IT Infrastructure and Security: A Look at the Adaptable Data Center

How to create a thriving IT infrastructure that supports the growth and evolution of your business

You all have probably heard the famous Alan Deutschman quote many times, on various occasions: “Change or die.” The data center and an organization’s IT infrastructure, like life, are no different.

New IT paradigms are created and find markets and proponents at a blistering pace — Cloud, Hyper-Converged, Software Defined, ____-as-a-Service, Flash Storage, and on and on. We are asked daily by our clients (representing companies of all sizes and a diverse set of industry verticals) to help them increase their IT’s “adaptability quotient” so that these firms can continue to thrive.

To respond to our clients thoughtfully, CMI has developed the Adaptable Data Center reference model and perspective to assist in better understanding the issues and how many of the different pieces fit together.

There is no special magic to the model, but rather an approach to hopefully add some disciplined insights when making important decisions regarding data center architecture and design.

Below is a diagram of the model with a brief explanation of the various components:

Screen Shot 2015-06-23 at 3.23.25 PM

Image provided by the author

Service Level Agreements

Everything starts and is measured by the Service Level Agreements (SLAs) committed to an organization. This is true whether you’re a fast-growing startup or a Fortune 500 company.

A strict definition of SLA would be a service that is well-defined and the delivery components (time, performance, resources, outcomes, etc.) are measured.

In practical application, SLAs can also be internal and unwritten, though still measured, as often is the case (email delivery may be a prime example) or external and managed by contract (outsourcing, co-location, and public cloud are examples).

Whatever is agreed to, however it is delivered, and however it is measured, IT is accountable for the SLAs.

IT Service Management (ITSM)

IT Service Management (ITSM) refers to the activities and processes, often directed by policies, which are performed to deliver to the SLAs.

Focus is placed on the implementation, quality, and efficiencies of the services and the appropriate mix of people, process, and technology required. ITSM is often aligned to standards-based practices and frameworks like the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT), and others.

As public cloud delivery is simplified, increasing pressures mount for the same delivery efficiencies from on-premise assets.

Applications/Composite Services

Applications run on top of operating systems and infrastructure and perform functions aligned to fundamental and complex business processes.

Applications can be either systems or user-invoked. Applications can be hosted and delivered on premise as is traditional or served as a service hosted by the vendor provider. Many organizations are going through an application segmentation process to determine which application model best suits the particular business need.

Other trends in applications include mobile, where the app runs on a hand-held device, and increased workload portability with containers. Mobile applications reflect generational differences and bring new challenges for user experience and security.

Application containers like Docker on Linux help abstract the operating system-level virtualization process. This gives administrators greater control over provisioning services, greater security and process restriction, and even more intelligent resource isolation.

Docker image

Image credit

As applications and environments continue to virtualize and be exposed as discrete patterns or micro-services, the ability for enterprises to quickly create new composite applications and business services adds to the agility of the organization.


As we move towards Software Defined Data Centers (SDDCs), infrastructure elements — networking, storage, and compute — are virtualized and delivered as a service. ITaaS represents an outcome of SDDCs.

Virtualized IT assets are pooled and made available as required; efficiencies are gained by policy-based automation and managed as services rather than separate capabilities. Services are provided by self-service catalogs. Manual intervention is greatly reduced or even eliminated in some cases.

Transitioning to a SDDC model is an on-going process and is generally driven by cost and speed of delivery issues through unlocking the constrained value in the traditional processes. Automation standards supported by the majority of market leaders are emerging, like open source’s OpenStack.


Image credit

The implementation of virtualization and automation sets the foundation for building on-premise private clouds that deliver the efficiency of the public cloud model.


Orchestration aligns and implements business requests with the applications, data, and infrastructure to achieve a planned result.

Orchestration is the business process management mechanism that defines the policies and service levels through automated workflows, provisioning, and change management. This creates a business process, application-aligned set of services that can be scaled up or down based on the needs of each application.

Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. Orchestration can be used for simple tasks like hardening servers to complex undertakings of deploying large ERP development and test environments.

