computerweekly.com 16-22 February 2016 1

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

computerweekly.com

AST

RAZ

ENEC

AAstraZeneca slashes costs by insourcing ITBiopharmaceutical company saves $350m a year by bringing outsourced IT back in-house

Home

16-22 FEBRUARY 2016

computerweekly.com 16-22 February 2016 2

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Post Office faces group litigation by subpostmasters over Horizon The Post Office faces group litiga-tion in relation to a long-running dispute over the Horizon software that its branch network uses, as campaigners get the financial back-ing they need to take the case to civil court. Subpostmasters plan a group legal action against the Post Office, claiming wrongful prosecu-tion, fines and even prison sen-tences because of failures in the computer system.

Paym use growing at rapid pace The number of payments made through mobile transaction service Paym is doubling every six months, according to research. Paym found that between July and December 2015, payments made through the service increased by 89% compared with the previous six-month period. Paym chairman Craig Tillotson said: “More Paym payments were made in the last six months than the whole previous year.”

A quarter of IT managers at small companies are women A quarter of IT managers in small to medium-sized enterprises (SMEs) are women, according to a study by managed services sup-plier Altodigital, with the perceived importance of the IT team high in these companies. The research found employees want IT manag-ers to respond quickly to requests, and have technical knowledge and communication skills to explain IT problems.

Smart cities pointless without universal superfast broadbandSmart cities and the internet of things (IoT) offer the potential to realise huge benefits for soci-ety, but more attention must be paid to the underlying network-ing and broadband infrastructure if the technology is to deliver on this promise. This was the verdict delivered during panel discussions and keynotes at IoT Tech Expo at London’s Kensington Olympia.

London mayoral hopefuls go head-to-head on tech policyAhead of London’s mayoral election in May, five potential candidates went head-to-head in a debate to convince the technol-ogy sector that they support the capital’s booming tech industry. All of the hopefuls voiced support for the mayoral tech mani-festo published by event organiser Tech London Advocates, together with IT trade body TechUK and Centre for London, which lobbies for a “truly digital city”.

❯Catch up with the latest IT news online

NEWS IN BRIEF

computerweekly.com 16-22 February 2016 3

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

NEWS IN BRIEF

Marks & Spencer appoints chief digital officerMarks & Spencer has appointed former Apple e-commerce head Marcus East as chief digital and product officer (CDO). East will be responsible for customer experi-ence and digital transformation.

Visa opens up its payments technology to developersVisa is addressing the “fintech” challenge by allowing software developers to access its payments technology to develop products and services that complement it, as consumers demand easier-to-use and more secure payment systems.

UK firms expect cyber attack recovery to cost at least £1.2mMore than half of UK businesses expect to be hit by a cyber attack and are braced for recovery costs of £1.2m or more, a study has revealed. This is the highest figure globally, according to the Risk:Value 2016 report by NTT Com Security.

Public sector outsourcing grew by over 50% in latter half of 2015In the last six months of 2015, government spending on IT and business process outsourcing was 55% higher than the in the first half of the year, according to research by Nelson Hall for Arvato.

IT companies need technical workers with soft skillsIT firms are in need of skilled candi-dates with soft interpersonal skills. Firms including Apple, Microsoft and Fujitsu agreed basic digital literacy, time management and teamwork were just as important as specific industry skills.

Chiltern Railways tests enhanced trackside Wi-Fi for passengersChiltern Railways is testing an enhanced trackside Wi-Fi network from mobile operator EE to provide travellers with continuous con-nectivity. Until now, connecting to wireless broadband on trains in the UK has been unreliable. n

Hunt promises £4.2bn cash injection for NHS IT The government will spend £4.2bn on NHS technology – including apps, Wi-Fi, cyber security and electronic patient records – over the next five years, accord-ing to health secretary Jeremy Hunt.

❯ Surveillance bill needs more work, says Joint Committee

❯ Misgivings rise as Privacy Shield comes under scrutiny.

❯ Government launches GDS Advisory Board.

❯ Tony Singleton leaves G-Cloud for BIS.

❯Catch up with the latest IT news online

JOK

P/IS

TOC

K

computerweekly.com 16-22 February 2016 4

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

AstraZeneca IT insourcing programme motivates staff and beats savings targetThe man heading up AstraZeneca’s project to insource its technology, Chris Day, talks to Karl Flinders about the progress it has made so far and the early benefits it is seeing

AstraZeneca’s IT department is saving $350m (£243m) a year through an IT insourcing project that also stopped IT being the company’s “whipping boy”.

After deciding to insource in 2013, the pharmaceuticals giant began a three-year project in January 2014 that has seen it replace seven major IT suppliers with in-house resources. It has also cre-ated global delivery hubs in India, Mexico and China.

The company’s vice-president of IT strategy and performance, Chris Day, was chosen to head up the project by AstraZeneca CIO David Smoley. The company was spending $1.35bn on IT each year, but was not getting value from the investment.

At the time, about 70% of AstraZeneca’s IT was outsourced. It originally had a big contract with IBM as sole service provider, but in 2011 switched to a multi-sourcing strategy, signing up seven specialist suppliers – HCL, Wipro, BT, Computacenter, Cognizant, Infosys and Accenture.

But Day says IT was underperforming and had become the “whipping boy” of the company. “We were really underperforming

as an IT organisation,” he says. “We were very slow, very inflex-ible, and had terrible issues with quality, as well as a high level of dissatisfaction with IT in the business.”

The IT department had also become “very expensive”, says Day. “We were demonstrably more expensive than our peers in the pharma industry.”

INTERVIEW

“We Were underperforming as an iT organisaTion...

and Were demonsTrably more expensive Than our peers in

The pharma indusTry”Chris Day, astraZeneCa

computerweekly.com 16-22 February 2016 5

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

In the pharmaceuticals industry, average spend on IT as a pro-portion of revenue is about 3.3%, says Day, but AstraZeneca’s IT accounted for about 5.4% at the time. It set a target of saving $300m from its annual IT spend – a figure it has already exceeded, saving $350m.

Operational modelDay does not put the blame for the overspend on suppliers, but on the operational model at the time. He says the suppliers were best of breed, but AstraZeneca had not got the supplier man-agement and service integration right. “We had to regain control of IT to fix this,” he says.

