1-888-317-7920 info@2ndwatch.com

Cloud Transformation Through ITIL Service Strategy

For some IT organizations the cloud computing paradigm poses critical existential questions; How does my IT organization stay relevant in a cloud environment? How does IT still provide value to the business? What can be done to improve the business’ perception of IT’s contribution to the company? Without a clear approach to tackling these and other related questions, IT organizations stumble into a partially thought-out cloud computing strategy and miss out on capturing the short and long-term financial ROI and transformational benefits of a cloud-first strategy.

Several key concepts and principles from ITIL’s Service Strategy lifecycle stage lend themselves to defining and guiding a strategic approach to adopting and implementing a cloud-first strategy. In this article, we’ll highlight and define some of these key principles and outline a tactical approach to implementing a cloud-first strategy.

One of the key concepts leveraged in ITIL’s Service Strategy is the Run-Grow-Transform framework from Gartner.  From an executive management perspective, the IT organization’s contribution to the company’s goals and objectives can be framed along the Run-Grow-Transform model – specifically around how IT can help the company (1) Run-The-Business, (2) Grow-The-Business, and (3) Transform-The-Business.

The CIO’s value is both objectively and subjectively measured by answering:

1 – How can IT reduce the cost of current IT operations, thus improving the bottom line?

2 – How can IT help the business expand and gain greater market share with our current business offerings?

3 – How can IT empower the business to venture out into new opportunities and/or develop new competitive business advantage?

We’ll take a close look at each model area, highlight key characteristics, and give examples of how a cloud-first policy can enable a CIO to contribute to the companies’ goals and objectives and not only remain relevant to the organization but enable business innovation.

Run-the-Business and Cloud-First Strategy

Run the Business (RTB) is about supporting essential business operations and processes. This usually translates to typical IT services and operations such as email-messaging systems, HR services, Payroll and Financial systems. The core functionality these IT services provide is necessary and essential but not differentiating to the business. These are generally viewed as basic core commodity services, required IT costs for keeping the business operational.

The CIO’s objective is to minimize the cost of RTB activities without any comprise to the quality of service. A cloud-first policy can achieve these outcomes. It can reduce costs by moving low value-add IT activities (sometimes referred to as ‘non-differentiating work’) to a cloud provider that excels at performing the same work with hyper efficiency. Add in the ability of a cloud provider to leverage economies of scale and you have a source of reliable, highly cost-optimized IT services that cannot be matched by any traditional data center or hosting provider (see AWS’s James Hamilton discuss data center architecture at scale). Case studies from GE, Covanta, and Conde Nast bare out the benefit of moving to AWS and enabling their respective CIOs to improve their  business’ bottom line.

Grow-the-Business and Cloud First Strategy

Grow the Business (GTB) activities are marked by enabling the business to successfully increase market share and overall revenue in existing markets. If a company doubles its customer base, then the IT organization responds with timely and flexible capacity to support such growth. Generally, an increase in GTB spending should be tied to an increase in business revenue.

Cloud computing providers, such as AWS, are uniquely capable to support GTB initiatives. AWS’ rapid elasticity drastically alters the traditional management of IT demand and capacity. A classic case in point is the “Black Friday” phenomena. If the IT organization does not have sufficient IT resources to accommodate the projected increase in business volume, then the company risks missing out on revenue capture and may experience a negative brand impact. If the IT organization overprovisions its IT resources, then unnecessary costs are incurred and it adversely affects the company’s profits. Other similar business phenomena include “Cyber Monday,” Super Bowl Ads, and product launches. Without a highly available and elastic cloud computing environment, IT will struggle to support GTB activities (see AWS whitepaper “Infrastructure Event Readiness” for a similar perspective).

A cloud’s elasticity solves both ends of the spectrum scenarios by not only being able to ramp up quickly in response to increased business demand, but also scale down when demand subsides. Additionally, AWS’ pay-for-what-you-use model is a powerful differentiating feature. Some key uses cases include Crate & Barrel and Coca-Cola. Through a cloud-first strategy, a CIO is able to respond to GTB initiatives and activities in a cost-optimized manner.

Transform-the-Business and Cloud Computing

Transform the Business (TTB) represents opportunities for a company to make high risk but high reward investments. This usually entails moving into a new market segment with a new business or product offering. Innovation is the key success factor in TTB initiatives. Traditionally this is high risk to the business because of the upfront investment required to support new business initiatives. But in order to innovate, IT and business leaders need to experiment, to prototype and test new ideas.

