Provisioning Above-Campus IT Services: Supply and Demand

© 2009 Brad Wheeler and Shelton Waggener. The text of this article is licensed under the Creative Commons Attribution 3.0 Unported License (

EDUCAUSE Review, vol. 44, no. 6 (November/December 2009)

Brad Wheeler ( is Vice President for Information Technology and Chief Information Officer for Indiana University and a professor of information systems in IU's Kelley School of Business. Shelton Waggener ( is Associate Vice Chancellor for Information Technology and Chief Information Officer at the University of California, Berkeley.

Comments on this article can be posted to the web via the link at the bottom of this page.

This online article supplements the print and online article "Above-Campus Services: Shaping the Promise of Cloud Computing for Higher Education," EDUCAUSE Review, vol. 44, no. 6 (November/December 2009), pp. 52-67, <>.

The terms IT service and provisioning are important concepts for understanding the promise of cloud computing. For example, an IT service could be an e-mail account, remote PC backup, data set storage, course management system, help desk, high-performance computing (HPC) job, multi-core programming code optimization consultation, licensed software distribution, or other technology that enables education and research. An IT service also has elements of contracting, legal and policy compliance, evolution and improvement, measurement regarding cost and effectiveness, and user support as essential components. Provisioning defines the means through which these components of an IT service are made available. An academic department may have IT staff who buy hardware, manage software systems, and provide assistance. Alternatively, IT services may be provisioned through a shared-service unit of a school or campus, through a consortium, or through a contract with a commercial vendor.

Cloud computing proposes new means to provision some familiar and some new types of IT services. The presumed benefits of cloud computing are premised on three fundamental economic arguments:

  1. Aggregation of IT services will provide large cost benefits via economies of scale relative to other provisioning models.
  2. Access to IT services can be efficiently obtained on demand, in the capacity required, and for only the time actually needed.
  3. Aggregation can access a valuable ecology of innovation at scale for service improvement that is not otherwise possible.

Supply Side: Three Models

Cloud computing provisions aggregated IT services via three distinct models: Infrastructure as a Service (Iaas), Platform as a Service (Paas), and Software as a Service (SaaS) (see Table 1). The physical computers and software for these service offerings will likely be located in very large, highly optimized data centers to enable economies of scale and then sold via a variety of contracts and offers. This aggregation can yield vast energy savings and waste reduction compared with the current model of many distributed servers.

Table 1. Supply-Side Models

Model Example Offerings Personal Computing Metaphor
IaaS Amazon EC2/S3
PC without any operating system or software, bare-bones hardware
PaaS Microsoft Azure
Windows Server
SQL Server
Add: Windows, login security, browser, network connection, media player, database software, automatic software updates
Add: word-processor, spreadsheet, music library manager

Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS) has long been part of the computing landscape in various guises. Recently, however, vendors have started offering it as a discrete product, scalable from the smallest unit up to entire enterprise-class environments. A typical IaaS offering may include one or more of the following components: servers or CPU capacity, network, storage, or data center facilities. Unlike past offerings that served as extensions of in-house data centers (e.g., institutionally owned servers in a vendor's machine room or dedicated fixed-server capacity), modern IaaS offers far more on-demand scaling of each infrastructure component as needed.

For example, campus student information systems may be heavily saturated during enrollment, or learning management systems may overwhelm local capacity before final exams, whereas demand for these systems is more modest at other times of the year. When each campus operates its own systems, it must buy and operate a large number of servers to handle these bursty, peak-demand surges. The large capital investment and energy use of these servers is vastly underutilized the rest of the year. On-demand IaaS means that an institution can rent the power of 1,000 servers for peak demand while paying for the power of only 100 servers at other times of the year.

IaaS is directly available to individuals — faculty, staff, and students — as well. For example, Amazon's Elastic Compute Cloud (EC2) and Simple Storage Service (S3) allow individuals with no local computing expansion available to quickly provision servers, memory, and storage on demand without ever having to worry about data center power or cooling issues. IaaS is the bare-bones, just-in-time computing store of the future. Institutions and individuals can access enormous computing abilities without ever having to buy servers, find a place to securely set them up and cool them, install the operating systems, and connect them to a storage area network. Institutions and individuals can simply use a web browser to enter a credit card number or purchase order with an IaaS provider, respond to a few basic questions, and then begin using an instant computing platform of whatever size is needed and for whatever time is needed. Note, however, that IaaS is a stand-alone solution, not automatically linked to any other campus systems for identifying users, logins, or long-term data storage, for example. At present, that work must still be done by IT specialists within institutional security policies if the use of IaaS is more than an ad-hoc, disposable use.

