it transformation in the public sector
TRANSCRIPT
IT Transformation in the Public Sector (‘A How To Guide’)
Sanjay Asnani, IT Transformation Sr. ConsultantAWS Professional ServicesWorld-Wide Public Sector
November 19, 2015
Focus on Every Aspect of Cloud Adoption
Prescriptive guidance and implementation assistance across the stack:• IT Transformation leads focus on the business
aspects of cloud adoption
• Application Architects help developers build AWS-aware applications
• Big Data / Analytics Specialists help you design and deploy your analytics platform
• Infrastructure Architects take your unique landscape of application, network, and security needs to the cloud
• Security Leads provide well-proven designs to meet your compliance needs
• Operational Integration Specialists help you successfully adopt DevOps practices
Application Optimization
Big Data & Analytics
Infrastructure Architecture
Secu
rity,
Ris
k &
C
ompl
ianc
e
Ope
ratio
nal
Inte
grat
ion
IT Transformation
Government Agencies and Educational Institutions Use AWS Worldwide
3
AWS Partners Focused on Public Sector
4
The Many Reasons Organizations are Moving to the Cloud
Current
• Fixed Costs• Capital Intensive• High Maintenance
and Run Costs• Legacy Applications• Outdated
• Capital Light - ‘Pay by the Drink’
• Cost Savings & Flexibility• Responsive & Agile• Continual Iteration &
Innovation• New Technologies
Future
The Agile Enterprise
Moving to the Cloud can be a challenge for large Organizations
Large cloud transformation programs are complex undertakings which:
Multiple work streams and inter-dependencies.
Can have significant impact on current IT
Operating Model, procedures, tools, and
standards
Results in change to how applications and
infrastructure services are developed and
delivered
Complexities due to thousands of applications, multiple Data Centers, suppliers, existing contracts, and
compliance needs
Present technical integration challenges and complexities that
need to be addressed
The Journey Brings Fast Learning & Early Wins
TransformExpandExplore Adopt
Non-Production
Existing Web Workloads
New CapabilityWorkloads
Legacy Migration
EXAMPLE
Technology Alone is Not the Answer
AWS Cloud Adoption Framework (CAF)
Comprehensive framework that helps bring together people, process and technology to reduce the time and cost of deployment
consistent proven repeatable
AWS Cloud Adoption Framework
Perspectives
BusinessPlatformOperatingSecurityProcessPeopleMaturity
DeliveryExplore
Prepare
Migrate/Dev.
Iterate
Discovery
Baseline
Gap
Strategy
Activities
AWS
Partner/s
Activity Matrix& Roadmap
Bus
ines
s O
bjec
tives
Comprehensive framework that helps bring together people, process, and technology to drive efficient, effective, and secure cloud adoption, based on defined business objectivesComprised of:• 4 step Discovery phase• 7 perspectives (business, platform, maturity, people, process, security, and operating) • 4 step Delivery phase
AWS Cloud Adoption Framework
The AWS CAF organizes and describes the perspectives in planning, creating, managing, and supporting a modern IT service.
Offers practical guidance and comprehensive guidelines for establishing, developing and running AWS cloud-enabled environments.
It provides a structure where business and IT can work together towards common strategy and vision, supported by modern IT automation and process optimization.
PeoplePerspective
ProcessPerspective
SecurityPerspective
MaturityPerspective
PlatformPerspective
OperationsPerspective
BusinessPerspective
CAF Core Perspectives
Process PerspectiveManaging portfolios, programs and projects to deliver expected business outcome on time and within budget, while keeping risks at acceptable levels.
People PerspectiveDefining and acquiring the skills needed to adopt the AWS cloud platform. Examples guidance include role descriptions, training, certification and mentoring.
Maturity PerspectiveDefining the target state architecture of the organization and creating the required blueprints and roadmaps.
Platform PerspectiveRepresents the technology services of the AWS cloud platform. Provides patterns, guidance, and tools for optimal use of the technology services and services to implement.
Operations PerspectiveRepresents the ongoing management of the functioning IT environment of AWS. Provides process, guidance and tools for optimum operational service management of the AWS environment.
