Accelerating government agility with cloud computing v1

© 2014 Cloud Technology Partners, Inc. / Confidential

1

February, 2015

Accelerating Government Agility with Cloud Computing


2

Executive Summary


3

State of Government and Cloud


4

Things Getting Scary


5

Cloud and DevOps can Significantly Improve How we Deliver Government Services

Agility Cost Efficiency Quality

•Increased velocity of

innovation

•Supports Faster time to

market from ideation to

launch

•High elasticity of core

infrastructure and

applications

•Faster and easier migration

of core infrastructure and

applications between data

centers and computing

environments

•Faster and easier integration

of new acquisitions

Increased overall IT efficiency

−Reduced unit cost for core

infrastructure

−Increased development

productivity

Key improvement levers

−Standardization of core

infrastructure and application

platform services

−High automation

−Simplified procedures and

self service

−Increased asset utilization

through resource sharing

−High degree of application

component re-use

•Higher core infrastructure

and application resiliency and

availability

•Improved maintainability of

infrastructure and

applications

•High consistency among

applications

•Increased levels of Security

as bar is raised to support

Publicly hosted applications


6

Maturity Characteristics

Cloud Washed - Force fit to run in cloud environment

- Resources not optimize – no horizontal scaling

- Minimal modification done to be cloud compliant (fix issues only if it will not run in cloud environment)

Cloud Adopted - Resources not optimize – no automatic elasticity – instance manually started

- Some modification done to be cloud compliant (adhere to blocker cloud principles)

Cloud Optimized - Resources being optimized – horizontal scaling possible

- Elastic on instance level – cloud management layer determines when to start/stop additional instances

- Major modification done to be cloud compliant

Cloud Native - Fully cloud aware – can communicate with the cloud management layer to start-up or shutdown instances of itself

- Designed for failure and self healing

- Elastic and resource efficient

Cloud Application Maturity


7

Application Architecture for the Cloud is Very Different

Traditional Architectures

• Scale Up• Monolithic• Stateful• Infra Dependent• Fixed Capacity• LAN Located

dependencies• Latency intolerant• Tightly coupled• Consolidated /

clustered DB• Rich / chatty client• Commercial licenses• Infra Supported

Availability• Semi-automated

build/deploy• Manual fault

recovery• Active/Passive/DR• Perimeter Security• Allocated costs

The “Old World”

Cloud AlignedArchitectures

• Scale Out• Distributed• Stateless• Infra Agnostic• Elastic capacity• WAN, Location

transparency• Latency tolerant• Loosely coupled • Sharded /

replicated / distributed DB

• Mobile/thin client• PaaS / Open Source • App Supported

Availability• Continuous

Integration/Delivery• Self healing, fault

tolerant• Active/Active• Defense in depth• Pay as you go

The “New World”

The Targets

Ref

acto

r

Au

tom

ate


8

The Value of Agility for the Government


9

Shift thinking away from product-centric to service-centric

What Needs to Change?

Old Way New Way

Software is built and shipped Services are running and managed

Development of features are done Services are never done until they are turned off

Product owner focus only on features Product owner owns operational results along with product feature set

Each silo owns their own area All groups focus on end user satisfaction

Dev must go through Ops to get work done Ops enables Dev to get work done

Ops monitors Apps Ops provides Dev with tools to operate Apps

Reactive monitoring/Ops Proactive monitoring/Ops

Customer isolated from one another Multi-tenancy and shared resources

Application services sharing common platform and infrastructure

Distributed services on isolated instances, hardware independence

Dev, Ops, and Security teams must work together throughout the SDLC and have a shared responsibility for the services


10

Modern cloud architectures are hard to manage and scale

using traditional approaches

The Mission Critical Application Dilemma

Cloud Provider

Customers

Employees

Application

Source: Compuware

XML/SOAPhttp SQL TCIP/IP


11

Where is Government IT?

