10 Questions to Ask Before Deciding on a PaaS Solution

Introduction

Today’s stakeholders know that delays due to complex Information Technology (IT) processes are no longer acceptable—agility and the delivery of predictable outcomes can mean the difference between success in the marketplace and being displaced by competitors. This shift has led to significant changes in many aspects of the software development lifecycle—most notably, the transition from monolithic architectures to microservice architecture-based applications. As a result, Platform as a Service (PaaS) solutions have become a popular choice because they:

• Host and orchestrate microservice architecture-based workloads
• Reduce the cost and complexity of managing the underlying compute resources
• Increase the utilization of existing infrastructure investments
• Create a self-service environment for developers
• Support a wide range of runtimes

Re-architecting complex monolithic applications using a microservice architecture (MSA) is not a trivial task. The additional challenges of maximizing utilization of infrastructure investments, creating a robust self-service platform for developers, and meeting existing service level agreements (SLA) require serious consideration. However, the idea of provisioning virtual machines and using configuration management platforms to create runtime farms to manage these MSA workloads is neither sustainable nor inexpensive.

This reality leads teams to evaluate PaaS platforms to host and orchestrate the MSA workloads. However, many teams quickly find that they lack proper knowledge of market trends and an understanding of the competing platforms’ strengths and shortcomings to successfully perform an evaluation. This limits a team’s ability to identify a PaaS platform that aligns with their technology and business roadmaps.

This white paper will help decision makers navigate a PaaS evaluation. Outlined below are the 10 questions to ask your PaaS provider when evaluating their platform.

Question 1

How well does the PaaS platform support our technology roadmap?

Re-architecting monolithic applications can be challenging for organizations, which adds additional burdens for the staff and increases the chance of failure. For example, the process often involves updating code that was developed a long time ago and and that tends to have poorly documented library and services dependencies. However, many of these monolithic applications provide critical functionality that many other solutions depend on, and they should not be ignored as part of an application modernization effort.

Levvel recommends choosing a PaaS platform that supports and aligns with your organization’s technology roadmap. Comparing a PaaS platform to a technology roadmap often provides teams with an opportunity to ascertain a platform’s strengths and weaknesses, and is therefore an important mile marker in a PaaS platform assessment.

Though some PaaS providers highlight their support for .NET workloads, an overwhelming majority of community resources, such as blogs, articles, and general technical discussions, are about runtimes that do not involve the .Net technology platform. This presents a challenge when teams have to containerize both .Net and non-.Net applications. One suggestion is to initially consider containerizing a traditional non-.Net workload, allowing team members to fully understand the PaaS platform before considering a .Net dependent workload. Many teams may also find containerizing a database as a perfectly legitimate exercise. However, it is very important to fully understand the challenges around database containers and persistent storage before such workloads are considered.

Regardless of the company’s current state and goals during evaluation (efforts to modernize traditional applications, the technology stack in use, or the type of workloads being considered), competing vendors should always provide a thorough demonstration of a transformation effort using candidate applications that closely resemble your technology timeline and roadmap. Seeing such a demonstration of the platform’s capabilities will provide valuable insight into its fit and function, as well as its alignment with your priorities.

Question 2

How expensive is the PaaS solution?

Although calculating the true cost of ownership (TCO) should not be a major hurdle for organizations evaluating a PaaS solution, it can still be challenging to properly measure. This is because the TCO is not limited to the acquisition price alone — it also includes the additional costs of purchasing the necessary infrastructure, installing and maintaining the platform, and hiring and retaining a team capable of performing the necessary tasks.

When collecting quotes from vendors, take into consideration all the costs and related factors before deciding, including:

• Initial acquisition cost
• Hosting strategy: on-premise, cloud, or hybrid
• Complexity and cost of architecting and implementing a single production instance of the platform
• Need for additional instances of the platform for non-production workloads
• Ability to hire and retain the necessary talent pool to install and maintain the platform
• Cost of integrating the continuous integration/continuous delivery (CI/CD) pipeline
• Additional resources required to implement a log aggregation solution with appropriate role-based access controls
• The developer’s learning curve in understanding how applications can be developed and delivered through the platform
• A healthy third-party ecosystem with solutions to monitor and secure the platform
• The cost of automating the installation, configuration, and upkeep of the platform
• The cost of integrating the platform with existing processes, such as performing periodic security audits, provisioning new projects, managing user access, etc.

