1. Migrating your IT policies to
the Cloud
Sriram “Ram” Narayanan
ThoughtWorker
Twitter: @sriramnrn
www.sriramnarayanan.com
2. @sriramnrn
www.sriramnarayanan.com
Agenda
Pre-Cloud realities and the need for IT policies
A perspective on the “Cloud”
Comparing pre-cloud realities to what the Cloud gives us
A migration of policies
Migrating Applications - are we leveraging what a Cloud provider offers?
Re-thinking IT Infrastructure in the Cloud
Your Pre-Cloud IT team - what about them?
3. @sriramnrn
www.sriramnarayanan.com
Physical hardware, limited floor space, limited annual IT budgets
Software licenses
VMs
- Better utilisation of CPU cores
- Needs management to prevent VM sprawl
Internal charging mechanisms
Complaints by users and business - “You restrict us on hardware and on
innovation!”
Pre Cloud Realities and the need for IT policies
4. @sriramnrn
www.sriramnarayanan.com
Essentially, someone else’s massive data center with an API in front of it.
From Capex to Opex
Lots of automation possible
- Compute, Storage, Network policies
- Services (CDN, WAF, DNS, SMTP, SMS, MQ, DB, Cache)
A perspective on “The Cloud”
5. @sriramnrn
www.sriramnarayanan.com
Pre-Cloud vs Cloud
A Comparison point
(among many)
Pre-Cloud Cloud
Costs Capex + Opex - Pay for
everything, and then renewals,
and then Ops
Opex - Pay for what you use
Automation May be present but not used due
to existing processes and a lack
of skills
Comprehensive Automation - in
the cloud providers’ interests to
make it easier for you to use
Scalability Limited by owned infra -
determines scalability, imposes
constraints on what’s possible
Limited by Cloud provider’s infra,
and your Opex budget
Security You own everything You rent everything
6. @sriramnrn
www.sriramnarayanan.com
Moving to the Cloud - how to rethink policies
A Comparison point
(among many)
Cloud-Age policy Approach
Infra provisioning Leverage automation (instead of
using web based provisioning)
Automate once; enable users to
self-service
Managing Infra sprawl Introduce caps by budget, not by
instance count
Facilitate only-the-fly infra
provisioning and
decommissioning to control
spend (vs depending upon
reviews)
Security Leverage Cloud features and
API
Leverage configurable policies;
External automation
What should you gate-keep? Policies Configuration scripts and values;
Not the Infra itself
7. @sriramnrn
www.sriramnarayanan.com
Leverage scripting (by Cloud Provider or Independent) to provision and
decommission infrastructure
Gate-keep VM and Container Templates, configuration scripts and
Configuration values
(templates from known sources, scan the templates, etc)
Mandate all VM and container configuration via scripts - nothing manual
IMPORTANT: Nothing to scan on individual VMs themselves - your templates
and scripts are your source of truth!
On Automation
8. @sriramnrn
www.sriramnarayanan.com
Rethinking IT Infrastructure approaches
A Comparison point
(among many)
Cloud-Age policy Approach
Compute Compute capacity, vs number of
VMs and physical servers
Use auto-scaling + billing caps +
environments-on-demand
Storage Compute-associated storage.
Let the apps manage replication.
No “stretch-clusters” spanning
DCs to ensure HA.
Networks Leverage Cloud features and
API
Network policies in lieu of explicit
firewalls
Services Leverage Cloud features and
API
Manage service configuration
9. @sriramnrn
www.sriramnarayanan.com
Rethinking IT Tiers
A Comparison point
(among many)
Pre-Cloud Cloud
Web Tier Explicit Web servers, “Web Tier” CDN for static content
Web server + stateless apps
co-hosted in the same VM, etc
App Tier VMWare with multi-DC HA, etc Compute on the Edge using
Serverless, stateless
autoscaling, leverage multiple
zones
DB Tier Physical servers with inter-DC
replication via SAN
DBs with replication, caches
Expect and architect for failures
Network Explicit firewalls, WAFs, and
other appliances
Leverage Cloud providers
services and policies
10. @sriramnrn
www.sriramnarayanan.com
Lift and Shift
- Physical to Virtual Migration
- Unavoidable for COTS
Leveraging the Cloud
- Let their automation add and remove compute capacity for horizontal scaling
- Architect for multiple-zones
- Architect for everything to fail - eventual consistency
App Migration - Are we truly using the cloud?
11. @sriramnrn
www.sriramnarayanan.com
“I want to move to the Cloud and reduce IT costs”
- Firing people is not the only way to reduce costs
- Your IT people know your customers, your business, your org’s unique needs
“I’ll help you move to the Cloud and then quit” - True Story
APIs let you create and decommission - Troubleshooting doesn’t go away!
Your Pre-Cloud IT team
12. @sriramnrn
www.sriramnarayanan.com
Help with Lift and Shift
Understand and advise on failure scenarios
Liaise with the Cloud providers for troubleshooting
Maintain automation scripts to encourage self-service
Add more relevant monitoring and alerting
Understand and ready themselves and the org for multi-cloud scenarios
Integration with partners, vendors, service providers
Lots to do!!
How pre-cloud IT staff add value in the Cloud era