Steve Chambers - Cloud for GrownUps ITSM17
3 likes849 views
The document discusses cloud computing, emphasizing the importance of understanding cloud adoption, security, finance, and operations for organizations. It highlights the shift from traditional IT to cloud models and stresses the need for accountability in cloud finance. The presentation also advocates for education and certification in cloud practices to enhance operational effectiveness and avoid common pitfalls.
Steve Chambers - Cloud for GrownUps ITSM17
- 1. Cloud for Grown Ups ITSMF UK 2017 steve@cloudsoft.io
- 2. Presentation Caveats • It’s wordy so it’s useful when read in PDF/Online without speaker. • AWS is used solely for examples because (a) they have the best guidance, (b) other wise I’d have to provide multiple examples and (c) this isn‘t a cloud-comparison presentation. • Other clouds are available but they are (way) behind AWS on these topics
- 3. Who is Stevie? Worked with small startups, public sector, international orgs and others on cloud adoption for the past few years.
- 4. Help Stevie stay calm • There’s a difference between the words ”premise” and “premises”. • Please don’t use the phrase “on-premise” to describe non-cloud private datacenters. • Please use “on-premises” or even “on-prem” • If you hear someone say “on-premise”, and there are lots of people doing it, then discount their cloud knowledge (sorry, but it’s true!)
- 5. We all know what a cloud is notnotnotnot, right? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: https://csrc.nist.gov/publications/detail/sp/800-145/final
- 6. Hands Up! • Where is your organization on the cloud adoption spectrum? Experimenting Some programs Business as usual • What is your involvement in cloud in your organization? None Plan to In up to my neck
- 8. Grown Ups are for… 1. “To stop childrens getting squished!” 2. “To buy children things!” 3. “To tell children off when they are naughty!” Cloud Security Cloud Finance Cloud Operations
- 9. We’ve been here before with virtualization Virtualization circa 1998-present Market Leader: VMware People & Process: VMware Center of Excellence Programme: VMware Operations Framework Architecture: VCDX Cloud Computing circa 2006-present Market Leader: AWS People & Process: Cloud Center of Excellence Programme: Cloud Adoption Framework Architecture: Well Architected Framework
- 10. VMware Operational Framework 2006-2009
- 11. 1. Cloud Security “Grown Ups are there to stop childrens getting squished!”
- 12. From #1 Barrier to #1 Driver 1. Perimeter walls and firewalls are false comfort blankets. 2. Cloud democratizes access to leading security methods for free. 1. Encryption 2. Identity and Access Management 3. Programmable and transparent controls – see CIS Benchmark 3. Hyperscale CSPs have better security – people, process, tech -- than us normal people. 4. You are in control and responsible for your security.
- 13. Regulatory 1. Cloud Services are not regulated (SEC regulates US companies, but not their service/product offerings). 2. You are responsible for compliance with your industry’s regulations 1. See London FCA https://www.fca.org.uk/publication/finalised- guidance/fg16-5.pdf 2. Dutch Finance Board “approve” use of AWS. 3. Business Associate Agreements with HIPAA clearly state responsibilities. 3. CSPs work with regulators (e.g. to provide access for investigations) and they voluntarily produce compliance
- 14. Example: AWS Compliance https://aws.amazon.com/compliance/
- 15. Availability • AWS S3 Cascading Failure in Feb 2017 • Check out the detailed AWS post-mortem: do you/other providers offer this transparency? https://aws.amazon.com/message/41926/ • You are responsible for availability. • Some AWS customers who provide services to others “shrugged their shoulders” and accepted the outage, they offered no additional protection to their customers.
- 16. Footguns Galore • S3 Buckets • You have to purposefully open them • Remember cloud is “broad network access” – it’s a feature, not a bug! • Use AWS Macie because, well, people • Takeaway • You get what you deserve if you let untrained and unchecked staff put company data in the cloud any way they like. • Use automation to “trust but verify”. AWS Trusted Advisor, AWS Config etc • Limit access to “raw console” and use tools like service catalogues to automagically create cloud resources.
