks back to the dark days of government IT procurement.
“As part of a G-Cloud procurement, buyers should always work out the ‘cost of success’ when they are shortlisting and selecting their cloud providers,” John Glover, sales and marketing director at G-Cloud provider Kahootz told Ahead In the Cloud (AitC).
“For example, if a project team initially only need to consume 100 users, but expect to expand that to 2,000 over the contract term, that should be factored in.
“But, to ask them to now order and pay for 2,000 users upfront takes us back to the bad old days when public sector organisations committed large sums of capital on ‘shelfware’,” he added.
Why is it being introduced?
When pressed as to why the measure is being introduced, the Cabinet Office fed Computer Weekly a wooly line about how the government is “always improving the framework to make it easier for suppliers and buyers,” before confirming that it will be carefully considering any feedback it receives on the matter.
The insinuation, though, that the 20% cap could be considered an “improvement” would undoubtedly be contested by Kahootz, and many others within the G-Cloud community who have already taken steps to make the Cabinet Office aware of their disapproval.
For example, G-Cloud suppliers Skyscape Cloud Services and EduServ have both put their misgivings about the rule change in writing to the Cabinet Office, while the G-Cloud working group inside trade association EuroCloud UK issued a statement this week, expressing its concerns.
It is a shame the Cabinet Office hasn’t revealed more at this time about the motivation for the move, as every supplier AitC has spoken to seems at a loss to explain it, although they have their theories.
EuroCloud UK, for instance, floated the idea that the rule could be the result of people unfamiliar with the origins of G-Cloud, but with a stake in government procurement, getting involved.
While others have apportioned blame to the recent tightening up of the EU Procurement Regulations around how much variance is permitted within contracts once they’ve been agreed.
Where this theory falls down slightly is around the fact these regulations permit contract variations of up to 50%, which raises further questions about why CCS is intent on enforcing a cap of 20%?
Whatever the reason, given the furore the move has caused so far, there’s every chance CCS and The Cabinet Office will backtrack, given their willingness in the past to tweak the workings of the framework in response to supplier and buyer feedback.
Whether or not they would be able to revoke the 20% rule before G-Cloud 7 goes live is doubtful, but if they choose not to now or in any future version iterations, they might have something of a revolt on their hands.
AitC has already heard from several suppliers who’ve said, while G-Cloud 6 continues to run, they’ll be pushing that to buyers as their preferred framework until it ceases to exist in February 2016. Admittedly, that hardly constitutes a long-term solution to the problem.
What’s at stake?
A lot of those who’ve voiced their opposition to the changes have shared the same concern that the introduction of the 20% cap could end up undoing all of the good work the Cabinet Office has achieved with G-Cloud to-date, and ultimately put the public sector off using the framework at all.
The amount of money spent via the framework since its creation now stands at £806m, with £53m of that attributable to the volume of transactions that took place in September alone. And it would be a shame if all the momentum it’s generated so far were to go to waste.
Particularly when the success G-Cloud has had to date seems to be gaining wider industry recognition, and reports continue to circulate about how other European countries are looking to emulate the model for their own public sector IT procurement needs.
So, here’s hoping the Cabinet Office is taking notice of what suppliers have to say on this matter, as The Digital Marketplace won’t work without them.
In this guest post, J. Tyler Rohrer, co-founder of Liquidware Labs, explains how the use of cloud apps can help user solve end user computing scalability issues.
We are about to enter the golden age of end-user computing (EUC), with the concept now blossoming out of the legacy client-server model and into one that is mobile, cloud, and application-centric.
The explosive growth of mobile tablets, phablets, smartphones, ultra-books, laptops, semi-reliable wireless, mobile networks and cheaper, more intelligent storage (coupled with a rise in cloud services and modern apps) is incredible.
There are some niche offerings, like application virtualisation, application layering, VDI, Desktops-as-a-Service, Storage-as-a-Service, and Enterprise Mobility Management (EMM) – but these are incremental.