The problem was that the supplier management overhead was huge, says Day. Creating and running a project took a lot of effort for internal teams to co-ordinate. And the company could no longer act on its own intuition. “We had become good at sup-plier management, but lost the individuals who really understood technology, could make informed choices and get quality work done quickly,” he says.

At the time, the IT workforce supporting AstraZeneca comprised about 1,900 internal staff and 5,000 supplier staff. The company decided to rebuild its operating model and reskill its legacy IT staff. Day says, over the years, the IT staff had morphed into ser-vice managers, with many legacy staff becoming supplier service managers as opposed to technology delivery professionals.

AstraZeneca decided to reduce the number of IT staff slightly, including those from suppliers, and re-skill legacy staff. This involved recruiting 250 extra IT staff in the UK and the US.

INTERVIEW

AST

RAZ

ENEC

A

In pharmaceuticals, the average spend on IT as a proportion of

revenue is 3.3%. AstraZeneca’s was at 5.4% before the

insourcing project began

❯DVLA looks for new CIO after completing major insourcing project

computerweekly.com 16-22 February 2016 6

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Additional employees were recruited when it opened technol-ogy delivery centres in Chennai in India, Dalian in China, and Guadalajara in Mexico.

The company is now able to scale quickly in areas rich with IT talent, says Day. The Chennai centre, opened in September 2014, will be the main centre, supported by satellites in Dalian and Guadalajara. The company is also planning to open operations in Eastern Europe, he says.

AstraZeneca now has about 4,500 internal IT staff, compared with 1,900 when the project started. Some 5,000 supplier staff have gone, replaced largely by tech skills in the offshore develop-ment centres.

Global delivery centresWhen AstraZeneca was planning its global delivery centres, it was careful to avoid captive centres run by suppliers – a com-mon model used by businesses. All the staff in the centres are employed by and report to AstraZeneca directly, says Day.

This way, employees feel part of the team rather than being employed by a supplier, and this is seen as one way of coun-tering the often high attrition rates in IT hubs such as Chennai. “Our attrition rate in Chennai is low at about 2.5% a year, which is unheard of today,” he says. “We are investing a lot of time in employee engagement and people have a connection.”

The Chennai hub now hosts about 1,500 people – having grown from one person and an empty building in mid-2014. It will have more than 2,000 workers by the end of this year. The centre car-ries out a wide range of services, such as infrastructure, user

computing and application management, and is also working on emerging technologies.

Hiring new staffThe company decided from the start not to just recruit from suppliers, but to look for new staff to ensure that it got people “who really wanted to work for AstraZeneca”, he says.

The Chennai hub has a high volume of experienced staff, accord-ing to Day. “These are not junior people – many have five to 10 years’ experience.” He adds that the company will begin to bring more graduates in now the centre is established.

Because the company’s internal workforce has increased in developing countries, where wages are lower, the total cost of staff has remained broadly flat, says Day.

In Mexico, AstraZeneca is just starting out, but the hub will have 300 staff by the end of the year, he says. The Guadalajara centre will provide services that need to be closer to the Americas. The Dalian centre, where a couple of hundred people are working, will

asTraZeneca noW has abouT 4,500 inTernal iT sTaff,

compared WiTh 1,900 When The projecT sTarTed

INTERVIEW

computerweekly.com 16-22 February 2016 7

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

be a subset of the Chennai centre but focused on China, Japan and South Korea.

Day says the company will make a decision on Eastern Europe next year. A centre there would probably have 100-150 staff.

Laggard to leaderDespite an IT budget exceeding $1bn over the years, large-scale outsourcing had resulted in AstraZeneca falling behind, according to Day. But this is changing. For example, the company has gone from being what Day describes as “a laggard in terms of cloud take-up” in 2013 to rolling out multiple cloud systems, including Salesforce, Workday, Box, Office 365 and ServiceNow in the past two years. Concur is being deployed currently.

“Before this project, email was run in-house on an antiquated server estate supported by third parties. We moved to Office 365, which took only seven months,” he says. “We have adopted lead-ing cloud services and gone from lagging in terms of cloud technol-ogy to leading in certain areas, and we are evaluating all the time.”

Now that business targets such as cost-cutting, flexibility and user satisfaction have been met, the organisation wants innova-tion, says Day. To support this, AstraZeneca has recruited a CTO and a team of 20 in San Francisco to look at new technology.

Onwards and upwardsDay says the company is ahead of schedule on the outsourc-ing project and he expects 70% of IT to be insourced when it is complete. But this is not a fixed target: “We are always looking, but I don’t think it can go much further than that.”

Day says the project has “raced along” and there has been little time to take in the challenges the company has been through – but they were major. “We have moved so quickly that it is easy to gloss over some of the challenges,” he says. “But it is a big move going from being a supplier management organisation to an IT operation that designs, builds and runs solutions itself. We found that, emotionally and culturally, it is a big journey to make. We have done this by bringing some great new people in and reskill-ing existing folk.”

Bringing work back in-house has re-energised and motivated the IT organisation, according to Day. On the supplier front, Day expected a level of resistance, but found they were really collabo-rative and supportive.

The 30% of AstraZeneca’s IT that is outsourced includes spe-cialist areas such as network services and a service desk, and the company still outsources quite a lot of application development. n

❯Daimler seeks savings of ¤150m a year by bringing IT services in-house

INTERVIEW

“We have adopTed all The leading cloud services and gone from lagging in Terms of cloud

Technology To leading”Chris Day, astraZeneCa

computerweekly.com 16-22 February 2016 8

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

EU-US Privacy Shield: Can ‘assurances’ protect EU citizens’ data from US snoops?Caroline Donnelly considers how the European Court of Justice will regard the claims of Safe Harbour’s replacement

Safe Harbour’s successor, the EU-US Privacy Shield, has been weighed up and found wanting by privacy campaigners, who fear the proposed data-transfer deal may not stand up

to the legal scrutiny of the European Court of Justice (ECJ).The European Commission (EC) has been working with US law-

makers to develop a replacement for the Safe Harbour transat-lantic data-transfer agreement since it was ruled invalid by the ECJ in October 2015. The result of these discussions is the EU-US Privacy Shield, which is expected to come into force in three months’ time, the EC said.

For that to happen, the agreement’s content must pass muster with the Article 29 Working Party, an affiliation of the data pro-tection authorities of all 28 EU member states.

