Critical Capabilities for Public Cloud Infrastructure as a Service

15 October 2013 ID:G00255647
Analyst(s): Lydia Leong

VIEW SUMMARY

Public cloud IaaS offerings are not commodities. Buyers must choose an offering that matches their use case and specific needs. We compare 15 public cloud IaaS services against nine critical capabilities in four use cases.

Overview

Key Findings

This document was revised on 20 November 2013. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.

  • Most public cloud infrastructure as a service (IaaS) offerings can capably deliver virtual machines (VMs), along with basic storage and networking capabilities associated with those compute resources. However, the depth and breadth of the providers' feature sets vary significantly, so buyers must evaluate the offerings carefully.
  • Most public cloud IaaS providers focus their service offerings to target either new applications and the needs of developers, or existing applications and the needs of IT operations organizations. Although providers are gradually expanding their offerings to target both audiences, buyers must prioritize their needs accordingly.
  • Few public cloud IaaS providers are truly at scale. While most are able to easily flex with the typical enterprise's capacity demands, most have fewer than 10,000 physical hosts underlying their cloud, and many have fewer than 2,000. Most providers are focused on customers whose capacity needs are not highly dynamic. Buyers must ensure that the offering they choose is at sufficient scale for their needs.

Recommendations

  • Try several offerings before committing to any one service. Many public cloud IaaS offerings can be bought by the hour, without any contractual commitment.
  • Assume that cloud IaaS offerings are not interchangeable, and that where you place a workload will be where it stays. Although there can be relatively little "lock-in" for public cloud IaaS, moving between providers is similar to doing a data center move; it can be time-consuming, expensive and risky. Consider the strategic future of a provider before migrating a significant percentage of your applications into its cloud.
  • Use cloud IaaS to drive IT transformation, not just to get VMs quickly. Many providers have features that can help you to drive more automated IT infrastructure, improve the quality of operations and transform toward a DevOps philosophy. While adoption of these features typically increases lock-in, it also significantly enhances the value you receive from the service.

Table of Contents

What You Need to Know

Public cloud IaaS is of growing interest to organizations of all sizes. In the early years of the market, it was used primarily for application development and testing, for batch computing and for new applications designed with cloud-native architectures, but it is increasingly used for mainstream business applications as well, including mission-critical enterprise applications. Small and midsize businesses (SMBs) have broadly adopted public cloud IaaS for their infrastructure needs. Some midmarket companies have begun the process of migrating a significant percentage of their workloads onto public cloud IaaS. While enterprise adoption of public cloud IaaS is typically tactical, most enterprises are placing select projects on public cloud IaaS.

Organizations typically adopt public cloud IaaS because they have a requirement for business agility, not for cost savings. Many organizations adopt a provider in a tactical fashion, often on a credit card and click-through agreement, and then negotiate an enterprise agreement later. It is common to conduct a formal RFP after the organization already has some, or even a large amount of, public cloud IaaS adoption; this is typically done to reduce the number of suppliers, gain volume discounts and improve governance.

Both the market and the underlying technology are maturing rapidly, but no single public cloud IaaS provider is an optimal fit for all use cases. Many organizations that make significant use of public cloud IaaS will maintain enterprise agreements with at least two such providers, and have policies that determine which provider is used, based on the use case and requirements.

This Critical Capabilities report compares four common use cases for public cloud IaaS — application development, batch computing, cloud-native applications and general business applications — against nine critical capabilities. It should help you draw up a shortlist of appropriate providers for the public cloud IaaS use cases in your organization.

Analysis

Introduction

Since 2011, CIOs have ranked increasing enterprise growth, attracting and retaining new customers, and creating new products or services as their top business strategy priorities. Reducing enterprise costs and delivering operational results are also critical, but in the past three years businesses have tended to focus on growth, rather than cost containment. This has placed tremendous stress on the IT organization, which is being pressured to help the business rapidly deliver on its critical initiatives.

Most IT operations organizations have struggled to keep up with the demands of the business. Not only are they asked to rapidly deliver infrastructure for new initiatives, but these initiatives are often not part of the year's IT budget, and the demands are made without warning. Moreover, some of these initiatives result in unpredictable capacity demands, because the business cannot accurately predict the degree of success it will experience. Finally, some of these initiatives use application architecture patterns that are new to the organization.

As a result of these challenges, many application development organizations have turned to public cloud IaaS. In the past, many organizations that adopted public cloud IaaS often thought of it as a temporary solution — usually pending the organization building its own private cloud — but Gartner has found that most projects that begin with public cloud IaaS usually stay there, moving from the development phase into production. Furthermore, when the organization successfully deploys a private cloud, many developers continue to prefer to use public cloud IaaS, usually because it offers greater control, flexibility, ease of use and more self-service automated features. Consequently, many organizations now see the choice of a public cloud IaaS provider as strategic, even if they intend to continue to run most of their IT infrastructure internally.

Many organizations conduct no more than a cursory provider evaluation before adopting public cloud IaaS, and simply choose to use Amazon Web Services (AWS), whose brand is nearly synonymous with public cloud IaaS and has an overwhelmingly dominant market share, with more than five times the compute capacity in use than the next 14-largest providers put together. However, we are still at an early stage in the market, competitive capabilities are evolving rapidly, and every provider has a particular focus; the list of best-fit providers will change dramatically with each broad use case. Market share can have little relation to a provider's capabilities, and buyers should conduct a technical evaluation. A provider that seems like a good fit for a particular category of use case might not be an ideal fit for a specific need, as individual technical and business requirements and priorities vary.

