Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 678 times |
Download: | 3 times |
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matthew McGuire, GSA, Director, Technology Solutions DivisionGuy Cavallo, TSA, Executive Director, IT Operations
Brian Anderson, AWS, Sr. Consultant, Professional Services
June 20, 2016
Governance Strategies for Cloud Transformation
Goals for the session• Definition and overview of cloud governance• Cloud center of excellence (CCoE)• Stages of cloud governance• Cloud governance best practices
• GSA — Review of business services platform (BSP)• TSA — Discussion of governance
• Question and answer
Definition of cloud governance
The decision-making criteria, processes, and policies involved in the planning, architecture, acquisition, deployment, operation and
management used for operating IT services in the cloud.
— Cloud governance allows IT to innovate, automate, and quickly deploy code and infrastructure while maintaining the necessary requirements for security, audit, control, and compliance.
Goals for cloud transformation
Continuous integration
Fail fast
Design for cost
Rapid deployment
Why governance?1. Reduction in access and security risks
2. Development of cloud standards — delivery, tools, process
3. Management of application design: CI and CD design
4. Cost optimization
5. Increased innovation for business units
6. Elimination of rogue IT and disparate cloud initiatives
7. Management of the consumption of cloud resources
Cloud governance opportunities
• Speed — Enable business at cloud speed and cost
• Integration — Complementary to existing enterprise IT governance processes, policies, and tools
• Balance — Appropriate coverage for key decisions, investments, and risks while achieving the benefits of the cloud
• Proactivity — Anticipate and prevent shadow clouds and unauthorized cloud activities that expose organizational risks
• Enablement — Appropriate cloud decision making without friction
Cloud center of excellence (CCoE)
Cloud center of excellence (CCoE)
The cloud center of excellence is a team of executives and IT area experts that authors cloud governance to enables business units to access a self-service model and provides a catalog of standardized and templated instances from which to select and autoprovision
Stages of cloud governance
Levels of cloud governance
L0 – Decentralized control
L1 – Centralized control
L2 – Decentralized control with automation
L3 – Centralized control with self-service
Three phases of cloud governance
Beginning• Minimal
integration• Reactive
environment• Cost overruns• Manual
deployments• No cloud
structure
Adopting• CCoE is in place
and policies are maturing
• Policies matched to process
• Designing for cost
• Rapid deployment
Mature• Full automation
and self-service• Benefits of cloud
services realized• Agility and control• Optimized for cost• Secure and
compliant environment
Phase 1: Beginning1. Create the CCoE to develop and own governance and its policies2. Develop governance model and establish policies for:
• Security • Account management • Cost • Network • Instance and storage • Service management • Monitoring and reporting
3. Begin to modify the deployment process and policies and look to automate• Develop governing policies to enable automated approval cycles• Develop financial policies to enable BUs to quickly stage POCs
Phase 2: Adopting
1. Develop self-service policies
2. Develop data governance policies
3. Develop continuous integration / deployment policy
4. Develop design-for-cost architecture guidelines
5. Develop cloud audit and compliance policies
6. Develop a common API design framework
Phase 3: Mature1. Develop advanced automation techniques and policies to promote further cost reduction, agility, and resiliency:
• Automated testing and code promotion from each tier to production
• Automated DR and recovery testing — Chaos Monkey / Chaos Gorilla
• Automated instance power down / power up for non-Reserved Instances
• Utilization of Spot Instances — when and where to use
2. Develop transition policies to define services and SOA
3. Develop policies allowing existing applications to test-for-cost (scale up / scale out)
Cloud governance best practices• Establish a CCoE and begin developing/updating policies
• Tailor your governance process to your organization’s particular risk tolerance
• Decide where to leverage existing processes versus establishing new ones
• Make the process as lightweight as possible and as informative as possible to create a positive user experience
• Start early in the transformation so you can get business and IT feedback and support
• Rely on use-case reviews to improve your processes
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matthew McGuireDirector, Technology Solutions Division
June 20, 2016
GSA Business Services PlatformEnabling Greater Agency Agility to Drive Mission Impact
The GSA cloud transformation
”Worked fine in dev…” “...OPS has problems”
Then (data center)• Days/months to provision • Months to app ATO• One off configs for every app• Size to peak demand• Long, painful outages• Everything needs software
What is BSP and how does it transform IT
Now (BSP)• Minutes to provision• Weeks to app ATO• Standard app stacks/services• Automated scalability• Immediate server redeployment
• Automated — Infrastructure as code, continuous delivery
• Secure — Multitenant, security driven architecture
• Cost effective — Pay for what you use• Metrics — Visibility into usage and cost• Modernization platform — Get to the cloud
BSP is a modernization platformS
ecur
ity c
ontro
l inh
erita
nce
Degree of automation and cloud optimization
Mode 2OS
optimization
Mode 3
Fully automated
stack services
devops Orchestration
Infrastructure as code
• Choose the mode that best suits your application and level of cloud optimization
• Mode 3 apps inherit >85% of all ATO security controls
Mode 1Compute, network, storage
MIGRATED APPS OPTIMIZED APPS AUTOMATED APPS
1. Choose app stack
Template file
• Component Configs
• Cluster Sizes• Auto Scaling• Etc.
3. Stage content4. Run preconfigured
orchestration job
5. Application fully deployed
4. Autogenerate Amazon CloudFormation stack
6. Invoke Ansible callback
7. Run Ansible config roles, including app deployment
3. Create app IAM role and
store SSL certs for ELB
5. Deploy infrastructure
AWS IAM
1. Jenkins initiates deployment through Ansible Tower
2. Generate custom AWS Identity and Access Management (IAM) policy and Amazon
CloudFormation template
2. Customize stack
Developer experience
Orchestration workflow
Security & Reliability
Benefits
Enabling greater agency agility to drive mission impact
• Speed and flexibility• Configuration control• Scalability• Security• Reliability
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Guy CavalloExecutive Director, IT Operations
Transportation Security Administration
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Question and Answer