The working party has given the EC and the US until the end of February 2016 to provide a complete breakdown of how Privacy Shield will work. It said anyone attempting use Safe Harbour to transfer data back to the US is now breaking the law.

It also warned organisations using alternative data-transfer mechanisms – including standard contractual clauses and binding

corporate rules – that permission to use these could be revoked by the end of February.

Apart from a new name, a logo and some lofty declarations about how the EU-US Privacy Shield agreement is a “significant improvement” on Safe Harbour, only scant details about how it will work were outlined at the launch of the new-look data-trans-fer regime on 2 February.

Among them was the fact that the agreement will be subject to annual reviews – unlike Safe Harbour – and it will be supported by the work of a “functionally independent” ombudsman for European citizens who fear their data has been accessed unlaw-fully by the US authorities.

Safe Harbour 2 and its shortcomingsGiven how short on detail the announcement was, many indus-try watchers have described it as a ruse by the EC and the US to buy more time to flesh out the details of the Safe Harbour alternative, as the Article 29 Working Party initially gave the pair until 31 January to do so.

ANALYSIS

computerweekly.com 16-22 February 2016 9

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Frank Jennings, a partner specialising in cloud and technol-ogy commercial contracts at legal firm Wallace, told Computer Weekly he shares this view.

“The main driver over the timing of the announcement was the enforcement deadline set by the Article 29 Working Party,” he said. “This has bought some time while the detail is finalised.

“The European Commission has to prepare a draft adequacy decision for consideration by the Article 29 Working Party and the US government still needs to set up the monitoring mecha-nisms and an ombudsman.”

During the February press conference, Andrus Ansip, EC vice-president in charge of the Digital Single Market, promised EU citizens that the EU-US Privacy Shield would protect them from “indiscriminate mass surveillance” by the US government.

He said the EC had received “written assurances” from the US government to this effect, but concerns about these declarations were already mounting up.

A history of Safe HarbourThe Safe Harbour agreement was the legal mechanism previ-ously used by thousands of US companies to transfer data belonging to European citizens to the US, before it was struck down by the ECJ last October following a legal challenge by Austrian legal student Max Schrems.

The ECJ backed Schrems’ assertion that Safe Harbour did not adequately protect the data of European citizens from the mass surveillance activities of the US government which, in turn, were uncovered by NSA whistleblower Edward Snowden in 2013.

ANALYSIS

ERIC

SPH

OTO

GRA

PHY/

ISTO

CK

In the balance: Critics say that, while US surveillance

law remains, assurances regarding EU citizens’ data

are worthless

computerweekly.com 16-22 February 2016 10

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

The problem many have with Privacy Shield’s “written assur-ances” is whether these would be considered “adequate protec-tion” from the US government’s surveillance activities.

Former EC vice-president Viviane Reding – who previously spearheaded a review of Safe Harbour in response to Snowden’s 2013 revelations – aired concerns about Privacy Shield.

“The new text is disappointing,” she said. “The commitment to limit mass surveillance of EU citizens is ensured only by a written letter from US authorities.

“Is this sufficient to limit oversight and prevent generalised access to the data of EU citizens? I have serious doubts if this commitment will withstand examination by the European Court of Justice.”

Alexander Hanff, CEO of civil liberties advisory group Think Privacy, shares her misgivings. He said that, while the US gov-ernment’s Foreign Intelligence Surveillance Act (FISA) remained, these penned declarations were “not worth the paper they are written on”.

FISA is federal legislation that allows the US government to cov-ertly keep tabs on people suspected of spying on the US for over-seas governments or intelligence agencies, as long as the Foreign Intelligence Surveillance Court (FISC) gives it permission.

“We are supposed to believe that the very same agencies and the very same political machine that has been spying on the world’s digital communications for over a decade will now suddenly stop spying on Europeans because the European Commission has asked them to?” said Hanff. “It is preposterous to even suggest such a thing, let alone do so with a straight face.

“It doesn’t matter how many ‘assurances’ the US gives the EC, the very fact that the FISC exists and issues secret orders under FISA renders them nothing but fantasy.”

Hanff wrote to the Article 29 Working Party outlining his con-cerns about the Privacy Shield’s reliance on written assurances over US mass surveillance. He called on the working party not to “entertain the notion that such an agreement is either legally secure or honest”.

He signed off by asking Isabelle Falque-Pierrotin, chair of the Article 29 Working Party, to communicate the existence of FISA and FISC to other members of the party, highlighting the risk FISA poses to claims that Privacy Shield can make good on its promise of protecting EU citizens from snooping.

“We simply must not allow a lie (for this Privacy Shield is exactly that) to replace a lie (which Safe Harbour was) in order to main-tain the status quo and pander to the economic interests of the US technology sector,” Hanff wrote.

“The deal is bad for EU citizens and it is bad for the EU economy. It must not be accepted.”

Written assurances vs legal protectionsMax Schrems released a statement following the EU-US Privacy Shield announcement, questioning whether US written declara-tions would satisfy the ECJ.

“A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit US law allowing mass surveillance,” said Schrems.

ANALYSIS

❯Max Schrems: The man who broke Safe Harbour

computerweekly.com 16-22 February 2016 11

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

“We don’t know the exact legal structure yet, but this could amount to disregarding the ECJ’s judgment. The court has clearly stated that the US has to ‘ensure’ proper protection by means of ‘domestic law or international commitments’.”

However, Daniel Hedley, an associate at legal firm Thomas Eggar, said that, until the full details of EU-US Privacy Shield are made public, it is difficult to predict exactly how the ECJ will view the finished article.

“The ECJ’s judgment was based in large part on a finding that the US did not provide equivalent protections in law,” Hedley told Computer Weekly. “So I think we can at least say that the Privacy Shield’s legal status and enforceability are going to be critical to its success or failure.

“That is, whether or not these ‘written assurances’ of the US government amount to real binding rights and obligations giv-ing European equivalent data rights, and whether the proposed enforcement mechanisms have real teeth. At the moment, with the information we have, we can’t tell if that is the case or not.”

Until the EU and US lawmakers present the EU-US Privacy Shield proposition in full to the Article 29 Working Party at the end of February, it is difficult to say with any degree of certainty whether the ECJ will uphold legal challenges against it, said Hedley.

And it seems there will be no shortage of candidates willing to put it to the test, once the full details are known.