The variation in providers' capabilities and the rapid enhancement of those capabilities means that IT organizations that have not adopted public cloud IaaS should conduct an in-depth competitive evaluation. Also, organizations with one or more incumbent providers should review the competitive landscape annually to ensure their providers are still the best ones for their requirements.

Product Class Definition

Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using Internet technologies. Cloud IaaS is a type of cloud computing service; it parallels the infrastructure and data center initiatives of IT. Cloud compute IaaS constitutes the largest segment of this market (the broader IaaS market also includes cloud storage and cloud printing). In this document, we use the term "cloud IaaS" synonymously with "cloud compute IaaS."

Cloud IaaS is a standardized, highly-automated offering where compute resources, complemented by storage and networking capabilities, are owned by a service provider and offered to the customer on demand. The resources are scalable and elastic in near-real-time, and metered by use. Self-service interfaces are exposed directly to the customer, including a Web-based UI and, optionally, an API. In public cloud IaaS, the resources are multitenant and hosted in the service provider's data centers.

Public cloud IaaS is typically used to substitute for VMs and associated infrastructure that are running within a customer's own data center. Many buyers are attracted by the self-service capabilities, which require no interaction with the provider or other human intervention. Also, because the resources are metered by the hour, and can usually be bought without any kind of contractual commitment, public cloud IaaS is often perceived as an inexpensive alternative to traditional IT infrastructure.

No private cloud IaaS offerings are evaluated, whether standardized or customized.

Critical Capabilities Definition

Public cloud IaaS needs to be evaluated for its technical suitability to the needs of particular workloads, as well as the organization's governance needs. This report examines nine broad critical capability areas that IT organizations should consider when evaluating public cloud IaaS offerings:

  • Compute resilience. This category encompasses features that are important for VM availability, such as fast VM restart (rapid detection of physical host failure and automatic restart of the VMs on another host), reduction of maintenance downtime through live migration of VMs, and automated replication across data centers. While the availability of the control plane and other resource elements are considered here, the emphasis is strongly on VM availability, which is important for workloads that assume infrastructure resilience. Most non-cloud-native applications are architected with the assumption of compute resilience, and most enterprise virtualization environments take advantage of the compute resilience features of the hypervisor.
  • Architectural flexibility. This category encompasses features that provide a customer with a breadth of resource types and architectures. This includes elements such as flexible VM sizes, "bare metal" servers, complex network topologies and multiple tiers of storage.
  • Security and compliance. This category encompasses features that are important to security, compliance, risk management and governance. It covers specific security measures such as network access control lists (ACLs), intrusion detection and prevention systems (IDS/IPS), multifactor authentication and encryption. It also includes aspects such as the availability of audits, logging and reporting, and the ability to use the service if you have regulatory compliance needs, such as those of the Payment Card Industry Data Security Standard (PCI DSS), the Federal Information Security Management Act (FISMA) and the Health Insurance Portability and Accountability Act (HIPAA).
  • User management. This category encompasses features that are necessary to provision and govern multiple users of the service, particularly if you have large development, engineering or research teams. It covers aspects such as role-based access control, quotas, leases and integration with enterprise directory services.
  • Enterprise integration. This category encompasses features that are needed to operate in a "hybrid IT" environment. That includes secure extension of the organization's WAN, data migration features and workload migration features.
  • Automation and DevOps enablement. This category encompasses IT operations management (ITOM) features, particularly those necessary to manage infrastructure in a DevOps fashion. It includes aspects such as the service catalog, templates, application life cycle management (ALM) and metadata tagging. It also includes additional complementary services, such as monitoring and database as a service.
  • Scaling. This category encompasses features related to scaling applications and workloads. It includes aspects such as load balancing, auto-scaling, resizing of existing VMs and speed of provisioning.
  • Big data enablement. This category encompasses features that are typically desired for large-scale data processing, such as access to large VM sizes, large quantities of capacity on demand and graphics processing units (GPUs). It also covers capabilities such as object storage and Hadoop as a service. ("Big data" is used as a convenient catch-all label for this criterion, rather than literally encompassing big-data-specific capabilities.)
  • API. This category indicates the comprehensiveness of the API and its ability to provide full access to the provider's range of capabilities. Aspects such as the availability of the control plane and API, and its responsiveness to a large number and high rate of requests, are also considered.

It is important to note that these are broad categories, not granular capabilities; they are inclusive of a range of features, and we do not provide a comprehensive list of these features. Because each of the categories includes a large number of features, the scoring in each category is directional. In general, a score of 3 indicates that a provider is able to fulfill the most critical features in that category. However, it is possible that a provider may be missing some important features in that category, yet has other strengths that increase its score in that category. You will need to conduct an in-depth evaluation of your shortlisted providers in order to determine whether they meet your specific needs.

This Critical Capabilities report is not intended to be a granular evaluation of providers' capabilities. If you are seeking an in-depth technical evaluation of providers, you should consult Gartner's "Evaluation Criteria for Public Cloud IaaS Providers" and the associated evaluations of individual providers against those criteria.

