Select Page

IBM’s 9-6-9 Discovery Questions

IBM’s 9-6-9 Discovery Questions

Introduction

This list of questions is intended to be a “most likely” set of questions we will need the answers to in building a solution proposal.  It has not been customized for the Client context.  In the actual discovery session, Client technical folks could cover their application and solution topics with the underlying infrastructure and automation in mind. This would allow us to have a more natural conversation around IaaS and PaaS requirements than doing a question and answer session.

 

The questions are just serialized below by area to keep the document really short. We would be happy to do a conference call in preparation if needed.

 

If there is existing information such as whitepapers, web pages, articles, blogs, interviews, videos, etc. related to the following questions that can be shared with IBM, please feel to provide prior to the discovery session.

 

===================================================================

NOTE: The list of names below is provided so that the IBM team knows which people during the 9-6-9 Discovery Session are responsible for which categories.  It also provides a flow as to how questions could be asked.  This is just guidance.  If sending this document to the client to review or respond beforehand, please remove this section.

 

  1. Application and Core Platform – Person 1
  2. Geography – Person 2
  3. Compute – Person 3
  4. Networking – Person 1
  5. Storage – Person 2
  6. Security – Person 3
  7. Compliance – Person 1
  8. Disaster Recovery / Business Continuity – Person 2
  9. Hybrid Cloud Integration – Person 3
  10. Financial – Person 4

===================================================================

 

Core Platform

  • Can you give us an overall view into your platform? Context – what is your technology stack, what products are being used, etc.
  • Do you use a micro-services architecture today and if so what is your micro-services platform?
  • Can we have a list of applications in the inventory?
  • Are there any applications that should be considered that do not have a fit for purpose architecture and cost savings can be evaluated, e.g., back office?
  • Is there a comprehensive software stack including versions?  How many versions are maintained?  Would the vendor be required to maintain currency as well as back versions or is that your responsibilities?
  • What level of support are you looking for from the vendor with regards to working with the open source community?
  • Are the presentation and service layers written in a cloud native / 12 factor architecture, e.g., stateless?
  • Is the same technology stack required for the mobile apps or are other pieces needed?
  • Are any third party providers used for Push / SMS / e-mail? What do you use for API life cycle management, e.g., Create, Run, Manage, Secure, Socialize & Analyze APIs?
  • Will you be using any gateways to connect to an on-premises environment?

 

Analytics Platform

  • Can you give us an overall view into your analytics platform? Context – what is your technology stack, what products are being used, etc.
  • What is the size of your analytics cluster and what is the size of the largest cluster (# of nodes, total storage, # of cores and RAM) – preferably by location
  • Please provide growth projections of your analytics platform
  • Do you use bare metals in your analytics platform?
  • Do you use containers for analytics jobs?
  • What are your DR requirements for Analytics platform and how is data synchronization done today?

 

Networking

  • What are the characteristics of the intra-DC switching fabric?
  • What are the characteristics of the inter-DC switching fabric?
  • Who is your WAN provider?
  • How many physical servers per fabric or pod?
  • What is the intra-fabric latency budget?
  • What is the network equipment currently deployed in your DCs? Is it a standard build / configuration?
  • Do you use POPs? If so, what is the general topology and equipment in your POPs?  Who is your POP provider?
  • How much of your public addressing is IPv6 vs IPv4?
  • Will you be bringing existing registered address space? If not, how much IPv6 and IPv4 address space do you require?
  • Do you need to use a separate address space for your private networking? If so, what are the requirements – IPv4 vs IPv6, RFC1918, your own or provider by IBM, number of addresses, etc.
  • Do any applications require non-unicast support e.g., Layer 2 adjacency or IP multicast?
  • Do you have existing ASNs that you need to use on the public network or can you use IBM’s?
  • Do you have specific peering requirements or agreement with any specific service providers?
  • How is global load balancing setup and controlled?
  • What is your setup for local load balancing (hardware or BGP+ECMP)? Is it automated and/or elastic, or more of an incremental capacity management activity?
  • If BGP ECMP design: what is the width i.e., how many paths per VIP, and how many VIPs per BGP neighbor?
  • How is load balancing handled in the non-web server / presentation layer, i.e., do you use anything like HA Proxy, NGNIX, etc. in the application logic layer?
  • Do you use any CDN or caching services? If so, want is your caching / CDN strategy and who are your providers, e.g., Akamai, EdgeCast?
  • What type of network security services (firewall, IPS, etc.) do you expect a Cloud provider to offer / support? What do you use today?

 

Compute

  • Please provide high-level summarization of compute that is being used in your environment, per location. It could be summarized per major component, e.g., databases, processing tier, etc., and growth projections. Request information on total # of cores, processor speed and total amount of RAM per environment, per location
  • Do you use GPU servers in your infrastructure today and if so what GPU cards do you use
  • Do you use containers and server-less architecture in your environment today? If so what are the products being used for containers, scheduling, orchestration, etc., e.g., Kubernetes, Mesos, Marathon, Docker, etc.?
  • Do you use bare metal in your environment today and if so what are the sizes/model and number of hosts per location
  • What is your virtualization platform today? Do you plan to change it?
  • What are the component redundancy requirements on the servers? Is there a need for redundant network adapters, power supplies, SSDs, etc.?
  • Are there any servers/equipment located in the POP’s?  If so, please provide us information on those locations.
  • Do you have any application component that relies on the underlying hardware or any system calls?
  • What are your bursting needs per location?