“I am not sure if this system will stand the test before the Court of Justice,” Schrems said, after the announcement of Privacy Shield. “There will clearly be people who will challenge this; depending on the final text, I may well be one of them.” n M

AN

FRED

WER

NER

/WIK

IPED

IA

Privacy campaigner Max Schrems: “There will be

people who challenge this; depending on the final text,

I may be one of them”

ANALYSIS

computerweekly.com 16-22 February 2016 12

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

City transforms IT to add value while focusing on simplicity and practicalityHigher education faces budget cuts and growing IT requirements, but a £200m overhaul at City University London is bearing fruit. Angelica Mari talks to CIO Paul Haley

To serve a population of 20,000 students and 3,000 staff across 25 locations at City University London, CIO Paul Haley is promoting a major IT consolidation and stand-

ardisation exercise to meet the organisation’s demands to do more for less.

According to Haley, who joined in 2011 from the University of Aberdeen, City’s information services were not fit for purpose and management wanted “a step change in IT performance” to accompany a four-year business plan that includes an investment of £200m in information systems, services infrastructure and staff, as well as property and facilities.

“Given the competitive nature of the higher education market, what we do to differentiate ourselves in terms of information sys-tems makes a big difference. We’ve tried to refocus our efforts from operational commodity IT to strategic, value-adding IT,” Haley tells Computer Weekly. “We have the funding pressure of having to do more for less – education is a competitive business and reducing costs as well as improving service is very important to us.”

Sector average versus sector leadingOne of the main considerations for Haley for the 2014 to 2018 IT strategy at the university was to establish which IT areas deserve to be on the leading edge, while also identifying where being “sector average” was acceptable, such as for systems that do not provide business advantage.

“What happens in a lot of universities is that over a period of time cottage industries spin up and minor business activities are developed along with minor business systems. That takes an awful lot of unpicking,” says Haley. “We spent a lot of time stand-ardising on systems as far as we could and reducing the complex-ity of the core to fall in line with the university’s strategic plan, which was about information systems services being sector lead-ing in certain areas and sector average in others.

“The question this posed was where should we be leading and where should be the sector average. For areas such as adminis-trative systems, we would aim for the sector average because they weren’t differentiators. But in pedagogical systems, we

INTERVIEW

computerweekly.com 16-22 February 2016 13

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

would hope to be sector leading – and in terms of our strategy, that’s where we’re going.”

The sector-leading technologies selected by Haley and his team to support the IT services underpinning education and research at City include Moodle, a widely used open source tool for course delivery and learning online. This gives students and lecturers access to content and resources relating to their programmes of study and enables them to participate in web-based activities.

The introduction of Microsoft Office 365 is another highlight of Haley’s four-year plan, intended to build digital communities to support and enhance collaboration between students, lecturers, researchers, professional staff, student services and parties exter-nal to the university.

In addition, Microsoft SharePoint will provide an integrated environment with Moodle. This is intended to offer a personalised experience for both student and lecturer, with content, resources and features of this environment changing to cater for the various stages of the academic cycle, from marketing and recruitment, as well as the stages of student induction and orientation, education and assessment, all the way through to graduation and lifelong engagement with the university.

According to the CIO, sector-average technologies selected to support IT services relevant to administrative processes include Tribal Sits, a system for student recruitment, progression and awards; Raiser’s Edge, a platform for alumni and donor manage-ment provided by Blackbaud; a content management system for the university’s website supplied by Squiz; and SAP for finance, payroll and human resources.

Driving cost-effectivenessReducing the complexity of City’s IT infrastructure reduced costs and allowed the organisation to become more agile, says Haley.

“We are buying a great deal more than building. We slid down enormously in terms of what we’re developing in-house. We just buy or use third parties where possible and appropriate,” he says.

INTERVIEW

Paul Haley: “We’ve tried to refocus our

efforts from operational commodity IT to strategic,

value-adding IT”

computerweekly.com 16-22 February 2016 14

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

As the journey towards value-added IT progresses at City University, Haley has a few noteworthy projects to be deliv-ered over the next six months, such as reviewing and selecting a replacement for the university’s enterprise service bus and migrating its remaining servers to VMware.

City’s datacentre resources reside in a shared services centre run by University of London Computer Centre (ULCC). While the vast majority of City’s servers are located in ULCC’s Senate House, its high-performance computing capabilities are based at ULCC’s centre in Kent.

The move to ULCC’s facilities is another example where opera-tional and financial effectiveness have been achieved, but there’s still room for improvement, says Haley. “We’re going to consoli-date our datacentre space [at ULCC], and hopefully we’ll need fewer services as there will be more virtualisation,” he says.

In addition, a full unified communications suite based on Office 365 and Skype for Business will be introduced.

“With the principle of getting best value in mind, we’re trying to use mainstream products and keep it simple and practical while ensuring our infrastructure remains current. One of the easy sav-ings that we can make is to extend the lifetime of our systems well beyond what it should be, but we’re making sure that we have quite a rigorous renewal process,” says Haley.

“We also try not to be dependent on a particular supplier. We used to be heavily reliant on one particular software supplier – that became extremely expensive and we were really locked into that situation,” he adds. “Similarly, because of the particular nature of some of the systems we had, we were overly dependent on indi-vidual members of staff. If you have a member of staff who holds the keys to a particular area of your technological infrastructure, you’re in for trouble.”

Strategy and innovationHaley describes a pyramid-like vision for technology at City, where IT strategy and innovation is at the top, supported by business relationship management – a role that was non-existent prior to his tenure. “This is something I introduced at the University of Aberdeen and it’s a two-role function. One is to be the intelligent customer, so the team can articulate the needs of their stakeholders to the technologists, and they also do account management, to manage the expectations of the customers,” says Haley. “Underneath that – but metaphorically rather than hierarchically – we’ve got service improvement, business analytics, then portfolio project planning and delivery, which also falls under service management.”

“We are buying a greaT deal more Than We are building. We

slid doWn enormously in Terms of WhaT We’re developing in-house”

Paul haley, City university lonDon

INTERVIEW

❯Dundee University CIO Paul Saunders calls for diversity in IT

computerweekly.com 16-22 February 2016 15

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Some roles under service management – where activities such as user support, application management, testing, quality assur-ance and datacentre operations are included – are less likely to remain in the university’s portfolio of activities, as it’s felt there are outsourcing options. “We’ve gone down that route to a cer-tain extent with the shared services with ULCC, and that has been extremely successful,” says Haley.

