Cloud vs. On-prem and the future of Managed ServicesAlex Fields
Is the on-prem model (e.g. legacy AD with file shares, Windows Server-based apps, etc.) ‘better’ in some cases than SaaS alternatives like Microsoft 365, GSuite, Ping, Okta, Salesforce, DropBox, or whatever? In the SMB space, I really struggle to advocate for on-prem anymore, and I mean REALLY struggle. And that’s coming from the guy who just a few years ago wrote this article.
I still get people all the time that argue with me, “It depends,” they will say. Yes, the classic consultant answer. It always depends. But the number of “depends” instances where I could actually recommend expensive on-prem infra over something like Microsoft 365 Business Premium is vanishingly low these days. The truth of the matter is that SMB’s are dying to get out of the datacenter business; they don’t want to carry the risk and management of on-prem servers anymore, and they don’t want to lay out several thousand dollars in capex every few years. Not when the alternative is a mere USD $20/user/month subscription.
What about outages?
“But MSFT just went down within the last month–and it was horrible.” Was it though? I didn’t even notice it except for the chatter on Twitter that lasted for a couple of hours; I happened to completely miss it because I was occupied with other stuff. By the time I returned to work everything was normal again. Besides, SMB’s are not as concerned about outages as you might think. Why? Every cloud service has hiccups. Gmail had an outage shortly before the 365 one (that lasted longer). But guess what, when a mega service like that goes down, your customer is not the only business affected by it, and everyone else tends to be more understanding as a result.
Your customer does not have nearly the emotional involvement with that incident vs. when their infrastructure is having the problem. Because then it gets personal; they have to own it (and boy will they let you know about it)! Their business is down, while everyone else in the world wonders what’s wrong with them. And let me tell you something: you have never heard a customer scream FIRE until their Exchange server drops off the map. Lordy.
But 365 drops an hour or two of service? Well, maybe it still sucks, but you know, a lot of folks are in the same boat with you right now, and in the end, it’s someone else at Microsoft having the really bad day, and all we have to do is wait. This is actually a selling point, in my opinion, and not a drawback. Compare this with having to scream and shout, and ultimately pay expert consultants to come and fix your emergency for you.
Here is a list of reasons I have personally seen on-prem servers go kaput:
- Hardware failure (e.g. could be harddrive/RAID controller, could be motherboard, etc.)
- A/C goes out and equipment overheats, resulting in hardware failure
- Patch is applied that borks something
- Cyber security incident such as ransomware
- Mistake made by the IT department or vendor
- Mistake made by an outside vendor (I have even seen a case where a telecom guy tripped over some cabling; and this incident even resulted in data loss!)
The point is that your rinky dink server closet will never compete with the cloud. Many of those incidents listed above would result in downtime that exceeds the recent incident that I mentioned with Microsoft 365. $20/user/month for a full interconnected ecosystem of apps that includes your email, file sharing, communications and collaboration? Oh and that comes with georedundancy, too? It’s a steal, and a no brainer.
Why would an SMB choose to remain on-prem? That is an insane choice. And if someone chooses it, then they are not following data or reason, but something emotional and therefore non-measurable. Maybe they are just stuck in their ways, or maybe they love the risk and the drama that attends these types of incidents (I mean it is a little bit fun to lose your sh*t sometimes).
Beyond that, we also have the fact that all the new hotness in development goes into the cloud apps, not the legacy stuff. And beyond that, when you are cloud-native that means you are managing devices, apps and security for every device platform, and for every location to which that device may roam. Cloud-first = mobile-first. Look at where we are today with the majority of info workers sitting at home, beyond the walls of the corporate network. There’s no going back to the olden days now. Onward.
The only cases where I make exception to the rule
If the rule is “cloud-first” then the exceptions are as follows:
- Super rural area business with shitty ISP options (this is shrinking: many rural areas are starting to get decent options now)
- Dependency on a legacy application that is only available for Windows Server environments (or worse, some kind of old mainframe system)
That is really about it. I do not believe that any other exceptions exist. With regard to the first, your hands are tied–I get it. With regard to the second, we still need to have another conversation.