 

Block storage

  • Do you do any storage tiering for your applications? If so what are the performance requirements IOPS / throughput requirements, per tier per location?
  • Please provide total amount of storage (raw) used by tier, by location and approximate growth projections.
  • Do you use any quality of service (QoS) for storage today, e.g., guaranteed IOPS? If so please provide information.
  • How is the data synchronized between your data centers? Is storage based hardware replication used?  If you do, how much data is being replicated daily and during peak?
  • What are the protocols you expect the cloud service provider storage solution to support e.g., ISCSI, NFS etc.?
  • Do you take point in time snapshots or backups? If so what are the retention periods and what is the total size of snap shot space allocated/used?
  • Do you use any NAS and if so what are file usable and used capacity breakdown per tier with performance definitions?
  • Do you have POP locations as part of your delivery network and if so, are there any storage requirements in your POP locations?
  • Do you use a specific hardware vendor in your existing environment? If so, can you specify the vendor, make and model.
  • Do you have encryption at rest requirements and if so what are the requirements? What are your encryption key management requirements?

 

Object Storage

  • Is object storage being used in your environment today? If so can you specify total amount of storage by location and approximate growth projections?
  • What RESTful APIs is currently being used to access object storage?
  • What are the expected operations per second of the blob storage?
  • For your object storage use cases, do you have a time to first byte requirement?
  • What is the expected growth rate of the blob storage?
  • Can this be on a public cloud or does it need to be a single tenant system?
  • Do you have encryption at rest requirements and if so, what are the requirements?  What are your encryption key management requirements?

 

Backup

  • What are the backup capacities for backup to disk? Are there requirements for tape and offsite backup (in usable, used, available TB)?
  • Do you have any components in active/DR mode? If so what is the RTP and RPO
  • If there is any storage/servers at POP locations, what is the backup for them?
  • What is the backup retention policies for disk, tape, off-site (if any)? What tools are used for backup and management?

 

Security and compliance

  • What are the key data security requirements you expect from a Cloud provider?
  • What are your terms and conditions for
    1. Handling of EU-specific Data Privacy requirements
    2. Request for information and access by US/foreign governments and
    3. Expectations for provider’s handling of any such requests
  • Are there data privacy agreements on right to access provider hosted servers hosting your data?
  • Do you have existing contracts in place that include EU Model Clauses and/or EU / Local country data protection agreements?
  • How do you currently control use from US embargoed countries?
  • What is your DDOS volumes and remediation strategy?
  • How is application security handled, e.g., cross site scripting, SQL injection, buffer over flows etc.?
  • What is your current approach to vulnerability and penetration testing including (if leveraged) ethical hacking? If possible, please disclose third-party testing teams used and frequency of tests as well as expected support from IBM for your environment tests.
  • What is your policy regarding the destruction of physical media, e.g., disk, tape, solid state, in and outside your data centers?
  • How do you currently handle requests to visit or audit data centers from your customers?
  • What certifications and compliance audits do you maintain? PCI, HIPAA, ITAR, ISO27001, ISO27018, SOC2, MTCS, other?
  • What is your identity and access management strategy from a.) an application perspective (external use) and b.) internal use / access? What services regarding identity and access management are you expecting to be offered by a Cloud provider?
  • What type of logs, e.g., security, network, access, etc., do expect to be provided for integration into your Security Operations Center (SOC)?

 

Data Center

  • How many data centers do you use today? Who are the providers?
  • Of you data center usage, how many are leased vs. owned?
  • How much of your IT footprint does not reside in traditional leased / owned DCs but rather in Cloud provider data centers, e.g. IBM Bluemix, AWS, etc.?
  • What is the total sq ft allocated and consumed of the IT space in your data centers?
  • What is the total kW reserved and kW consumed in your data centers?
  • What is your kWh rate in your data centers?
  • For your leased data centers, what are the commercials of the lease? Remaining term, remaining cash rent, remaining lease buyout, etc.
  • Do you have a specific ‘Tier’ requirement for data centers?
  • Is there a requirement regarding distance between data centers, i.e., a latency based requirement for keeping data in sync, a DR / business continuance requirement?
  • What is your data center strategy for any expansion and what do you see as optimal data center locations?

===================================================================

NOTE: Depending on the participants from the client, it may not be appropriate to discuss financial elements as part of the 9-6-9 Discovery Session.  If financial topics will not be discussed, you may remove the section below.

 

Financial

  • Do you lease or buy your servers and other IT hardware?
  • If leased, for how long? If purchased, what is the depreciation schedule?
  • What is the average age of your IT hardware?
  • What is your IT capital budget?
  • What is the average cost per IT employee?
  • Which financial performance indicators are of most importance to you, e.g., EPS, Revenue, Gross Profit, NIBT or EBITA?
  • What are the projected rates for the next 5 years of your key financial indicators?

===================================================================