Platform as a Service (PaaS)

Platform as a Service (PaaS) can be thought of as a basic IaaS offering plus additional capabilities. PaaS adds a sophisticated suite of services to take full advantage of the basic hardware. These services are software tools — sometimes called middleware — and can be one of the most challenging areas of information technology. Creating an effective PaaS environment requires considerable intellectual investment to stitch together a host of specialized tools and services to optimize speed, concurrent use, and reliability. These tools can include services for database management, performance tuning, provisioning, application development and testing, monitoring, data integration, and other services that are not typically the domain of a single campus group or IT department.

Although configuring PaaS environments can be labor- and expertise-intensive, pre-configured PaaS offerings can reduce the vast and expensive middleware customization that pervades most campuses. PaaS means that computing and pre-configured middleware offerings are ready to go. IT professionals or end users can then focus on their software applications rather than sewing middleware services together. For example, Microsoft's recently released Azure ( combines an IaaS and a PaaS as a comprehensive solution for application software that uses the Windows Server platform.

Software as a Service (SaaS)

The third aspect of cloud computing, Software as a Service (SaaS), was originally thought of as a rebranding of the late 1990s emergence of "Application Service Providers," whereby vendors would provision software applications via the Internet from their data center. That approach proved to be quite unwieldy, since significant technical and financial challenges impeded extending the traditional client-server model over the Internet. Insights from that era, however, have helped pioneer offerings that form the core of an emerging SaaS ecosystem. For example, the former Oracle Corporation executive Marc Benioff created in 1999 with the slogan "Success. Not Software" — a radical departure from the traditional marketing of software companies.

SaaS companies use the Internet as the native platform to deliver their services rather than selling licensed copies of software for local installation. Early versions were stand-alone, narrowly focused solutions with little integration to other software applications and data. Today, entire ecosystems of SaaS integrate the various software needs (e.g., enterprise business applications, personal productivity, group collaboration) that were previously purchased and provisioned individually at each campus.

Demand Side: Individuals and Institutions

The trend is clear and the economics compelling. Aggregated IT services can be efficiently provisioned at massive scale via the cloud offerings of IaaS, PaaS, and SaaS. The pervasive offers of valuable IT services from commercial cloud providers mean that many individuals and institutional units on campus will be making choices to use (or avoid) various cloud services. This distributed decision-making autonomy is a critical and fundamental difference between this new era of IT services and the past. It necessitates new assumptions, policies, and education within and beyond campus- or school-level IT organizations.

Democratizing Decisions for IT Services

Historically, IT services were the domain of institutional IT staff — due to the islands of rich network connectivity, the investments required to establish systems, the specialized facilities for power and cooling, and the paucity of alternatives for IT service offerings. Cloud services are creating a discontinuity in the historic decision-making roles of campus IT staff. For example, a course management system may previously have been provisioned from a campus data center, contracted to a remote data center, and managed by IT staff, or it may have been provided entirely in a SaaS (Application Service Provider) model via a commercial firm, but that choice was an institutional-level or possibly school-level decision. Similarly, institutional IT staff may make decisions (with faculty guidance) to provision HPC facilities for researchers who need access to supercomputers or massive data-storage systems. These services are created by IT staff and made available within institutional security and other policies.

Today, however, commercial cloud services and IT consumerization are shifting the locus of decisions for many IT services. High-speed networks are the catalyst for democratizing access to IT services, allowing anyone to become a one-person IT staff. Since IaaS and PaaS capabilities can be obtained on demand with nothing more than a credit card or purchase order, any faculty member or student — acting as an individual — can make choices regarding computing activities that are conducted in the name of an institution (e.g., computation for a federally funded research project). Need an e-mail account for a new project? Simply go to (free) Yahoo! or Hotmail and sign up. Need to show a presentation to a Dean's Advisory Council? Try Preezo or Google Docs. Need to make a call to some faraway country? Skip the phone, install Skype on your laptop, and make calls directly from your computer. Need a departmental e-mail campaign to 13,000 alumni? Just use ExactTarget.

