UA-IT Transformation Blueprint University of Alaska #UACloudFirst Michael Droe, Sr. Transformation Consultant World-Wide Public Sector Professional Services May 3, 2016 1 © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Purpose • To establish a common understanding and expectations for the activities, project flow, time requirements, outputs and communication elements for successful delivery of the AWS IT Transformation Blueprint for the University of Alaska. • To socialize, understand and capture expected impactful outcomes and potential blockers. • Initiate the delivery of the UA IT Transformation Blueprint project. 2 AWS Cloud Adoption Framework 3 AWS Cloud Adoption Journey Business Impact? What to measure? How to measure? What are the priorities? When to deliver solutions? How to design foundations? How to migrate workloads? What skills and capabilities are required? How to compose adoption team? How to structure cloud programs? Strategy for quality delivery and operations? What tooling do we Will risk increase? Can we run cloud need? secure and What is the new compliant? ITSM cycle? 4 Customers are asking us for the high-level enterprise-wide organizing logic for mapping their business needs to IT capabilities, reflecting the agility, integration and standardization changes that cloud computing brought to IT industry. Strategic relationships are openingup new set of questions, requiring AWS to demonstrate delivery capability, technology insight, and practical business value to our customers. AWS Cloud Adoption Framework Why? Tracking the value, value traceability, Cost/benefit, value dependency How? Service delivery model – iterative, modular, agile and adaptable Process Perspective Who? Right partners, right teams, right skills Sourcing/partnering, teaming/staffing, skills/readiness People Perspective When? Measuring and balancing the maturity of P-P-T, understanding risks Maturity Perspective What? Easy-to-understand conceptual architecture, rapid solutions composition, mapping to RAs Platform Perspective Where? 5 Business Perspective Monitoring, metering and managing hybrid IT environments Consistent SLAs, metrics, standards and policies Operations Perspective AWS Cloud Adoption Framework Business Perspective Maturity Perspective People Perspective Operations Perspective 6 Platform Perspective Process Perspective Security Perspective The AWS CAF organizes and describes the perspectives in planning, creating, managing, and supporting a modern IT service. Offers practical guidance and comprehensive guidelines for establishing, developing and running AWS cloud-enabled environments. It provides a structure where business and IT can work together towards common strategy and vision, supported by modern IT automation and process optimization. CAF Core Perspectives Business Perspective Identifying, delivering, and measuring business impact using architectural approaches that align technical delivery to business imperatives. Platform Perspective Represents the technology services of the AWS cloud platform. Provides patterns, guidance, and tools for optimal use of the technology services and services to implement. Maturity Perspective Defining the target state architecture of the organization and creating the required blueprints and roadmaps. 7 People Perspective Defining and acquiring the skills needed to adopt the AWS cloud platform. Examples guidance include role descriptions, training, certification and mentoring. Process Perspective Managing portfolios, programs and projects to deliver expected business outcome on time and within budget, while keeping risks at acceptable levels. Security Perspective Defining and implementing the required levels of security, governance, and risk management to achieve compliance. Operations Perspective Represents the ongoing management of the functioning IT environment of AWS. Provides process, guidance and tools for optimum operational service management of the AWS environment. AWS Cloud Adoption Framework 8 Why? Value Management How? Portfolio Management Service Delivery Management Program & Project Management Continuous Integration/ Continuous Delivery Who? Organizational Structures Roles and Job Descriptions Skills and Competencies When? Cloud Readiness Assessment Cloud Maturity Heat-map Assessment Target Platform Capabilities What? Design Architecture Where? Cloud Service Management IT Strategy Risk Management Business Perspective Process Automation Quality Management Process Perspective Training Certification Readiness Manage Staffing Organizational Change Management People Perspective Application Portfolio Analysis Roadmap sequencing IT Management Assessment Maturity Perspective Architecture Optimization Platform Perspective Performance & Operational Health Operations Perspective Cost Management Portfolio Governance Implementation Architecture SLA/OLA Strategy Business Continuity Planning Incident & Problem Mgmt Change and Configuration Management AWS Cloud Adoption Framework Last but not least… Assured? 