The IT at City is also more customer-focused and commercial than it used to be. “I come from a manufacturing background, and I worked for ThyssenKrupp where we were customer-focused, so that concept informed my behaviours in education environ-ments,” he says.

Focus on strategic skillsOne of the most testing aspects of Haley’s job remains saving money while delivering all the IT work the university needs.

He says £2m has already been shaved off a budget of £17m before the current four-year plan started. This was done through actions such as team restructuring, with several of the 130-strong IT team leaving the university. “A lot of people left the organi-sation and new staff came in. Maintaining standards with that amount of churn was extremely challenging. But in fact, during that period, customer satisfaction scores increased,” says Haley.

When it comes to investing in the skills development of his team, the CIO predicts there will be an increased focus on project man-agement capabilities over the next year. “I have some enormously able staff and we are trying to get them to take on more strategic roles. An example I often use is that of my network engineers,

who are particularly technically able and I often see them doing relatively menial tasks,” says Haley. “I’d like to see them designing our networks, rather than maintaining them; doing more supplier management, more project management and generally perform-ing a much more strategic role in the organisation rather than a technical one.”

According to Haley, an understanding of technology applica-tion, together with supplier and customer management skills, is the way forward for IT professionals who still have a long career ahead of them. n

This is an edited excerpt. Click here to read the full interview online.

“i’d like To see my neTWork engineers designing our neTWorks, raTher Than

mainTaining Them; performing a much more sTraTegic role in The organisaTion raTher

Than a Technical one”Paul haley, City university lonDon

INTERVIEW

computerweekly.com 16-22 February 2016 16

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Computer Weekly, 2nd Floor, 3-4a Little Portland Street, London W1W 7JB

General enquiries 020 7186 1400

Editor in chief: Bryan Glick 020 7186 1424 | bglick@techtarget.com

Managing editor (technology): Cliff Saran 020 7186 1421 | csaran@techtarget.com

Head of premium content: Bill Goodwin 020 7186 1418 | wgoodwin@techtarget.com

Services editor: Karl Flinders 020 7186 1423 | kflinders@techtarget.com

Security editor: Warwick Ashford 020 7186 1419 | washford@techtarget.com

Networking editor: Alex Scroxton 020 7186 1413 | ascroxton@techtarget.com

Management editor: Lis Evenstad 020 7186 1425 | levenstad@techtarget.com

Datacentre editor: Caroline Donnelly 020 7186 1411 | cdonnelly@techtarget.com

Storage editor: Antony Adshead 07779 038528 | aadshead@techtarget.com

Business applications editor: Brian McKenna 020 7186 1414 | bmckenna@techtarget.com

Business editor: Clare McDonald 020 7186 1426 | cmcdonald@techtarget.com

Production editor: Claire Cormack 020 7186 1417 | ccormack@techtarget.com

Senior sub-editor: Jason Foster 020 7186 1420 | jfoster@techtarget.com

Sub-editor: Jaime Lee Daniels 020 7186 1417 | jdaniels@techtarget.com

Sales director: Brent Boswell 07584 311889 | bboswell@techtarget.com

Group events manager: Tom Walker 0207 186 1430 | twalker@techtarget.com

Outsourcing or insourcing – which works?

To outsource or to not outsource? That, for many IT leaders, has been something of a religious question for a long time. You’re either a follower or you’re not.

But we are no nearer to answering the question of whether outsourcing works. In recent months, Computer Weekly has talked to numerous large organisations that have brought large-scale outsourcing arrangements back in-house with enormous benefits.

AstraZeneca saved $350m a year from its IT budget by insourcing. The DVLA expects to save £300m over 10 years from a similar exercise. Daimler anticipates €150m annual savings. Even General Motors – which practically invented large-scale IT outsourcing and owned EDS for many years – is insourcing about 90% of its contracted-out operation.

If you can make savings of that size, there is something fundamentally wrong with the outsourcing model at scale. In the last six months of 2015, UK public sector outsourcing leapt 55% compared with the first half of the year, and across the year it

rose 26%. In contrast, private sector outsourcing spending fell 42% in the second half of 2015 – but was still worth £688m in new deals. In the public sector there is more confusion than ever. The Government Digital Service is encouraging moves to bring IT in-house. And

yet it’s also reviewing how to handle the billions of pounds worth of contracts set to expire over the course of the current parliament. In local government, we’ve seen Cornwall, Dorset, Bournemouth, Liverpool, Birmingham and others move away from outsourcing –

often after realising their suppliers are unable to deliver austerity cuts and still make a profit. But we’ve also seen many councils signing new long-term contracts on a promise of delivering cuts.

Of course, a big part of outsourcing success relies on the buyer to be an intelligent customer. But too often, organisations outsource the IT skills they need to manage suppliers effectively. IT chiefs need a more granular approach to sourcing. Routine, predictable, process-oriented IT may be suited to a specialist outsourcer. But you might struggle if your customer-facing web or mobile software shop is run by a supplier when you need fast response, agile development and rapid iteration.

Digital transformation is a huge challenge for traditional outsourcers and a threat to their business model. Those suppliers need to go through a lot of change – belatedly – or they will be swept away by smaller, more agile alternatives.

Outsourcing has its place – but the “all or nothing” approach is surely dying. n

Bryan Glick, editor in chief

❯Read the latest Computer Weekly blogs

EDITOR’S COMMENTHOME

computerweekly.com 16-22 February 2016 17

The microservices concept is not really anything new – it is the implementation that has evolved. The idea is to break down traditional, monolithic applications into many small pieces of software that talk to each other to

deliver the same functionality. This will give those who lived through component-based soft-

ware, web services and service-oriented architecture (SOA) in the early 2000s a sense of déjà vu. They were meant to do some-thing similar. So what’s the difference?

“Microservices are much lighter-weight than SOA, with all of the standards which that entailed,” says Ben Wootton, co-founder of Seattle-based DevOps consultancy Sendachi.

SOA was a supplier-driven phenomenon, with an emphasis on complex enterprise service buses – a form of middleware needed to communicate between all the services.

“Message standards are looser and are exchanged over light-weight message brokers,” says Wootton. “The tooling has evolved from the open source community rather than big enterprise.”

