Cost Effective IT Solutions
Larry Mattox
Government Solutions Specialist, VC3
Ryan Draughn
CIO, North Carolina League of Municipalities
VC3 Background
• Relationships with over 130 municipalities, counties, COGs
• Focused on small and medium local government
• Headquartered in Columbia with offices in Raleigh, NC and
Atlanta, GA
• Over 20 years experience
• Broad suite of technology solutions
• 85+ employees
Extensive Local Government IT Experience
Strategic Technology Partner
North Carolina League of Municipalities
Strategic Technology Partner
4
Major Themes for Today
• Things you need to know
• Your IT is more complex than you think • Who is making your municipality’s IT decisions? • What is your current support model? • Challenges when choosing the right IT plan • Technologies that save time and money • The Cloud
• IT is not visual - hard to compare to other needs • Significant IT $$$ are wasted every year
• It is hard to find someone to provide real IT guidance • Poor decisions – technology becomes outdated quickly • Key staff and Council need to be more savvy
Your IT is More Complex Than You Think
• Purchasing of PCs, servers, software licenses, network equipment, etc.
• Equipment and/or monthly cost for data backup
• A real Disaster Recovery plan for IT
• IT support (proactive, reactive, projects, etc)
Who Is Making Your IT Decisions?
• Committee
• Individual departments • IT staff member
• Employee who has city job, but is your IT • Small, one-man shop
• Larger, multifaceted company • Organization that provides
your software app • Organization that provides
What is Your Current IT Support Model?
• None • IT Staff Member
• Employee who has city job, but is your IT • Small, one-man shop
• Organization that provides your software app • Organization that provides other service… and some IT • Multi-faceted, full time IT company
Challenges when Choosing the Right IT Plan
• IT can be confusing. City knows Finance, HR, Police, Fire… not IT • No set standards for making a decision
• How much do you budget, or pay? • What qualifications do you use? • Reactive vs. Proactive
Technologies That Save Time and Money
• Hosted desktop
• Hosted telephony
• Cloud backups and DR
• Live helpdesk
• Budget planning and IT roadmap
• Web content management
• Online Services
Ryan Draughn
CIO - NC League of Municipalities
Good, Bad and Ugly
of Cloud Computing
The Cloud
• What is the “cloud”? • Issues with moving to the cloud • Status at NCLM
• The Good, Bad, and the Ugly • Overall Risks of Cloud Computing • Having a good contract
Agenda
What in the world is
Cloud Computing?
“Cloud Computing Definition”
Cloud computing, or something being in the cloud, is an expression used to describe a variety
of different types of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet.
Cloud computing is a term without a commonly accepted unequivocal scientific or technical definition
The popularity of the term can be attributed to its use in
marketingto sell hosted services in the sense of application service provisioning that run client server
software on a remote location
Source - Cloud Computing. (2013). In Wikipedia. Retrieved October 10, 2013, from http://en.wikipedia.org/wiki/cloud_computing
Public Cloud Providers
Similar to “Cloud Computing”, but not exactly…
Private Cloud: What is It?
• Dissimilar - data is not housed with true cloud service providers (Google, Amazon, etc.) and NOT co-mingled with any other organization’s data.
• Similar - connectivity via web browser will grant access to all NCLM applications from any device.
• Reoccurring software license fees • Insufficient skill level and quantity of IT
staff
• Lacks adequate backups & security • Slow restoral of critical business processes
after a disaster
• Expensive hardware – has to be constantly maintained and has short life span
Premised Based Environment
Enterprise Class Data Center
Hosted Environment
Why is moving to Cloud Computing challenging?
• MIS-Information: Business managers not getting GOOD information • Marketing materials are gimmicky and misleading
• Business managers recognize benefit but don’t understand all the dynamics • Most IT professionals see cloud services as extremely threatening to their
job and value they contribute to the organization • Glitches by public cloud providers make many uneasy
• Cloud service providers are selling services; they aren't ones you should get educated from
• Security concerns or paranoia?