9 Security Strategy Security Reference Architecture Governance, Risk & Compliance Lifecycle Security Capabilities DevSecOps Principles Security Operations Playbook Security Perspective The Cloud Adoption Framework Journey Understand Business Strategy 10 Rapid Discovery Explore AWS CAF Perspectives Delivery Phases AWS Cloud Adoption Framework A consolidated view of a comprehensive framework that helps bring together people, process, and technology to drive efficient, effective, and secure cloud adoption, based on defined business objectives Business & Cloud Strategy Innovate and Transform 11 Rapid Discovery & Planning Baseline Gap Activities People Process Improve Platform Operations Run Migrate Perspectives Business Iterate & Continuous Improvement AWS Partner/s Security Maturity Report. Measure Building the Adoption Roadmap Identify Cloud Expectations, AsIs/To-Be states and gaps into key findings. Agile/SCRUM Methods 12 Analyze and breakdown the cloud expectations / key findings / challenge issues into core dimensions (People x Process x Technology x Funding) Align each issue to known strategic priorities Identify and study supporting Components of the AWS Cloud Adoption Framework that address the identified issues Epics & Stories Perform a Discovery Workshop / Cloud Readiness Assessment (GRC/Technology & Architecture/People & IT Management) Sequence the CAF Components into a high-level CAF Roadmap to appropriately and realistically scaffold knowledge and capabilities Identify and prioritize appropriate activities for the sequenced CAF Component to address gaps in the readiness assessment Backlog Assign activities to the appropriate 3C/CCoE Perspective leads using a common project/program framework. Execute, regularly report status (transparency) and celebrate wins Building the Adoption Roadmap Org Structure Cost Mgmt Capability Review Security Review Architecture Optimization Process Automation BCP 13 Large Adoption Roadmap - Example Common Understnding 14 Benefits Cloud Discovery People & Governance Architecture & Migration Operations & Optimization But wait, there’s more… 15 AWS IT Transformation Process 16 Transformation Process Developing and implementing a cloud journey that is… Systemic Supportable Sustainable 17 Transformation Process – An Overview 1. Establish Common Understanding Observations: Cloud Adoption requires an organization to take on a new method of providing IT services and involves change at many different levels. Successful transformations require strong executive sponsorship early in the process, and a commitment from the organization. Proper planning and communication of the process are vital parts of the process. It is important to determine the overall benefits to the organization, provide training for staff, develop the foundational architecture, assess the environment , and develop security controls part of the overall transformation. 4. Complete Enterprise Agreements An Enterprise Agreement (EA) can be completed between AWS and the organization to ensure that the appropriate contracting provisions exist. Enterprise organizations can either sign a unilateral or bilateral Non-Disclosure Agreement (NDA) with AWS. An Implementation Services Addendum (ISA) is attached to the enterprise agreement for contracting with AWS Training or Professional Services (ProServe). A Business Associate Agreement (BAA) is used to protect personal health information (PHI) with HIPAA guidelines. 7. Application Migration Application Portfolio Assessment A detailed assessment of all workloads is essential for understanding resources, dependencies, licensing, etc. Assessed workloads can be placed into phases for migration based on pre-determined patterns and dependencies. Migration Factory Migration Factory refers to the group(s) designated to assist in the planning and migration of in-scope workloads to AWS. The factory includes processes, procedures and tools. Amazon Partner Network (APN) partners are uniquely skilled at migrating workloads in the most effective and efficient manner possible. 2. Identify Benefits to the Organization Total Value of Ownership Understand the value of AWS for the organization in terms of agility, availability, disaster recovery, cost and reach. A high-level value analysis will align with the objectives and support the mission of the organization. Cost-Benefit Analysis AWS provides a Total Cost of Ownership (TCO) analysis that helps organizations develop the business case for adopting cloud services The transformation requires a move from CapEx to OpEx and allows organizations to only pay for what they utilize Reallocation of Resources Optimal cloud adoption requires a plan to refocus IT resources to meet customer demand, align to organizational objectives and support business strategy. 