Orchestrate

Automate

Virtualize

Combine

Standardize

Time

Val

ue

to t

he

Bu

sin

ess

• Lower cost• Consistent use of technology• Enhanced performance• Reduced complexity • Use of VM’s

• Normalize assets• Increase efficiency• Improve management• Improve governance (non-automated)

• Lower cost• Delayed provisioning • Improved resource management and

utilization• Moving to centralized control• Initial use of services

• Lower cost• Self provisioning• Automated governance • Adaptable security• Improved user experience• Service oriented

• Dynamically aligned to the business

• Self adapting• Automated

governance and security

• Enhanced business agility

Preparing for Cloud

Cloud User

Cloud Innovator

You areHere


12

Value Modeling Ranking

ImproveScalability

ImproveProductivity

ImproveAgility

DecreaseCost

• Improve ability to integrate and leverage acquisitions• Improve the ability to increase or reduce costs directly to the needs of the LOB• Improve time-to-market for new service offerings • Improve the ability to defer long term capital expenses • Implement factory model to support transformation and ongoing ADMT

• Decrease application backlogs for LOBs and clients• Increase quality and up-time through centralized operations and management• Improve client service through better performance against client SLAs• Increase speed-to-delivery using service reuse • Increase speed-to-delivery through auto and self provisioning• increase speed-to-delivery through automated test• Increase speed-to-delivery through automated deployment• Attract better talent

• Reduce the time required to place infrastructure into development, test, QA and production• Reduce the time required to place applications into development, test, QA, and production • Place business volatility into manageable domains • Reduce latency in shifting to new market opportunities• Improve innovation by removing barriers to entry

• Reduce CapEx• Reduce OpEx• Reduce the cost of risk• Improve cost allocation and accountability• Eliminate costs through reuse, resource centralization, and de-provisioning

• Remove cost of unavailable capacity• Capture new markets with improved time-to-market • Improve innovation with low-cost entry• Improve client satisfaction • Improve client perception and brand-image• Increase client value metrics with improved performance against client SLAs

IncreaseRevenue

Weight

78

83

92

56

76

78/100

93/100

92/100

72/100

89/100

Value Specific Outcome


13

Government Cloud Value Realization

2016

Plan2017 - 2020

Enable2020 2025

Exploit Business

Strategy

Products

Use of Data

Infrastructure


14

Characteristics of a “World Class” Cloud Solution

Consumers Want

Elasticity & Scalability

Control

Productivity

Agility

Cost

• Flexible resource configurations• Dynamic scale-up / scale-down of resources • Seamless support of multiple clouds• Flexible resource quotas

• Role based access controls• Comprehensive monitoring and logging• Image Lifecycle Management• Integration into Incident, Change, Patching Management

• Common Self – Service Provisioning Portal into all cloud end points• Robust Service Catalog meets all of customer cloud needs • End to End Automation• Supported APIs allowing the applications and data sources to communicate with one

another

• Self – Service Resource Provisioning• Rapid Elasticity• Capacity on Demand insures resources are always available• Rapid disaster recovery – Active / Active application support• Seamless support for different endpoints

• Metering and Chargeback• Pay as you go• Consumption based • Reliable asset tracking and usage reporting

Providers Deliver


15

New Way – Transparency, Agility, Disciplined

New Breed of SaaS Architectures Require a New Operating Model

• 7x24 Uptime

• Joint ownership – Shared Accountability

• Collaborative

• Proactive mode – Fire Prevention

• Automation of builds, changes,

provisioning, testing, operations

• Small, frequent releases

• Fast to market

• Waste removed from processes

• Bugs not allowed in build


16

Our CTP Cloud Solution Reference Architecture


17

Business Case


18

Define a Number of Measurable Targets for the Cloud

Exemplary metrics

Current

(non-Cloud)

2015 Target

(Cloud)

Scope Percentage of logical servers allocated to Cloud (Iaas and PaaS) 0% 50%

Percentage of storage (in Terabyte) allocated to Cloud environment 0% 50%

Agility Provisioning time for standard infrastructure service (IaaS) ~5 days 1 hour

Provisioning time for standard platform service (PaaS) ~ 5 days 1 day

Cost

efficiency

Average CPU utilization ~25-30% ~50%

Average storage utilization TBD 70%

Percentage of servers that are self-provisioned 0% 40%

Percentage of idle servers TBD 5%

Application component re-use (PaaS) TBD TBD

Quality Application availability ~98-100% 99.9%

IaaS and PaaS Right first Time provisioning (Standard environments) 75% 99%

• Specific, measurable, actionable, relevant, time-based (SMART)

• Measurable for both Cloud and non-Cloud environments to enable comparisons and document Cloud benefits

