Build-operate-transfer model enables made-to-order, captive private clouds

For firms that want to outsource the building of a private cloud but fear lock-in to proprietary platforms, build-operate-transfer (BOT) contracts from open source providers offload the heavy lifting of do-it-yourself deployments while reassuring customers that they can assume operating control when ready. Providers offering these arrangements – including Canonical, Mirantis and Joyent – report keen interest but acknowledge that transfers are rare: once enterprises become accustomed to dedicated managed infrastructure, most prefer to pay the price so in-house staff can focus on using higher-level services to innovate the business.

It's easy to understand why the BOT model is so appealing to enterprises – they can start small, tap into the development velocity of the open source community and 'rent' expertise from providers for setting up, scaling up and training in-house staff to ultimately take over operations of a custom-built private cloud. While only a minority of businesses take the ultimate step of transferring management in-house, those that do receive considerable direct cost savings while avoiding lock-in to proprietary platforms.

BOT contracts have historically been used for public works projects, in which a private company receives funding from a public sector organization to build and operate a facility (e.g., a refinery or airport) for a certain period of time, after which ownership and operation is transferred back to the funding entity.

In the world of computing infrastructure, Canonical was the first to apply the BOT concept to private cloud, offering BootStack (the 'Boot' is for build, operate and optionally transfer) starting in November 2014. The company found that few enterprises – especially those wanting or needing to avoid public cloud hosting for some applications – had the appetite to build and operate OpenStack clouds on their own. With BootStack, Canonical could use its OpenStack distro and engineering expertise to construct enterprise-grade private clouds and operate them remotely as a managed service while giving the customer an 'out' if it wanted to assume control of the infrastructure later.

Mirantis started offering BOT contracts when it acquired TCP Cloud in September 2016, and it includes BOT as part of the value proposition of its Mirantis Cloud Platform, a managed service launched in April 2017 that incorporates Kubernetes for multi-cloud orchestration. And Joyent in September 2017 unveiled BOT as part of its Private Regions offering, which devotes a dedicated, isolated portion of its public cloud to individual customers, with 100% open source and fully transferable infrastructure.

The BOT concept is compelling: customers get a made-to-order private cloud that avoids lock-in to 'closed' platforms; the provider receives steady business (license/subscription, managed services, support and hosting revenue); and enterprises and providers alike can focus on what they do best while explicitly sharing the risk of cloud migration.

451 Research's Private Cloud Price Index has found that the biggest single issue affecting OpenStack TCO is labor costs: OpenStack engineers are significantly more difficult to come by and cost far more than VMware and Windows engineers. BOT is an alternative that enables organizations to outsource the expertise-intensive work of designing and setting up an open source private cloud with the ability to assume control of IT operations with only a support contract once the venue is up and running.

Based on the experiences of providers with BOT programs, the common denominators of successful deployments include the following:

• Eligible enterprises have data-intensive workloads, want or need to maintain single-tenant infrastructure, and have (or are willing to recruit/train) robust in-house engineering and cloud management teams.
  
• Good candidates include companies that are less inclined to use public cloud but want the option of being able to develop and iterate applications quickly – such as telcos, companies hosting video-intensive/data-intensive applications, fintech firms and online retailers – plus large enterprises in industries/countries with strict compliance demands.
  
• Builds can start small and scale up before transfer, with enterprises migrating applications incrementally – the minimum configuration to start at Canonical, for example, is 12 nodes in a single rack.
  
• The build-operate phase will likely take at least a year and possibly two or three years before transfer (if it occurs).
  
• The savings in direct cost after transfer (that is, the difference between having the provider manage the infrastructure versus having a support contract only) ranges from 40 to 70%, depending on the size of the installation and other factors.
  
• Underlying hardware can be based in a datacenter or colocation facility owned by the enterprise, the provider or a third party; in many cases, the enterprise procures or repurposes its own hardware, although the default for Joyent's Private Regions is to host from Joyent-built and -maintained datacenters.
  
• Provider training of enterprise operations personnel is crucial to enact a smooth transfer – code-level familiarity within the organization is key.
  
• Kubernetes support appears to be table stakes, because providers need to ensure access to the latest public cloud capabilities while offering container orchestration across public, private and physical infrastructure.

The three providers we spoke to have evolved their own BOT variations, but they consistently say that only a minority of customers ultimately take over operations – the benefits of consuming infrastructure as a service, even on company-owned equipment, compensates for the added cost and allows the enterprise to devote its in-house IT to differentiating the business rather than 'keeping the lights on.'

The experiences and offerings of Canonical, Mirantis and Joyent reflect the timing of their launch of BOT as well as different value propositions. Canonical and Mirantis have roots in the OpenStack world, whereas Joyent (now owned by Samsung) was an early proponent of container-based infrastructure on bare metal and is now full speed ahead on being an open source alternative to the hyperscalers.

BOT origin story: The company says that it conceived of and launched BootStack as a plurality of enterprises began delegating the challenge of standing up OpenStack clouds to specialists rather than attempting to do it themselves. It points out that 85% of OpenStack deployments are fewer than 100 nodes, which makes investment in in-house engineering unsustainable.