Speed and agilityCompanies are interested in microservices because they can bring speed and agility and encapsulate relatively small busi-ness functions, says Wootton. A currency conversion service is a good example, or an e-commerce shopping cart.

Microservices: Small parts with big advantages

Microservices have become a hot topic at IT conferences. They go hand in hand with containers and the idea of software portability – but how

do they work and why should you care? Danny Bradbury explains

BUYER’S GUIDE TO CONTAINERS AND MICROSERVICES | PART 3 OF 3

TIER

O/F

OTO

LIA

HOME

computerweekly.com 16-22 February 2016 18

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Companies can develop services like these more quickly and can change them more readily, because they are dealing with smaller code bases. This is not something that traditional, monolithic applications with code millions of lines long were designed for. The testing over-head is immense when changing such vast code, because of all the interdependencies involved.

The other advantage is scalability. Microservices are designed to work in cloud environments, which can increase and decrease the computing resources needed for particular applications at will. If you need more computing power, simply start up another microservice on another cluster of computers. You can’t do that easily, if at all, with monolithic software that is designed to scale up on one piece of hardware.

Distributed computing like this also makes it easier to recover from infrastructure failures. Microservices are designed to be easily replicable, so many of them can be run to pick up the slack should a particular service stop working.

Cloud-native software modelAll of this makes microservices useful for cloud-native applications, which are designed to run in cloud environments with lots of commodity hard-ware resources that can dynamically respond to fluctuations in demand for certain applications.

These infrastructures are designed to fail over quickly. If a server dies, there is another one in the infrastructure to take its place.

For microservices to operate that way, they need to interact differ-ently with the IT infrastructure, says Wootton. “You need to lean on

automation a lot more,” he adds. “You might find your previous application turns into 50-100 independent services. Maybe they have to be duplicated for resilience. You are quickly left with hun-dreds of processes to be managed.”

To automate the management of the microservices and the pro-visioning of the infrastructure supporting them, the whole com-puting stack needs to change. The microservices software itself, or the software layer that manages it, must talk to the IT infra-structure to provision CPU cycles, networking and storage.

This calls for software-defined infrastructure, which has under-pinned the management of cloud-based resources for a while. Companies ranging from IBM to OpenStack are proposing IT environments in which computing, networking and storage

resources are accessed and controlled via software application programming interfaces (APIs), rather than from a systems management tool or com-mand line.

How can you prepare your infrastructure for this? Suppliers of converged and hyper-converged sys-tems would like you to throw away your expensive

“microservices are much lighTer-WeighT Than soa, WiTh all The

sTandards Which ThaT enTailed”Ben Wootton, senDaChi

BUYER’S GUIDE

❯Microservices can offer flexibility for developers,

but should they be used for mobile development?

computerweekly.com 16-22 February 2016 19

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

storage array and replace it with dumb drives that their software will control for you. But that isn’t necessary, says Donnie Berkholz, director of development, DevOps and IT operations at analyst firm 451 Research. You can typically integrate existing supplier-specific infrastructure with these new cloud management sys-tems, he says: “A lot of cloud envi-ronments already have plug-ins. OpenStack networking has all dif-ferent kinds of back ends.”

Automating the creation and deployment of applications like these requires some form of soft-ware container that shields it from any idiosyncrasies in the platform. A microservice may be deployed on a server running a different network driver, Linux distribution or version of Python than the one on which it was developed, but the container shields it from that.

“Microservices can be built in any language and any stack, as long as the boundaries can be defined,” says Kamesh Pemmaraju, vice-president of product marketing at Mirantis, which creates software and services to help IT departments using the OpenStack private cloud management system. “They can be thrown into a container, and it is portable.”

Talk about DockerMost people describe Docker when talking about contain-ers. This open source project shares elements of the operating

system between different containers, but bundles all the appli-cation’s dependencies and libraries in the container itself.

But this isn’t the only show in town. Containers have been around for a while, from Solaris Containers (Zones) to the Linux-based LXC containers on which Docker was originally based.

RunC is a container runtime designed to implement a container specification standard created by the Open Container Initiative, while Virtuozzo has its own Linux-based container technology called OpenVZ. And then there’s CoreOS, which has its own rkt container runtime.

Suppliers have been quick to jump on this. VMware launched its own technology, called vSphere Integrated Containers (VIC), last August, which is designed to let developers connect to virtual container hosts using a Docker command line interface. VMware containers run alongside stand-ard virtual machines.

Microsoft announced support for Docker containers on Linux vir-tual machines (VMs) from within Azure in June 2014. Since then, it has worked on supporting Docker containers on Windows Server, and also announced its own container technology for the Hyper-V hypervisor, along with a Nano Server min-imal footprint installation of Windows Server designed for container use.

BUYER’S GUIDE

“microservices can be builT in any language and any sTack, as long

as The boundaries can be defined”Kamesh Pemmaraju, mirantis

computerweekly.com 16-22 February 2016 20

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Where to start?It may all sound exciting, but ripping out and replacing existing applications with microservices is not a realistic proposition for anyone, so where should a firm start?

Gently does it, says Sendachi’s Wootton, who recommends an iterative approach. “You just dip your toe in and get used to that lifecycle,” he says. “I would pick off new functions and slowly bring them into microservices. I would never re-architect a whole application for the first time.”

A company with an established inventory management system might steer clear of replacing it straight away, but it might con-sider implementing other new functions on its website as micros-ervices, such as a customer chatroom or a product recommenda-tion service, perhaps.

Cut code quicklyAreas where this makes sense are where you need to cut code quickly and innovate rapidly. Mobile apps are a good example, as are customer-facing services that you expect to be used at scale. The legacy batch order processing software that has been doing its job reliably for years may not need the microservices treatment, however.

This practice phase is important, because microservices involve a deep change to the software development and deployment process. The biggest mistake, says Wootton, is companies trying to

implement microservices without changing their old ways of working. “You want to move to a DevOps model where people are working more collaboratively,” he adds.

DevOps involves a meeting of minds between developers and operations staff, says 451 Research’s Berkholz. “It involves opera-tions staff learning what it looks like to be software developers, but also developers learning what it looks like to do production. You can’t do microservices until you’ve done both of those.”

Work togetherThis approach enables the two parties to work together in a world where infrastructure is provisioned using software inter-faces at a moment’s notice, tailored for the development, test-ing and production deployment of many tiny applications.

