John D'Arcy - April 2022
John D'Arcy - April 2022
Cloud computing offers enhanced security and stability, helps cut costs, and gives enterprises greater flexibility. Cloud services are taking the business world by storm and cloud adoption statistics tell the same story. However, many enterprises are having difficulty in adopting the cloud.
Too many cloud adoption and digital transformation projects fail miserably and in some cases are abandoned or, best case, seriously descoped. And one of the mistakes I see over and over again when building a cloud estate is the total lack of planning.
Its must easier, cheaper and much more efficient for your business to plan how you will use a cloud estate before you migrate to it or adopt it in a hybrid setup. Basic rule is:
"Plan your cloud estate before letting everyone use it, thereby turning it into a Wild West estate"
One of the most common mistakes is enterprises rushing into the cloud. Its easier to set up a secure and well-governed landing zone for your cloud resources than it is to try to clean it up once production workloads are already running. Spend the time setting up in advance making sure your estate is clearly organised from the start.
When adopting the cloud, you need to proceed with caution. It's probably one of the biggest programmes your enterprise will undertake for many decades, regardless if its one workload, multiple workloads or an entire portfolio. And it's so much more than understanding the technology. Its an organisational change management process that needs to involve the whole enterprise.
"Laser-sharp focus, a detailed blueprint and top management buy-in are essential for your cloud adoption to succeed."
In this article, I will go through some of the pointers that may help you in your cloud program. Regardless of how far you are, you will find something that applies to your enterprise.
There are 10 commandments for a successful Digital Transformation:
1. Don't do everything at once
2. Start with a small project and use it as a showcase
3. Gain the support of senior management
4. Embrace new types of technology
5. Embrace new ways of working
6. Adopt a collaborative approach with internal and external customers
7. Move to an iterative release model
8. Ensure the transformation is built around the business strategy
9. Align the company culture with the new operational model
10. Don't just wing it - planning is essential
And what does this mean in practice? How do I make sure my program will succeed?
Well, it can be broken down into 3 main phases:
Design and setup - Workshops and Planning
Transition - Build a minimal viable cloud solution (MVCS) and migrate your workloads
Continuous optimisation - Operations and maintenance
Through all 3 phases planning will have to be done in detail at every step. Get a tool like Atlassian's JIRA to write up your portfolio, program and feature epics as the plan gets more and more detailed. It will help you ensure all activities are aligned with the main strategy and objectives, if used correctly.
"Design & Setup"
Its important to tackle the biggest problems up front. Not everyone in the organisation will support the change and you need to address these fears, uncertainty and doubts as soon as possible. Within Design & Setup there are 2 important areas that need to be addressed:
Strategy & Objectives
Governance & Security
These 2 areas need to be aligned as the first step in order to ensure that the program is aligned with the business objectives and a strategy is defined for the program that is signed off by senior management. This can include, deciding on the best mix for your enterprise, public cloud, private cloud, hybrid cloud. Will you be adapting a cloud-first strategy? Write it down and communicate the strategy to the enterprise. Here, its also important to involve non-technical staff such as; HR, Finance, Legal, procurement etc.
Start with workshops and make sure you have decision-makers, influencers and stakeholders invited. The objective of the workshops is to get alignment among stakeholders as this is a major IT initiative. Make sure you get representatives from the following areas:
Executive sponsors - C-level people
Security - SecOps, data privacy people
Governance, risk and compliance experts
Lead architects
Database
Application owners
Finance
Central IT Operations
From a governance and security perspective ensure that you create a gap analysis of corporate security policies and key controls, identify the governance processes and how they can be incorporated. Identity and access management is a key area that needs to be designed into the cloud platform being built. There will be challenges with compliance and regulatory controls that need to be discussed and a plan of action designed.
When this phase is finished we have:
Common alignment among all stakeholders in the enterprise
A clear vision for the program which is fully backed by senior management
Established a Cloud Business Office who will be responsible for the implementation of the program
Business case and KPIs for cloud economics and management
High level portfolio and program epics defined that will frame the work ahead
"Transition"
During this phase of the program, you need to take a good look at your existing landscape and discover the internal workings of your application estate. Most enterprises will have on-premise applications that will need to be present going forward and therefore need connectivity for the new hybrid estate. You will also need to decide on how the future landscape should look. The cloud vendors have many tools that can assist in this phase. The areas that need addressing are:
Current and future IT landscape
Migration and development of MVCS
The challenges with hybrid cloud networks include latency issues as well as the volume of data being transmitted through the network. Dependencies between applications and systems will be inherent in the on-premise data center. CMDBs are rarely up to date and the understanding of what the connections are between resources is usually not known. You need a solid understanding of the dependencies of data interaction between resources to be successful. There are discovery tools that can help identify these dependencies. With this knowledge about application entry points, SLAs, PII status, compliance, and other risk-related information, the team can decide how best to migrate the selected applications. Planning tasks here include:
Identity server and application dependencies
Identify risks
Determine the migration strategy
Create a migration plan
Determine trade-offs and opportunities
Right-size resources in the cloud
Estimate the run rate of your resources in the cloud
Once you are done with the analysis and planning you can consider creating a migration factory to migrate like systems. But first you need to get the platform basics in place.
Minimum Viable Cloud Solution
Before migrating any workloads you need to get your basic platform services in place. This can be considered the hub of your cloud platform and is best managed from a centralised IT unit. Here you have put the following in place:
Landing Zones based on your organisational units (OUs)
Service Control Policies (SCPs) / AWS Config rules for corporate governance
Connectivity Hub for networking services to on-premise resources
Centralised logging and monitoring
Encryption tools and key management
Security services such as vulnerability scanning, anti virus, IPS, IDS, and WAF
Identity access management (IAM) / Single Sign On (SSO)
SOC (security operations centre)
Image management
Automation and templates (e.g., CloudFormation, Terraform, etc.)
Cost Management, chargeback, and billing
Resilience, backup/restore and D/R
By establishing these platform services upfront and having one or two simple workloads migrated as spokes to this hub, you can gain valuable experience about migrating the rest of your estate. Also, establishing the hub before you migrate your first workload you will be setup to scale your migration. Retrofitting your cloud foundation is a real pain. Establishing core services first will make things easier.
Below you will find a shortlist of things to consider when migrating to the AWS cloud platform. Same can be done with other clouds and their native tools.
"Continuous Optimisation"
By learning from the process and adapting the plan as you go will give you the best possibility to scale your migration. It is also a good idea to take a company in, who has done this before, and can help create the MVCS together with your internal staff and as they become more proficient the external company can be less and less involved.
Migration Planning and continuous improvement
Cloud Operations and system management
During the continuous improvement take regular lessons learned sessions to improve as you go. Train your staff to be able to handle the new hybrid landscape. This can be by role-based training so platform engineers, reliability engineers and architects can gain valuable knowledge for their area.
The mantra for Cloud operations and system management is automation, automation, automation. Create runbooks and playbooks for your operations staff, automate the creation of your infrastructure, apply self healing for common alerts, update your CI/CD pipelines to do continuous testing (also on production workloads), continuous vulnerability scanning, automatic code review, etc.
The new cloud model is software based and ungoverned by nature. Its a pay-as-you-go model, so using the standard change management approach will not work. Legacy change controls will slow the process down, and you will find yourself back in the same situation you were trying to escape from. At scale, continuous governance/management is a combination of security, risk, compliance, and finance controls that are implemented using software. Managing your estate from an operations perspective, will require automation and alerting. As a result you can easily manage your operations with fewer human resources if done properly.