With a cloud-first policy, the IT organization can mitigate the high-risk investment, yet still obtain the high rewards by enabling a ‘fail early, fail fast’ strategy in a cloud environment. Boxever is a case study in fail fast prototyping. Alan Giles, CTO of Boxever, credits AWS with the ability to know within days “if our design and assumptions [are] valid. The time and cost savings of this approach are nearly incalculable, but are definitely significant in terms of time to market, resourcing, and cash flow.” This cloud-based fail-fast approach can be applied to all market-segments, including government agencies. The hidden value in a cloud-based fail fast strategy is that failure is affordable and OK, making it easier to experiment and innovate. As Richard Harshman, Head of ASEAN for Amazon Web Services, puts it, “Don’t be afraid to experiment. The cloud allows you to fail fast and fail cheap. If and when you succeed, it allows you to scale infinitely and go global in minutes”.

So what does a cloud-first strategy look like?

While this is a rudimentary, back-of-the-envelope style outline, it provides a high-level, practical methodology for implementing a cloud-first based policy.

For RTB initiatives: Move undifferentiated shared services and supporting services to the cloud, either through Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS) based solutions.

For GTB initiatives: Move customer-facing services to the cloud to leverage dynamic supply and demand capacity.

For TTB initiatives: Set up and teardown cloud environments to test and prototype new ideas and business offerings at minimal cost.

In addition to the Run-Grow-Transform framework, the ITIL Service Strategy lifecycle stage provides additional guidance from its Service Portfolio Management, Demand Management, and Financial Management process domains that can be leveraged to guide a cloud-first based strategy. These principles, coupled with other related guidance such as AWS Cloud Adoption Framework, provide a meaningful blueprint for IT organizations to quickly embrace a cloud-first strategy in a structured and methodical manner.

By aggressively embracing a cloud-first strategy, CIOs can demonstrate their business relevance through RTB and GTB initiatives. Through TTB initiatives IT can facilitate business innovation and transformation, yielding greater value to their customers. We are here to help our customers, so if you need help developing a cloud-first strategy, contact us here.

-Vince Lo Faso, Solutions Architect

Facebooktwittergoogle_pluslinkedinmailrss

AWS re:Invent 2017 Session: Continuous Compliance on AWS at Scale (VIDEO)

In cloud migrations, the elastic nature of the cloud is often touted as a critical capability in delivering on a business’ key initiatives.  However, if not accounted for in your Security and Compliance plans, you could be facing some real challenges. Always counting on a virtual host to be running, for example, will cause issues when that host is rebooted or retired. This is why managing Security and Compliance in the cloud is a continuous action requiring both forethought and automation.

At AWS re:Invent 2017, 2nd Watch hosted a breakout session titled “Continuous Compliance on AWS at Scale” where attendees learned how a leading, next generation, Managed Cloud Provider uses automation and cloud expertise to successfully manage Security and Compliance at scale in an ever-changing environment. This journey starts with account creation, goes through deployment of infrastructure and code and never ends.

Through code examples and live demos, presenters Peter Meister and Lars Cromley demonstrated the tools and automation you can use to provide continuous compliance of your cloud infrastructure from inception to ongoing management.  In case you missed the session or simply wish to get a refresher on the content that was presented, you can now view the breakout session recording below.

 

 

 

 

 

 

 

 

— Katie Laas, Marketing Manager, 2nd Watch

 

Facebooktwittergoogle_pluslinkedinmailrss

AWS re:Invent 2017 Recap and Initial Impressions

While AWS re:Invent 2017 is still fresh in our minds, here are some of the highlights of the most significant announcements.

Aurora Multi-Master/Multi-Region: This is a big deal! The concept of geographically distributed databases with multiple masters has been a long-desired solution. Why is this important?
Having additional masters allows for database writes, not just reads like the traditional read replicas that have been available. This feature enables a true multi-region, highly available solution that eliminates a single point of failure and achieves optimum performance. Previously, third party tools like Golden Gate and various log shipping approaches were required to accomplish proper disaster recovery and high availability. This will greatly simplify architectures for some that want to go active-active across regions and not just availability zones. Additionally, it will enable pilot light (and more advanced) DR scenarios for customers that are not going to be using active-active configurations.