In practice, that means operations staff might be checking con-figuration instructions out of GitHub instead of just writing their own batch files. And while operations staff may be responsible for

the platform that code is running on, the developers become responsible for their own code’s operation.

“They don’t get to hand it off any more and be done,” says Berkholz. “They have to say ‘I’m on pager duty, and if my code breaks at 2am, I get woken up’.”This might give developers and operations staff

alike pause for thought. Microservices is not a free lunch. It needs sophistication in techni-

cal infrastructure, along with a highly mature IT team. Many firms will have their work cut

out before they are ready. n

BUYER’S GUIDE

computerweekly.com 16-22 February 2016 21

The end is nigh for privately owned datacentres. While it won’t happen this year, this decade or probably even this generation, the fact is that the long tail of its death has started.

It used to be a given that, at some stage, an organisation would outgrow its datacentre and would need to build a new one, as concerns about the security, performance and availability of third-party facilities meant few enterprises were willing to go down the colocation route.

As a result, they generally opted to build a new datacentre or heavily adapt an existing site.

That was before virtualisation and hybrid cloud raised their heads, paving the way for enterprises to downsize their facilities as increased utilisation rates and equipment densities allow them to free up 50% or more of existing IT equipment.

Platform half the sizeThe result is a facility that uses the same overall power distribu-tion and cooling capabilities, but is aimed at a platform half the size. This is uneconomic, however, and businesses have started to realise this.

Yet it is highly unlikely we will see many enterprises move all their in-house IT to the public cloud, regardless of the perceived benefits of doing so.

As result, there will still be a need for many businesses to retain some of their IT infrastructure in-house for a long time yet.

Cloud versus colocation: Why both make sense for the enterprise right now

With colocation providers moving to adopt simpler, cloud-like charging models, would enterprises be better off ditching the

datacentre completely? Clive Longbottom reports

IT INFRASTRUCTURE

TOMASZ ZAJDA/FOTOLIAHOME

computerweekly.com 16-22 February 2016 22

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

But owning the infrastructure does not mean an organisation must own the facility, and this is where colocation comes in. A third party builds, owns and manages the facility, and a number of different organisations then share this space to gain greater flexibility and the improved econom-ics of a shared model.

The onus is then on the colocation provider to invest in ensur-ing that its services – primary and backup power, internet con-nectivity, physical and technical facility security, and so on – are above the levels that an organisation could economically pro-vide in-house.

Colocation costsTo set itself apart from all the other colocation suppliers out there, a supplier also needs to be able to offer additional func-tions, such as overall facility monitoring and architectural advice to make sure those sharing the facility are “good neighbours”.

But how will these colocation sup-pliers monetise their offerings when faced with apparent continued price cuts in the public infrastructure-, platform- and software-as-a-ser-vice market?

The cost models around colo-cation have traditionally been pretty opaque and based on a mix of the space occupied, power

consumption and the amount of data transmit-ted across the site’s internet connections. This can cause the overall cost of colocation to vary consid-erably, which can be a problem as cost predictabil-ity is essential to business during periods of eco-nomic instability.

At the moment, colocation providers are lucky, because calculating the cost of using public cloud platforms is a difficult task, thanks to the wide variety of offerings being touted by a single supplier. This can be stressful to wade through, and that’s before you even try to build an effective platform.

Things are changing, though, as the likes of IBM move towards becoming more cloud-focused, which means the cost models of cloud have to become more transparent and easy to understand. This has prompted some colocation providers to take steps to simplify their pricing, too.

As colocation and cloud contracts become similar, this prompts the question as to whether an organisation should own any part

of its hardware platform, or move everything to the cloud anyway.

Cloud versus colocation: Which is better?This circles back to the beginning of this article. Many decisions will be based on the perception – rather than the reality – that public cloud is somehow less secure, more

IT INFRASTRUCTURE

❯The true colocation cost is buried in myriad supplemental charges and fees in the fine

print or price sheets.

aT The momenT, colocaTion providers are lucky, because

calculaTing The cosT of using public cloud plaTforms

is a difficulT Task

computerweekly.com 16-22 February 2016 23

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

outage-prone and harder to control than a privately owned plat-form. These discussions are likely to drive organisations more to a colocation than a public cloud environment.

Other decisions will be driven by business leaders who want to move from a capital expenditure to an operational expenditure model, or the need for more business availability, based on the use of warm images, provisioned across multiple platforms.

This can be done via colocation, but means replication of all the hardware across multiple facilities, which can work out expensive.

It may be that a hybrid model could meet the requirements for many organisations – a colocation

centre as the primary site with public cloud acting as the failover envi-ronment – as well as providing burst resources as necessary.

Whatever approach an organisation opts for, the IT platform they choose has to support the business in its aims. This is increas-ingly where a fully in-house facility/platform model is failing.

As yet, the end game is not decided. Colocation and public cloud both have their parts to play in any system – just don’t write one or the other off for any ivory tower reasons. n

Clive Longbottom is co-founder

and service director at Quocirca

IT INFRASTRUCTURE

iT may be ThaT a hybrid model could meeT The requiremenTs

for many organisaTions

VLA

DIS

LAV

KO

CH

ELA

EVS/

FOTO

LIA

computerweekly.com 16-22 February 2016 24

Until the widespread adoption of NAND flash, persistent storage was generally based on mechanical devices.

We had punched tape and cards (both of which have pretty much disappeared), then tape and spin-

ning disk media, including hard drives and optical. All of these devices have physical characteristics that affect the perfor-mance of how data reads and writes.

But, as server virtualisation abstracts the virtual machine’s (VM) logical disks from the underlying physical storage, an issue that starts to arise is that of misaligned or unaligned input/output (I/O).

Unaligned I/O results in I/O performance degradation and is a result of misalignment of the logical blocks in the multiple lay-ers of abstraction between the virtual machine’s storage and the external presentation of the storage from a shared storage array.

To see why this problem has arisen we need to look at how stor-age is mapped to virtual machine guests from the external array.

Typically, storage area network (SAN) or network file system (NFS)-based storage will internally read and write data in fixed blocks or chunks, from sizes of 4K upwards.

On top of this we create, for example, VMFS (VMware vSphere) and VHD (Microsoft Hyper-V) file layouts.

