Latest ITAM News

The Risks of Evergreen IT

Who doesn’t like Green?

As a gardener, you prefer healthy plants, typically indicated by a lush green color of their leaves. In areas with cold or dry season, some plants have adapted to the climate and shed their leaves. Before this happens the leaves turn yellow, brown, sometimes red. This is part of a natural cycle and besides the fact that I – as a hobby gardener – have to deal with raking the leaves off my lawn I do like the color change. Nevertheless, as soon as the leaves are gone I miss them.

Talking about evergreen IT is a bit different. The botany parable is not fully applicable. Evergreen IT refers to IT services comprised of software and hardware components that are always up to date. The IT that is not regularly updated doesn’t turn yellow or brown during the year, stops working and is replaced (“raked”). That, by all means, could already be considered evergreen IT. IT that is not evergreen refers to legacy systems, software, and hardware that was selected and deployed to support a specific business process or to provide a specific IT service as set out in a technical concept. Those systems may be updated, but only with security patches or bug fixes. The core of the legacy systems is static, never overhauled and “withers”.

Taking a closer look at the current setup of hardware and software in companies I do see a whole lot of legacy and only a few green spots. The green is typically related to things like security (who likes to rely on outdated virus signatures?) or some innovation hot spots such as CRM or digital marketing where everyone likes the latest and greatest software. Other systems such as customized software solutions or even standard applications such as ERP, email, document management and here in particular databases are sometimes several years if not decades old. How many of your organizations still run SAP R/3 Enterprise (launched in 2002) or Exchange Server 2010 or Oracle DB 10G. I think it is worth mentioning that many of those systems are so old that the software publishers do not provide any support. When you ask a company why they still run such “relics” they give you a very reasonable answer: “The system is still good for what we need – and by the way – its to complex so if it ain’t broke, don’t fix it.”

You need to embrace Green!

That attitude will change. Not because companies think that they are better off with the most current hardware and software, but because software publishers have initiated a paradigm shift in the way they sell their software or services. For years, companies purchased versioned software and along the best fit hardware or the other way around. Sometimes the purchase of hardware and software included a support or maintenance agreement. With such an agreement in place – and if required – hardware parts would be replaced or updated to new software versions would be provided. If the hardware was fully functional for the duration of the support agreement a company would have never made use of it. If the software version was good enough and the cost to migrate to a newer version to high the company would stick to the older version, even with the right to upgrade. Now, what if you start using cloud computing services?
Cloud computing services are all about evergreen IT and to my understanding the only true evergreen IT offerings. In order to provide scalable standardized services companies such as Microsoft, Google, SAP, Oracle, Amazon run a stack of standardized software (version) and hardware (device type) which is constantly updated across all datacenters almost simultaneously. They do so since standardization reduces the risk of system failures (incompatibilities), eases system monitoring, reduces downtime, allows better discounts with hardware or software resellers and so on. In addition, most software services are now only available as cloud-based subscription offering, e.g. Adobe Creative Cloud or Microsoft Flow as part of Office 365, or the on premise version is delayed for a few months, e.g. Oracle DB Enterprise Edition 12c R2. So if you want to make use of those offerings you need to adopt the cloud and doing so implies that you are going for evergreen IT.

Several shades of Green?

You may like the idea of evergreen IT in the first place but there is downside to everything. Utilizing cloud service has many advantages, such as better scalability and elasticity of IT, reduced IT operational cost, quicker response to business needs etc. Many articles have been written about those benefits and how they relate to design, build, and run large-scale IT services. Also, the risks of cloud computing services have been thoroughly discussed, such as data security or provider dependency. Relating to the issue of dependency I would like to give it another perspective – where green turns to grey.

Consider a situation like the following:
You want to replace your existing solution for productivity, in this case a Microsoft Office 2010 environment combined with an Exchange and a SharePoint 2010 environment. You have heard about Office 365 and Google Apps for Work that could be options besides the option to migrate to a newer on premise version of Microsoft Office. After considering all the pros and cons, the migration cost, the software publisher strategy etc. you decide to go with Microsoft Office 365 E3. You start your migration and you decide to go with an on premise deployment of Office 365 ProPlus using the 2016 apps plus a mix of Exchange Online, SharePoint Online etc., but you keep a few mailbox servers in your data center as well as the AD and Domain Controller. Looking at the use rights you have you are in the green zone as long as you don’t want to sync your AD with Exchange Online and the other online services from Microsoft. Going the hybrid approach may require additional licenses, e.g. Enterprise Mobility Suite. Then you start your migration to Office 365 ProPlus. Since you operate 3.000 devices you expect a roll out project that can span 2 years. Still, you are covered with your licenses but by the end of the roll out a large portion of your Office 365 ProPlus deployments are not supported anymore since Microsoft requires a regular update of an Office 365 ProPlus deployment at least every 8 months. To be continued …

This example is not farfetched. I have had many clients that did not sign up for cloud computing services since it puts them behind the fence and the software publisher is the gardener, that decides where to plant, what to plant and how to maintain the plants. Some IT organizations are not ready to let go and to let someone else decide how much green or what shade of green is good for them.