• Organization may not be ready to handle the flexibility that cloud computing provides. Will personnel policies need to change?
Change in Culture and Change in Business Procedures • Change from CAPEX model to OPEX financial model
• IT infrastructure no longer purchased as capital expenses and depreciated over its lifecycle
• Instead, IT infrastructure paid as operating expense like a utility. • Shift of some “controls” and “administration” of IT equipment
• Outsourced vs. dedicated IT staff to perform these duties • Traditional IT duties shift from PC/network technicians to service
managers. Or said differently, IT will shift from being the “mechanics” to the “process improvers” or “service innovators”.
What we have done at NCLM?
Background/Status at NCLM
• Moved to Private Cloud Offering in December ‘12
• Utilize service from VC3 called Virtual Office Advantage (VOA) • Preceded by SA-Lite Managed Services contract in January ‘12 • Virtualized staff’s desktop environment (approx. 80 seats) • Hosted Exchange, Anti-SPAM, AV, File/Print Services. • Moved application servers running insurance claims system
(iVOS), Policy mgmt. (Navrisk), document mgmt. (Laserfiche), Finance (Navision), Association Mgmt. System (CRM).
Background/Status at NCLM (Cont.)
• Moved SharePoint (Intranet and Internet) • NCLM.org and other websites • Outsource helpdesk operations (24x7x365) • Minimal server/network hardware exists onsite • Now running on 64-bit architecture
• Dual monitors for all thin client staff (around 80% of organization) • Staff embraced change
• I’m still employed
• Provider supplying servers
• Provider supplying Thin Client, monitor, keyboard and mouse
• Pay for what I need on a per desktop/month basis
• Little to no up-front capital cost
• Scale up/down much more quickly
(in many cases monthly)
Background/Status at NCLM (Cont.)
27
Financial Component – Former Budget
Annual Software Cost Highlights
• Microsoft Enterprise Agreement
• SQL Server, Office, Exchange, SharePoint, CALs • Symantec Anti-Virus
• MailFoundry Anti-Spam • Network monitoring tools • Ticketing system software • Total: $33,818/annual
28
Annual Datacenter Cost Highlights
• Storage Area Network (SAN) • VMWARE Licenses • ESX Server Environment • Server Licenses • Sonicwall NSA and SSL VPN Total – $43,600/year
Doesn’t include HVAC costs and RISK of ownership
Financial Component – Former Budget
Standard Applications • Microsoft Office Standard Edition
• Word, Excel, PowerPoint, Outlook, OneNote…
• Microsoft Exchange Email
29
Now I pay only for what I Use (Per emp./Per month)
Storage
• Individual and shared storage for all users
Provider handles..
Backups• Nightly backups
• 30 days of Nightly Backups retention • Monthly and annual archives
30
Security • SPAM filtering
• End-point Anti-Virus for devices
Support
• 24x7Service Desk • Server and Network
• Administration • Patch Management
• Remote and Onsite Support
• Software application support • Patch management for
supported software
• User Satisfaction tracking
31
And provides..
Hardware
• Thin client, keyboard, mouse and monitor • All-in-one unit
32 Reports and Documents
• IT Documentation • IT Performance Report • Best Practices and Policies Library The Cloud
Shoot it to me straight
What’s
really the
deal?