If you are looking for an evaluation of providers in the broader context of the entire cloud IaaS market, including their private cloud IaaS services, please consult the "Magic Quadrant for Cloud Infrastructure as a Service." Keep in mind, however, that a Magic Quadrant is not a product evaluation; it considers many business factors as well, and it looks at providers' recent execution and vision for the future. Furthermore, the Product/Service rating of a provider on the Magic Quadrant can be significantly different from its rating in this Critical Capabilities evaluation, since this report takes into account only one specific public cloud IaaS offering of each provider, whereas the Magic Quadrant takes into account providers' entire cloud IaaS portfolios.

Note that this Critical Capabilities report considers only those features that are available strictly within the context of the provider's public cloud IaaS offering. Importantly, "hybrid" capabilities that require the use of dedicated servers (that cannot be directly provisioned via the graphical user interface and API for public cloud IaaS) are not counted.

This market is changing extremely quickly. Some providers release features as often as several times per week, and many providers release features at least once a quarter. Providers do occasionally remove existing capabilities, as well. When evaluating service providers, ensure that you understand the current state of each provider's offering. The quantitative assessment is current as of August 2013 (matching the Magic Quadrant), for features that are in general availability; the description of each vendor is accurate as of September 2013.

Use Cases

This report evaluates the capabilities of specific public cloud IaaS offerings to participate in four different use cases (see Table 1):

  • Application development. Many organizations begin their use of public cloud IaaS with this use case, often with a single developer in ad hoc adoption. However, as usage grows from an individual developer to the entire development organization, so do the needed capabilities. Here, we consider an application development environment for a large team of developers that must have appropriate governance and security and interoperability with the organization's internal IT infrastructure — one that should enhance that team's productivity with self-service, automated capabilities.
  • Batch computing. This is a use case that is particularly well-suited to public cloud IaaS and can be an exceptionally cost-effective use. It includes high-performance computing (HPC), data analytics and other one-time (but potentially recurring), short-term, large-scale, scale-out workloads. Big data enablement capabilities are the majority of the weighting. Since many such workloads depend on a high degree of automation, consideration is given to those aspects as well. Enterprise integration also has some importance, because such workloads often use data that originates on-premises.
  • Cloud-native applications. This use case includes applications at any scale, which have been written with the strengths and weaknesses of public cloud IaaS in mind. Such applications assume that resilience must reside in the application and not in the infrastructure (low "compute resilience" weight), that the application can run well in a variety of underlying infrastructure configurations (low "architectural flexibility" weight), that the customer's IT organization will attend to security concerns (low "security" weight), and there are only minimal integrations with existing on-premises infrastructure and applications (low "enterprise integration" weight). However, automation, API capabilities, and scale-out capabilities are extremely important. Because many such applications have big data aspects, the big data enablement capabilities also receive a high weight in this use case.
  • General business applications. This use case includes all applications that were not designed with the cloud in mind, but that can run comfortably in virtualized environments. Such applications are designed with the expectation that the infrastructure is resilient and offers consistently good performance. An organization intending to move existing enterprise applications into the cloud typically places a strong emphasis on security, and the public cloud IaaS needs to interoperate smoothly with the existing internal IT infrastructure. To gain more benefit from moving to the cloud, the organization needs the service to deliver additional value-added automation, but the organization is unlikely to make much use of the API, except possibly via third-party tools.

All use cases have been constructed with the needs of enterprises and midsize businesses in mind — organizations that have existing IT environments, infrastructure and applications, along with security and compliance requirements. Technology startups and other "greenfield" projects are likely to have different needs and criteria.

Table 1. Weighting for Critical Capabilities in Use Cases

Critical Product Capabilities

Overall

Application Development

Batch Computing

Cloud-Native Applications

General Business Applications

Compute Resilience

15.0%

1.0%

1.0%

5.0%

20.0%

Architectural Flexibility

15.0%

10.0%

6.0%

5.0%

10.0%

Security and Compliance

10.0%

10.0%

1.0%

3.0%

20.0%

User Management

10.0%

25.0%

1.0%

2.0%

4.0%

Enterprise Integration

10.0%

15.0%

5.0%

5.0%

20.0%

Automation and DevOps Enablement

15.0%

25.0%

8.0%

20.0%

14.0%

Scaling

10.0%

5.0%

7.0%

15.0%

8.0%

Big Data Enablement

5.0%

1.0%

65.0%

20.0%

2.0%

API

10.0%

8.0%

6.0%

25.0%

2.0%

Total

100.0%

100.0%

100.0%

100.0%

100.0%

Source: Gartner (October 2013)

Inclusion Criteria

The vendor inclusion criteria for this report are identical to those for the "Magic Quadrant for Cloud Infrastructure as a Service." Furthermore, all the services in this evaluation meet the following criteria:

  • They are public cloud IaaS, by Gartner's definition of the term.
  • The service is in general availability, and is offered globally.
  • The service's data centers are in at least two metropolitan areas, separated by a minimum of 250 miles, on separate power grids, with SSAE 16, ISO 27001 or equivalent audits (see Notes 1 and 2).
  • A Web services API is available to all customers.
  • Provisioning occurs in real-time, with the smallest available Linux VM available within 10 minutes.
  • Applications can be scaled beyond the capacity of a single physical server.
  • There is an allowable VM size of at least eight vCPUs and 24GB of RAM.
  • The enterprise can securely extend its network into the public cloud IaaS offering. (At a minimum, this requirement can be met with an IPsec VPN.)
  • There is an SLA for compute, with a minimum of 99.9% availability.
  • Customers can receive an invoice, and multiple accounts can be consolidated under one bill.
  • Customers can negotiate a customized contract.
  • The provider offers 24/7 support, including phone support. (In some cases, this is an add-on to the service, rather than being included in the base service.)

