Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Migrating your it policies to the cloud

My talk given at Cloud Asia 2018

  • Identifiez-vous pour voir les commentaires

Migrating your it policies to the cloud

  1. 1. Migrating your IT policies to the Cloud Sriram “Ram” Narayanan ThoughtWorker Twitter: @sriramnrn www.sriramnarayanan.com
  2. 2. @sriramnrn www.sriramnarayanan.com Agenda Pre-Cloud realities and the need for IT policies A perspective on the “Cloud” Comparing pre-cloud realities to what the Cloud gives us A migration of policies Migrating Applications - are we leveraging what a Cloud provider offers? Re-thinking IT Infrastructure in the Cloud Your Pre-Cloud IT team - what about them?
  3. 3. @sriramnrn www.sriramnarayanan.com Physical hardware, limited floor space, limited annual IT budgets Software licenses VMs - Better utilisation of CPU cores - Needs management to prevent VM sprawl Internal charging mechanisms Complaints by users and business - “You restrict us on hardware and on innovation!” Pre Cloud Realities and the need for IT policies
  4. 4. @sriramnrn www.sriramnarayanan.com Essentially, someone else’s massive data center with an API in front of it. From Capex to Opex Lots of automation possible - Compute, Storage, Network policies - Services (CDN, WAF, DNS, SMTP, SMS, MQ, DB, Cache) A perspective on “The Cloud”
  5. 5. @sriramnrn www.sriramnarayanan.com Pre-Cloud vs Cloud A Comparison point (among many) Pre-Cloud Cloud Costs Capex + Opex - Pay for everything, and then renewals, and then Ops Opex - Pay for what you use Automation May be present but not used due to existing processes and a lack of skills Comprehensive Automation - in the cloud providers’ interests to make it easier for you to use Scalability Limited by owned infra - determines scalability, imposes constraints on what’s possible Limited by Cloud provider’s infra, and your Opex budget Security You own everything You rent everything
  6. 6. @sriramnrn www.sriramnarayanan.com Moving to the Cloud - how to rethink policies A Comparison point (among many) Cloud-Age policy Approach Infra provisioning Leverage automation (instead of using web based provisioning) Automate once; enable users to self-service Managing Infra sprawl Introduce caps by budget, not by instance count Facilitate only-the-fly infra provisioning and decommissioning to control spend (vs depending upon reviews) Security Leverage Cloud features and API Leverage configurable policies; External automation What should you gate-keep? Policies Configuration scripts and values; Not the Infra itself
  7. 7. @sriramnrn www.sriramnarayanan.com Leverage scripting (by Cloud Provider or Independent) to provision and decommission infrastructure Gate-keep VM and Container Templates, configuration scripts and Configuration values (templates from known sources, scan the templates, etc) Mandate all VM and container configuration via scripts - nothing manual IMPORTANT: Nothing to scan on individual VMs themselves - your templates and scripts are your source of truth! On Automation
  8. 8. @sriramnrn www.sriramnarayanan.com Rethinking IT Infrastructure approaches A Comparison point (among many) Cloud-Age policy Approach Compute Compute capacity, vs number of VMs and physical servers Use auto-scaling + billing caps + environments-on-demand Storage Compute-associated storage. Let the apps manage replication. No “stretch-clusters” spanning DCs to ensure HA. Networks Leverage Cloud features and API Network policies in lieu of explicit firewalls Services Leverage Cloud features and API Manage service configuration
  9. 9. @sriramnrn www.sriramnarayanan.com Rethinking IT Tiers A Comparison point (among many) Pre-Cloud Cloud Web Tier Explicit Web servers, “Web Tier” CDN for static content Web server + stateless apps co-hosted in the same VM, etc App Tier VMWare with multi-DC HA, etc Compute on the Edge using Serverless, stateless autoscaling, leverage multiple zones DB Tier Physical servers with inter-DC replication via SAN DBs with replication, caches Expect and architect for failures Network Explicit firewalls, WAFs, and other appliances Leverage Cloud providers services and policies
  10. 10. @sriramnrn www.sriramnarayanan.com Lift and Shift - Physical to Virtual Migration - Unavoidable for COTS Leveraging the Cloud - Let their automation add and remove compute capacity for horizontal scaling - Architect for multiple-zones - Architect for everything to fail - eventual consistency App Migration - Are we truly using the cloud?
  11. 11. @sriramnrn www.sriramnarayanan.com “I want to move to the Cloud and reduce IT costs” - Firing people is not the only way to reduce costs - Your IT people know your customers, your business, your org’s unique needs “I’ll help you move to the Cloud and then quit” - True Story APIs let you create and decommission - Troubleshooting doesn’t go away! Your Pre-Cloud IT team
  12. 12. @sriramnrn www.sriramnarayanan.com Help with Lift and Shift Understand and advise on failure scenarios Liaise with the Cloud providers for troubleshooting Maintain automation scripts to encourage self-service Add more relevant monitoring and alerting Understand and ready themselves and the org for multi-cloud scenarios Integration with partners, vendors, service providers Lots to do!! How pre-cloud IT staff add value in the Cloud era
  13. 13. www.thoughtworks.com www.sriramnarayanan.com @sriramnrn Thank you