- 17. 2. Cloud Finance “Grown Ups are there to buy children things!” (Grown Up: more likely to *stop* them buying things!)
- 18. Cloud Finance: The Missing Link • To succeed, you must be sophisticated: • Use tools and automated processes – cost explorers and forecasts • How do you know if you are getting value for money? • Make someone accountable – job spec and measurements • Stop people frittering money – limit their access • Create downward pressure on cloud resources and costs – turn stuff off • Set targets including rewards and punishments – cost saving leaderboard
- 19. Who’s job isn’t it? • Not Procurement? Should be involved in cloud sourcing/framework • Not Finance? Usually more interested in mechanics, reducing costs • Not Developers? Finance is Someone Else’s Problem (don’t see the bill) • Not Solution Architects? AWS make Cloud Costs part of Architecture • Not Management? It’s not a leadership activity (yes it is). • Common: • 1. Project Managers, people who deal with budgets. • 2. An oversight committee that provides checks, balances and enforcement.
- 20. Cloud Finance Complexity • Doing your sums: The AWS “Simple” Calculator • Terminology: Reserved Instances (that are neither reserved, nor instances) • Risk: If a user has “raw console access” then they might as well have access to the company bank account. • Hyperscale CSPs are less flexible and less forgiving than local suppliers. • Double Whammy: pay up front for “coupons”/Ris then use the wrong resources and additionally pay the On Demand price (400% of Ris).
- 21. Beware Multi-cloud • The last hurrah of the non-cloud vendor • Hybrid cloud is being turned inside out: it’s public cloud reaching into your premises/DC not you bursting into cloud (niche cases apply). • CSPs use different resource types, terminology, finance models: you might need to use an intermediary/MSP to have a consistent consumption model. • My advice? Be good at one cloud first.
- 22. 3. Cloud Operations “Grown Ups are there to tell children off!”
- 23. When ITIL meets Cloud • Cloud is very ITIL-y, if that’s a thing. • Check out: AWS Managed Services – they do Change, Incident etc for some things • Cloud is programmable therefore integration-able to your current tools • Use higher-order services to reduce your process exposure (but beware lock-in) • Example: AWS Relational Database Service: no DBA required? Changes done by CSP! • Train your ITSMs in Cloud – acloud.guru, others available.
- 24. Shared Responsibility Model You do ITIL for these bits CSP takes care of these bits
- 25. Your Operational Responsibility • Security, reliability, performance efficiency, cost optimization, and operational • Use the AWS Well Architected Framework • Operational Excellence Pillar: • Best Practices: Operational Checklist, Proactive Plan, Security Checklist • Config Management: Resource Tracking, Documentation, Learnings, Immutable Infrastructure, Automated Change, CMDB • DevOps: Deployment Pipeline, Release, Incremental Change, Revertible Change, Risk Mitigation • Monitoring: Tools, Logs, Alarms, Triggers • Responses: Playbook, Root Cause Analysis, Automated Response • Escalation: Document, Provision, Functional Queues, Hierarchical, External,
- 26. 4. Key Takeaways How to be a Cloud Grown Up
- 27. How to be a Cloud Grown Up • Teach the adults and kids about cloud and get them certified because that is one way to learn from others’ mistakes. But remember there is no compression algorithm for experience. • Give the kids a routine: build a Cloud Adoption Framework that goes from “Experimentation” through “Programmes” (e.g. migrating/building services in the cloud) to establishing a “Center of Excellence”. • Put an adult in charge of the money: Make someone accountable for cloud finance and get sophisticated. • Don’t do what you always did: Use higher-order cloud services instead of “renting VMs” where you can: let the CSP take the strain! • Humans are always the weak link, and some of my best friends are human. Get the robots to do it.
- 28. Final NotesFinal NotesFinal NotesFinal Notes • Don’t get squished. • Manage your budget. • Be kind but firm to your cloud children.