What to consider before going for green?

In one sentence: There is no way around evergreen IT! The sooner you accept this fact the easier it will be to get your IT organization headed in the right direction. And there are many changes you need to make in order to be evergreen IT and cloud ready, e.g.:

  • Service catalogue and change management: Your company was used to ask for a new service or a change and got it. Since most cloud computing services are based on strict technological standards changes (improvements, e.g. bugfixes, new features) are in the hand of your service provider. You need to set out options that can be changed, focusing on service features rather than on look and feel, performance or availability.
  • Service and configuration management: You may be limited in monitoring IT assets. Especially with cloud computing services service monitoring is – besides some basic alerts – typically not provided by the software publisher. For configuration details, you need to rely on information provided by the software publisher. Get to know the technical footprints of your cloud computing services and set up processes and tools to track them.
  • Release and deployment management: There may be restrictions regarding the deployment and the setup of the software, deploying add-ons or templates. You may also be limited in testing the software especially its interoperability and compatibility. Therefore, you need to know the release strategy and release plans of your service provider and change your deployment processes accordingly.
  • Incident management: Using cloud computing services from a third party requires a service level agreement. You need to monitor the performance of the service provider in order to raise claims in case of poor performance. Considering your limitations in monitoring key performance indicators, e.g. availability, downtime, processing speed, and the lack of audit rights, you have to implement other means of control, such as regular management meetings with your service provider.

All the other bits and pieces of IT service management, i.e. management, availability management, capacity management, security management etc. are more or less in the hands of the service provider. The split of responsibilities will have a major impact on your IT organization and your IT operating model.

You should focus on the following 3 areas:

  1. Workforce: The majority of today’s IT workforce consists of IT system administrators that know how to deploy, run, monitor and change a specific system. As long as you decide to go with a hybrid or private cloud scenario they will still be needed and may have more work than before. They need to keep the remaining systems coordinated with a constantly changing evergreen cloud service which is like herding cats. Nevertheless, I expect that in the next 3 to 5 years at least some IT services, such as productivity, will become a commodity, a standard. This standard will then only be available in a public cloud scenario or only suitable for large enterprises if consumed as a public cloud service. In this case, the IT admins for Exchange or Lotus Notes become obsolete. You need to find new jobs for them. If they have the skills, they can become provider managers for the software publisher providing the services they used to be the on premise administrator for.
  2. Infrastructure: With the deployment of cloud services, the old on premise systems can be decommissioned, the data archived, storage reduced and network components downsized. Otherwise, the business case for cloud computing and evergreen IT will be deemed unprofitable. You should keep in mind that using cloud services will be a one-way street. No easy U-turns, no rollback. Your cloud business case should factor in the problem of lock-sourcing, i.e. you have no economically viable option to switch to another service provider if the first one fails to deliver on the agreed service level. Since you did cut-down on your IT infrastructure and the workforce that managed it you also cannot simply roll back unless you build everything back up.
  3. Processes: You need to enable your IT to perform in an environment where an external IT service provider updates the IT services every few weeks or months. This can be challenging. As aforementioned, you need to set up a provider management that is in close contact with the service provider to identify and – if possible – anticipate changes. Every change needs to be evaluated superfast, in days instead of weeks. Then you have to inform the business units and other internal customers you support regarding potential disruptions due to the change. Last but not least, you need to train the IT staff and the users.

Evergreen IT as a promise from cloud service providers sounds perfect. No more updates, always the latest features, state of the art IT. But you need to read between the lines. As long as you are looking for a hybrid or private cloud scenario evergreen IT can cost you money and reduce the flexibility in your IT operations instead of reducing cost or making your IT more agile. Going all in with a public cloud scenario can get you into lock-sourcing.

About Jan Hachenberger

Jan Hachenberger is Partner at ConSalt Unternehmensberatung GmbH