All the providers in this evaluation are among the top 15 providers by Gartner-estimated market share for the relevant segments of the overall cloud IaaS market (public and standardized private cloud IaaS, excluding small deployments of two or fewer VMs). If a provider has multiple offerings that meet our definition for public cloud IaaS, we have selected the most capable offering to evaluate here.

There are many additional providers of public cloud IaaS that are worthy of your consideration, even though they are not included in this report. Providers that are regional or have less market share are not included in this report, even if they have offerings superior to those of included providers. Furthermore, this evaluation excludes two services that are of interest to many prospective customers of public cloud IaaS, because they are not yet generally available: Google Compute Engine and VMware vCloud Hybrid Service.

Critical Capabilities Rating

Each service that meets our inclusion criteria has been evaluated on several critical capabilities (see Table 2 and Figure 1), on a scale from 1.0 (lowest ranking) to 5.0 (highest ranking).

Table 2. Product Rating on Critical Capabilities

Product Rating

Amazon Web Services

CSC BizCloud VPE

Dimension Data Public CaaS

Fujitsu Cloud IaaS Trusted Public S5

GoGrid

HP Public Cloud

IBM SoftLayer CloudLayer Computing

IBM SmartCloud Enterprise

Joyent

Microsoft Windows Azure Infrastructure Services

Rackspace Public Cloud

Savvis Symphony VPDC

Tier 3

Verizon Terremark Enterprise Cloud

Virtustream

Compute Resilience

1.2

4.0

3.1

2.0

3.0

2.0

2.6

1.0

2.5

2.7

1.1

4.0

4.0

4.0

4.5

Architectural Flexibility

4.0

4.2

1.5

2.0

3.5

1.5

4.1

1.7

3.7

2.3

2.7

3.0

3.9

3.1

3.3

Security and Compliance

3.7

4.0

2.7

2.5

3.8

1.3

3.1

1.0

3.2

1.7

2.3

4.5

2.0

4.7

5.0

User Management

4.5

4.7

3.0

3.1

2.5

3.0

2.8

1.5

1.0

2.0

2.2

4.3

3.3

3.2

3.0

Enterprise Integration

3.3

4.5

3.0

2.1

2.0

1.5

1.3

1.0

3.0

2.2

2.0

4.3

4.0

3.8

4.0

Automation and DevOps Enablement

5.0

3.7

3.0

2.8

1.5

3.5

3.1

1.3

3.3

3.5

3.5

2.3

4.0

1.2

1.0

Scaling

5.0

4.3

2.5

2.0

2.5

1.5

2.3

1.0

3.0

2.7

2.5

2.0

4.0

2.3

1.3

Big Data Enablement

5.0

1.2

1.4

2.5

1.5

2.5

3.0

2.7

4.5

3.5

2.7

1.8

1.6

1.1

1.6

API

5.0

2.0

3.5

3.0

3.0

3.5

3.7

2.7

3.3

3.5

3.5

2.0

3.1

3.6

3.0

Source: Gartner (October 2013)

Figure 1. Overall Score for Each Vendor's Product Based on the Nonweighted Score for Each Critical Capability
Figure 1.Overall Score for Each Vendor's Product Based on the Nonweighted Score for Each Critical Capability

Source: Gartner (October 2013)

To determine an overall score for each product in the use cases, the ratings in Table 2 are multiplied by the weightings shown in Table 1. These scores are shown in Table 3.

Table 3. Overall Score in Use Cases

Use Cases

Amazon Web Services

CSC BizCloud VPE

Dimension Data Public CaaS

Fujitsu Cloud IaaS Trusted Public S5

GoGrid

HP Public Cloud

IBM SoftLayer CloudLayer Computing

IBM SmartCloud Enterprise

Joyent

Microsoft Windows Azure Infrastructure Services

Rackspace Public Cloud

Savvis Symphony VPDC

Tier 3

Verizon Terremark Enterprise Cloud

Virtustream

Overall

3.9

3.8

2.7

2.4

2.7

2.3

2.9

1.5

3.0

2.7

2.5

3.2

3.5

3.1

3.0

Application Development

4.4

4.0

2.8

2.6

2.4

2.5

2.9

1.4

2.7

2.6

2.7

3.4

3.5

2.9

2.8

Batch Computing

4.8

2.1

1.9

2.5

1.9

2.4

3.0

2.3

4.0

3.3

2.7

2.1

2.4

1.7

1.9

Cloud-Native Applications

4.6

3.0

2.7

2.6

2.3

2.6

3.0

1.9

3.4

3.1

2.9

2.4

3.2

2.5

2.3

General Business Applications

3.5

4.0

2.7

2.3

2.7

2.0

2.7

1.2

3.0

2.5

2.3

3.6

3.5

3.4

3.5

Source: Gartner (October 2013)

Product viability is distinct from the critical capability scores for each product. It is our assessment of the vendor's strategy, and of the vendor's ability to enhance and support a product throughout its expected life cycle; it is not an evaluation of the vendor as a whole. Four major areas are considered: strategy, support, execution and investment. Strategy includes how a vendor's strategy for a particular product fits in relation to the vendor's other product lines, market direction and overall business. Support includes the quality of technical and account support, as well as customer experiences with the product. Execution considers a vendor's structure and processes for sales, marketing, pricing and deal management. Investment considers the vendor's financial health, and the likelihood that the individual business unit responsible for a product will continue to invest in it. Each product is rated on a five-point scale, from poor to outstanding, for each of the four areas, and is assigned an overall product viability rating.