These still, for certain use cases, bump up against the limits of the laws of physics like that nasty speed of light latency constraint. And not just in network performance terms, but application response times, storage retrieval times but also the very nature of Moore’s law itself.
What’s the problem?
In the past, Moore’s law was an incredible benefit to most modern desktop administrators. We could rest assured that computing power would nearly double every 18 months, while the cost of that compute would be halved.
However, in our rush to throw progressively less expensive yet powerful hardware at most problems, we created an even larger web of intricacy. We created a topology that – while logical – lacked scale.
The tentacles of our client-server networks sprawled. Most user devices were (and still are) incredibly “stateful” – with proprietary configurations, sensitive data, and tuned applications delicately installed on commodity-class hardware.
In a thought, scale got away from us. The larger our deployments got, the more acutely painful the weight of this scale on our operations and systems management became.
Sure, we bought tools that patched the holes, rather than filled them. While somewhat tenable in the campus environment – laptops and mobile “off network” computing was a target for both accidental and malicious data (IP) loss and risk.
Because we had varying user types with different machines, images, applications, printers, and policies, we tended to have a one-to-one relationship with each desktop – or better yet, something that automated remedial tasks.
While these tools boosted productivity somewhat, the lag to buy, image, provision, and deploy a new laptop, desktop or whatever, was still measured in days or hours at best.
And while we mention security above in the context of risks and attacks, the fact the majority of our corporate IP rests on commodity-class hard drives today, that are not backed up upon each write, could be catastrophic.
What we need to work out is how to create and deliver productive and secure workspaces for our end users, while getting scale to work for and not against us.
Stateful computing was a worst-case scenario in the past. A user might need an app, large storage, lots of memory, and – so – we gave it to them. It was cheap and promised to get cheaper. But all that “state” is what we are fighting now.
With the rise cloud apps, very little “state” now resides on devices, particularly where smartphones and tablets are concerned.
For that reason, I think what we shall soon find is the operating system – whether it’s Windows, Android, OS X, iOS, or Linux doesn’t really matter when you reach a truly stateless workspaces.
The “cloud” however ushers in an entirely new way of thinking about client-server computing. Instead of long distance connections, we have a fabric.
The things we need are, or can be, a click away so the idea of having them installed becomes archaic. All this “state” being removed from the device now lives as a service, distributed across this cloud fabric, for use when, where, and as needed.
So it’s the availability of a potential service I might one day need that is the solution.
And with global replication via cloud services, web-scale file systems, and hybrid models – the latency that punished the client-server architectures of old is minimised and architected around.
We see projects like Citrix Workspace Cloud, VMware Project Enzo, Amazon Web Services and Microsoft Azure, metadata rich file systems like Nutanix Medusa, and workspace tools by my company Liquidware Labs all tackling this challenge of wrangling scale back into Pandora’s box on both large and individual user levels.
We are all very, very close. While the combination of these technologies will be relegated to specific use cases for the next few years – we will see convergence of x86, cloud, and mobile into single platforms.
And while we will continue to have rich and robust local processing, graphics, input, and display technologies at our fingertips our “state” will live in clouds.
The proposed Dell-EMC merger was always going to be a major talking point at VMworld in Barcelona, given news of the deal was confirmed on the eve of this year’s show.
In this guest post, Rafi Azim-Khan, head of data privacy in Europe at legal firm Pillsbury Law, explains how the cloud provider community can side-step the European Court of Justice’s Safe Harbour verdict.
The European Court of Justice (ECJ), in response to a case brought by Austrian student, Maximilian Schrems against Ireland’s Data Protection Commissioner, has confirmed the current Safe Harbour system of data-sharing between EEA states and the US is invalid. A conclusion that looks set to have a widespread economic impact, given just how many businesses rely on Safe Harbour to transfer and handle data in the US.
The Court has ruled that Facebook should not have been allowed to save Schrems’ private data in the US and this is – essentially – a formal confirmation of what has been growing criticism of the scheme over a period of time.
The million dollar question is now: where does this leave US companies who heavily rely on Safe Harbour? And what about US cloud providers who are yet to build a European datacentre?
The facts of the matter
To re-cap, this case has arisen from proceedings before the Irish courts brought by Schrems, in which he challenged the Irish Data Protection Commissioner’s decision not to investigate claims that his personal data should have been safeguarded against security surveillance by the US intelligence services when it was in the possession of Facebook.
The claim was brought in Ireland, as Facebook’s European operations are headquartered there, but was referred up to the ECJ.
So, given the serious question marks that loom over the future of Safe Harbour and the threat of significant new fines under the imminent General Data Protection Regulation, what should US businesses, including cloud providers, look to be doing now to avoid having to process their data in the EU?
Handily, there is another legal mechanism that they can turn to.
Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the EEA to their affiliates located outside of the EEA in a compliant manner.
BCRs are increasingly becoming a preferred option for those who have a lot of data flowing internationally and wish to demonstrate compliance, keep regulators at bay and prepare for a world without Safe Harbour.
Companies who put BCRs in place commit to certain data security and privacy standards relating to their processing activities and, once approved, the “blessed” scheme allows a safe environment within which data transfers can take place.
BCRs also have material long-term benefits in the sense that some upfront work, via preparing and submitting the application, should reduce risk of fines and undoubtedly position an applicant in line for a privacy “seal” once the new EU Data Protection Regulation is introduced.
Model contract clauses, which can also be used to “adequately safeguard” data transfers from Europe, also present themselves as a safer route to ensuring compliance compared to Safe Harbour as things stand.
However, they do have a number of drawbacks compared to BCRs, including inflexibility, large numbers of contracts being required in large organisations and the need for regular updates.
Post-Safe Harbour: Next steps
In short, any US companies, whether big brands or smaller enterprises, that have existing EU offices, customers, marketing or business partners, as well as those which are yet to build an EU datacentre, would be well advised to reassess their procedures, policies and documents regarding how they handle data.
The storm of new laws, much higher fines and enforcement, with more due shortly when the final draft of the new EU Data Protection Regulation is published, means it would be a false economy not to act now and seek advice.
Boosting the take-up of cloud services across Europe has been the mission statement of both public sector and commercial organisations for several years now.
From the latter point of view, HP has been actively involved in this since the formal launch of its Cloud 28+ initiative in March 2015, which aims to provide European companies of all sizes with access to a federated catalogue that they can use to buy cloud services.
If you’re thinking this sounds spookily like the UK government’s G-Cloud public sector-focused procurement initiative, you would be right. The key principles are more or less the same, except the use of Cloud 28+ isn’t limited to government departments or local authorities. It’s open to all.
That message – during the two years that HP has been talking up its efforts in this area – doesn’t seem to have reached everyone, though, particularly the providers one would assume would be a good fit for it.
Namely, the members of the G-Cloud community, who are already well-versed in how a setup like Cloud 28+ operates, and what is required to win business through it.
However, several key participants in the government procurement framework have privately expressed misgivings to Ahead In the Clouds about whether HP would welcome their involvement because they don’t use its technologies to underpin their services.
Similarly, some said they weren’t sure how they feel about hawking their cloud wares through an HP-branded catalogue, or if it would mean sharing details of the deals they do through Cloud 28+ with the firm.
The latter has been a long-held concern of cloud resellers, because – once the maker of the service you’re reselling access to knows whose buying it – what’s to stop them from cutting you out and dealing with them direct?
All these points HP seemed intent on addressing during its Cloud 28+ in Action event in Brussels earlier this week, which saw the firm take steps to almost distance itself from the initiative it is supposed to be spearheading.
As such, there were protestations on stage from Xavier Poisson, EMEA vice president of HP Converged Cloud, about how Cloud 28+ belongs to the providers that populate its catalogue, not to HP, and how its future will be influenced by participants.
The attitude seems to be, while HP may have had a hand in inviting people to the Cloud 28+ party, it’s not going to dictate who should be invited, the tunes they should dance to or what food gets served. It’s simply providing a venue and directing people how to get there, before letting everyone get on with enjoying the revelry.