Unaligned I/O: A storage performance killer

As the stack piles higher – with virtual servers, their virtual disks and guest operating systems – the scope for unaligned or misaligned

I/O to affect performance increases. Chris Evans reports

STORAGE PERFORMANCE

HOME

computerweekly.com 16-22 February 2016 25

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Both of these file systems operate slightly dif-ferently – Hyper-V uses the New Technology File System (NTFS) – but for the benefits of our exam-ple the relevant characteristics are the same. With VMFS-5 the allocation size is 1MB, with the size of I/O based on the guest itself.

Above that we have the VM guest and the file system within the operating system (OS), for example Microsoft Windows and NTFS which have a fixed, predefined cluster size. This arrangement is represented in Figure 1, which shows each layer aligned on LBA (logical block address) boundaries (starting from LBA=0). An I/O read or write to any block of VM guest data results in only one I/O at the storage layer.

Now look at the scenario where we have mis-alignment of I/O at the VM guest level in Figure 2. Writing to block O/S 2 results in two I/Os to the VMFS (but in this case only one to the underlying storage), while I/O to O/S 4 results in two to the hypervisor and two to the underlying storage.

Similar problems would also be seen if the VMFS was also misaligned.

At first glance, the alignment problem may not seem like a lot of overhead for the storage. After all, if a file is written in large blocks then one additional I/O among tens or hundreds may not be a problem.

But, with server virtualisation, the distribution of data across the VMFS results in highly random I/O, so the extra overhead of I/

STORAGE PERFORMANCE

Figure 1: Layers aligned on logical block address boundaries

VM guest

Hypervisor

Storage

❯We run the rule over the storage performance

metrics – latency, throughput and IOPS – that are key to

optimising virtual machines.

computerweekly.com 16-22 February 2016 26

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

Os to manage the misaligned data could be quite significant. Part of the reason for this is in the way the storage is written to the external storage array.

That’s because a partial update to a block of data on the SAN could generate multiple additional reads to get data from physical disk, make the par-tial updates and write the data back to disk again, compared with simply updating the entire block because the whole block is changing.

Why unaligned I/O mattersSo what are the effects of misaligned I/O? The most obvious is on storage performance. Although the impact will be variable – and dependent on the storage platform, the number of guests and

the amount of misalignment – the additional I/O load could be an additional 10-20%. In latency-dependent environments – such as with hard disk drive (HDD)-based arrays – this impact could be noticeable to VM guests, especially where there are lots of small-sized I/O requests.

The second possible area of impact is that of space optimisation on the storage array, both from

a thin provisioning and data deduplication perspective.Where the VM OS and storage are misaligned, data allocations

at the guest layer could cause additional storage to be physically reserved for the guest, as the logical allocation runs into the next logical allocation block in the unit size allocated to thin provision-ing. This overhead is likely to be small, however.

STORAGE PERFORMANCE

Figure 2: Misalignment of I/O at the VM guest level

VM guest

Hypervisor

Storage

❯Storage array makers’ spec sheets can be difficult to translate and sometimes prove misleading – the trick is to dig

out the devil in the detail.

computerweekly.com 16-22 February 2016 27

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

The other area that could have an issue is in data deduplication. If multiple operating systems are out of alignment, and if the deduplica-tion process is based on fixed size blocks, the potential savings from deduplication of similar data as seen by the storage array may not be fully realised. Simply shifting the LBA start point by one byte will defeat deduplication algorithms that expect data to have boundaries consistent with the under-lying storage platform.

Resolving unaligned I/OThankfully, today’s modern operating systems have largely fixed the alignment issue at the guest level.

Windows 2008 onwards, for example, aligns to a 1MB bound-ary for the boot drive, rather than the previous offset of 63 sec-tors (of 512 bytes) or 31.5kB, which was done to match physical disk geometry.

Most, if not all of the Linux-based operating sys-tems, also align correctly. Remember that these changes apply to new installations, but upgrades in place may not necessarily correct the problem.

At the hypervisor level, VMware’s ESXi 5.0 onwards allocates to a 1MB boundary for both VMFS3 and VMFS5 partitions. But, any partitions

created with earlier releases of VMFS/ESXi will still be aligned to 64KB, even if they are subsequently upgraded to VMFS5. These data stores (and their partitions) will need to be deleted and recreated to fix the alignment problem.

To see whether the problem exists, there are tools that can look at the host, hypervisor and the storage.

NetApp’s Data Ontap, for exam-ple, detects and reports on the amount of misaligned I/O detected on each logical unit number (LUN). Windows align-ment can be checked with multiple tools, including Diskpart, Windows Management Instrumentation Command-Line (WMIC) and fsutil. Linux systems can be checked with the fdisk utility.

For the hypervisor, VMware’s vSphere provides the partedu-til command that can be run from the ESXi command line. For Microsoft Hyper-V, alignment will be dependent on the under-

lying NTFS partition configuration that can be checked with standard Windows commands.

One final thought. The problems described in this article are manifested more with latency sensitive storage systems. As we move to flash systems and server-based caching, the overhead of misalign-ment may be much less noticeable and so not worth going back to correct. n

STORAGE PERFORMANCE

as We move To flash sysTems and server-based caching, The

overhead of misalignmenT may be much less noTiceable and so noT

WorTh going back To correcT

❯Virtualisation brings savings, but it is a challenge to ensure

storage performs efficiently. We survey the top five pitfalls and

how to avoid them.

computerweekly.com 16-22 February 2016 28

Home

News

AstraZeneca IT insourcing programme exceeds expectations

EU-US Privacy Shield: Can written assurances protect EU citizens’ data from US snoops?

University transforms IT to add value while focusing on simplicity and practicality

Editor’s comment

Buyer’s guide to containers and microservices

Cloud versus colocation: why both make sense for the enterprise now

Unaligned I/O: How it affects storage performance and what to do about it

Downtime

A drone in the claw is worth two in the bush

Dutch police have launched an initiative to target drones. We’ve seen people use air rifles to shoot down drones, now the Dutch police

are turning to a totally natural alternative: a real, live bird of prey that will happily pluck any quadcopter from the sky.

You know what they say about blokes who have transmitters with extra long antennas... Watch out – you’re next in the pecking order. n

DOWNTIME

❯Read more on the Downtime blog

AD

ICA

ZA

/BJD

LZX

/IST

OC

K