Berlin
#awssummit
@AWS_Aktuell
AWS Cloud Adoption Framework
an overview
Marcus Fritsche
AWS Cloud Adoption Journey
What skills and
capabilities are
required?
How to compose
adoption team?
How to structure
cloud programs?
Strategy for quality
delivery and
operations?
Customers are asking us for the
high-level enterprise-wide
organizing logic for mapping their
business needs to IT capabilities,
reflecting the agility, integration and
standardization changes that cloud
computing brought to IT industry.
Strategic relationships are opening-
up new set of questions, requiring
AWS to demonstrate delivery
capability, technology insight, and
practical business value to our
customers.
Will risk increase?
Can we run cloud
secure and
compliant?
What are the
priorities?
When to deliver
solutions?
How to design
foundations?
How to migrate
workloads?
What tooling do we
need?
What is the new
ITSM cycle?
Business Impact?
What to measure?
How to measure?
AWS Cloud Adoption Framework
The AWS CAF organizes and
describes the perspectives in
planning, creating, managing, and
supporting a modern IT service.
Offers practical guidance and
comprehensive guidelines for
establishing, developing and running
AWS cloud-enabled environments.
It provides a structure where business
and IT can work together towards
common strategy and vision,
supported by modern IT automation
and process optimization.
People
PerspectiveProcess
Perspective
Security
Perspective
Maturity
Perspective
Platform
Perspective
Operations
Perspective
Business
Perspective
KEY PERSPECTIVES AND
MODELS
AWS Cloud Adoption Framework
Business Perspective
CAF
Business PerspectiveInformation Technology (IT) is used by
organizations to process, manage and
communicate information efficiently and
is a vital capability within modern
business environments. Increasingly, IT
also serves as the basis for delivering
innovative products and services that
can transform conventional ways of
doing business.
The Business Perspective represents
areas that business and IT people must
focus on to ensure that IT is utilized in an
optimum way to deliver the maximum
value.
Budget and
Cost
ManagementIT Strategy
Governance
Supplier
Management
Risk
Management
Benefit
Management
IT Strategy Model
Customer
Internal Business
Processes
Learning and Growth
FinancialMaximize
shareholder
returns
Manage
cost of IT
Enable value
creation
Demonstrate
competitive
costs
Deliver quality IT
services
Maximize
business
productivity
Achieve
business
strategies
Attract and retain
key talent
Enable strong
career
development
Promote culture
of innovation
Acquire skills in
enabling
technologies
Understand
emerging
technologies
Propose
enabling
solutions
Understand
business
strategies
Standardize
platforms and
architectures
Manage IT
service quality
Optimize IT
processes
Empower and
support
end-users
Improve IT
productivity
Deliver on
schedule and
within budget
Utilize
economies of
scale
Application Disposition Model
Discover/Assess/Prioritise
Applications
Use Migration Tools
Transition
Production
Retain / Not
Moving
Redesign Application/
Infrastructure Architecture
App Code
Development
Purchase COTS/
SaaS & licensing
Test
Modify underlying
Infrastructure
Full ALM /
SDLC
Manual Config
Manual
Deploy
Manual Install
Retire /
Decommission
Determine
Migration Path
Automated
Manual Install
& Setup
Integration
Process PerspectiveCAF
Process Perspective
What is a process in Cloud Adoption?
For the purposes of the CAF, process can
be defined as a set of interrelated actions
and activities performed to achieve a
specified set of results, outcomes or
services.
The Process Perspective components cover
activities across complete IT lifecycle, help
structuring the work, re-engineer manual
processes, assure quality and govern
delivery of agreed outcomes.