Table 4 shows the product viability assessment.

Table 4. Product Viability Assessment

Amazon Web Services

CSC BizCloud VPE

Dimension Data Public CaaS

Fujitsu Cloud IaaS Trusted Public S5

GoGrid

HP Public Cloud

IBM SoftLayer CloudLayer Computing

IBM SmartCloud Enterprise

Joyent

Microsoft Windows Azure Infrastructure Services

Rackspace Public Cloud

Savvis Symphony VPDC

Tier 3

Verizon Terremark Enterprise Cloud

Virtustream

Product Viability

Outstanding

Excellent

Excellent

Excellent

Good

Good

Good

Fair

Good

Excellent

Good

Good

Good

Excellent

Good

Source: Gartner (October 2013)

The weighted capabilities scores for all use cases are displayed as components of the overall score.

Figure 2 shows the overall use case scores.

Figure 2. Overall Use Case
Figure 2.Overall Use Case

The weighted capabilities scores for all use cases are displayed as components of the overall score.

Source: Gartner (October 2013)

Figure 3 shows the application development use case scores.

Figure 3. Application Development Use Case
Figure 3.Application Development Use Case

The weighted capabilities scores for all use cases are displayed as components of the overall score.

Source: Gartner (October 2013)

Figure 4 shows the batch computing use case scores.

Figure 4. Batch Computing Use Case
Figure 4.Batch Computing Use Case

The weighted capabilities scores for all use cases are displayed as components of the overall score.

Source: Gartner (October 2013)

Figure 5 shows the cloud-native applications use case scores.

Figure 5. Cloud-Native Applications Use Case
Figure 5.Cloud-Native Applications Use Case

The weighted capabilities scores for all use cases are displayed as components of the overall score.

Source: Gartner (October 2013)

Figure 6 shows the general business applications use case scores.

Figure 6. General Business Applications Use Case
Figure 6.General Business Applications Use Case

The weighted capabilities scores for all use cases are displayed as components of the overall score.

Source: Gartner (October 2013)

Vendors

Each of the public cloud IaaS offerings rated in this Critical Capabilities report is briefly summarized below. This is not a comprehensive list of capabilities, nor does it fully note all deficient or missing common capabilities. Charts that summarize comparisons of offerings, features and data center locations are provided in "Toolkit: Comparison Matrix for Cloud Infrastructure as a Service Providers, 2013."

Throughout the offering descriptions, VM sizes are stated as "vCPU x RAM"; for instance, "8x24" refers to eight vCPUs and 24GB of RAM. In general, a vCPU maps to a physical core on a CPU, but not always; implementations vary between providers, and may actually vary within a particular provider's infrastructure, since many providers have multiple generations of hardware in their cloud. CPU performance varies widely, so if it is very important to you, you should carry out your own benchmarks. Maximum VM sizes are provided as a guideline for understanding the scope of what a provider offers.

Offerings that use VMware's vSphere hypervisor are described as vCloud Datacenter Services, vCloud Powered or VMware-virtualized; the first two types of offerings use VMware's vCloud Director (vCD) software and offer access to the vCloud API.

Amazon Web Services

AWS has a very rich suite of public cloud IaaS capabilities. Its VMs are fixed-size, but it offers a wide range of VM sizes, with a maximum VM size of 32x244. It has significant HPC-specific capabilities, including clusters with high-performance network interconnect and GPUs, as well as a very large capacity pool. Although local storage is ephemeral, it also offers VM-independent persistent block storage (Elastic Block Store). Solid-state drives (SSDs) are an option. Storage performance can be highly variable, unless the customer buys the Provisioned IOPS option to keep performance within a certain range. The Simple Storage Service (S3) offers object-based storage that can be automatically archived to Amazon Glacier long-term storage. Complex networking is possible with the Amazon Virtual Private Cloud (VPC) service, and customers that need private connectivity or colocation with low-latency distance can obtain it via Amazon Direct Connect and its data center partners. However, AWS does not have important infrastructure resilience features such as fast VM restart or live migration for maintenance. It does offer continuous availability on its control plane, and there are no general maintenance windows.

AWS Identity and Access Management (IAM) capabilities include exceptionally granular role-based access control (RBAC) for both users and API keys, and there are mechanisms for enterprise directory integration. AWS has automation capabilities intended to simplify workload deployment (Elastic Beanstalk, CloudFormation and OpsWorks), along with services that automate common infrastructure needs, such as database as a service (Relational Database Service) and in-memory caching as a service (ElastiCache). Data warehousing as a service (RedShift) is in beta. AWS also has platform as a service (PaaS) capabilities that are directly part of its service. AWS's API covers the full range of its service capabilities; services are usually introduced via API first, with the management console GUI added later.