Security PerspectiveDefining and implementing the required levels of security, governance, and risk management to achieve compliance.
Business PerspectiveIdentifying, delivering, and measuring business impact using architectural approaches that align technical delivery to business imperatives.
Sample Cloud Adoption Roadmap
Discovery Workshop
Cloud Business
Case
Define Security
Requirements
Define Network
Environment
Define Governance
Structure
Operational Integration
Security Operations Playbook
Cloud Environment Optimization
Application PortfolioAnalysis
Cost and Billing
Analysis
Training and Certification
Define Cloud
Environments
Define EA Policies and
Practices
Transformation Process – An Overview1. Establish Common Understanding
Observations: Cloud Adoption requires an organization to take on a new method
of providing IT services and involves change at many different levels.
Successful transformations require strong executive sponsorship early in the process, and a commitment from the organization.
Proper planning and communication of the process are vital parts of the process.
It is important to determine the overall benefits to the organization, provide training for staff, develop the foundational architecture, assess the environment , and develop security controls part of the overall transformation.
Total Value of Ownership Understand the value of AWS for the organization in terms of
agility, availability, disaster recovery, cost and reach. A high-level value analysis will align with the objectives and
support the mission of the organization.Cost-Benefit Analysis AWS provides a Total Cost of Ownership (TCO) analysis that helps
organizations develop the business case for adopting cloud services
The transformation requires a move from CapEx to OpEx and allows organizations to only pay for what they utilize
Reallocation of Resources Optimal cloud adoption requires a plan to refocus IT resources to
meet customer demand, align to organizational objectives and support business strategy.
An Enterprise Agreement (EA) can be completed between AWS and the organization to ensure that the appropriate contracting provisions exist.
Enterprise organizations can either sign a unilateral or bilateral Non-Disclosure Agreement (NDA) with AWS.
An Implementation Services Addendum (ISA) is attached to the enterprise agreement for contracting with AWS Training or Professional Services (ProServe).
A Business Associate Agreement (BAA) is used to protect personal health information (PHI) with HIPAA guidelines.
3. Build Knowledge and Capacity
2. Identify Benefits to the Organization
4. Complete Enterprise Agreements 7. Application Migration
8. Institute Cloud Operating Model
Application Portfolio Assessment A detailed assessment of all workloads is essential for understanding resources,
dependencies, licensing, etc. Assessed workloads can be placed into phases for migration based on pre-determined
patterns and dependencies.
Migration Factory Migration Factory refers to the group(s) designated to assist in the planning and
migration of in-scope workloads to AWS. The factory includes processes, procedures and tools. Amazon Partner Network (APN) partners are uniquely skilled at migrating workloads
in the most effective and efficient manner possible.
AWS provides services to help organizations move to a continuous integration / continuous delivery model to increase agility.
AWS includes integrated tools such as OpsWorks, Trusted Advisor (below), CloudTrail and CloudWatch that help measure, track, monitor, alarm and operate the cloud environments in an optimal manner to drive continuous improvement.
There are many 3rd party tools that arespecifically developedto help operate yourAWS cloud in the mostefficient way possible.
5. Conduct Enterprise Maturity Assessment
Detailed design of security controls and processes Best-practices design of the virtual private cloud
(VPC) environment Establishment of network connectivity and
integration Architecting for high-availability and disaster
recovery Development of application patterns for the
migration of current state workloads to AWS Decoupling of enterprise-class workloads for
migration to AWS
6. Design Cloud Infrastructure
The maturityof key IT servicemanagementprocesses areassessed toensure that thecloud transformation is sustainable, supportable and systemic.
Training and DocumentationAWS provides different levels of support and training for customers ranging from free, self-help videos to instructor-led training. All services include detailed documentation.