Question 3

How will the PaaS platform integrate with existing processes and technologies?

Introducing a new solution in most mature IT environments can be challenging. Anything as comprehensive as a PaaS platform usually requires a significant effort from many teams to implement, including operations and security.

Integrating existing IT solutions with the newly-acquired PaaS platform can be equally daunting; this task brings unique considerations, some of which are listed below.

• A well integrated service-catalog presents cloud service users with a self-service interface, enabling users to better manage their cloud resources. However, PaaS platforms present a different set of integration points, requiring service-catalog platform administrators to update the platform to enable integrations with PaaS solutions. This is because users are no longer only requesting virtual machines, but possibly containers that provide certain services as well.
• Teams often rely on a wide range of security monitoring tools to secure the compute resources that are currently in use. However, when a PaaS platform is introduced, the unit of compute changes from virtual machines to the containers the virtual machines now host. This will require additional tools to monitor the virtual machines and the containers running in them, and it also requires additional integration efforts.
• The resource planning process is different when managing PaaS platforms, as teams no longer provision virtual machines with middleware to create additional capacity. The process now involves ensuring that there is sufficient capacity in the PaaS cluster to host the additional containers when workloads are scaled out. This may or may not require teams to add more virtual machines to the existing PaaS cluster.
• Some PaaS solutions allow integration with Source Control Management (SCM) platforms to enable code updates to be monitored and used as triggers to build and deploy updated resources. The supported SCM platforms may be limited, requiring careful consideration when evaluating such features.
• Plugins and extensions can extend a CI/CD platform’s capabilities and enable a tight integration with PaaS solutions. However, all existing build processes must be thoroughly investigated for potential integration challenges with the PaaS solution being considered.
• Enterprises often rely on secure routing solutions to secure ingress traffic; teams should consider the work involved in integrating such solutions with the PaaS platform.
• Log aggregation is critical to ensuring that operations, security, test, and development teams can accurately deploy, manage, and troubleshoot technical challenges with workloads. Investigate how the platform’s out-of-the-box options can be extended to address features or services that are not currently hosted in the PaaS platform.

Question 4

Does the PaaS platform have robust, growing community support?

The need for a strong community should not be trivialized; it is the backbone of your team’s day-to-day experiences until the team achieves a certain level of comfort and mastery of the platform. A robust and growing community can also be a great source from which to hire new talent.

Once the company has selected a PaaS platform, the process of installing and operationalizing the platform can present developers, support, and security teams with a potentially daunting learning curve. Teams often find these initial stages challenging because they can lead to more questions than answers, and often involve time-sensitive problems. Even if the product’s support team is excellent, their lengthy response times and resolution methods may not be able to adequately address the numerous and frequent technical questions the company has. Many of these PaaS platforms also lack accreditation opportunities for users, which results in the need for on-premise training sessions.

All of these issues can lead many teams to rely on the larger community to address the day-to-day technical challenges. Developers, testers, operations, and security team members also benefit greatly from good articles, blogs, and videos on topics relevant to their area of expertise, especially when the content is updated to reflect changing product characteristics. These additional resources provide a good framework to help team members adapt to the new PaaS platform.

Though it is difficult to quantify the benefits of communities, the assistance they can offer significantly improves the team’s ability to learn and troubleshoot platform-related issues during the initial stages. It is important to take these challenges into consideration when evaluating PaaS platforms, and to engage with vendors to understand how they can assist your team as they operationalize the new platform.

Question 5

Will the PaaS solution lead to vendor lock-in?

If the answer to this question is yes, it is not necessarily a good thing. This is because the first widely-accepted PaaS platform was announced just over 6 years ago—quite recently, when compared to relational databases that have been around for almost 4 decades. However, the pace of change in these newer platforms is far more rapid when compared to most mature proprietary platforms. As a result, it is difficult to predict how these platforms will alter the IT landscape in 5 to 7 years.