3. Build Knowledge and Capacity Training and Documentation AWS provides different levels of support and training for customers ranging from free, self-help videos to instructor-led training. All services include detailed documentation. AWS Self-Paced Training Introduction to AWS videos AWS Essentials Training Instructor-Led Training Architecting on AWS Architecting on AWS – Advanced Concepts Developing on AWS Systems Operations on AWS Advanced Operations on AWS Specialty Training Big Data Technology Fundamentals Big Data on AWS 5. Conduct Enterprise Maturity Assessment The maturity of key IT service management processes are assessed to ensure that the cloud transformation is sustainable, supportable and systemic. Detailed design of security controls and processes Best-practices design of the virtual private cloud (VPC) environment Establishment of network connectivity and integration Architecting for high-availability and disaster recovery Development of application patterns for the migration of current state workloads to AWS Decoupling of enterprise-class workloads for migration to AWS 6. Design Cloud Infrastructure 8. Institute Cloud Operating Model AWS provides services to help organizations move to a continuous integration / continuous delivery model to increase agility. AWS includes integrated tools such as OpsWorks, Trusted Advisor (below), CloudTrail and CloudWatch that help measure, track, monitor, alarm and operate the cloud environments in an optimal manner to drive continuous improvement. There are many 3rd party tools that are specifically developed to help operate your AWS cloud in the most efficient way possible. 18 Version 1.0 (01/15/2015) Transformation Process 1. Creating a common foundation… 19 Cloud Strategy Vision 20 Managing Assets Managing Access • • • • • • • • • • • • • • Lifecycle Model (CAPEX+OPEX budgeting) Boxed-based provisioning / Exponential DR Operational accountability Linear support demand Capacity first Engineering focus Fragmented security policy Utility Model (OPEX budgeting) Code-based provisioning/ linear DR Functional accountability y = tan-1 x (x > 0) support model Service first Integration focus Centralized security policy Governance Team Modeling Strategy Platform Business Perspective Perspective Architecture DevOps Security PMO Support Attributes • • • • • People Maturity Process Perspective Perspective Perspective CCC/CCoE Engineering Operations Perspective Security Perspective Scalable teaming model – based on 2-pizza team Roles and accountabilities for complete ITSM (owning the service) Well-rounded universalists for cloud computing era Skills profiles for various roles in the team Balancing development, sysops, project management and business capabilities • Each member assigned “ownership” of a CAF perspective 21 Transformation Process Creating a common foundation… • Cloud Adoption requires an organization to take on a new method of providing IT services and involves change at many different levels. • Successful transformations require strong executive sponsorship early in the process, and a commitment from the organization. • Proper planning and communication of the process are vital parts of the process. • Creation of an active core team or center of excellence aligned to the CAF Perspectives promotes collaboration, sustains alignment and reduces overall risk for subsequent efforts: • 22 Determining overall benefits to the organization; providing aligned training for staff; developing the foundational architecture; assessing the environment; and developing security controls aligned with policy. Transformation Process 2. Identifying the benefits… 23 Identifying benefits… AWS TCO Calculator 24 AWS Simple Monthly Calculator Transformation Process Identifying benefits… Total Cost of Operation (TCO) • AWS provides a Total Cost of Operation (TCO) calculator that helps organizations develop the business case for adopting cloud services • The transformation requires a move from CapEx to OpEx and allows organizations to only pay for what they utilize Total Value of Operation (TVO) • Understand the value in terms of agility, availability, disaster recovery, cost and reach. • A high-level value analysis will align with the objectives and support the mission of the organization. Reallocation of Resources • Optimal cloud adoption facilitates a refocus of IT resources to meet customer demand, align to organizational objectives and support business strategy. 25 Transformation Process 3. Creating teams, aligning skillsets & training… 26 Transformation Process Creating teams, aligning skillsets & training… • Provide foundational knowledge AWS provides different levels of support and training ranging from on-line documentation to free, self-help videos and self-paced labs to instructor-led training. • AWS Self-Paced Training • • • Instructor-Led Training • • • • Introduction to AWS videos AWS Essentials Training Architecting on AWS & Architecting on AWS-Advanced Concepts Developing on AWS Systems Operations on AWS & Advanced Operations on AWS Specialty Training • • Big Data Technology Fundamentals Big Data on AWS • Following a training plan aligned roles that address gaps in the migration process and the future state cloud operating model. 