Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016

1 646 vues

Publié le

Developing a best-practices cloud governance model is a foundational and critical activity to facilitate the systemic, supportable, and sustainable execution of a successful cloud transformation strategy. This best-practices model includes a standards policies, automation that consistently applies and enforces policies and controls, self-service capabilities that that enable development agility and speed, and automated monitoring and cost management that ensure operational integrity. A well-developed cloud governance model enables customers to effectively develop, leverage, and optimize the AWS cloud operating model to improve operational integrity, reliability, performance, and transparency. This session highlights the necessary and recommended elements of a best-practice governance model including policy considerations and recommendations, self-service automation methods towards IT-as-a-Service, and use-case examples.

Publié dans : Technologie
  • Soyez le premier à commenter

Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matthew McGuire, GSA, Director, Technology Solutions Division Guy Cavallo, TSA, Executive Director, IT Operations Brian Anderson, AWS, Sr. Consultant, Professional Services June 20, 2016 Governance Strategies for Cloud Transformation
  2. 2. Goals for the session • Definition and overview of cloud governance • Cloud center of excellence (CCoE) • Stages of cloud governance • Cloud governance best practices • GSA — Review of business services platform (BSP) • TSA — Discussion of governance • Question and answer
  3. 3. Definition of cloud governance The decision-making criteria, processes, and policies involved in the planning, architecture, acquisition, deployment, operation and management used for operating IT services in the cloud. — Cloud governance allows IT to innovate, automate, and quickly deploy code and infrastructure while maintaining the necessary requirements for security, audit, control, and compliance.
  4. 4. Goals for cloud transformation
  5. 5. Why governance? 1. Reduction in access and security risks 2. Development of cloud standards — delivery, tools, process 3. Management of application design: CI and CD design 4. Cost optimization 5. Increased innovation for business units 6. Elimination of rogue IT and disparate cloud initiatives 7. Management of the consumption of cloud resources
  6. 6. Cloud governance opportunities • Speed — Enable business at cloud speed and cost • Integration — Complementary to existing enterprise IT governance processes, policies, and tools • Balance — Appropriate coverage for key decisions, investments, and risks while achieving the benefits of the cloud • Proactivity — Anticipate and prevent shadow clouds and unauthorized cloud activities that expose organizational risks • Enablement — Appropriate cloud decision making without friction
  7. 7. Cloud center of excellence (CCoE)
  8. 8. Cloud center of excellence (CCoE) The cloud center of excellence is a team of executives and IT area experts that authors cloud governance to enables business units to access a self-service model and provides a catalog of standardized and templated instances from which to select and autoprovision
  9. 9. Stages of cloud governance
  10. 10. Levels of cloud governance L0 – Decentralized control L1 – Centralized control L2 – Decentralized control with automation L3 – Centralized control with self- service
  11. 11. Three phases of cloud governance Beginning • Minimal integration • Reactive environment • Cost overruns • Manual deployments • No cloud structure Adopting • CCoE is in place and policies are maturing • Policies matched to process • Designing for cost • Rapid deployment Mature • Full automation and self-service • Benefits of cloud services realized • Agility and control • Optimized for cost • Secure and compliant environment
  12. 12. Phase 1: Beginning 1. Create the CCoE to develop and own governance and its policies 2. Develop governance model and establish policies for: • Security • Account management • Cost • Network • Instance and storage • Service management • Monitoring and reporting 3. Begin to modify the deployment process and policies and look to automate • Develop governing policies to enable automated approval cycles • Develop financial policies to enable BUs to quickly stage POCs
  13. 13. Phase 2: Adopting 1. Develop self-service policies 2. Develop data governance policies 3. Develop continuous integration / deployment policy 4. Develop design-for-cost architecture guidelines 5. Develop cloud audit and compliance policies 6. Develop a common API design framework
  14. 14. Phase 3: Mature 1. Develop advanced automation techniques and policies to promote further cost reduction, agility, and resiliency: • Automated testing and code promotion from each tier to production • Automated DR and recovery testing — Chaos Monkey / Chaos Gorilla • Automated instance power down / power up for non-Reserved Instances • Utilization of Spot Instances — when and where to use 2. Develop transition policies to define services and SOA 3. Develop policies allowing existing applications to test-for-cost (scale up / scale out)
  15. 15. Cloud governance best practices • Establish a CCoE and begin developing/updating policies • Tailor your governance process to your organization’s particular risk tolerance • Decide where to leverage existing processes versus establishing new ones • Make the process as lightweight as possible and as informative as possible to create a positive user experience • Start early in the transformation so you can get business and IT feedback and support • Rely on use-case reviews to improve your processes
  16. 16. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matthew McGuire Director, Technology Solutions Division June 20, 2016 GSA Business Services Platform Enabling Greater Agency Agility to Drive Mission Impact
  17. 17. The GSA cloud transformation ”Worked fine in dev…” “...OPS has problems” Then (data center) • Days/months to provision • Months to app ATO • One off configs for every app • Size to peak demand • Long, painful outages • Everything needs software
  18. 18. What is BSP and how does it transform IT Now (BSP) • Minutes to provision • Weeks to app ATO • Standard app stacks/services • Automated scalability • Immediate server redeployment • Automated — Infrastructure as code, continuous delivery • Secure — Multitenant, security driven architecture • Cost effective — Pay for what you use • Metrics — Visibility into usage and cost • Modernization platform — Get to the cloud
  19. 19. BSP is a modernization platformSecuritycontrolinheritance Degree of automation and cloud optimization Mode 2 OS optimization Mode 3 Fully automated stack services devops Orchestration Infrastructure as code • Choose the mode that best suits your application and level of cloud optimization • Mode 3 apps inherit >85% of all ATO security controls Mode 1 Compute, network, storage MIGRATED APPS APP DATA OPTIMIZED APPS AUTOMATED APPS APP
  20. 20. 1. Choose app stack Template file • Component Configs • Cluster Sizes • Auto Scaling • Etc. 3. Stage content 4. Run preconfigured orchestration job 5. Application fully deployed 6. Invoke Ansible callback 7. Run Ansible config roles, including app deployment 5. Deploy infrastructure AWS IAM 1. Jenkins initiates deployment through Ansible Tower 2. Generate custom AWS Identity and Access Management (IAM) policy and Amazon CloudFormation template 2. Customize stack Developer experience Orchestration workflow
  21. 21. Security & Reliability
  22. 22. Benefits Enabling greater agency agility to drive mission impact • Speed and flexibility • Configuration control • Scalability • Security • Reliability
  23. 23. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Guy Cavallo Executive Director, IT Operations Transportation Security Administration
  24. 24. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Question and Answer