Slide 1

Slide 1 text

APPLICATION & PLATFORM MODERNISATION_ JON TOPPER | @jtopper | he/him/his

Slide 2

Slide 2 text

YOUR ARCHITECTURE IS OUT OF DATE_

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

DID YOU DO A LIFT & SHIFT MIGRATION?_

Slide 5

Slide 5 text

DID YOU BUILD CLOUD NATIVE SOME YEARS AGO?_

Slide 6

Slide 6 text

MODERNISATION SIGNALS_ Lack of agility: Unable to react quickly to changing business and market demands. Lack of flexibility: Difficult to make necessary changes to applications. Lack of scalability: Cannot introduce new application features or extend existing features that involve new users or capacity. Performance issues: Applications don’t perform to desired standards and metrics.

Slide 7

Slide 7 text

MODERNISATION SIGNALS_ Lack of data insights: Too many data silos exist and slow digital innovation. Heightened security risks: Applications have gaps and vulnerabilities that don’t exist within newer application frameworks where security is built in and integrated throughout. Expensive to build new applications. Higher costs: Legacy applications and application frameworks often consume more resources, and often create more redundancies and inefficiencies than modernised applications.

Slide 8

Slide 8 text

FAILURE TO MODERNISE IS TECHNICAL DEBT_

Slide 9

Slide 9 text

Visible Invisible Value Chain Evolution Genesis Custom Product Commodity

Slide 10

Slide 10 text

Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Power Customer MySQL Compute Storage Data Centre HA Scripts Monitoring Config Mgmt Networking

Slide 11

Slide 11 text

Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Customer Amazon Aurora

Slide 12

Slide 12 text

NOTABLE AWS LAUNCHES_ Amazon DynamoDB (2012) Amazon Aurora (2014) AWS Lambda (2014) AWS Fargate (2017) Amazon EKS (2018) AWS Graviton (2018) AWS Control Tower (2019) Amazon OpenSearch (2021) Amazon Bedrock (2023)

Slide 13

Slide 13 text

STRATEGIC REASONS_ To support people, process & culture change To decouple services To provide self-service access to data To create a builder-friendly platform To free up developer hours to work on business value

Slide 14

Slide 14 text

BUSINESS RESULTS_ Move faster & iterate on new products quickly Save money on IT spend Improve customer SLA outcomes

Slide 15

Slide 15 text

HOW TO MODERNISE_

Slide 16

Slide 16 text

TWO CONSIDERATIONS_ Your AWS Estate Individual Workloads

Slide 17

Slide 17 text

AWS ESTATE MODERNISATION_

Slide 18

Slide 18 text

LANDING ZONE_ A well-architected, self-service multi-account AWS environment providing: Account & network structure Identity & access services Security baseline and guardrails Cost guardrails Centralised management Logging and monitoring Account/application blueprints

Slide 19

Slide 19 text

GOOD ARCHITECTURE. GOOD GOVERNANCE_

Slide 20

Slide 20 text

SECURITY CONCERNS_ Who can access which resources? Is public access locked down? What activity is logged? Who can read/write log data? Is encryption at rest enforced? Is encryption in transit enforced? Where are we storing confidential information?

Slide 21

Slide 21 text

COST CONCERNS_ Are we paying too much for our cloud resources? Are we generating waste, paying for unused resources? Can we avoid accidentally generating a large bill? Which department is responsible for which part of the bill? How do costs divide out across SaaS tenants?

Slide 22

Slide 22 text

PRODUCTIVITY CONCERNS_ How can we manage all this complexity, without slowing down? How can product teams maintain autonomy over their platform whilst conforming to local policy?

Slide 23

Slide 23 text

Workload OU Security OU Infrastructure OU Non-prod OU Prod OU Developer Sandbox OU logs flow network path Transitional OU Policy Staging OU Suspended OU Amazon Athena Backup vault Backup snapshots Management account Log Archive account Audit account Shared Services account Backups account Security Tooling account Bob's sandbox account Alice's sandbox account Test account Staging account Production account AWS Control Tower AWS Organizations AWS Config AWS IAM Identity Center Logs Baseline Baseline Baseline Baseline Baseline Baseline Baseline Baseline AWS Chatbot AWS Backup Amazon GuardDuty Admin AWS Budgets AWS Budgets VPC VPC Baseline VPC Baseline VPC

Slide 24

Slide 24 text

WORKLOAD MODERNISATION_

Slide 25

Slide 25 text

IDENTIFY A PRIORITY_ Security Operations Performance Reliability Cost Sustainability

Slide 26

Slide 26 text

MEASURE METRICS_ Security: Reduced high risk items Operations: Improved DORA metrics Performance: Improved performance Reliability: Improved uptime. Faster DR. Cost: Improved visibility. Reduced cost. Sustainability: Smaller footprint

Slide 27

Slide 27 text

NOW CHOOSE_ New project Existing workload Choose one with high impact

Slide 28

Slide 28 text

USE AWS SERVICES_ Reduced operational overhead Improved security Cost effective Higher pace of innovation Extremely reliable Highly scalable

Slide 29

Slide 29 text

EC2 Instance VMWare Cloud on AWS AWS Lambda Amazon Elastic Kubernetes Service (EKS) AWS Fargate BEFORE MODERNISATION AFTER MODERNISATION COMPUTE Server / VM workloads Containers or Serverless workloads

Slide 30

Slide 30 text

Database on EC2 Instance Amazon RDS BEFORE MODERNISATION AFTER MODERNISATION DATA Amazon Aurora Amazon DynamoDB Customer-managed databases AWS-managed data services

Slide 31

Slide 31 text

Elastic Block Store BEFORE MODERNISATION AFTER MODERNISATION FILES EFS (NFS) Amazon S3 Amazon FSx for Lustre POSIX filesystems Object storage

Slide 32

Slide 32 text

BEFORE MODERNISATION AFTER MODERNISATION CI/CD Jenkins on EC2 Instance(s) AWS CodeBuild AWS CodeDeploy AWS CodePipeline GitHub Actions DIY solution Managed service

Slide 33

Slide 33 text

BUILD BLUEPRINTS_ Design patterns Reusable Infrastructure-as-Code automation

Slide 34

Slide 34 text

WRAPPING UP_

Slide 35

Slide 35 text

MAIN TAKEAWAYS_ Get your AWS estate in order with a Landing Zone Choose an impactful new or existing workload to modernise Modernise by adopting managed services Use the approach as a blueprint for other workloads

Slide 36

Slide 36 text

HOW CAN WE HELP?_ Co-investment with AWS funding Free consultation

Slide 37

Slide 37 text

No content