Some folks will claim they just cannot do without X application. But I would challenge that idea. Why can you not go without this X application? Is it because this software really does something so special that there is just no replacement out there in the world? Or are you just emotionally attached to it? Like, you don’t want to learn a new CRM or whatever? Perhaps you just weren’t aware that there might be even better options available? I mean, have you tried Salesforce? Or are you just against the idea of change in general?
Now there are instances where it doesn’t matter: they aren’t going to change their minds. The customer has dug in their heels and they are sticking with what they know. That’s fine, as long as they know what they are picking and why (as well as what they are leaving on the table). I just want them to acknowledge fully that they are making an emotional decision and not one that is based in facts and evidence, or one which is “better” for the business. It’s better for their lazy proclivities.
But, there are are instances out there, where genuinely no other migration path is available. The customer has so much work into customizing whatever database app, etc. to fit their unique business process that it would be cost prohibitive to do anything but upgrade in place, even if that does involve purchasing new hardware! Certainly when you have to start converting a lot of business processes over to a brand new system there are other costs to consider, whereas a migration from hardware A to hardware B, or virtual machine X to virtual machine Y is just too easy; the path of least resistance will often be followed in this case.
Okay, that maybe gets them by for the next 3-5 years. But in that 3-5 years, they would be very wise to start making efforts toward a transformation to some other system. And maybe their software vendor is catching on to the cloud as well: they are starting to realize they could offer their own cloud version of the same app, and stabilize (probably even increase) their revenue at the same time. But the point I want to make here, whether you sell that software or consume it, is that you need to be having those conversations right now even if you are upgrading in place for the meantime. How much longer does it make sense to stay tethered to the relics of the past, when competition has already moved on from the drag of being in the datacenter business?
The mission as the focus
Especially in the SMB where resources are tight, you have to understand that these little companies would rather focus on their mission; they don’t care about infrastructure: they just want it to work! For decades, technology has been a necessary evil. It’s an enabler, yes, but it is also a headache, not to mention a cost center. We are now at a point that email, communications, productivity: it’s all a commodity now, and highly interoperable and interchangeable from one platform to another. Therefore, the only deciding factor is cost (which means your customer will most likely choose the cheapest possible option with the least responsibility for them). They don’t want the job of managing infrastructure! They just want to consume the software they need to do their job. Your customer’s focus is on their business and the mission, not the bits and the bytes.
By bringing them into the cloud, and subsequently helping them to customize and manage it, you are helping them to do exactly that: you are keeping their focus on the mission. No more interrupting them every 3-5 years to spend gobs of money and time to migrate to a new server.
The future of Managed Services
But on the other hand, you can start to do more valuable work: you can help them to solve business problems with their new technology. You can help them to stay current with the latest changes and improvements (which are now flowing at a constant pace). Only you can help them bend the new software to their will and desire. Only you can help them with the change management aspect and keeping it all smooth sailing. And you have more time to do this now, because you aren’t dinking around in their server closet anymore.
I suspect the real reason that MSP’s are reluctant to go “all-in” with cloud (i.e. no more servers), is because they are worried they will lose their importance. They still cling to the almighty server because for years they have only been managing the “stuff” of technology instead of the services. The model has been to worry about the infrastructure only: the bits and the bytes in the wiring closet. And this translated to basically ignoring the business. You would say: “Let the customer worry about their business, while we worry about the infrastructure.”
But guess what? Infrastructure is dead. At least in the SMB. You can’t keep hiding in the closet with your nose in the wires anymore. It’s time to get back in front of people and help them further their mission. This is actually way more valuable work, anyway.
Not only that, but the ever-evolving nature of cloud apps and services is a completely natural fit for Managed Services, too. If something is being added to the cloud service that could take work content out of your customer’s day, wouldn’t you want to let them know about that? They probably aren’t aware of all the changes happening in the Microsoft cloud, after all.
