- How is TCG unique when it comes to building in the cloud?
- TCG provides fully-managed cloud solutions to the Stanford community. In effect, we're an internal managed service provider (MSP). We build and support systems throughout their life cycle, maintaining our relationship with our clients and their systems over the months and years.
We don't set up cloud accounts or build servers, only to hand things over for someone else to manage and support. For groups interested in do-it-yourself cloud technologies, you can check out this service page.
- How much does TCG charge for cloud services? Is it the same as on-premise servers?
- We effectively have two cost recovery models. Our more traditional recovery model charges clients the same amount every month for each server, without hourly charges or extra fees. This rate adjusts modestly every fiscal year and can be found on the IT Rates Page under System Administration Solutions. We charge the same to support virtual machines in the cloud, on-campus VMware environments, or physical servers in the data center.
For a more modern cloud solution that might have serverless components, hosted technologies, containers, and autoscaling, we are employing a more flexible and holistic model to recover the cost of our services. Typically, we'll charge an hourly Time & Materials rate for the initial architecting and deployment of a solution; then, once things are in production, we'll switch to a monthly recurring charge to recover ongoing operations (like monitoring, security auditing, and alerting) for everything in the cloud account. We'll propose a charge that covers our actual costs each month, arriving at a fee that we think is fair and responsible.
- Are cloud costs included in TCG's service fees?
- No; clients are responsible for any costs associated with their dedicated cloud account. TCG helps manage costs by providing cost estimates, establishing a budget, setting billing alerts, providing an expense dashboard, right-sizing technologies, and helping understand expenses.
- How is the cloud bill paid?
- University IT pays the client's bills first, then recovers the cost by re-billing the client's PTA. For example, if December's AWS bill is $43.55, UIT will pay the invoice directly from Amazon then charge the client $43.55 in January. There is no additional service charge for this.
- Can I use my own, existing cloud account?
- TCG creates and manages unique cloud accounts for our clients, integrating them with our tools. They are dedicated exclusively to one client and usually just one project. We can always create additional accounts for additional projects and use the same billing and contact information. For these reasons, we prefer to build solutions in extant accounts.
- Will I have full access to my TCG-managed cloud account? Can I build my own non-TCG managed systems there?
- Typically, no. This adheres to a security model which advocates for minimum necessary access to IT resources. We keep the TCG-managed resources separate and can help you create a separate account for your other resources. We will also help integrate the two virtual private clouds (VPCs) if necessary. We will also give you CloudCheckr dashboards for billing and inventory access. However, our strong preference is to provide our clients with all the necessary access to the resources within VPC, and provision granular access to the console only an as-needed basis with the minimum necessary permissions.
- Is TCG part of Stanford? Are staff members all University employees?
- Yes, we are all full-time Stanford employees; many of us have been at the University for over a decade. Technology Consulting Group is a part of Consulting Services, which is part of Client Experience & Solutions, itself a part of the 600+ person central technology organization, University IT.
TCG does partner with trusted external vendors for some projects. See the TCG + Onix page for more information.
- Can I use the cloud if I have high-risk data or protected health information (PHI)?
- Yes; there are three things to consider:
- TCG is in alignment with the security requirements from the Information Security Office (ISO), Privacy Office, and the School of Medicine's security initiatives. We build solutions in compliance with the Minimum Security Guidelines.
- We assist our clients with Data Risk Assessments to ensure the architecture is vetted appropriately and approved before put into production.
- The University has a Business Associate Agreement (BAA) with Amazon Web Services, Google Cloud Platform and Microsoft Azure, so when building solutions that contain health information, we verify the selected technologies are covered under each vendor's list of HIPAA-compatible offerings.
- Can I take advantage of cloud credits or discounts?
- TCG will process your credits or discounts automatically and apply them to your account. If the cloud vendor issues a credit the following month for things like data egress, it will be applied to your next billing cycle.
- Can I still take advantage of a cloud vendor's introductory free tier of service?
- No; because both TCG and University IT use enterprise organizational structures to manage cloud accounts, the free tier is unavailable. We do, however, automatically pass through discounts to each account for certain data egress fees or services that are discounted to those accounts within the Org structure.
- How are AWS EC2 Reserved Instances handled and billed?
- TCG configures your cloud account to take advantage of discounts associated with reserved instances. We will make the one-time RI purchase on your behalf, and it will be yours exclusively. We do not resell or re-apportion reserved instances among our different clients.
- Which cloud vendor does TCG use? Is there an official recommendation that needs to be followed?
- TCG is cloud agnostic and recommends the vendor based on the client's needs, priorities, and workflow; we also seek alignment with different schools' senior leadership's initiatives around one vendor or another.
We keep up-to-date on emerging services and changes in pricing to inform our decisions. For example, if a client needs long-term archival storage, each vendor has different fees, charging formulas, and billable considerations beyond simply the cost to store a gigabyte for a month. We also dig into considerations like the kind and risk classification of data, predicted frequency of restores, and each client's need for recovery and data restore times when choosing one vendor over another.
Frequently Asked Questions About TCG Cloud Solutions
Last modified February 21, 2020