Portfolio
Management
Service
Delivery
Management
Program &
Project
Management
Continuous Integration/ Continuous
Delivery
Process
Automation
Quality
Management
Cloud Lifecycle Model
- Effective ongoing service
management
- Governance and monitoring
- Initiation of new activities
- Feedback loop and
Optimization
- Creating/building/coding IT services
that meet/exceed defined expectations
- Testing/validating IT services against
testing plan and acceptance criteria
- Transition/deployment of IT services
into operations
- Assessing and analyzing the current
state
- Defining strategic vision and direction
- Setting financial, GCR and
organizational structure
- Validation before delivery begins
Iterative
Development
Strategy Analysis Design Transition Operations Improvement
Value-based
Planning
Automated
Operations
Initiative Roadmap
Cloud Adoption Strategic Initiative
Launch and mobilize
Cloud Adoption – Service Analysis & Design
Maturity and Gap Analysis
Cloud Technology Foundation Design
IT Organization Redesign
IT Process Redesign
Application Portfolio Assessment
Cloud Adoption – Service Transition
Integrated IT Operating model
Provisioning, Migrations, Handover
Cloud Adoption – Service Operations
Monitoring, ITSM Management
SLA Management, Billing, Reporting
Cloud Adoption – Portfolio Governance
Weeks 1-4 Weeks 5-8 Weeks 9-12 Weeks 13-16 Weeks 17-20 Weeks 21-24 Weeks 25-28 Weeks 29+
Define Cloud Strategy & Team
Maturity PerspectiveCAF
Maturity Perspective
Maturity model helps customers with
structured, systematic assessment
and planning of capability maturity,
defining the most optimal map
towards effective use of cloud
computing.
Focus of maturity perspective
components is on consistent
implementation towards more secure,
well-managed and cost-optimized
cloud-based IT capabilities.
Cloud
Readiness
Assessment
Cloud Maturity
Heat-map Assessment
Target Platform
Capabilities
Application
Portfolio
Analysis
Roadmap
sequencing
IT Management
Assessment
Customer State Roadmap
Traditional
Cost-
focused
Innovative
Quality-
driven
Growth-
obsessed
Leading
Stimulating
Innovation
Preparing
For M&A
People Perspective
CAF
People Perspective
People perspectives covers
organizational capacity, capability and
change management functions that
are required for efficient Cloud
Transformation.
Activities include assessment,
organizational re-alignment and
training/readiness required to build
agile IT organization capable of
leading the change towards effective
cloud computing adoption.
Organizational
Structures
Roles and
Job
Descriptions
Training
Certification
Readiness
Manage
Staffing
Organizational
Change
Management
Skills
and
Competencies
Cloud Adoption Team Skills
IT Architecture
Feasibility Analysis
Technical Requirements
Cloud Architecture
Application Migration Design
Technology Blueprints
Validation
SOA Strategy
IT Delivery
Infrastructure Provisioning
Solution Development
Service Deployment
Application Migration
- Rehosting
- Replatforming
Solution Deployment
IT Operations
Monitoring
SLA Management
Incident Management
Metering
Billing
Business Continuity Mgmt.
Disaster Recovery
Project Mgmt. Office
Scheduling
Progress Monitoring
Reporting
Orchestration
Initiative Leadership
Governance
Risk & Compliance Mgmt.
Cost Management
Information Assurance
Strategy Definition
Business Alignment
Adoption Roadmap
Benefit Management
Migration V-Team Org Model
Architecture Team
Lead Architect
Migration Team
Migration Lead
Operations Team
CloudOperations Lead
Program Mgmt. Office
Lead Program Manager
Security Lead Networking Lead Foundation Lead Cloud Ops - Network
Storage & DB Lead
Linux Compute Lead
Windows Compute
Lead
Automation Lead
DevOps Process
Lead
Program/Project
Manager
Web migration Lead
Linux app stack Lead
Win app stack Lead
Oracle DB Lead
Cloud Ops - Automation
Cloud Ops – Front-end
Cloud Ops – Middleware
Cloud Ops – Database
Business
Sponsors
Tools Lead
People and Team Modeling
Sourcing
Skills and Capabilities
Team Composition
Partnering/sourcing options – structural, geo and legal
Validating vendor capabilities & SLAs
Hardened interfaces – defined expectations and penalties
Scalable teaming model – based on
2-pizza teams
Roles and accountabilities for
delivery and operation
Well-rounded universalists for cloud
computing era
Skills profiles for various roles in the team
Balancing development, sysops, project
management and business skills
Core Team
Strategy Architecture
Support Engineering
Security DevOps
Skill
Dom
ain
s
Competency Levels
Platform PerspectiveCAF
Platform PerspectiveHelps architects and technology
teams understand the relationship of
abstractions used to model cloud
computing elements that are common
across an enterprise.