• Change in culture: Adopting processes from outside firm • Ticketing system, storage quotas, billed for usage, etc. • Staff may lose individual preferences
• Windows Search/Desktop features • Oversight of IT operations changed
• Managing dynamics between IT support staff • May have to re-org, re-align or displace • Loss of in-house technical skills over time • IT under a microscope – Cloud commitment
• Printing • Scanning • Sound volume • New procedures/change
The Bad
The Ugly
• May have to abandon/re-work contracts or relationships with existing partners • Cloud provider contract negotiations can be dicey
• Could upset existing IT staff – will they follow your lead? • Equipment or provider loyalty will likely change • Devote time to training
• Properly set expectations. • Staff may not like what they hear
(but say it anyway) • May need to dangle some carrots
The Good
• Organization sees IT in new positive light - Empowerment vs. Service based • Focus on enhancements/projects instead of putting out fires • CIO - Organizational leader versus IT leader
• Less servers – good exercise to condense VMs that were needed • Disaster Recovery/COOP plan more flexible and easier to implement
• Enhances staff’s capabilities – Remote work environment, changing work/life balance, generational workforce embraces
• Less pressure on BYOD • Simplified budgeting
• Monthly cost per employee
• Elimination of hardware capital investment • Monitoring of apps by team of engineers
• Example of Claims app improvement • Proactive monitoring
• Managed services produced substantial savings: Approximately 25-25% • Private cloud service move more costly in year 1: Approximately 5% higher
• Software licenses had to be converted to TLP or required pro versions • Estimated net – neutral savings in year two and beyond
• Hard to calculate efficiencies gained in IT NOT managing hardware but offering process and business improvements
• Hard to calculate overall staff productivity gain by offering more flexible work options, less downtime, faster application response time, new application access options.
Contract Guidelines
Ownership of Data
All data provided by Client Company to Service Provider pursuant to the Agreement is and shall remain the sole property of Client Company and Client Company reserves all right, title and interest (including all intellectual property and proprietary rights) in and to such data.
Contract Guidelines – Cont.
Access to Data
At its sole discretion, Client Company retains the right to access and retrieve data provided by Client Company that is stored on Service Provider’s infrastructure. This includes physical access to data as well as the right to request data be retrieved by Client Company. The Client Company will give Service Provider advanced notification of 15 days for data access or retrieval.
Contract Guidelines – Cont.
Data Disclosure to Third Parties
Service Provider will not receive, transmit or otherwise deliver any data provided by Client Company outside of the continental United States, nor will Service Provider transmit or otherwise deliver any such data to any third party (except for Client Company’s employees) without Client Company’s prior written consent.
Contract Guidelines – Cont.
Disposition of Data Upon Agreement Termination Upon termination of the Agreement, Service Provider shall, at the option of the Client Company, either return all the data provided by Client Company and any copies thereof to the Client Company, or destroy all the data provided by Client Company and any copies thereof and certify to Client Company that it has done so. Service Provider shall perform its obligations under this paragraph in accordance with the selected option of Client Company within thirty (30) days after Service Provider is notified of the option selected. If Client Company elects that data provided by it be returned, then Service Provider shall make available to Client Company for a complete and secure (i.e. encrypted and appropriately authenticated) download file of Client Company’s data in its native format. The Client Company may optionally request that data be physically returned on hard drives or other physical media. Service Provider warrants that upon request of Client Company, it will submit its data processing facilities for an audit of the measurers described herein.
Contract Guidelines – Cont.
Data Breaches
Service Provider shall report, either orally or in writing, to Client Company any use or disclosure of data provided by Client Company not authorized by the Agreement or in writing by the Client Company, including any reasonable belief that an unauthorized individual has accessed such data. Service Provider shall make the report to Client Company immediately upon discovery of the unauthorized disclosure, but in no event more than two (2) business days after Service Provider reasonably believes there has been an unauthorized use or disclosure. Service Provider’s report shall identify: (I) the nature of the unauthorized use or disclosure, (ii) the Client Company’s data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure, (iv) what Service Provider has done or shall do to mitigate any detrimental effect of the unauthorized use or disclosure, and (v) what corrective action Service Provider has taken or shall take to prevent future similar unauthorized use or disclosure. Service Provider shall provide such documentation, including a written report, as reasonably requested by Client Customer.
Data Storage Location
Service Provider agrees to receive, store and process all data provided by Client Company only in the continental United States.
Contract Guidelines – Cont.
Deposition in Litigation
Service Provider agrees to be deposed in litigation cases where data administration processes are required. Any costs incurred by service provider in time or resources is the responsibility of the service provider.
The Cloud