Or, on the flip side, what if something is being deprecated that they still rely on? In that case too, they are going to need your help in retooling those business processes before the end of life date. But this also requires you to be “tuned in” to the business, not just the technology. You need some understanding of how each customer consumes the software, as well as a solid understanding of the cloud platform itself, and, to some extent, how it all works under the hood (it’s not just magic, I promise you).
So if you are selling Microsoft 365 (with or without traditional servers in the picture), and you are not including a Managed Services offering with it, you may be missing out on some really solid opportunity to become an even more valuable partner to your customers (that means better, stickier relationships, and more revenue).
But worse than missed opportunities: you may also be leaving your customers open to unnecessary risks. Someday they might end up with a bad taste in their mouth for cloud because some service or another goes dark and is removed forever, and they didn’t know about it. Or because there was some shift in the security landscape that required them to make some kind of change or update. They missed it, and got compromised as a result. Is that cloud’s fault? No. It is yours. You are the cloud partner, and you are supposed to be on top of these changes.
In conclusion, do not be afraid to let go of the past. There is always more work to be done, and the more you lean into it, the better and easier it gets. I for one do not miss being called in on a weekend to restore an Exchange server. Can I get an amen?
Great article, I agree whole heartedly with you. I found your blog about a year ago and have been enjoying the mailings, it’s because of you that I discovered the power and adaptability of inTune – auto mapping sharepoint and teams completely removing the Server and Drive letters from my Smaller customers environments and ridding them of legacy servers.
Here’s a question, leaning towards WVD as a remote method of supporting previous on prem software solutions like CRM, QuickBooks and Sage specifically. For this inquiry, assume cloud versions don’t exist (manufacturing and premiere contracting editions of QB Cloud don’t). Is this possible to setup from an Azure WVD Instance without incurring licensing fees above what it would cost to host these on prem ? What about exporting to Excel / Outlook for emailing …
I would love to know if you’ve ventured down this path with success!
I do have an opinion about WVD–see this article. There were some show stoppers for me early on with that technology, but it’s getting better. Nevertheless, the core question is still whether you can implement it for less than the traditional server, because there is no real value add over deploying RDS on-prem, in my opinion. Unlike moving to a rich collaboration platform like Microsoft 365 where we have additional value all over the place. Therefore the decision ultimately falls back to the dollars and cents. If it is more expensive in Azure, it won’t make sense for SMB customers. If you were going to do it, I think it would be best to go with a Nerdio solution (if you are an MSP)–they have done a lot of the legwork for you to make deployment easier, and to help you jump-start an Azure practice (if you have little or no experience). They also can help manage the runtime cost and configure the auto-shutdown/startup schedules.
Sorry but I don’t buy the cloud all-in. If you are a US based company that’s fine, but anyone else is at the mercy of a foreign company and his country’s policies. If something has told the rest of the world the last 4 years is that the US is not a reliable ally, and your company can be completely shutdown and destroyed with a presidential order and a few mouse clicks.
I understand the benefits of the cloud (I’m certified in Azure and Office 365) and have several customers with big cloud workloads, but we also have DR plans to migrate everything on prem to the cloud and viceversa. We never EVER lose control of our data and we have plans to continue our work whatever happens.
For me the future is hybrid. In a world of IaaS, PaaS and SaaS people trade far too easily control of their business for the sake of simplicity. Don’t be a CaaH (Customer as a Hostage).
MSFT operates datacenters all around the world and has lived up to their word on privacy every step of the way (your data is YOUR data, even if it happens to live in their cloud), and they have even take governments to court when necessary. Interesting point of view, but since I am not one of the tin foil hat wearing types, I am not bothered by what you say in the least.
Good article, I enjoyed it as well as the mailings. For my customers where all file data is in SharePoint, email in the same 365 tenant, I feel the one piece that is keeping me tied to on-premise servers is the client/workstation/laptop login along with the related password and Group policies. The servers have been reduced to this single role which does make for simple and cheaper migrations, but definitely some complacency happening here on my part.