Platform Perspective components
describe the fundamental
organization of a hybrid IT system
spanning multiple environments, that
is embodied in its components, their
relationships to each other and their
design and evolution.
Conceptual
ArchitectureLogical
ArchitectureImplementation
Architecture
Application
Migration
Patterns
Cloud design
principles and
patterns
Conceptual Architecture Mapping
Measured elastic IT resource that can be rapidly provisioned on-demand,
such as: Object storage service
Service
A technology collection that can be transparently
obtained from collection of available stencils, such as a
LAMP stackStack
An aggregated IT functionality performed by
collection of various IT stacks, such as: Managed
DesktopWorkload
An ability of IT to provide value to the
business through a collection IT workloads,
such as: Line of Business PlatformIT Capability
An IT component that includes pre-defined and configured cloud
services, such as Spot instances in auto-scaling group Stencil
Pla
tfo
rm S
erv
ices
Fo
un
da
tio
na
l S
erv
ices
Networking Cloud Isolation Connectivity Elasticity Name Resolution
Security Firewall Identity & Access Auditing Encryption
Storage Object Store File Store Archiving Backup/Recovery Storage Integration
Compute General Purpose Compute optimized Memory Optimized GPU Optimized Storage Optimized
Server OS BSD Linux Windows Other
Database Relational NoSQL In-memory DB Data Warehouse
Data Integration ETL/ELT Replication Queueing Data Load MDM
Ap
p S
erv
ices
Composites Search Workflow Messaging
Mobile App Store Push Analytics Identity
Streaming TranscodingOrchestration
Data Analytics Data streaming Data Processing Data Mining Machine Learning
Protocols HTML REST SMTP IM/SMS SOAP/WS-* RDP/VNCSSH
Clients Browser Email Legacy App Mobile App TXTStore app Term Remote Desktop
App Server Java PHP Python Ruby .NET Node.js
Event Processing
Dev Env
Content Delivery
Man
ag
em
en
t &
Dep
loym
en
t
Monitoring Management
App Containers Provisioning
Ap
p
Develo
pm
en
t
SDK kit IDE kit
BC
P &
Co
nti
nu
ity
High Availability Disaster Recovery
SAP
HANA
Functional Architecture Modeling
Implementation Architecture Modeling
Availability Zone Availability Zone
Internet Gateway
External Subnet External Subnet
External
ELB
Internal Subnet Internal Subnet
Internal ELB
VPN Gateway
Operating Perspective
CAF
Operating PerspectiveEvery organization has an operations
group that defines how day-to-day,
quarter-to-quarter, and year-to-year
business will be conducted. IT
operations must align with and
support the operations of the
business.
Operating Perspective components
describe the focus areas used to
enable, run, use, operate and recover
IT workloads to the level agreed to
with business stakeholders.
Cloud Service
ManagementSLA/OLA
Strategy
Business
Continuity
Planning
Incident &
Problem MGMT
Change and
Configuration
Management
Performance
&
Operational
Health
Operating Model
Transition Operations Improvement
Architectural Governance
• Standards
• Cloud Architecture & Strategy
• PMO
Cloud Transition
• Foundational cloud services
• Application migrations in volumes
• Training, coaching, communications
MSP Transition
• Foundational MSP requirements
• SLA definition
• Transition to Managed Services
Cloud Operations
• Access control (traffic & connectivity)
• Tooling (self service, automation)
• Knowledge Mgmt (insights, metrics)
• Monitoring (reliability, BCP)
Legacy Operations
• On-premise infrastructure & platform
• Tooling (integration)
• Incident Management
Environment Optimization
• Service Management
• Alerting & Escalations
• Problem Management
• Reporting
• IT & Cost Optimization
• BCM
• Improvement Management (portfolio,
lifecycle, sun-setting)
Risk & Security
• 1st Line of Defense
• Security architecture & advisory
• Tooling (PenTest, IDS)
• Forensics & Insights
Operational Governance
• Operational Assurance
• Resource Management
• Cost Management
Security PerspectiveCTF
Security
PerspectiveEvery company is concerned with
protecting information and assets as
they grow the business. They also
want to ensure they are operating
within the legal boundaries and
standards set by and on the behalf of
governmental agencies and industry
associations.
