The National Democratic Institute (NDI), a nonprofit, nonpartisan organization that works with transitioning democracies around the world, is in the midst of a migration that will see many of its key applications — from back-office systems to in-country support tools — move to the cloud.
NDI, with headquarters in Washington, D.C., works in 65 countries, collaborating with local partners to establish political and civic organizations, monitor elections and promote open government. The organization recently completed a pre-election mission in Ukraine, where elections are slated for May 25.
A number of factors pointed NDI toward the cloud: The global nature of the enterprise, a push for greater efficiency and economic trends. Chris Spence, NDI's CTO, says the organization's cloud strategy got underway in October 2010. A conversation with NDI's chief financial officer helped confirm the cloud approach.
[ Commentary: 10 Cloud Computing Predictions for 2014 ]
[ More: 3 Deep, Dark Secrets of Cloud Computing ]
Spence says the CFO wanted to ensure that NDI would be flexible if funding levels were unexpectedly reduced. "The driver really was the ability to be responsive. The way we did that was to move to the cloud."
NDI's cloud response employs Software as a Service (SaaS) applications such as Salesforce.com and cloud-based application hosting via Amazon Web Services (AWS). The cloud push has boosted the organization's efficiency while allowing it to focus on its core mission.
The ongoing cloud migration, however, hasn't been without a few hiccups. NDI discovered the need to optimize its cloud environment and prevent instances from proliferating.
Phased Migration to Cloud Services Works Well
A move to Google Apps in 2011 marked one of NDI's first initiatives within its cloud strategy. The following year, NDI kicked off its AWS migration, making use of such resources as Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3) and AWS Elastic Beanstalk. Spence said the organization now has 53 instances running in AWS.
Though many of those instances are public-facing websites. NDI also has a Virtual Private Cloud (VPC) in place to run some internal-facing services, according to Spence. A VPC is an isolated segment of the AWS cloud where customers can define a virtual network and deploy AWS resources.
Offloading email and website hosting are typical of early moves into the cloud. NDI has pushed beyond those applications, for instance by transferring its authentication and single sign-on (SSO) function to AWS. Spence says a third-party service provider manages the cloud-based federated SSO offering residing on Amazon.
The organization works with GLUU, an Austin, Texas-based company that provides open source authentication and API access management stacks. "They were willing to jump into our VPC and manage our infrastructure for us," Spence says.
Cloud-hosted authentication has made computing life easier for the organization's far-flung personnel. Of the company's 1,400 employees, about 1,100 work in the field. AWS operates in 10 geographic regions and a number of edge locations globally. This gets computer resources closer to distributed field personnel.
[ Study: How IT Can Establish Better Cloud Control ]
[ Commentary: Why Major Misconceptions Surround Enterprise Public Cloud ]
"We had performance problems when field people had to come all the way to our data center for authentication. Serving SSO from AWS improves performance for our global staff," Spence says, adding that NDI also has a read-only domain controller housed in AWS for SSO authentication.
Accounting and program tracking are cloud-bound as well. NDI has migrated those environments to AWS, but Spence noted that they're still in the testing phase. The migration has been timed to coincide with an upgrade to Deltek Costpoint 7. Spence says NDI plans to go live in AWS with Costpoint 7 and a companion application, the Deltek GovWin program-tracking database, by the end of May.
Spence says an upgrade can catalyze a cloud transition, noting that differing criteria can influence the timing: "You look for upgrade cycles — when hardware goes out of maintenance, or the hardware is off the books."
In another cloud move, NDI adopted Saleforce.com in 2013. The organization initially runs two applications: Remedyforce, for help desk ticketing, and Jobscience, an online recruitment tool. Spence adds that NDI has five internal teams piloting Salesforce for CRM, specifically contact management.
Fewer Servers, Better Security, But Still Some Challenges
NDI has trimmed its roster of physical servers from 85 to 12 over the course of the cloud migration. This has let NDI maintain what Spence describes as a bare-bones technology team. The organization employs a core tech staff supplemented by consultants. In a recent round of belt-tightening, NDI cut back on project-based consulting but kept its current staff without layoffs, Spence says.
Security is another area of impact. Spence says NDI faces persistent threat issues due to the nature of its work. Outsourcing applications to the cloud has improved the organization's security posture, he says, adding that AWS can provide better security than his smallish staff could provide on-premises. "Managing infrastructure in the old way, we would be much more at risk."
[ Careful: Cloud Attacks Are Following Enterprise Workloads ]
In addition, the Amazon environment let the company rewrite its tech procedures and streamline the process involved in DevOps, Spence says.
While NDI reports cloud benefits, the migration hasn't been without issues. For one, the organization had to learn to optimize its environment and keep costs in check. NDI peaked at a $10,000/month spend on EC2 instances.
The organization has since streamlined operations and minimized costs through EC2 Reserved Instances, which are priced below Amazon's on-demand rate, and a few other techniques. NDI's management approaches have lowered its monthly AWS instance costs to about $2,800, Spence says. That improvement comes from understanding Reserved Instances and teaching developers to turn off instances they've spun up but no longer need.
Developers also had to overcome the tendency to spin up unnecessarily large instances. The bigger-is-better belief is a common issue among cloud users, notes Chuck Tatham, senior vice president of marketing and business development at CiRBA, a Toronto company that provides automated capacity control software.
"Everybody believes their workloads are special and hungrier than they actually are," Tatham says. Some companies end up modeling their virtual machines based on the characteristics of their typically underutilized physical servers, he says. As a result, they end up with more capacity than they can ever consume.
[ Commentary: Commodity Clouds, 'Tuning Tax' and What Users Really Need ]
NDI, meanwhile, eliminated some virtual deadwood on the backup and recovery side. The organization had 13,000 snapshots that required cleaning out. Spence said that peak amount has declined to 4,000 and is expected to drop to 1,500 with additional tweaking of backup scripts.
A Lawson human resources application that NDI has been unable to virtualize and move to the cloud represents another challenge. Spence says the organization plans to make a decision next year on how to retire that application. He said the choice boils down to a new HR management system as SaaS or, should NDI decide to keep Lawson, a hosted Lawson option from a SaaS provider.
Lawson is one of a few applications running on physical servers at NDI. The AIX-based Lawson software runs on four servers. An Oracle database supporting Lawson resides on an in-house storage-area network. The soon-to-transition Costpoint accounting application runs on two servers. The organization also runs three voicemail servers and a few other application servers.
Two of the physical machines are VMware servers for NDI's private cloud, where the organization runs about 30 virtual machines. The virtual machines span many roles, including project tracking, print servers, shared drives for Windows and domain controllers. Blackbaud Razor's Edge fundraising software also operates as a virtual machine.
Cloud Deployments Now Standard for Field Operations
NDI pursues the cloud in the field as well as the back office. The organization is creating reusable set of four SaaS tools for its in-country partners: A political party member-tracking tool, an election monitoring tool, an online town hall platform and a platform for tracking legislative casework.
NDI will distribute the software in a three-tier approach. The first tier will launch in May, when NDI plans to share the open source code in GitHub. The next tier involves making those systems (except for the election monitoring application) available as pre-configured packages that can run in AWS.
The election monitoring tool, a Python app using NoSQL, has a different reusability architecture, Spence says. For that application, NDI will spin up new software stacks within a single multi-tenant type environment for each election using Docker.
Cloud deployment is becoming the standard procedure in field locations, where cloud-based email and collaboration tools already play an important role. Spence points to the benefits of the cloud versus building a network in a physical place that can be easily disrupted. Events such as power outages and raids on election monitoring offices can threaten applications and data.
"The standard [now] is to put it in the cloud," Spence says.