AWS is focused on enabling developers, but it has increasingly tried to satisfy the needs of IT operations organizations as well. AWS has broad appeal, and has been widely adopted across a wide range of organization sizes and industries. Organizations that place a high priority on using the market leader, the most innovative provider or the provider with the largest partner ecosystem may even consider using AWS for use cases where it is not an ideal fit.

See "Amazon Web Services (AWS): In-Depth Assessment" for a detailed technical evaluation.

CSC

Offering evaluated: BizCloud Virtual Private Environment (VPE)

CSC has a common platform for its public and private cloud IaaS offerings, which are all offered at a single price point, but with different minimum capacity and commitment requirements. CSC's BizCloud VPE offering has single-tenant compute but multitenant storage and networking. However, the capabilities of CSC's CloudCompute offering, which uses multitenant compute, and BizCloud, which is fully single-tenant, are nearly identical; new capabilities are introduced into BizCloud before being rolled out into CloudCompute.

CSC's cloud IaaS offerings are vCloud Datacenter Services, built on VCE's Vblock hardware. Most capabilities of vCD are available to the customer, but CSC also offers its own easier-to-use portal. CSC has integrated a significant number of other ITOM tools into the service, including ALM capabilities. It offers high-availability infrastructure, as well as optional automated disaster recovery capabilities. Although VM sizes are flexible, the maximum VM size is 8x64, limiting the offering's suitability for big data applications.

CSC is focused on enabling data center transformation. Its offering will appeal to traditional IT operations organizations that value enterprise-class availability, security and governance, or VMware-based hybrid interoperability, or that would like to gradually transform toward a DevOps philosophy.

Dimension Data

Offering evaluated: Dimension Data Public Compute as a Service (CaaS)

Dimension Data has a common platform for its public and private cloud IaaS offerings, obtained through the 2011 acquisition of OpSource. It is VMware-virtualized, and uses VMware's high-availability features. However, the portal and API are Dimension Data's own. The RBAC is resource-based.

Dimension Data's Public CaaS has a solid set of core resource-provisioning features. The Cisco-based networking implementation is clean and supports complex network topologies. However, the range of other architectural options is more limited. There is no VM-independent block storage, and although there is an option for SSD-accelerated storage, there is no full, guaranteed SSD storage placement. Although VM sizes are flexible, the maximum VM size is only 8x64 (although Dimension Data has launched one data center with a maximum VM size of 16x128).

With this offering, Dimension Data is focused on enabling developers, but also providing an environment that can reliably run production applications; via OpSource, it has a long history in the SaaS hosting business. The offering will appeal to developers that want an enterprise-class, VMware-based infrastructure and do not have a heavy DevOps orientation.

Fujitsu

Offering evaluated: Fujitsu Cloud IaaS Trusted Public S5

Fujitsu has a common global platform for its public and private cloud IaaS offerings. S5 offers Fujitsu's own portal and API; it uses Fujitsu's Resource Orchestrator — Cloud Edition to provide its visual designer for infrastructure, as well as significant depth of portal features. Solid features for user management include not only RBAC but also quotas and service catalog capabilities.

Although Fujitsu targets the enterprise market, S5 is Xen-virtualized, lacks the important infrastructure resiliency feature of fast VM restart, limits VMs to a maximum size of 8x60, and does not fully support complex network topologies. Furthermore, it cannot import VM images, which creates challenges for hybrid interoperability. VM provisioning times are relatively lengthy.

Nevertheless, S5 offers a good set of baseline capabilities and should be appealing to both developers and IT operations organizations, especially those in Asia/Pacific.

GoGrid

GoGrid has a solid, capable offering that will meet most basic requirements for cloud IaaS. GoGrid provides its own API, along with a user-friendly portal. It is Xen-virtualized but does have compute resilience features. It has fixed-size VMs, with relatively few VM sizes, and the largest is only 24x24, limiting its usefulness for memory-intensive workloads. It does not have granular RBAC, which creates governance challenges for organizations that have many users.

GoGrid targets developers, but lags behind the market leaders in features that are useful for building and managing cloud-native applications, such as metadata tagging of resources, template-based provisioning, database as a service, and a cloud-friendly managed security service.

GoGrid will appeal to organizations that are looking for an easy-to-use portal and API, and cloud infrastructure that is flexible and reliable, and that performs well.

HP

Offering evaluated: HP Public Cloud

HP Public Cloud was launched into general availability in December 2012, and although it should eventually be a capable offering that will meet most basic requirements for cloud IaaS, many important capabilities are either in "preview" (beta) or in the near-term future road map. These features include load-balancing, monitoring and database as a service.

HP Public Cloud is KVM-virtualized and lacks the important infrastructure resiliency feature of fast VM restart. It has fixed-sized VMs, with relatively few VM sizes, and the largest is only 8x32, limiting its usefulness for compute-intensive or memory-intensive workloads. Although local storage is ephemeral, it also offers VM-independent persistent block storage. It has project-based RBAC — resources are grouped under projects, and users have project-based permissions.

HP Public Cloud is OpenStack-based, and will appeal to organizations that want an OpenStack-based solution, particularly those that have an existing relationship with HP and intend to use HP's hybrid cloud solutions.