Likewise, the consumerization of information technology also means that relatively inexpensive devices will pervade the IT landscape for research and education. The plethora of handheld, wireless, and embedded devices provides an opportunity for making individual choices regarding many IT services. The relatively limited capabilities of these devices are vastly amplified via the many public cloud services that are marketed to consumers. For colleges and universities, these offerings to individuals may be a remarkably efficient way to access IT services on demand — or they may be a policy and institutional risk nightmare. Regardless, the inescapable conclusion is that IT staff — whether part of an institution's leveraged, shared services or within a distributed academic department — face a discontinuity in their role of provisioning IT services. The selection and utilization of services is now determined more by popular demand than by detailed architectural planning. The era of democratized IT services has arrived.

Policy-Compliant IT Services

Institutional policy compliance and risk analysis is missing from the democratizing wonders of cloud computing. Few faculty and staff members — who may be unwittingly acting as unauthorized agents of an institution — consider the commitments and legalese of click-through agreements for many online services. Legal counsel may have grave concerns regarding the terms imposed in those agreements, and IT security offices must worry about the risks that an individual's actions can impose on other users of a campus network. For example, how can IT staff protect the campus-computing environment when a service like Skype connects millions of computers, any one of which could be the source of a significant security threat?

For the campus IT community, this new landscape feels a bit like the technology equivalent of the Wild West: unplanned, unpredictable, potentially dangerous — and very exciting. Higher education prides itself on creativity, innovation, open access, and the dissemination of information. Thus, the arrival of cloud computing should not represent a threat but, rather, should indicate a limitless expansion of technology environments. Institutions should encourage the adoption of beneficial services that further education and research, and IT staff who are charged with policy compliance should evolve policy, user education, and technology to adapt to this new technical reality.

Public and Private Clouds

In current conversations about cloud computing, the presumption is that the aggregation of supply can be achieved only at massive scale by commercial firms. Provisioning IT services will be through a fee-for-service or free (subsidized) business model similar to an unregulated public utility. However, IaaS, PaaS, and SaaS can also be provisioned as a private cloud offering to a bounded set of demands across a campus or a consortia of institutions.1 This may be created in an institution's own machine room, or a public cloud provider could isolate a set of services via a contract for a college, university, or consortia. Many institutions are already well on their way to aggregating IT services and provisioning efficient, private, on-campus clouds.

For example, Emory University moved early in providing virtualized storage services (a form of IaaS) to schools and administrative departments. Likewise, the central campus IT organization at the University of California, Berkeley, shifted its organization model and systems delivery to support internal campus cloud services. Many campuses have historically used an IT paradigm that provisioned individual, stand-alone processor and storage solutions per customer group (e.g., Bursar, Library). The new systems-delivery model provides a portfolio of offerings built from a menu of component services available to all. For example, Berkeley now offers virtualized server farms and storage pools (IaaS), reusable middleware, code repositories, and other technology services (PaaS), and a number of shared software systems (SaaS) to any user on campus. As the private, policy-compliant cloud computing provider for Berkeley, the services can be offered individually or can be aggregated to create solutions for individuals, departments, or the whole campus.

Private cloud services can provide an important step for institutional efficiency over highly duplicative IT investments in many disparate schools and departments. In a stage model of IT service evolution, today's private clouds represent a leading-edge path to policy-compliant, efficient IT services. In other words, provisioning IaaS, PaaS, and SaaS for a thousand policy-compliant virtual servers in an institutionally operated and well-staffed data center can save big money over hundreds or thousands of servers spread across campus. Yet in the emerging game of efficiency through scale, this may be only an interim stage. The real economies in number of processors, design of data centers, reduced energy consumption, and bundles of IT services may be at levels in the tens or hundreds of thousands of processors, beyond the reach of any one institution.


The foreseeable path to low-cost, innovative, and economically efficient IT services is premised on achieving massive economies of scale on the supply side of IT service provision. Choices to use various IT services in colleges and universities are likely to become more diffuse on the demand side as the number and variety of network-connected devices proliferate. Consumerized IT service offerings will proliferate to connect supply and demand, and this represents a real discontinuity for institutions that have long supplied policy-compliant IT services to faculty, staff, and students via decisions made by IT staff. Although these trends are certain, institutional actions now can influence the evolution of both supply and demand for above-campus IT services.

  1. Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski, Gunho Lee, David A. Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia, "Above the Clouds: A Berkeley View of Cloud Computing," EECS Department, University of California, Berkeley, Technical Report No. UCB/EECS-2009-28, February 10, 2009, p. 1, <>.