Hence, being tied to a PaaS platform can be problematic, especially if that vendor fails to keep up with market trends over time. This leads to a situation where the platform’s dwindling fortunes begin to negatively impact the team’s ability to execute. Aligning with broad market trends is a necessity, ensuring that teams continue moving where the market is headed. PaaS platforms, unlike other mature products, require team members to constantly experiment with emerging technology trends and determine ways in which those technologies can be ingested by ongoing PaaS-based projects.

The Docker and Kubernetes platforms have emerged as the industry standards. In fact, all major PaaS vendors have aligned with these two technology platforms in some manner. However, it is important to note that some PaaS platforms continue to support competing technologies to accomplish the same objectives. This can be confusing for teams undertaking these transformations for the first time.

Here are some high-level pointers to consider when evaluating PaaS platforms:

• Teams should expect vendor roadmaps to change over time, but moving workloads across competing platforms may be complex and could potentially disrupt ongoing initiatives. Ask PaaS vendors about their products’ past as much as its future roadmaps. This should indicate how well the product has tracked trends in the marketplace.
• PaaS solutions tend to be expensive platforms to purchase, install, and manage, and may not be widely compatible with other available PaaS solutions. This may present significant challenges to most teams as they consider migrating to an alternate solution over time. It is therefore important to carefully evaluate the PaaS platform and the architecture of the workloads being deployed, and to make serious attempts to minimize workloads from using platform-specific features. While achieving such objectives in practice may be challenging, it is worthwhile to at least contain platform-specific dependencies in some manner.
• Teams spend a significant amount of time and money learning how to implement a PaaS platform. Though this presents a considerable challenge when considering an alternate platform, teams that do not have the option of choosing an alternate product or platform often still experience a significant escalation of costs and complexity. Continuously monitoring the competitive landscape—even after purchasing a PaaS platform—is worth the effort, as it offers teams leverage when inquiring about escalating licensing and implementation costs.

Question 6

What will it take to introduce and manage the PaaS solution?

Different teams, when confronted with similar technical issues, tend to solve them in different ways using a wide range of tools and processes, resulting in diverse IT environments that are held together with myriad processes and systems. Teams have to navigate these complex IT environments while installing and configuring PaaS platforms. The mature processes already in place to address separation of duties, security monitoring, support team runbooks, and account revalidation processes must all be reworked or adjusted to accommodate the new platform. In addition to these activities, simply ensuring that the new processes are well-documented and audited requires a team that is highly informed about the consequences of their decisions. This will prevent unfortunate realizations well into the process that the platform does not support a critical functionality.

To help prevent such situations, it is beneficial to bring development, test, operations, security, and compliance process owners into the evaluation process in the early stages. This allows stakeholders to assess the platforms in consideration and provide critical feedback on the platform’s strengths and weaknesses from different perspectives. Though stakeholders often have a comprehensive list of topics to address, the majority tend to focus on the following areas:

• The PaaS platform provider should offer a Request for Enhancements (RFE) process to enable clients request new features. PaaS platforms may either not support a function or may offer a solution that does not meet the client’s requirements, requiring client teams to develop workarounds. However, some vendors support a RFE process, enabling teams to minimize the need to develop workarounds or to do so for only a limited time.
• The PaaS platform provider should offer clients access to a well-staffed solutions team that can adequately address any challenges that are identified during the initial stages. This allows clients to quickly integrate the new platform with existing processes and tools, and enables them to realize their stated goals.
• Integrating the PaaS solution with existing infrastructure automation platforms. This enables client operations teams to automate the process of installing and updating the new PaaS platform.
• Automated backup and recovery.
• The effort required to implement the product’s recommended disaster recovery procedures.
• Any industry-specific audit and compliance requirements, with attention to any customized process currently in use.
• Integration with existing enterprise grade log aggregation solution.
• Integration with existing DevOps investments.

Question 7

Is market interest for the PaaS platform growing or waning?

Why should you care about how the market interest for the PaaS platform is changing? Teams sometimes tend to focus on aligning their requirements with a PaaS platform’s features, ignoring the lack of clarity in a product’s roadmap and the vendor’s attempts to align with emerging market trends. Downplaying the importance of this area creates a risk of jeopardizing a critical initiative.