27 RACI Matrix and Training Plan (Example) 28 28 Transformation Process 4. Addressing contractual needs… 29 Transformation Process 5. Discovering & assessing the environment… 30 Transformation Process Discovering & assessing the environment (readiness)… Several dynamics of the IT environment must be discovered/assessed to understand maturity and readiness for transformation that is sustainable, supportable and systemic. This may include: • • • • • 31 Governance, standards & policies Knowledge & skills Key service management processes Infrastructure & common/shared services Security & compliance controls Transformation Process 6. Design Cloud Infrastructure… 32 Transformation Process Design the Supporting Cloud Infrastructure… •Detailed design of security controls and processes •Best-practices design of the (multi-) virtual private cloud (VPC) environment •Network connectivity and integration •High-availability and disaster recovery 33 Infrastructure & Migration Preparation Infrastructure Migration Week 1 Week 2 Diagram Account , VPC Structure & Network Identify SSO & Key Management Processes Determine Security Variances Identify Environment Exceptions, Integrations & Partners Validate VPC Infrastructure Determine Environment Exceptions & Integrations Identify Necessary Roles/Credentials Implement Account Structure Implement IDM/SSO & Account Federation Implement VPC & Security Groups Configure Admin/Security Logging & Alerting Implement Exceptions & Integrations Validate AWS Monitoring & Alerting Validate Integrations Determine Migration Processes Key 34 Discover Design Engage Authorization Process Build IA Sign-Off Create CF Template Transformation Process 7. Application Migration… 35 Sourcing Values and Input Methodology Organizational applications are classified in accordance with several sourcing criteria provided as part of the portfolio analysis and subsequently validated by application stakeholders. The criteria and narrative describing the assigned values are provided below. Note that in most cases, a composite of multiple values from the inventory is used to arrive at a single classification value. Assessment Criterion Level of Differentiation to Organizational Complexity of Operation Skills and competencies 36 Input Classification Justification (1-Low / 3-High ) Weight - Impact on achieving the mission 1 – Non differentiator 2 – Low differentiator 3 – Core differentiator 60% - Number and complexity of business rules/processes 1 – Low complexity of operation 2 – Moderate complexity of operation 3 – High complexity of operation 20% 1 – Highly specialized skills that are a challenge to hire and retain 2 – Moderate specialized IT/product skills 3 – Common IT/Admin/Programming skills 20% - Specialized skills required to support and operate 36 Hosting Values and Input Methodologyand Input Methodology Organizational applications are classified in accordance with several hosting criteria provided as part of the portfolio analysis and subsequently validated by application stakeholders. The criteria and narrative describing the assigned values are provided below. As with Sourcing, a composite of multiple values from the inventory is used to arrive at a single classification value. 37 Assessment Criterion Input Classification Justification (1-High fit / 5-Low fit) Technical Architecture - Architecture Styles - Technical Complexity - Application Hosting 1 – Cloud developed, three tier web applications with Amazon AMIs existing. 2 - Somewhat complex; tech environment is still relatively stable but the integration points with other applications are complex. Core application though is web capable. 3 - Highly complex, not cloud, not web, or new to Organizational. Commodity vs Specialty - # of products/services supporting the capability - # of customers for the capability 1 - Large number of products/services with large number of customer across multiple segments 2 – Small group of niche products/services with a small number of customers across one or a small number of segments 3 – Unique to Organizational with no existing products/services available to deliver the capability Risk - Technical Risk Score - Technical Risk Summary - Technical Alignment - Sensitive Data 1 – Low Risk, non strategic application 2 – Medium Risk, strategic or business application internally facing or with small exposure 3 – High Risk, Strategic, externally facing, mission critical application, Sensitive Data 37 Migration Planning Sourcing Model The sourcing model depicts the relationships between the various Sourcing and Hosting options that are combined to deliver Acme capabilities. Capabilities Sourcing Evaluation Who should manage the business operations? Partner Managed Organizationa l Services and Applications Who should manage the technical operations supporting Organizational services? Hosting Evaluation How