AWS Self-Paced Training Introduction to AWS videos AWS Essentials TrainingInstructor-Led Training Architecting on AWS Architecting on AWS – Advanced Concepts Developing on AWS Systems Operations on AWS Advanced Operations on AWSSpecialty Training Big Data Technology Fundamentals Big Data on AWS
Version 1.0 (01/ 15/ 2015)
Business Perspective
Business Perspective
Value Management IT Strategy
PortfolioGovernance
Cost Management
Risk Management
Benefit Management
Manage financial aspects and optimum IT investments
Manage costs by focus on sourcing on IT capability as a whole rather than the individual components
Measure and optimize value to the business from IT investments
Practices for IT governance are integrated with overall business governance
Manage IT risk in alignment with overall risk management
IT strategy is aligned with the Business strategy and includes the Cloud Strategy
Platform Perspective
Conceptual Architecture
LogicalArchitecture
ImplementationArchitecture
Application Migration Patterns
Cloud design principles and
patterns
Detailed definitions of technology solutions to achieve the desired state
High-level roadmap for desired state of the technology–enabled organization (‘Enterprise Architecture’)
Best practices for migrating existing non-cloud applications
Design principles and patterns for cloud solutions for consistency and reuse
Intermediate definitions of technology solutions to achieve the desired state
Platform Perspective
Architecture OptimizationOptimization of architectures to derive
value from cloud’s proposition of agility and cost savings
Application Disposition Model
Discover/Assess/PrioritiseApplications
Use Migration Tools
Replatforming
(Lift & Reshape) Transition
Production
Retain / Not Moving
Refactoring
(Re-writing/ Decoupling
applications)
Redesign Application/Infrastructure Architecture
App Code Development
Repurchasing(Replace -Drop & Shop)
Purchase COTS/SaaS & licensing
Rehosting
(Lift an
d Shift)
Test
Modify underlyingInfrastructure
Full ALM / SDLC
Manual
Manual Config
Manual Deploy
Manual Install
Retire / Decommissio
n
Determine Migration Path
Automated
Manual Install & Setup
Integration
Diagram Account , VPC Structure & NetworkIdentify SSO & Key Management Processes
Week 1 Week 2
Determine Security Variances
IA Sign-Off
Identify Environment Exceptions, Integrations & PartnersValidate VPC Infrastructure
Determine Environment Exceptions & IntegrationsIdentify Necessary Roles/Credentials
Implement Account StructureImplement IDM/SSO & Account Federation
Implement VPC & Security GroupsConfigure Admin/Security Logging & Alerting
Implement Exceptions & IntegrationsValidate AWS Monitoring & Alerting
Validate IntegrationsDetermine Migration Processes Engage Authorization Process
Create CF TemplateDiscover Design BuildKey
Infrastructure & Migration PreparationInfrastructure Migration
Maturity Perspective
Cloud Readiness
Assessment
Cloud Maturity Heat-map
Assessment
Target Platform Capabilities
Application PortfolioAnalysis
Roadmap sequencing
IT Management Assessment
Summarizes information on maturity aspects for decisions and prioritization
Determine how ready the organization is to move to the cloud – IT systems and processes
Review the portfolio of applications and data and assess suitability for the cloud
Determine what changes are needed in IT management
Identifies new or changed technology platforms and services for cloud
Determine sequencing of initiatives for cloud adoption, and dependencies
Maturity Perspective
Process Perspective
Portfolio Management
Service Delivery
Management
Program & Project
Management
Continuous Integration/ Continuous
Delivery
ProcessAutomation
Quality Management
Delivers services that meet Service-Level Agreement (SLA) and Operational-Level agreement (OLA) standards
Programs and projects for cloud adoption are managed systematically and metrics used to monitor processes
Delivery processes are automated, including creation of infrastructure stacks from scripted definitions
IT services are managed as a portfolio to deliver maximum business value
Iterative software lifecycles deliver incrementally with process automation
Quality standards are defined and practiced at all stages of the lifecycle
Process Perspective
Operations Perspective
Cloud Service Management
SLA/OLA Strategy
Business Continuity Planning
Incident & Problem
Management
Change and Configuration Management
Performance &
Operational Health
Sets out the strategy and policies to define and meet SLA and OLA standards, including during disasters
Plans are made for the business to be able to cope with unexpected IT situations, including IT disaster recovery
Configuration Items are recorded and change is managed systematically
Caters for service management and control of cloud solutions
Manages incidents and problems in running solutions; identifies and removes root causes
Proactively monitors cloud solutions and resources to ensure that the desired level of performance is met
Operations Perspective
People Perspective
Organizational Structures
Roles and Job
Descriptions
Training Certification Readiness
Manage Staffing
Organizational Change
Management
Skills and
Competencies
Each role has a job description with details of qualifications, knowledge and experience
Set up optimum organizational model s for cloud adoption – both Business & IT
Identify gaps in competencies and provide training; encourage certification
Support people in adapting to changes, e.g., new processes and culture of work
Define skills and competencies required and plan career development of staff.