Model/cost differential: Canonical's software distribution is an integrated offering with full-stack support; its managed service assumes the sysadmin role, with an emphasis on keeping the underlying host upgraded and secure. The initial commitment term is 12 months, after which the contract can be month to month. Canonical finds that 30-40% of OpenStack cloud issues relate to how the software interacts with hardware, so the ability to tackle difficulties around the hypervisor and kernel are key; as the owner of Ubuntu and KVM, Canonical claims an advantage here. The company's pricing is public: managed services come out to about $5,000 per server, versus $1,500 per server for post-transfer support – a 70% reduction.

Which customers transfer: As the most mature BOT provider, Canonical has a longer track record and dozens of customers, some of them multi-cloud, from various industries. It says there is no trend in terms of which companies choose to take ownership but cites telcos as having had good success and says it is now seeing fintech companies and banks express interest. Some customers start with as few as 12 nodes and then scale up. In the 3+ years since Canonical began offering BOT contracts, 30% of customers have opted to transfer operations in-house. In configurations with fewer than 200-300 nodes, the company says, transferring doesn't make economic sense – a finding consistent with our Private Cloud Price Index data.

Training for ops teams: Transfer includes an operations workshop and enterprise staff 'shadowing' Canonical engineers who embed with the in-house operations team temporarily to ensure a smooth transition. The company offers on-site training in Ubuntu OpenStack cloud, high-availability architecture and server administration.

Partnerships: As the longest-running BOT option, BootStack has a mature network of partners: third-party resellers around the world, hosting partners including Unitas Global and QTS datacenters, and certified hardware and software vendors.

BOT origin story: When it launched Mirantis Cloud Platform in April 2017, the company wanted to make its OpenStack as easy to deploy and consume as AWS. Rather than continue with monolithic OpenStack distributions, MCP embraces multi-cloud operations, including managed Kubernetes for orchestrating workloads across various platforms and continuous integration and delivery via its DriveTrain lifecycle management toolchain.

Model/cost differential: Mirantis says that typically the hardware for MCP customers is already in place, although it is possible via its partnership with NTT to consume it as a service on bare metal infrastructure. The DriveTrain toolchain enables deployments from a variety of sources, including packages that encapsulate OpenStack services as individual VMs. Its StackLight operations support system monitors and meters usage and SLA compliance before and, if it occurs, after transfer. Terms (both initial terms and renewals) range from 12 months to three years. The list pricing ratio between the fully managed versus support-only versions is 7:4, representing direct savings of 43%.

Which customers transfer: Organizations adopting MCP fall into two camps: telcos wanting to deploy OpenStack as a vehicle for network functions virtualization (NFV), and companies that want a cloud-native on-premises platform as part of a multi-cloud IT estate, including media-streaming businesses and large enterprises with lots of sensitive data. Kubernetes had been in the wild for almost two years before Mirantis launched MCP, and customers naturally gravitate to that service. Again, most users extend the managed service rather than take infrastructure management in-house: 60% of MCP's clouds are fully managed, versus 15% with support-only contracts.

Training for ops teams: Mirantis offers an extensive training catalog, with instruction, bootcamps and certification on OpenStack, Kubernetes and Docker as well as MCP. Effecting the switchover involves a planning phase and side-by-side operations during which Mirantis engineers work with enterprise teams and gradually pull back. Training options can be online, instructor-led or customized private courses.

Partnerships: Besides technology partnerships to ensure MCP integration with hardware from the likes of Dell EMC, Intel and Fujitsu, global telco NTT offers an opex alternative by making MCP available as a service on bare metal from datacenters in nine locations, or on customer-procured hardware in NTT colocation facilities in over 140 countries.

BOT origin story: Triton Private Regions became a commercial offering based on Joyent's experience in standing up and operating eight private regions for parent company Samsung, which wanted to reduce its AWS costs (primarily storage) and resume greater control. By dedicating a portion of the Triton public cloud to enterprises using open source code, Triton Private Regions hosts an infrastructure layer that technically adept enterprises can use as a base for differentiation.

Model/cost differential: In Triton Private Regions, Joyent provides and maintains SLAs on core services, including VMs, containers, 'elastic bare metal' instances, distributed object storage and multi-cloud Kubernetes support. The default option is to host in a Joyent datacenter, although customers can reuse their own hardware if it meets the bill of materials for running Triton cloud software. For greenfield Private Regions builds, the minimum commitment is three years; the company also enables Private Availability Zones carved out of its own cloud campuses with a one-year minimum commitment. The company claims cost savings of 40–50% for switching from VMs and public cloud to its container-based Private Regions, rising to 70% and up after transfer from Joyent-managed to support-only.

Which customers transfer: Triton Private Regions has attracted interest from enterprises pursuing a hybrid public/private strategy, including gaming companies, online retailers and organizations with an abundance of data that can't be put on public cloud, such as bodycam footage and health transcripts. The program is relatively new (launched September 2017), and only two companies (both in retail) have made the transfer; five proofs of concept are currently running.

Training for ops teams: Joyent's transfer plans and training are customized on a per-enterprise basis; it does not have a formal training or certification program. Its BOT model presumes a sophisticated engineering culture at the enterprise, where teams work closely with Joyent's team and the source code during the concession period so transfer doesn't require a huge adjustment.

Partnerships: In December 2017, Joyent teamed up with LunchBadger to offer a serverless platform on Kubernetes for building and managing function-as-a-service APIs and microservices, and it has partnered with Rancher Labs for an enterprise-ready Kubernetes platform.