It is important to evaluate vendors’ alignment between their product roadmaps and current market trends. As stated above, the Docker and Kubernetes platforms have gained significant market penetration, and are now considered the industry standard in container and orchestrations technologies. Understanding how these emerging technologies are being integrated into the PaaS platform requires careful consideration.

Though vendors have a vested interest in ensuring the success of their PaaS solutions, the impact when the market shifts away from a particular PaaS platform can be an obstacle for clients who have significant investments in that platform. This shift presents a dilemma for clients, who must balance continuing investments on projects that use the PaaS platform while evaluating alternate strategies to ensure critical long-term deliveries are met.

Question 8

Are native, full-fledged versions of Docker and Kubernetes supported?

PaaS platforms are maturing at an incredible pace, experiencing feature churn, while certain contributing technologies are experiencing some of the highest adoption rates the industry has ever seen.

For this reason, a full-fledged Docker and Kubernetes implementation is recommended, not only to align with current market-leading technologies, but to also benefit from the rich feature sets these emerging platforms offer. The growing popularity of these technologies also ensures that users will have the option to move workloads to competing platforms that support these same technologies without compromising a great deal of the functionality.

Implementation with these technologies also benefits teams in their attempts to hire and retain talent, since technologists consider their work experience using Docker and Kubernetes as critical to their long-term career aspirations.

Question 9

Does the PaaS platform offer fine-grained access control and content scanning?

Developers can often find sample code and other resources on the internet. Inserting such code into a product or service without it being scanned for originality or known security vulnerabilities could create significant liabilities. Though teams have started performing code scans in earnest, PaaS platforms introduce a twist in the runtime environment and therefore create an additional area that must be monitored and managed.

Since most teams package their application code to run as a container, scanning the container’s Union File System’s layers for known security vulnerabilities is a critical activity, and it must be included as an automatically-performed step. Developers usually develop the initial image on their laptops and store it the reference image repository. Some PaaS platforms now include software components that allow clients to scan and sign these base images, thereby providing developers with a reliable starting point to begin packaging their application code base, rather than an arbitrary image source downloaded from the internet.

The presence of these automated scans also provides security experts with a reliable audit trail, indicating what was included in those images before they were run as containers in a protected environment, such as production. Educating developers and the larger team about the benefits of integrating the security scan into the product’s lifecycle ensures that IT professionals do not have to manage additional compliance activities before the workloads are deployed in production, thereby encouraging good development activities within the developer community.

Levvel suggests that clients discuss the option of security scans with PaaS platform vendors to ensure that the runtimes and any additional supporting layers in the containers are both compliant and secure.

Question 10

Does the PaaS platform support log aggregation with role-based access control?

When working with workloads in a container platform, it may or may not be possible to control the exact location of a workload. Unlike with virtual machines, containers are meant to occupy a significantly smaller footprint and can be scheduled to run on any node in the cluster by the PaaS platform’s scheduler. Also, with the advent of MSA-based applications, it is often possible to quickly identify potential bottlenecks and scale out only those components that are experiencing capacity issues, rather than provisioning additional instances of the entire application.

These two scenarios present the development, security, and operations team members with a unique challenge—how to aggregate the system, security, and application logs in the PaaS platform. It is also important to restrict access, so that only authorized team members have access to relevant logs.

Some PaaS platforms currently offer an out-of-the-box aggregated logging feature that is based on popular platforms in this space, while others provide adequate documentation to install and integrate an aggregated logging solution. The importance of this feature should not be minimized, as most troubleshooting activities performed by the developer, tester, or system administrators heavily depend on it.

When evaluating PaaS platforms, determine what log aggregation features are available by default. If your team already uses a popular logging aggregation solution, include in the evaluation the effort to integrate the existing log aggregation solution with the new PaaS platform.

Conclusion

These questions and their corresponding discussions are intended to assist teams in their efforts to evaluate and select a PaaS platform that suits their needs. If you wish to talk about any of the topics covered in this document in more detail, please contact Levvel at hello@levvel.io.