Aurora Serverless: Aurora Serverless is an on-demand, auto-scaling configuration for the Aurora MySQL and PostgresSQL compatible database service, where the database will automatically start-up and scale up or down based on your application’s capacity needs. It will shut down when required, basically scaling down to zero when not being used. Traditionally, Aurora RDS required changing the underlying instance type to scale for database demand. This is a large benefit and cost saver for development, testing, and QA environments. Even more importantly, if your workload has large spikes in demand, then auto-scaling is a game changer in the same way that EC2 auto scaling enabled automated compute flexibility.

T2 Unlimited: T2 is one of the most popular instance types used by 2nd Watch and AWS customers, accounting for around 50% of all instances under 2nd Watch Managed Cloud Services. In the case of frequent, small and inconsistent workloads, T2 is the best price and performance option. However, one of the most common reasons that customers do not heavily leverage T2 is due to concerns related to a sustained spike in load that will deplete burstable credits and result in unrecoverable performance degradation. T2 unlimited solves this problem by essentially allowing unlimited surges over the former limits. We expect to see more customers will adopt T2 for those inconsistent workloads as a cost-effective solution. We will watch to see if this this shift is reflected in the instance type data for accounts being managed by 2nd Watch.

Spot Capacity: Spot instances are normally used as pools of compute that run standard AMIs and work on datasets located outside of EC2. This is because the instances are terminated when the spot price increases beyond your bid, and all data is lost. Now, when AWS reclaims the capacity, the instance can essentially hibernate, preserving the operating system and data, and startup again when the spot pricing is favorable. This removes another impediment in the use of spot capacity, and will be a large cost saver for environments that only need to be temporarily available.

M5 Instance Type: Given the large increase in performance of the newer processor generations, one can see large cost savings and performance improvements by migrating to a smaller sized offering of the latest instance type that meets your application’s needs. Newer instance types can also offer higher network bandwidth as well, so don’t put off the adoption of the latest products if possible.

Inter-region Peering: It’s always been possible to establish peering relationships between VPCs in the same region. Inter-region Peering uses AWS private links between VPCs in different availability zones and does not transit the open internet, eliminating VPNs, etc. This same feature is available inter-region. This makes multi-region designs cleaner and easier to implement, without having to build and configure VPN networking infrastructure to support it, which of course also needs monitoring, patching, and other maintenance. It was also announced that users of Direct Connect can now route traffic to almost every AWS region from a single Direct Connect circuit.

There were also some announcements that we found interesting but need to digest a little longer. Look for a follow up from us on these.

EKS: Elastic Container Services for Kubernetes – Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes clusters. Even at last years’ AWS re:Invent we heard people wondering where the support for Kubernetes was, particularly since it has become the de facto industry standard over the past several years.

GuardDuty: AWS has now added a cloud-native tool to the security toolbox. This tool utilizes “machine learning” for anomaly detection. AWS GuardDuty monitors traffic flow and API logs for your accounts, letting you establish a baseline for “normal” behavior on your infrastructure, and then watches for security anomalies. These are reported with a severity rating, and remediation for certain types of events can be automated using existing AWS tools. We will be considering the best methods of implementation of this new tool.

Fargate: Run Amazon EKS and ECS without having to manage servers or clusters.

Finally, a shameless plug: If compliance is on your mind, watch this AWS re:Invent breakout session from our product and engineering experts.

AWS re:invent 2017: Continuous Compliance on AWS at Scale (SID313)

Speakers:
Peter Meister, Director of Product Management, 2nd Watch
Lars Cromley, Director of Engineering, 2nd Watch

In cloud migrations, the cloud’s elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure.
Obviously, there was a lot more going on and it will take some time to go through it. We will keep you up to date with our thoughts.

–David Nettles, Solutions Architect, 2nd Watch
–Kevin Dillon, Director, Solutions Architecture, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss

Well-Architected Framework Reviews

“Whatever you do in life, surround yourself with smart people who argue with you.” – John Wooden

Many AWS customers and practitioners have leveraged the Well-Architected Framework methodology in building new applications or migrating existing applications. Once a build or migration is complete, how many companies implement Well-Architected Framework reviews and perform those reviews regularly? We have found that many companies today do not conduct regular Well Architected Framework reviews and as a result, potentially face a multitude of risks.

What is a Well-Architected Framework?

The Well-Architected Framework is a methodology designed to provide high-level guidance on best practices when using AWS products and services. Whether building new or migrating existing workloads, security, reliability, performance, cost optimization, and operational excellence are vital to the integrity of the workload and can even be critical to the success of the company. A review of your architecture is especially critical when the rate of innovation of new products and services are being created and implemented by Cloud Service Providers (CSP).