IBM SoftLayer

Offering evaluated: IBM SoftLayer CloudLayer Computing

SoftLayer was acquired by IBM in July 2013. Its services remain distinct from IBM's SmartCloud offerings, although the IBM sales force is now actively engaged in selling SoftLayer services. CloudLayer is SoftLayer's cloud IaaS platform. Its compute options include bare-metal servers (nonvirtualized, dedicated servers) as well as VMs, and VMs can be on single-tenant or multitenant hosts. Although some capabilities require VMs, CloudLayer tries to minimize the differences between VMs and bare-metal servers; for instance, bare-metal servers can still be provisioned from images and controlled via the API. VM and bare-metal servers are fixed-size. The largest multitenant VM size is 8x8, the largest single-tenant VM size is 8x32, and the largest bare-metal server is 16x64. Multitenant VMs are unlikely to be an appropriate choice for larger workloads. Although SoftLayer offers GPUs in its dedicated hosting business, they are not available in CloudLayer.

CloudLayer was designed for the SMB market, and its greatest weaknesses are in the capabilities that are desired by larger organizations and those that need hybrid interoperability with their existing data center environment. Customers cannot bring their own VM images, there is no support for bulk import/export of data, and there is no support for integrating user management with an enterprise directory.

CloudLayer will appeal to organizations that like portal and API control over scalable infrastructure, but need bare-metal servers in order to meet requirements for performance, regulatory compliance or software licensing.

IBM

Offering evaluated: IBM SmartCloud Enterprise (SCE)

Update: As of 29 October 2013, IBM has discontinued offering SCE, and all customers will be migrated from SCE to SoftLayer by January 2014.

SCE is IBM's public cloud IaaS offering. It is built on IBM hardware and software, including some technologies derived from IBM's Tivoli portfolio of ITOM software. SCE is KVM-virtualized, without important infrastructure resilience features such as fast VM restart or live migration for maintenance; furthermore, it has more frequent maintenance windows than competitors, which can impact portal, API and resource availability. SCE's VMs are fixed-size, and the largest VM size is 16x32, limiting its usefulness for memory-intensive workloads. Although local VM storage is ephemeral, VM-independent block storage is available.

SCE is missing many security-related features. There is no support for private WAN connections, inter-data-center traffic goes over the public Internet, and it does not have network security as a service. There is no multifactor authentication and the RBAC is limited.

IBM's PaaS service — SmartCloud Application Services (SCAS) — embeds some value-added features that can be used in conjunction with SCE, such as auto-scaling, but these features often require the use of IBM middleware.

SCE will appeal to organizations that have a strong existing relationship with IBM, and intend to use IBM software or SCAS in conjunction with SCE. However, IBM is now directing prospective customers to the SoftLayer offerings as the preferred solutions.

Joyent

Joyent's cloud IaaS features resemble most other basic feature sets in this market, but it has a unique approach to its platform technologies. Its compute hosts use Joyent's own SmartOS (based on illumos Solaris) with SmartOS Containers; Linux and Windows guests use KVM virtualization. It offers its own portal and API; the API exposes more extensive capabilities that are not in the portal. The RBAC in the portal is very limited. The portal exposes DTrace-based instrumentation of application and infrastructure performance.

Joyent has a significant pool of infrastructure and a broad range of VM sizes, with a maximum VM size of 32x256. Its Manta platform couples object-based storage with the unique ability to run batch jobs on compute that is local to that storage. However, while it does have persistent local VM storage, it does not have VM-independent block storage.

Joyent will appeal to organizations that are developing cloud-native applications, need high-performance infrastructure and good visibility into the platform, and are willing to embrace Joyent's technology choices.

Microsoft

Offering evaluated: Microsoft Windows Azure Infrastructure Services

Although Microsoft has had its Windows Azure PaaS in the market since 2010, it did not launch its IaaS offering, Windows Azure Infrastructure Services, into general availability until April 2013. Thus, while this should soon be a capable offering that will meet most basic requirements for cloud IaaS, many important capabilities are either in "preview" (beta) or on the near-term future road map. These features include monitoring, auto-scaling and global load balancing. Importantly, there is currently no support for private WAN connectivity and related features, and there is no granular RBAC. Microsoft is, however, releasing new capabilities extremely quickly.

Azure Virtual Machines are Hyper-V virtualized and fixed-size; there are relatively few VM sizes, and the maximum VM size is 8x56. The strength of the offering is in its seamless integration with the Azure PaaS capabilities, which include database as a service. Microsoft has a large pool of capacity.

Windows Azure Infrastructure Services will appeal to organizations that have existing investments in Microsoft technologies, and intend to use Azure for cloud-native applications built on .NET, to augment Microsoft SaaS applications, or to build a hybrid cloud environment with System Center.

Rackspace

Offering evaluated: Rackspace Public Cloud

Rackspace began offering cloud IaaS in 2008, when it acquired Slicehost. However, in August 2012, it launched an OpenStack-based offering into general availability. This has accelerated Rackspace's development of capabilities, and the Rackspace Public Cloud is gradually evolving into an offering that will meet most basic requirements for cloud IaaS. However, it is currently missing several important capabilities; neither RBAC nor multifactor authentication are supported, and features supporting private connectivity are dependent on the RackConnect service, which requires dedicated equipment.

Rackspace Public Cloud is Citrix Xen-virtualized, with fixed-size VMs, relatively few VM sizes, and a maximum VM size of 8x30, limiting its usefulness for compute-intensive and memory-intensive workloads. It has a significant pool of capacity. It is missing important infrastructure resilience features such as fast VM restart and live migration for maintenance. Rackspace has its own easy-to-use portal, and supports the OpenStack API (which was originally based on Rackspace's API). Other capabilities, such as database as a service and monitoring, complement the offering.