Evaluate staffing against requirements and address gaps
People Perspective
On-Premise Role On-Prem Public Cloud Comments
Planning and Design No Change or Increased No Change or IncreasedIn hybrid environments IaaS represents one more option
with numerous instance types to choose from. Less time is spent on hardware configurations, however.
Hardware Move/Add/Change No change Eliminated No more rack & stack for public cloud apps.
Software Distribution No change DecreasedYou still have to distribute applications and most OS
patches, but hypervisor and (optional) DBMS patching are done by the provider.
Support No change Decreased Hardware support moves to the provider.
Hardware Maintenance No change Eliminated You don’t own the hardware, and you don’t need to manage or work with the hardware vendors that fix it.
Monitoring & Supervision No change No Change or Decreased Monitoring service is available, but with automated failover you may not need it as much.
System Administration No Change or Increased No Change or Increased You’ll spend less time configuring servers, but more time managing hybrid cloud systems.
Backup & Restore No Change No Change Archival No Change No Change
Batch Procession & Scheduling No Change No Change
Database No Change Decreased DBMS patching and tuning is done by the provider when using their database service.
Middleware No Change No Change
Security No Change No Change Multi-tenancy adds requirements, but those are handled by the provider.
Disaster Recovery No Change No Change Still have to plan and test.Methods & Tools No Change No Change
Procurement No Change Decreased No more data center hardware to buy.Premises No Change Eliminated No more physical facility requirement.
Security Perspective
Security Reference
Architectures
Governance, Risk,
Compliance
Governance, Risk,
Compliance
DevSecOpsPrinciples
Security Operations Playbooks
SecurityStrategy
LifecycleSecurity
Capabilities
Published as standard patterns for different types of solutions; promotes consistency, reduces oversights
Manages authority and accountability; minimizes and manages risks; ensures policies and regulations are met
Tactics, techniques and procedures to consistently operate securely
Articulates security principles, standards, measures and processes.
Specifies capabilities required to implement security for the solution
Support to implement security in agile iterative lifecycles
Security Perspective
High Level Transformation Roadmap
Kickoff – Initiative Setup & LogisticsIdentify & Assemble Core “Incubator” Team
Weeks 1-2 Weeks 3-4 Weeks 5-6 Weeks 7-8 Weeks 9-10 Weeks 11-12 Weeks 13-14 Weeks 15-16
Skills Assessment
Train Incubator Train extended team
Ongoing Customer Initiative Releases
EstablishPortfolio GovernanceTraining & Skills Development
Jumpstart – Design & Build Platform
Weeks 17-18
See Detailed Plan
Weeks 19-20
Execute Cloud Governance in Budget Planning & IT Optimization Initiative
Design New Workload Patterns
Integrate roadmap outputs as scope for existing & new workloads. This will maximize value by aligning adoption with natural
initiative release cycles.
Integrate & Improve Operations Processes
Integrate & Improve InfoSec Operations
Integrate
Integrate
Improve
Improve
Capability – Product Workload 1 Phase 1
Capability – Product or Workload 2 Phase 1
Phase 3Phase 2
Quarterly Review & Revision of Roadmap & Plan
Next Steps/Key Takeaways
Schedule a 1-day IT Transformation Workshop with executive stakeholders Create Cloud Adoption Roadmap Define and confirm customer success criteria (Business strategy) Conduct discovery workshop and develop/refine the cloud strategy Develop the people model (teams, roles & responsibilities) Conduct an application portfolio assessment Begin migration of workloads Implement cloud operating model