Security Perspective components
provide guidance that enables a
comprehensive and rigorous method
of describing a structure and behavior
for an organization’s security and
compliance processes, systems and
personnel.
Reference
Security
Architectures
Governance,
Risk,
Compliance
DevSecOps
Security
Operations
Playbooks
Security
Strategy
Lifecycle
Security
Capabilities
People
Mo
nit
or
Man
ag
e
Network
Storage & Content
Instance
Database
Log,
Audit,
& A
naly
ze
Monitor
& A
lert
Platform
Amazon
CloudWatch
Amazon SNS
Notifications
AWS Abuse
Notifications
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, CloudFront
Access Logs
Application
Logs
Database Logs
Operating
System Logs
AWS Internet
SecurityELB SSL
Security Groups
VPC VPN
GatewayVPC Subnets
VPC NACLsVPC Routing
Tables
Direct Connect
Geographic
Diversity
S3 ACLs,
Bucket Policies
S3 Server-Side
Encryption
S3 MFA Delete Lifecycle RulesClient-Side
EncryptionS3 SSL
S3 Object
Metadata
Storage
Gateway SSL
CloudFront
Signed URLs
Auto ScalingSSH Keys
Bastion Host
Bootstrapping
Amazon
Machine
Images (AMIs)
CloudFront
Load
Distribution
Penetration
Testing Process
Oracle
Transparent
Data Encryption
MS-SQL SSLOracle NNE
Redshfit Cluster
Encryption
RDS Auto Minor
Patching
MS-SQL
Transparent
Data Encryption
DynamoDB
SSL
EMR Job Flow
Roles
Access Policy
Language
AWS SAs &
ProServe
AWS Sales,
Support, TAM
Security
Operations
Center
Elastic
Beanstalk
Rolling
Patching
MySQL SSLPostgreSQL
SSL
SimpleDB SSL
Redshift
Encrypted S3
Backups
DynamoDB
Fine Grained
Access
Route 53
Health Checks
Access Policy
Simulator
Auth
enticate
& A
uth
orize
IAM Users,
Groups & Roles
IAM MFA
AWS
Marketplace
Offerings
IAM STS
Federation
IAM Password
Policy
IAM SAML 2.0
IAM Web
Identities
S3 Object
Versioning
S3 Object
ETags
AWS Forums &
Documentation
AWS Service
Level
Agreements
AWS Training &
Certification
AWS CloudTrail
Server
Certificates
AWS System
Integration
Partners
Resource-Level
Permissions
Glacier SSL
CloudFront SSLGlacier Server-
Side Encryption
Amazon
Redshift
HIPAA SOC 1 / 2 / 3PCI DSS
Level 1ISO 27001 FedRAMP
DIACAP and
FISMAITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Org
aniz
e,
Deplo
y, &
Opera
te
SSL API, CLI,
Console
AWS
CloudHSM
Resource
Tagging
Snapshots &
Replication
AWS
CloudFormation
Desig
n
Overview of
Security
Processes
Logging in AWS
Whitepapers
Governance for
AWS
AWS Webinars
& Videos
AWS Security
Best Practices
AWS Security
Test Drive Labs
Operational
Checklists for
AWS
Security for
Microsoft Apps
on AWS
Pla
n,
Learn
AWS
Compliance
Forum
AWS Simple
Monthly
Calculator
AWS Reference
Architectures
AWS Risk and
Compliance
AWS Auditing
Security
Checklist
Customer &
Partner
Whitepapers
Dedicated
Instances
Security Reference Architecture
Identifying What Needs To Be Done
We examine each of
these perspectives with
you to identify the
goals, implications,
and specifically what
needs to be addressed
Roadmap - Example
Discovery
Workshop
Cloud Business
Case
Define
Security
Requirements
Define
Network
Environment
Organizational
Structure
Operational
Integration
Security
Operations
Playbook
Cloud
Environment
Optimization
Application
Portfolio
Analysis
Cost and
Billing
Analysis
Skills and
Competencies
Define Cloud
Environments
Define EA
Policies and
Practices
Continuous Integration/ Continuous
Delivery
IT
Strategy
WE HAVE THE EXPERTS TO
GUIDE YOUR BUSINESS
SUCCESSFUL INTO THE CLOUD!
AWS Cloud Adoption Framework