should the the solution components be realized? Product Partner Managed SaaS / PaaS Product ITS Managed PaaS Integration Amazon RDS Amazon Route53 Amazon ELB IaaS Integration Amazon EC2 Amazon S3 Amazon VPC Organization al Managed Data Center Managed Data Center Infrastructure Sourcing Decisions 38 Acquia Appian Remedy OnDemand HPC Mainframes Hosting Decisions 38 Migration Planning Application Portfolio Analysis Application Index: 01 02 03 04 39 OFM Dashboards DevHelper CRRS OFMS 05 06 07 08 Sample.org Orchestrator FAS WFmgr 09 10 11 12 IAMS Identity Manager iSuggestions KnowledgeDocs 13 14 15 16 Remedy SSO TeamHelper TeamTicket 39 Migration Planning Application Portfolio Assessment Public Web Services Application ID# Name Description Not Available Sample.org Organizational public web server and content management system Analysis Breakdown Level of Differentiation Complexity of Operation Skills and Competencies Technical Architecture Commodity vs Specialty Risk Composite Classification 3 1 3 1 1 3 MSP Managed - PaaS Recommendation There are many valid options available for a web hosting capability. Self-hosting on premise has many challenges in the areas of scalability, availability and resource utilization, due to lack of the necessary infrastructure. Also, fully administering the web hosting infrastructure adds very little differentiation benefit to the organization. There are three options that should be considered: 1. Migrate web sites to Acquia Cloud Enterprise PaaS 2. Migrate the web hosting platform to a Drupal open source platform in a self-hosted AWS IaaS model 3. Use the ITS reference architecture to migrate the workload onto a mix of AWS infrastructure and platform services 40 4 Transformation Process Migrating the applications… • Develop the Migration Plan • • • Develop the sourcing model A detailed assessment of all workloads to understand resources, dependencies, licensing, etc. Assessed workloads can be placed into phases for migration based on pre-determined patterns, dependencies and optimal TCO • Initiate a Migration Factory • • • 41 Iterative (Scrum-based) planning and migration of in-scope workloads to AWS The factory includes processes, procedures and tools Leverage automation and the Amazon Partner Network (APN) partners in the most effective and efficient manner possible Domain Phase Strategy Initiate Discover Build (Move) Design Migrate Integrate Run Validate Operate Optimize Migration Factory Continuous Migration Evaluation and Feedback Prioritized Migration List Migration Initiation Application Portfolio Discovery 50% Automation Services Enablement Baseline Foundations Architect Target Environment 42 Plan Business Strategy & Objective Activities AWS Migration Process AWS Cloud Adoption Framework (CAF) AWS Application Migration Methodology App Portfolio Assessment Build Pipeline Application Analysis Migration Candidates Migration Design Migrated Applications Migration Integration 50% Automation Cloud Fit Assessment App Selection & Prioritization Validation 30% Automation Execution Plan Process & tools refinement Capture Infrastructure Move Apps/Infra/Data RightSizing AWS Resources Application Integration Infrastructure Integration Operational Integration Functional Validation Secure ACL BU Acceptance Operate Optimize 50% Automation 50% Automation Monitoring Daily Operations Optimization Support Application Migration Week 1 Application Owner Meeting Week 2 Document Success Criteria Verify VPC Connectivity Review Existing Blueprints VPC Architecture Design Initial Architecture Design Application Dependencies Update Final Design Document Resolve Dependency Conflicts App Architecture Review App Owner Review Identify Enhancement Opportunities Identify Testing Process Deploy AMI’s Intra-port Requirements Allocate Credentials VPC Port Exception Verify Subnet Connectivity Identify Application Artifacts Data Migration Requirements Connectivity Requirements Baseline Performance Firewall Port Determination Application Installation Test Application Firewall Requests Connectivity Migrate Data End to End Testing Complete Artifact Checklist Owner Sign-off 43 Key Discover Design Build Transformation Process 8. Initiate the Cloud Operating (& Optimization) Model… 44 Transformation Process Operation & optimization… • AWS provides services to help organizations move to a continuous integration / continuous delivery model to increase agility • AWS includes integrated tools that help measure, track, monitor, alarm and operate the cloud environments in an optimal manner to drive continuous improvement, including: • AWS Service Catalog • AWS CloudTrail • AWS OpsWorks • Trusted Advisor • AWS CloudFormation • Amazon CloudWatch • AWS CodeDeploy • Amazon API Gateway • AWS Config • AWS CodePipeline • AWS CodeCommit • Budgets and Forecasts • There are many 3rd party tools that are specifically developed to help operate and optimize the AWS cloud in the most efficient way possible 45 Q&A 46 michdroe@amazon.com 47