Rackspace Public Cloud will appeal to organizations that value ease of use for individual developers, or that are Rackspace managed hosting customers and need some complementing cloud IaaS capabilities.

See "Rackspace Public Cloud: In-Depth Assessment" for a detailed technical evaluation.

Savvis

Offering evaluated: Savvis Symphony Virtual Private Data Center (VPDC)

Update: As of 19 November 2013, Savvis is no longer actively selling Symphony VPDC. Prospective customers are being directed to the newly-acquired Tier 3 offering instead.

Savvis, a CenturyLink company, has a range of public and private cloud IaaS offerings, built on different platforms. Symphony VPDC is its most capable public cloud IaaS offering; it is vCloud Powered, and offers both vCD and Savvis's own easier-to-use portal. Most of vCD's features are available to the customer. Infrastructure is offered at multiple tiers of availability. The largest VM size is 32x256.

The strength of this offering is in Savvis's broad and deep range of security-related capabilities, although some of these capabilities require managed security services. Savvis has additional complementing capabilities, such as database as a service, but not all of these capabilities are API-accessible.

Symphony VPDC will appeal to organizations that want a vCloud Powered solution but need a more user-friendly portal, prioritize security capabilities and are willing to pay a premium for them, and are not adopting a DevOps philosophy. In particular, Symphony VPDC is more closely aligned with the requirements of IT operations organizations and the desire to have infrastructure similar to typical enterprise virtualization environments, rather than being aligned with cloud-native approaches and developer-centric needs.

Tier 3

Update: As of 19 November 2013, Tier 3 has been acquired by CenturyLink, and its offering has been rebranded the CenturyLink Cloud.

Tier 3 is a vCloud Powered offering, but it does not expose vCD; instead, customers use Tier 3's portal and API. Tier 3 has significant capabilities beyond vCD's, spanning features of interest to developers (such as intelligent horizontal and vertical auto-scaling) and IT operations (such as self-service OS patching). Its scriptable template system, Cloud Blueprints, is capable of provisioning complex, multi-data-center infrastructure configurations.

Tier 3's availability-oriented features are of particular note; they include automatic replication of VMs into a second data center, and storage that is integrated with rolling backups and disaster recovery options. Tier 3's largest VM size is 16x128.

Tier 3 will appeal to organizations that want a user-friendly and capable cloud IaaS offering that meets the needs of developers but also provides the governance and management efficiencies desired by IT operations.

Verizon Terremark

Offering evaluated: Verizon Terremark Enterprise Cloud

Verizon Terremark has multiple public and private cloud IaaS offerings under the brand umbrella of "Enterprise Cloud." The offering referred to here is the Enterprise Cloud offering that originated with Terremark prior to its acquisition by Verizon; it is the primary Verizon Terremark public cloud IaaS offering and the base technology platform for its Enterprise Cloud Private Edition and Public Sector Edition.

The Enterprise Cloud service is VMware-virtualized, with Verizon Terremark's own portal and API. It is a solid, capable platform that should meet most basic requirements for cloud IaaS. It has a maximum VM size of 8x64. Customers can choose to voluntarily oversubscribe their capacity allocation, which can be very cost-effective for nonproduction and smaller workloads. However, the Enterprise Cloud is missing capabilities that are important for cloud-native applications, such as object-based storage, as well as capabilities that are important for production applications, such as monitoring.

The Enterprise Cloud will appeal to IT operations organizations that want a proven, reliable cloud IaaS offering that can host either development or production environments for business applications.

Virtustream

Virtustream has xStream, a common hypervisor-neutral platform for its public and private cloud IaaS offerings. It has a unique approach to the market and to technology. It is focused on delivering mission-critical enterprise applications, such as SAP, on cloud IaaS. Its "micro-VM" technology enables it to offer policy-based service-level management, and customers pay by resources consumed rather than resources allocated. Its maximum VM size is 8x256.

Virtustream has its own API as well as two portals — a complex interface for IT administrators, and an easier-to-use, simplified interface for developers and other end users. It has significant capabilities in infrastructure resiliency, security and regulatory compliance, although not all such capabilities are self-service.

Virtustream will appeal to IT operations organizations that want to migrate mission-critical traditional enterprise applications into a cloud IaaS environment. Although managed services are not a requirement, most organizations will need Virtustream's assistance in transitioning applications onto the xStream platform.

Evidence

Scoring for the critical capabilities was derived from recent independent Gartner research on the cloud IaaS market. Each vendor responded in detail to an extensive primary-research questionnaire covering their business and the technical features of their cloud IaaS offerings. Gartner analysts tested services, reviewed service documentation, corresponded with the vendors on the details of certain offerings, and conducted reference checks with end-users. Gartner has also conducted more than 2,000 client inquiries with prospective and current customers of public cloud IaaS during 2012 and 2013.

Note 1
SSAE 16

Statement on Standards for Attestation Engagements (SSAE) 16 — that is, Service Organization Control (SOC) 1. See "SOC Attestation Might Be Assurance of Security … or It Might Not."

Note 2
ISO 27001

International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. See "Security Research Roundup for ISO 27001 Compliance."