2nd Watch Well-Architected Framework Reviews

At 2nd Watch, we provide  Well-Architected Framework reviews for our existing and prospective clients. The review process allows customers to make informed decisions about architecture decisions, the potential impact those decisions have on their business, and tradeoffs they are making. 2nd Watch offers its clients free Well-Architected Framework reviews—conducted on a regular basis—for mission-critical workloads that could have a negative business impact upon failure.

Examples of issues we have uncovered and remediated through Well-Architected Reviews:

  • Security: Not protecting data in transit and at rest through encryption
  • Cost: Low utilization and inability to map cost to business units
  • Reliability: Single points of failure where recovery processes have not been tested
  • Performance: A lack of benchmarking or proactive selection of services and sizing
  • Operations: Not tracking changes to configuration management on your workload

Using a standard based methodology, 2nd Watch will work closely with your team to thoroughly review the workload and will produce a detailed report outlining actionable items, timeframes, as well as provide prescriptive guidance in each of the key architectural pillars.

In reviewing your workload and architecture, 2nd Watch will identify areas of improvement, along with a detailed report of our findings. A separate paid engagement will be available to clients and prospects who want our AWS Certified Solutions Architects and AWS Certified DevOps Engineer Professionals to remediate our findings. To schedule your free Well-Architected Framework review, contact 2nd Watch today.

 

— Chris Resch, EVP Cloud Solutions, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss

AWS re:Invent Keynote Recap – Thursday

Thursday’s General Session Keynote kicked off with Amazon CTO, Werner Vogels, taking the stage to deliver additional product and services announcements with the inclusion of deeper, technical content.  Revisiting his vision for 21st Architectures from the 1st Re:Invent in 2012, Werner focused on what he sees as key guiding principles for next-gen workloads.

  1. Voice represents the next major disruption in computing. Stressing this point, Werner announced the general availability of Alexa for Business to help improve productivity by introducing voice automation into your business.
  2. Use automation to make experimentation easier
  3. Encryption is the ‘key’ to controlling access to your data. As such, encrypting data (at rest and in transit) should be a default behavior.
  4. All the code you should ever write is business logic.

 

Werner also highlighted the fact that AWS now has over 3,951 new services released since 2012. These services were not built for today but built for the workloads of the future.  The goal for AWS, Werner says, is to be your partner for the future.

One of the highlights of the keynote was when Abby Fuller, evangelist for containers at AWS, came on stage to talk about the future of containers at AWS.  She demoed the use of Fargate which is AWS’s fully managed container service. Think of Fargate as Elastic Beanstalk but for containers.  Per AWS documentation “It’s a technology that allows you to use containers as a fundamental compute primitive without having to manage the underlying instances. All you need to do is build your container image, specify the CPU and memory requirements, define your networking and IAM policies, and launch. With Fargate, you have flexible options to closely match your application needs and you’re billed with per-second granularity.”

The Cloud9 acquisition was also a highlight of the keynote.  Cloud9 is a browser-based IDE for developers.  Cloud9 is completely integrated with AWS and you can create cloud environments, develop code, and push that code to your cloud environment all from within the tool.  It’s really going to be useful for writing and debugging lambda functions for developers that have gone all in on serverless technologies.

New Announcements

AWS Lambda Function Execution Activity Logging – Log all execution activity for your Lambda functions. Previously you could only log events but this allows you to log data events and get additional details.

AWS Lambda Doubles Maximum Memory Capacity for Lambda Functions – You can now allocate 3008MB of memory to your AWS Lambda functions.

AWS Cloud9 –  Cloud9 is a cloud based IDE for writing, running, and debugging your code.

API Gateway now supports endpoint integrations with Private VPCs –  You can now provide access to HTTP(S) resources within your Amazon Virtual Private Cloud (VPC) without exposing them directly to the public Internet.

AWS Serverless Application Repository –   The Serverless Application Repository is a collection of serverless applications published by developers, companies, and partners in the serverless community.

We expect AWS to announce many more awesome features and services before the day ends so stay tuned for our AWS  re:Invent 2017 Products & Services Review and 2017 Conference Recap blog posts for a summary of all of the announcements that are being delivered at AWS re:Invent 2017.

 

— Brent Clements, Sr. Cloud Consultant, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss