Section 3: Expert views on future proofing and best practice
The findings from the survey informed the discussions held with experts which can be summarised as follows:
The advisory group was made up of a mix of public sector representatives and ICT industry experts, the remit of the group can be viewed at Annex C. There was one round table meeting and an information day organised for the Public sector reps to discuss ITaaS ( IT as a Service) which was hosted by EMC.
The meeting discussed the variance in delivery of hosting services and of future intentions that the survey responses had highlighted and considered in more detail the challenges organisations face. The ICT industry experts described their thoughts on how the challenges could be met and how they have overcome them in their own organisations and helped others to consolidate their services.
The key points from the meeting from the public sector reps were:
- there were huge cultural issues to overcome in organisations giving up hosting their own services centred on security concerns and loss of control and possibly loss of jobs
- it would be easier to comply with any initiative if it was mandated to do so
- use of the cloud was still full of the unknown and uncertainty for some
- there is no single public sector facility in Scotland suitable for the hosting of public sector services that would meet the needs of all organisations in terms of location i.e. 3 or 4 would be required in strategic locations spread over the country
The key points from the meeting from the ICT industry reps were:
- In response to the cultural issues:
- commercial data centres hold data up to Impact Level 6 the highest security level
- freedom to design custom data centre solutions in the public sector has naturally resulted in diversity of design and redundant variation in terms of overlapping design and data centre capacity. That is driving an unnecessary cost premium. The latest cloud based solutions can deliver increased control as capacity may be flexed up and down almost immediately with end customers only paying for what they use
- the impact on jobs can be viewed as a net gain as unnecessary cost may be removed from the hosting function and redeployed into innovation and growth support areas to better meet the needs of public sector services i.e. shifting the balance from support to innovation
- the first step to consolidating and sharing services is virtualisation
- there is little evidence of organisations asking for shared services and joint hosting requirements
- there are cost savings to be made from a shift from a Capex to an Opex based funding environment
- the total cost of service delivery was not measured consistently by organisations
- their experience was that a lot of organisations were unaware of all the services they run and that they continued to host paying licenses and support fees when there was no business requirement
- greater briefing from the Industry would be advantageous in advancing Public sector understanding of the abilities of a cloud approach which is now widely used by consumers with the advent of the Apple Icloud and online storage mediums such as Flickr, Dropbox, etc.
- If there was a cheaper way with no risk to delivering a service it would be difficult not to consider using it
- more information on how and what cloud use in the Public sector was required
- A sectoral approach to consolidation was most likely to have greater support in the initial transformation roadmap with a view for further consolidation at a later date
- mandation where appropriate to consolidate would be the quickest way to deliver savings but recognising savings are not just from consolidation but from virtualisation and moving to cloud services also
- current costs are not measured consistently in each organisation
- as there is no centralised viable hosting solution available, public sector organisations have nothing compelling to contrast their solutions against; This leaves them free to make their own arrangements either in house or spreading buying power across multiple suppliers with a myriad of solutions
- there are no significant technical issues in moving towards aggregating demand for hosting services across public sector and delivering a rationalised hosting solution with required levels of security but at significantly lower cost
- the baseline current costs for hosting services are often skewed as energy costs, the highest driver, are often lost in general property costs and not identified as a specific data centre support cost. The same is true for security and other building maintenance costs
- data centres that are housed in re-purposed buildings struggle to make use of renewable energies when contrasted with the latest data centre designs that use ambient air cooling as well as solar and wind power to drive towards a net zero data centre that draws zero power from the national grid
Gartner were approached for an independent view on best practice for running hosting services, how to standardise the measurement of the total end to end cost of running services and what an organisation should consider before deciding how to deliver their services.
The key message was that organisations should define their service workload needs, capacity variability needs, predictability of capacity needs, security and regulatory compliance needs, and managed services needs to choose the appropriate delivery model:
- externally managed (Hosted managed services, platform as a service, full-service hosted and software as a service) or
- internally managed (internal data centre, co-location, unmanaged cloud infrastructure as a service)
Visits: Private Sector Hosting
A number of companies were visited to understand how they deliver data hosting services and how they are shaping the delivery of future services.
data centre providers focus on a high quality cost effective data centre environment - that is their core business. They are continually managing the environment inside to reduce energy consumption and achieve PUE ratings of below 1.8. They recognise that as well as helping reduce the carbon footprint energy efficient data centre can make considerable savings. A 2000 square metre data centre that reduces its PUE 0.1 i.e. 1.8 to 1.7 would make a saving of around £400,000 per annum.
Modern commercial data centre providers provide managed service expertise which means they can manage clients environment up to and where appropriate beyond the operating system. This means that the basic availability of the infrastructure is guaranteed with a 99.9% uptime SLA, and reduces overheads, freeing up time for in-house technical personnel on the client side.
A well run private data centre is built to ISO 27001 Information Security Standards and has:
- 24/7 on-site security.
- 24/7 security monitoring with a direct connection to the emergency services.
- High security perimeter fence
It has multi multi-gigabit network links delivered through diverse physical and logical routes to completely eliminate single-points-of-failure and can connect with the following:
- JANET interconnectivity
- Connectivity to Government ( GSI) and NHS (N3)
- Linked with multiple telecoms data carriers including BT, Virgin Media and Cable & Wireless
- PSN connectivity
- SWAN (when available) connectivity
It has built in resiliency delivering availability through:
- Provision of a resilient power supply via on-site transformers linked to the National Grid delivering a minimum of 2 x 32 Amps to every rack
- Back-up via a battery based N+1 uninterruptible power supply ( UPS)
- Secondary power back-up via an on-site generator, capable of powering the entire data centre facility
- Protected by advanced fire and smoke detection systems, Complemented by an automated gas based fire suppression system
- The data centre should provide defence against water; backed by intelligent flood detection
- Temperature and humidity N+1 free-cooling units located within each vault.
- Forced under-floor circulation and 'Cold Aisle' containment to prevent hot air recirculation within banks of racks. This means more energy is saved as only relevant areas are cooled, not the whole room
It is built to deliver environmental benefits through certification to a number of standards:
- ISO 14001 - an internationally recognised accreditation for organisations that demonstrate superior environmental management
- EU Code of Conduct for data centres - Corporate Status. Each of our data centres has been audited and is operated to the Code's best practices for maximising energy efficiency. State-of-the-art power efficient equipment and infrastructure to minimise electricity consumption and thermal output from the data centre
- High tech cooling systems, including 'free-cooling', installed to minimise energy usage whilst effectively maintaining a constant cool temperature
- Motion-activated light controllers to reduce energy consumption and heat load
Scottish Procurement is currently looking to renew an existing framework which provided hosting services for websites. We have been discussing the possibility of extending the scope of that framework to include services for wider hosting requirements. The scope of this would not involve applications or managed services as there are a number of other frameworks that already do that such as the IT Managed Services ( ITMS) and the Apps & Web frameworks. There are also a number of UK frameworks such as G-cloud and a UK level ITMS as well as others.
The SWAN procurement will potentially provide additional options for procurement and there are also other bodies that deliver procurement frameworks and routes to market for public sector bodies such as APUC and the JANET brokerage service in the FE/ HE sector and the NSS in the Health sector.
Other Governments' approaches
Cabinet Office began a similar process to review the data centre landscape in 2010 and initially had difficulty in gathering data from organisations, although they felt they had enough to extrapolate what they had to provide an idea of the position. The project is now being run by the Government Digital Service ( GDS) who identified 6 strategic departments to work closely with to obtain accurate metrics and costs. The figures recorded were, in the end, not too different from the early analysis and it was agreed this provided a picture throughout their jurisdiction. They are currently at Outline Business Case to look at 2 options for providing their future hosting requirements.
The two options being considered are a procurement framework for the provision of infrastructure and services and the option to work in a Joint Venture ( JV) to provide a crown hosting service with a single supplier. They expect to half their estimated £550m hosting costs.
Northern Ireland ( NI)
Earlier this year(2013) NI tendered for the production of an Outline Business Case ( OBC) for data centre services for the NI public sector.
The OBC has now been Treasury approved and has been sent to the NI strategic investment board for implementation.
Two cross-public sector data centres are being established. There is already a large shared service department in NI and organisations using this will move into the new facility and it will be made available for all other organisations. Already their health board wants to move into it but that will be in addition to two existing sites they have.