The AoA is a qualitative assessment of multi-cloud and hybrid cloud architectures against a set of six evaluative criteria. First, the criteria will be defined and, then, both the multicloud and hybrid cloud architectures will be assessed against them. The goal of the AoA is to provide a side-by-side comparison of multi-cloud and hybrid cloud architectures to help make agencies aware of the relative benefits and tradeoffs of each. Cloud architectures will not be scored because that would point to a recommendation of one architecture over another, which this guide intends to avoid. A one-size-fits-all solution is not appropriate for the varying IT environments across the federal community.
Evaluative Criteria
Cost Effectiveness concerns the costs associated with cloud architecture, relative to the impacts on effectiveness. For example, in a typical IaaS solution, cost savings may occur through a decreased need for staff dedicated to hardware maintenance, allowing them to focus on application deployments and other value-add projects. However, you should note that, in some cases, cost effectiveness may not translate into lower total cost. Indeed, as your IaaS provider creates more virtual servers to meet demand, costs will increase. The extent that costs do increase will depend, in part, on how well the operation of each cloud is optimized.
Manageability is the ease by which a given cloud architecture can be monitored, maintained, and controlled by operations staff. By having appropriate cloud orchestration tools and governance in place, an agency is well-equipped to handle the increasing complexity of managing multiple cloud services. Manageability also means interoperability and standardization, wherein one product or system within a cloud environment can work with another because they adhere to the same technical standards. The downstream effect is that operations staff are relieved of tedious, repetitive, and time-consuming tasks.
Performance is the speed by which a cloud service or cloud-based application operates. A central part of performance in cloud computing is scalability, or the ability of a service or application to handle a sudden increase in demand. In particular, scaling of the network, storage, and compute resources, also known as vertical scaling, generally increases performance. If your agency experiences large fluctuations in the number of end users, for example, it should weigh performance and scalability as important considerations.
Reliability is the ability of a cloud service or cloud-based application to function as needed by users. IT staff should reasonably expect that an application or service is available on demand, is secure, and offers the functionality necessary to complete the tasks at hand. Because completely continuous operation is not realistic, a critical consideration for your agency is the impact of downtime on mission-critical functions supported by its IaaS solution, and how a given architecture may help mitigate that impact.
Security and Privacy refer to the safeguards used to prevent unauthorized access to cloudbased applications, infrastructure, and data. An IaaS environment may be a target for cyberattacks if the CSP misconfigures authentication or security standards, or if attackers can break authentication and encryption. Under this criterion, one cloud architecture is considered favorable over another if it is better able to protect sensitive data and reduce the attack surface.
Workforce Requirements refer to new knowledge and skills needed by employees to implement and manage a multi-cloud or hybrid cloud environment effectively. Though costly, training often plays a critical role in providing employees with the requisite knowledge and skills. Thus, workforce requirements are favorable for an agency when they are low, not high, because the workforce is able to adapt effectively to the new cloud environment using the knowledge and skills they already have.