On-Premise Infrastructure

Today’s on-premise infrastructure comes in many varieties, including physical, virtual, siloed, and converged.

Many companies’ data centers have a mixture of traditional delivery through siloed compute, storage, and network with rapid transformation to public cloud-like constructs of IT delivered as converged services.

The data center is also undergoing an ever-increasing shift to virtualization beyond compute to storage and network. As virtualization becomes more pervasive and we transition to software defined, we see a shift away from branded infrastructure to commodity, web-scale architectures relying more on the overarching software abstraction than the individual system capabilities. This commodity-based, software-driven model is emerging as hyper-converged, web-scale architecture.

Lastly we are seeing an increased interest to free the bound up value in manual process by automating and orchestrating services for agile provisioning of simple and complex services to maintain pace with the off-premise, public delivery capabilities.

Off-Premise Infrastructure

This is the big snowball rolling downhill, gaining mass and momentum.

The clear leader is Amazon Web Services (AWS), with a host of other players including Microsoft Azure, IBM SoftLayer, VMware vAir, etc. jockeying for position and market share.

AWS Logo

Image credit

Public cloud offers simple and fast provisioning and de-provisioning, cost accountability, on-demand, self-service, and great efficiencies. The joke is cloud makes mistakes cheap and great ideas expensive. You also can have virtual private clouds from a public provider, which provides greater control and autonomy.

In a public cloud model, your data center is delivered in an Op-ex model instead of traditional Cap-ex. Most born-in-the-web companies use public cloud exclusively with emerging use cases of DR, dev/test, and peak season bursting as leading business cases for the established enterprise.

Cloud can be viewed as revolutionary for the data center — or simply another delivery model to deliver to the SLAs.

API Service Bus

This is the most commonly-used mechanism for delivering the hybrid enterprise.

Using a model from the SOA service bus design and leveraging API-led integration, connect from any point to any other point for linking applications, data, and devices.

Connect anywhere, on-premises or in the cloud. Achieve full flexibility with a hybrid architecture and extensibility to connect future technologies.

Emerging solutions leverage policy and templates to simplify and streamline integration so workloads are transparent and mobile. Maybe we all can get along!


Every data center has a set of utilities used to monitor and maintain the health and resiliency of the services delivered to the SLAs.

Ultimately clients are looking for that ‘single pane of glass’ that will monitor all services, the automated cockpit from which we can manage the services based on policy, and the high availability of systems so services are consistently delivered.

This becomes a more distinct reality as we move towards the software defined data center and systems become self-healing, though we are a long way away from this dream as most NOCs would demonstrate.

Governance/Risk Management/ Compliance/Security

IT Security is playing an increasingly prominent and pivotal role within every organization today. Prominent as IT Security has become a consumer awareness issue that is in the media and affecting our lives almost daily. Pivotal as it is now a cornerstone to most organizations’ risk management programs as it cuts to the core of an organization’s profitability and brand.

Organizations are responding to IT security and risk management with a dual focus. The first is the traditional technology response to make sure data, identity, and assets are secure using a model of prevent, detect and respond, and recover.

Security diagram

Image credit

Identity management, access management, access governance, Secure Information and Event Management (SIEM), end-point management, application vulnerability management, penetration testing and management, and compliance auditing and reporting fall within this area.

The second focus is Cyber Safety that assists organizations in identifying and improving the social and organizational impacts on security and risk management. Many attacks come from non-technical vulnerabilities exploited through processes and people. A comprehensive risk management program addresses these exposures in a disciplined approach that brings measurable value.

Governance, risk management, and compliance (GRC) with inclusive security programs from perspectives of technology, people, and processes are the inclusionary wrapper to the adaptable data center.

Adaptable Data Center

The adaptable data center is one model for strategic planning. We continue to test this model with our clients and partners to advance our thinking and experiences and welcome your perspectives to add to the gestalt of this model.

Please contact Benny Du at 415-376-0343 or, if you’d like to continue the conversation.

Ready to start your project?

Learn how ThinkApps can get your product launched faster, better, and with more value than you knew was possible.