From a governance point of view, it won’t be HP calling the shots. That will be the job of a new, independent Cloud 28+ board who made their debut at the event.
On the topic of billing, the firm made a point of saying users won’t be able to pay for services through Cloud 28+, and that it will – instead – rely on third-parties to handle the payment and settlement side of using the catalogue.
For those worried that being a non-user of HP technologies could preclude them from Cloud 28+, the news wasn’t so good.
As it emerged that providers will have one year from joining Cloud 28+ to ensure the applications they want to sell through the catalogue run on the Helion-flavoured version of OpenStack. A move, HP said, is designed to guard users against the risk of vendor lock-in.
Even so, given the firm spent the majority of the event trying to play down its role in the initiative, it’s a stipulation that might leave an odd taste in the mouth of some would-be participants and users. Especially in light of the uncertainty over just how open vendor-backed versions of OpenStack truly are.
HP said this is an area that could be reviewed later down the line by the Cloud 28+ governance board, but it will be interesting to see (once the initial hype around its launch dies down) if this emerges as turn-off for some potential participants.
Opening up Europe for business
Admittedly, it would be short-sighted of them to dismiss joining Cloud 28+ out of hand on that basis, in light of the opportunities it could potentially open up for them to do business across Europe.
While the European Commission has stopped short of endorsing the initiative, it has acknowledged what Cloud 28+ is trying to do shares some common ground with its vision to create a Digital Single Market (DSM) across Europe, and might be worth paying attention to.
If Cloud 28+ emerges as the preferred method for the enterprise to procure IT, once the preparatory work to deliver the DSM is complete, for example, the Helion OpenStack requirement would pale in significance to the amount of business participants could gain through it.
Measuring the success of Cloud 28+
While Cloud 28+ is still under construction, it’s only right the focus has been on the provider side of things, because – without them – there is no service catalogue.
HP is preparing to go-live with Cloud 28+ in early December at its Discover event in London, and Poisson said the “client-side” of it will become a bigger focus after that, so it’s likely we’ll hear some momentum announcements around end user adoption in the New Year.
But, until there is a sizeable amount of business transacted through the catalogue, or some other form of demonstrable end user interest in it, there will remain a fair few providers who won’t get why its worth their while to join.
In this guest post, Frank Denneman, chief technologist of storage management software vendor PernixData, sets out why datacentre management could soon emerge as the main use case for big data analytics.
IT departments can sometimes be slow to recognise the power they yield, and the rise of cloud computing is a great example of this.
Over the last three decades IT departments focused on assisting the wider business, through automating activities that could increase output or refine the consistency of product development processes, before turning its attention to the automation of its own operations.
The same needs to happen with big data. A lot of organisations have looked to big data analytics to discover unknown correlations, hidden patterns, market trends, customer preferences and other useful business information.
Many have deployed big data systems, forcing end users to look for hidden patterns between the new workloads and consumed resources within their own datacentre and see how this impacts current workloads and future capabilities.
The problem is virtual datacentres are comprised of a disparate stack of components. Every system is logging and presenting data the vendor seems appropriate.
Unfortunately, variations in the granularity of information, time frames, and output formats make it extremely difficult to correlate data and understand the dynamics of the virtual datacentre.
However, hypervisors are very context-rich information systems, and are jam-packed with data ready to be crunched and analysed to provide a well-rounded picture of the various resource consumers and providers.
Having this information at your fingertips can help optimise current workloads and identify systems better suited to host new ones.
Operations will also change, as users are now able to establish a fingerprint of their system. Instead of micro-managing each separate host or virtual machine, they can monitor the fingerprint of the cluster.
For example, how have incoming workloads changed the clusters’ fingerprint over time, paving the way for a deeper trend analysis into resource usage.
Information like this allows users to manage datacentres differently and – in turn – design them with a higher degree of accuracy.
The beauty of having this set of data all in the same language, structure and format is that it can now start to transcend the datacentre.
The dataset gleaned from each facility can be used to manage the IT lifecycle, improve deployment and operations, optimise existing workloads and infrastructure, leading to a better future design. But why stop there?
