Application and Platform Modernisation on AWS

Transcript

1. APPLICATION & PLATFORM MODERNISATION_ JON TOPPER | @jtopper | he/him/his

2. YOUR ARCHITECTURE IS OUT OF DATE_

3. None

4. DID YOU DO A LIFT & SHIFT MIGRATION?_

5. DID YOU BUILD CLOUD NATIVE SOME YEARS AGO?_

6. MODERNISATION SIGNALS_ Lack of agility: Unable to react quickly to

   changing business and market demands. Lack of flexibility: Difficult to make necessary changes to applications. Lack of scalability: Cannot introduce new application features or extend existing features that involve new users or capacity. Performance issues: Applications don’t perform to desired standards and metrics.

7. MODERNISATION SIGNALS_ Lack of data insights: Too many data silos

   exist and slow digital innovation. Heightened security risks: Applications have gaps and vulnerabilities that don’t exist within newer application frameworks where security is built in and integrated throughout. Expensive to build new applications. Higher costs: Legacy applications and application frameworks often consume more resources, and often create more redundancies and inefficiencies than modernised applications.

8. FAILURE TO MODERNISE IS TECHNICAL DEBT_

9. Visible Invisible Value Chain Evolution Genesis Custom Product Commodity

10. Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Power

    Customer MySQL Compute Storage Data Centre HA Scripts Monitoring Config Mgmt Networking

11. Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Customer

    Amazon Aurora

12. NOTABLE AWS LAUNCHES_ Amazon DynamoDB (2012) Amazon Aurora (2014) AWS

    Lambda (2014) AWS Fargate (2017) Amazon EKS (2018) AWS Graviton (2018) AWS Control Tower (2019) Amazon OpenSearch (2021) Amazon Bedrock (2023)

13. STRATEGIC REASONS_ To support people, process & culture change To

    decouple services To provide self-service access to data To create a builder-friendly platform To free up developer hours to work on business value

14. BUSINESS RESULTS_ Move faster & iterate on new products quickly

    Save money on IT spend Improve customer SLA outcomes

15. HOW TO MODERNISE_

16. TWO CONSIDERATIONS_ Your AWS Estate Individual Workloads

17. AWS ESTATE MODERNISATION_

18. LANDING ZONE_ A well-architected, self-service multi-account AWS environment providing: Account

    & network structure Identity & access services Security baseline and guardrails Cost guardrails Centralised management Logging and monitoring Account/application blueprints

19. GOOD ARCHITECTURE. GOOD GOVERNANCE_

20. SECURITY CONCERNS_ Who can access which resources? Is public access

    locked down? What activity is logged? Who can read/write log data? Is encryption at rest enforced? Is encryption in transit enforced? Where are we storing confidential information?

21. COST CONCERNS_ Are we paying too much for our cloud

    resources? Are we generating waste, paying for unused resources? Can we avoid accidentally generating a large bill? Which department is responsible for which part of the bill? How do costs divide out across SaaS tenants?

22. PRODUCTIVITY CONCERNS_ How can we manage all this complexity, without

    slowing down? How can product teams maintain autonomy over their platform whilst conforming to local policy?

23. Workload OU Security OU Infrastructure OU Non-prod OU Prod OU

    Developer Sandbox OU logs flow network path Transitional OU Policy Staging OU Suspended OU Amazon Athena Backup vault Backup snapshots Management account Log Archive account Audit account Shared Services account Backups account Security Tooling account Bob's sandbox account Alice's sandbox account Test account Staging account Production account AWS Control Tower AWS Organizations AWS Config AWS IAM Identity Center Logs Baseline Baseline Baseline Baseline Baseline Baseline Baseline Baseline AWS Chatbot AWS Backup Amazon GuardDuty Admin AWS Budgets AWS Budgets VPC VPC Baseline VPC Baseline VPC

24. WORKLOAD MODERNISATION_

25. IDENTIFY A PRIORITY_ Security Operations Performance Reliability Cost Sustainability

26. MEASURE METRICS_ Security: Reduced high risk items Operations: Improved DORA

    metrics Performance: Improved performance Reliability: Improved uptime. Faster DR. Cost: Improved visibility. Reduced cost. Sustainability: Smaller footprint

27. NOW CHOOSE_ New project Existing workload Choose one with high

    impact

28. USE AWS SERVICES_ Reduced operational overhead Improved security Cost effective

    Higher pace of innovation Extremely reliable Highly scalable

29. EC2 Instance VMWare Cloud on AWS AWS Lambda Amazon Elastic

    Kubernetes Service (EKS) AWS Fargate BEFORE MODERNISATION AFTER MODERNISATION COMPUTE Server / VM workloads Containers or Serverless workloads

30. Database on EC2 Instance Amazon RDS BEFORE MODERNISATION AFTER MODERNISATION

    DATA Amazon Aurora Amazon DynamoDB Customer-managed databases AWS-managed data services

31. Elastic Block Store BEFORE MODERNISATION AFTER MODERNISATION FILES EFS (NFS)

    Amazon S3 Amazon FSx for Lustre POSIX filesystems Object storage

32. BEFORE MODERNISATION AFTER MODERNISATION CI/CD Jenkins on EC2 Instance(s) AWS

    CodeBuild AWS CodeDeploy AWS CodePipeline GitHub Actions DIY solution Managed service

33. BUILD BLUEPRINTS_ Design patterns Reusable Infrastructure-as-Code automation

34. WRAPPING UP_

35. MAIN TAKEAWAYS_ Get your AWS estate in order with a

    Landing Zone Choose an impactful new or existing workload to modernise Modernise by adopting managed services Use the approach as a blueprint for other workloads

36. HOW CAN WE HELP?_ Co-investment with AWS funding Free consultation

37. None