Proven Methodologies for Accelerating Your Cloud Journey

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Slide 3

Slide 3 text

3 AWS Pop-up Loft I Johannesburg Agenda Typical Journey – Effectiveness vs Time Challenges and Solutions Sustainability Future Outlook

Slide 4

Slide 4 text

4 Typical Journey

Slide 5

Slide 5 text

5 AWS Pop-up Loft I Johannesburg Typical Journey

Slide 6

Slide 6 text

6 AWS Pop-up Loft I Johannesburg Proof of Concept Stage

Slide 7

Slide 7 text

7 AWS Pop-up Loft I Johannesburg Cloud Becomes Fully Realized

Slide 8

Slide 8 text

8 AWS Pop-up Loft I Johannesburg Cloud First

Slide 9

Slide 9 text

9 AWS Pop-up Loft I Johannesburg Migration at Scale

Slide 10

Slide 10 text

10 AWS Pop-up Loft I Johannesburg Accelerate the Cloud

Slide 11

Slide 11 text

11 Challenges and Solutions

Slide 12

Slide 12 text

12 AWS Pop-up Loft I Johannesburg Challenges and Their Solutions Lack of Knowledge and Experience Unknown State of Existing On-Premises Infrastructure No Guardrails Reduced Speed and Accuracy in Deployments Road Blocks from Risk Management

Slide 13

Slide 13 text

13 AWS Pop-up Loft I Johannesburg Lack of Knowledge and Experience Problem: • There is a lot to know and do to be prepared for the cloud. Where do you begin to ensure the journey is successful?

Slide 14

Slide 14 text

14 AWS Pop-up Loft I Johannesburg Lack of Knowledge and Experience Solution: • Executive Development • Create a Cloud Center of Excellence (CCoE) • Staff Education • Develop a Cloud First Strategy • KPIs for Measuring Success

Slide 15

Slide 15 text

15 AWS Pop-up Loft I Johannesburg Unknown State of Existing On-Premises Infrastructure Problem: • There are lots of workloads on-prem. There is probably a lot of information that isn’t known: • Interdependencies between applications • Network throughput • Actual server requirements

Slide 16

Slide 16 text

16 AWS Pop-up Loft I Johannesburg Unknown State of Existing On-Premises Infrastructure Solution: • Assessing the current workloads is important to create an efficient workload migration plan while minimizing costs and identifying risks. • Use tooling to evaluate current environment • Interview application owners • Assign risk levels • Create a full assessment report to share • Develop a migration plan and schedule

Slide 17

Slide 17 text

17 AWS Pop-up Loft I Johannesburg No Guardrails Problem: • Infrastructure is deployed without proper standards, governance, cost consideration and security. Self- service and experimentation can be a challenging proposition.

Slide 18

Slide 18 text

18 AWS Pop-up Loft I Johannesburg No Guardrails Solution: Create a cloud security policy. Inputs include: • Industry compliance requirements • Existing corporate governance requirements • CIS Benchmarks for Cloud Solution: Develop a Landing Zone • Account strategy • Design in foundational components • Tagging standards • Reference architectures • Shared services • Configuration management

Slide 19

Slide 19 text

19 AWS Pop-up Loft I Johannesburg Reduced Speed and Accuracy in Deployments Problem: • With 100’s or possibly 1000’s of workloads to deploy, many experience frustration related to deployment times and rework required to fix the deployment.

Slide 20

Slide 20 text

20 AWS Pop-up Loft I Johannesburg Reduced Speed and Accuracy in Deployments Solution: • Build a deployment pipeline. Source: https://aws.amazon.com/blogs/devops/aws-service-catalog-sync-code/

Slide 21

Slide 21 text

21 AWS Pop-up Loft I Johannesburg Road Blocks from Risk Management Problem: • As more deployments are taking place, Risk Management is becoming concerning and may stop the migration.

Slide 22

Slide 22 text

22 AWS Pop-up Loft I Johannesburg Road Blocks from Risk Management Solution: • Educate and ensure the group is cloud-ready. Include the group with all the design phases of the prior items. Provide access to the platform: • AWS Config • CloudTrail • Log access • IAM Roles and Federation

Slide 23

Slide 23 text

23 Sustainability

Slide 24

Slide 24 text

24 AWS Pop-up Loft I Johannesburg You got to the AWS cloud… Now what? Day 2 –Transforming to Cloud Native

Slide 25

Slide 25 text

25 AWS Pop-up Loft I Johannesburg “When a resource becomes essential to competition but inconsequential to strategy, the risks it creates become more important than the advantages it provides.” - Nicholas Carr IT Doesn’t Matter…

Slide 26

Slide 26 text

26 AWS Pop-up Loft I Johannesburg Minimize the challenges of shipping, rapidly iterating, and securing software applications.

Slide 27

Slide 27 text

27 AWS Pop-up Loft I Johannesburg The Journey to Immutable Infrastructure

Slide 28

Slide 28 text

28 AWS Pop-up Loft I Johannesburg The Journey to Immutable Infrastructure

Slide 29

Slide 29 text

29 AWS Pop-up Loft I Johannesburg VMs… Containers… Functions

Slide 30

Slide 30 text

30 AWS Pop-up Loft I Johannesburg Trading In Your Complexity…

Slide 31

Slide 31 text

31 AWS Pop-up Loft I Johannesburg What kind of capabilities are we talking about?

Slide 32

Slide 32 text

32 AWS Pop-up Loft I Johannesburg Even Further Down The Road…

Slide 33

Slide 33 text

33 Bringing it together

Slide 34

Slide 34 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Common Customer Scenario Customer Layout: Customer has CloudTrail Logs and email alerting, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform

Slide 35

Slide 35 text

Slide 36

Slide 36 text

Slide 37

Slide 37 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty Visualized EC2 instance i-0bf6a7c59f is querying a domain name that is associated with Bitcoin- related activity. i-0bf6a7c59f

Slide 38

Slide 38 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty Visualized • GuardDuty findings are surfaced in a single dashboard • Event severity and type is organized to allow quick threat assessment • Excellent AWS Quick Start Template available called “Visualizing Amazon GuardDuty Findings”

Slide 39

Slide 39 text

Slide 40

Slide 40 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GuardDuty Proactive • GuardDuty finding triggered a CloudWatch Event • CloudWatch Event targeted a Lambda function that replaced the offending server with a new instance • Advanced options include server quarantine, ticket creation for follow-up investigation, etc.

Slide 41

Slide 41 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer Scenario Customer Layout: Customer is running a public-facing website on AWS Customer has Amazon CloudWatch and Amazon VPC Flow Logs, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform

Slide 42

Slide 42 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Review Visualization Dashboard • Notice high outbound packet communication with a single public IP • Notice billing alert from autoscaling web pool • Determine that this warrants immediate intervention

Slide 43

Slide 43 text

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Auto-Remediation AWS Lambda-triggered remediation • Quarantines old instance for analysis • Removes instance from ELB, removes ingress/egress SG records, flags for security follow-up • Redirects to maintenance page • Adds maintenance page to ELB • Deploy replacement instance • Triggers automation pipeline to create new AMI, add to ELB