Combining datasets from many virtual datacentres could generate insights that can improve the IT-lifecycle even more.
By comparing facilities of the same size, or datacentres in the same vertical market, it might be possible to develop an understanding of the TCO of running the same VM on a particular host system, or storage system.
Alternatively, users may also discover the TCO of running a virtual machine in a private datacentre versus a cloud offering. And that’s the type of information needed in modern datacentre management.
In this guest post Amit Singh, president of Google for Work, explains why enterprises need to start adopting a mobile- and cloud-first approach to doing business if they want to remain one step ahead of the competition.
One of the most exciting things happening today is the convergence of different technologies and trends. In isolation, a trend or a technological breakthrough is interesting, at times significant. But taken together, multiple converging trends and advances can completely upend the way we do things.
Netflix is a classic example. It capitalised on the widespread adoption of broadband internet and mobile smart devices, as well as top-notch algorithmic recommendations and an expansive content strategy, to connect a huge number of people with content they love. The company just announced that it has more than 65 million subscribers.
Other examples of new and improved approaches to existing problems abound. As Tom Goodwin, SVP of Havas Media, said recently: “Uber, the world’s largest taxi company, owns no vehicles. Facebook, the world’s most popular media owner, creates no content. Alibaba, the most valuable retailer, has no inventory. And Airbnb, the world’s largest accommodation provider, owns no real estate. Something interesting is happening.”
Each of these companies has capitalised on a convergence of various trends and technological breakthroughs to achieve something spectacular.
Some of the factors I see driving change include exponential technological growth and the democratisation of opportunity, as well as the emergence of public cloud platforms that are fast, secure and easy to use. Together, these trends underpin a powerful formula for rapid business growth: mobile plus cloud.
We know the future of computing is mobile. There are 2.1 billion smartphone subscriptions worldwide, and that number grew by 23% last year.
We spend a lot of time on our mobile devices. Since 2014, more internet traffic has come from mobile devices than from desktop computers. Forward-looking companies are building mobile-first solutions to reach their users and customers, because that’s where we all are.
On the backend, the cost of computing has been dropping exponentially, and now anyone has access to massive computing and storage resources on a pay as you go basis because of cloud. Companies can get started by hosting their data and infrastructure in the cloud for almost nothing.
Hence mobile plus cloud. You can use mobile platforms to reach customers while powering your business with cloud computing. You can build lean and scale fast, and benefit automatically from the exponential growth curve of technology.
As computing power increases and costs decrease, cloud platforms grow more capable and the mobile market expands. In this state, technological change is an opportunity.
How cloud challenges the incumbents to think different
Snapchat is one of the best examples of how this can work. It was founded in 2011. The team used Google Cloud Platform for their infrastructure needs and focused relentlessly on mobile. Just four years later, Snapchat supports more than 100 million active users per day, who share more than 8,000 photos every second
The mobile plus cloud formula is exciting, but it also poses challenges for established players. According to a study by IBM, some companies spend as much as 80% of their IT budgets on maintaining legacy systems, such as onsite servers.
For these companies, technological change is a threat. Legacy systems don’t incorporate the latest performance improvements and cost savings. They aren’t benefitting from exponential growth, and they risk falling behind their competitors who are.
This can be daunting, since it’s not realistic for most companies to make big changes overnight.
If you run a business with less than agile legacy systems, here’s one practical way to respond to the fast pace of technological change: foster an internal culture of experimentation.
The cost of trying new technologies is very low, so run trials and expand them if they produce results. For example, try using cloud computing for a few data analysis projects, or give a modern browser to employees in one department of the company and see if they work better.
There are no “one size fits all” solutions, but with an open mind, smart leaders can discover what works best for their team.
It’s important to try, especially as technology becomes more capable and more of the world adopts a mobile plus cloud formula. Those who experiment will be best placed to capitalise on future convergences.
Cloud-championing CIOs love to bang on about how ditching on-premise technologies helps liberate IT departments, as it means they can spend less time propping up servers and devote more to developing apps and services that will propel the business forward.