You can achieve the same, and even better, with Azure AD Premium and Intune. Users can sign in using 365 creds to their computers (or better yet–Hello), and all policies and software deployments can be managed from the cloud. No longer tied to the cloud, don’t need to return to office to maintain trust with domain and get gpupdate. If you have Internet then you’re good to go!
Hi! interesting opinion, and in part I agree.
1)Out of USA the connectivity is not everywhere so powerful and the risk is that the network become the bottleneck
2)You cannot remove completely the use of a data center (obviously reduced) because you need network equipment (Routers, switches, firewalls)
3)Are you sure in a long terms the costs won’t increase? Then you should think to compare different cloud vendors and the poor IT should spend it’s time migrating from one cloud to another..
If you use Azure AD and O365, I think you will be linked forever to MS. And probably is what Microsoft want.
1) Addressed already in the article
2) Routers, switches and firewalls are disappearing and losing importance; just get me an internet connection, I don’t care how it happens. Look at everyone working from home. Are you going to ship all the remote workers company firewalls to install at home with a managed ISP connection? Probably not. The new approach implies zero trust (ie. you don’t assume the network is trusted)–given that you don’t trust it, that implies a certain architecture (and M365 can deliver it).
3) MSFT has competition, and you are an at-will customer. You could have the same concern about Google or any one else out there. Are you tied to just one provider forever? No, I don’t think so. If you are willing to do the work to migrate your data, then it is no problem. There are numerous cloud-to-cloud migration tools available already and no doubt more in the future. Who knows what these services will cost in the future, but prices have held steady for better part of a decade already (this stuff isn’t brand new anymore). And the fact that competition exists is a good thing for you.
I agree with your approach, but from my experience it’s not just a matter if the client is ready for the cloud or not, it’s more if the vendors can support the vendors (including Microsoft) can make the cloud more supported and usable.
Think about aad authentication only, how many vendors truly support that? let’s say scanning to sharepoint or security appliances that allow aad auth, even Microsoft is lagging on some features such as sharepoint file sync auto deployment is just not really available (users still want/need to access files thru explorer).
If you are a MS partner your knowledge comes in handy here, and it is how you close the gaps (they aren’t really gaps–they are just perceived that way because you want to do things the way you did them in the past, in reality it just looks different now).
Example: You don’t set up scan to OneDrive/SharePoint directly from an MFP device (which does not support scan to cloud locations), instead you configure scan to email (which is already available everywhere), and then use a Flow to move the scans to the appropriate location in SharePoint.
When it comes to file shares, there is much to be said; but in a nutshell–you still have file explorer, and we already have the ability to use Admin templates in Intune to sync library X, Y, Z to your file explorer (so it is not accurate that this is not available; it is available). But there is so much more to the file sharing story in M365; it is NOT a 1-1 replacement of your file server and that is not/should not be the goal (and never will be). You as the MSFT partner must help your customer to embrace the new platform and everything that implies. It is not a migration, it is a transformation. For example, it might mean they don’t access 100% of their files via file explorer (in fact that should be seen as a legacy thing at this point). They can still access some files that way if they really want to, but I see it as a “geezer bridge” to get us into the cloud/web/mobile-native environment.
So to say MSFT is “lagging” is not accurate–in reality, it is more accurate to say that you and your customers are lagging–the goal is to catch up with the pack now and deploy the “right way” for a cloud-first, mobile-first world.
On your list, you wrote, “Cybersecurity incident.” External providers can have Cybersecurity incidents as well.
Even though this is true, the chances of Microsoft cloud services being impacted globally is still much lower than the typical SMB housing stuff themselves in a datacenter. They all think they are smart, but they don’t have the cyber budget that MSFT has (even though they are a “bigger target”). Statistics are not on your side if you think you can do better than them. Even just in my own experience, how many SMB’s have I helped through a security incident this past year that caused major outage? Several. And I am one dude serving in the SMB space in one city in one country. How many cybersecurity incidents at MSFT cause major downtime for customers last year? None.