• Cover both Infrastructure-as-a-Service as well as Platform-as-a-Service

• Enable us to set targets for the Cloud program

Criteria for Metrics


19

0

500,000

1,000,000

1,500,000

2,000,000

2,500,000

3,000,000

3,500,000

4,000,000

4,500,000

Jan-11 Jul-11 Jan-12 Jul-12 Jan-13 Jul-13 Jan-14 Jul-14 Jan-15 Jul-15

ROI

COST

Moderately Complex Data Processing Application Migration

Business Case ROIB

usi

nes

s B

enef

it /

Co

st (

USD

)

Time

Implementation

Planning

* Assume current benefit = $3M and cost to migration = $3.6.M on top of current operating cost over 18 months

Production

Jan-13 Jul-13 Jan-14 Jul-14 Jan-15 Jul-15 Jan-16 Jul-16 Jan-17 Jul-17


20

Project Roadmap

Roadmap – Gantt View

Strategy Item 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

Strategy

Business Case including Value-Investment Model

CoE Design and Implementation

Skills Inventory, Hiring, Training, and Enablement

Program Management and Dashboard Reporting

Business

Service Provider Capability Assessment

Service Provider Business Model and Enablement

Service Pilot, Go-Live, and Delivery

Analytics Enablement and Support

Applications

Breadth Analysis

Depth Analysis

Private Cloud Migration (Pilot, then Factory)

Migration (Pilot, then Factory)

Migration (Pilot, then Factory)

Native Cloud Development (Pilot, then Factory)

Cloud SDLC Modernization (Automation Factory)

Client-facing Business Service Design and Development

Application Support (Design and Coding Guidelines, Governance, Enablement)

Months from Today

Roadmap – Gantt View


21

The Cloud and DevOps in the Government


22

What is DevOps?

• A culture shift that encourages great communication and collaboration to build better quality software more quickly with more reliability.

• A crucial component of continuous delivery – bringing agile to infrastructure

• A change from reviews, approvals and handoffs, to collaboration, automation and feedback loops

Full Scope of Transformation

• Changing fundamental workflows

• Standardizing services

• Automating everything

• Process optimization: eliminating reviews, approvals and steps if using standards

• New organizational responsibilities – e.g. product owners, service logistics

• Continuous feedback and improvement

Achieving Agility Through DevOps

Lead Time

Source: http://dev2ops.org/2010/02/what-is-devops/


23

Continuous Delivery with CI, DevOps and the Cloud

DevOps

Automated Provisioning

AutomatedTesting

Automated Build & Deploy

SCM/VersionBuild Scripts

Dependency MapComponent Deploy

System Deploy

Test ScriptsTest Deploy

Load / Soak ScriptsData Provisioning

Baseline/BenchmarkTesting Reports

Image ManagementPatch Management

Auto Env DeployStart/Stop ScriptsRolling UpgradesSecurity Config

Integrated Deploy and Test

DevOps should really be called DevTestOps

• Collaboration and shared tools on the Dev, QA and Infra automation teams

• Capture every request – no ad-hoc work or changes

• Agile Kanban project management for automation and DevOps requests

• Log metrics on both manual and automated processes

• Test automation and test data provisioning for infrastructure as well as applications

• Acceptance tests for each deployment: infrastructure, application, test suite

• Continuous feedback between the teams to spot gaps, issues and inefficiencies

Automation: It’s All Code

• Save it• Version it• Measure it• Evolve it

Continuous Feedback

DevOps Best Practices


24

Crawl

Walk

RunFly

DevOps at Scale

Inve

stm

en

t

• Pilot application • 1-2 cloud endpoints• Agile Dev - Kanban for DevOps• Automate and metrics capture• Process optimization • Automation tools and patterns• Coordinate current Ops teams

• Second tranche of projects with seed staff

• Patterns, tools and metrics refinement

• Standard service catalog

• ProdOps integration

• Self-Service catalog• Expanding cloud

endpoints• Automation library

management• Product owners• Absorb targeted Ops

teams• DevOps CoE training

and coaching• Initial continuous

delivery project

• Absorb remaining Ops teams

• DevOps for all new projects• Common platform services• Infrastructure automation

refactoring process• Operational automation• Integrated DevTestOps

automaton for continuous delivery for targeted apps

• Continuous improvement

Client is here

Where to begin:• Start with deep changes but within a

confined blast area• Separate the team and allow them to be

creative• Process optimization with selective

automation• Capture metrics and

reevaluate frequently


25

Maturity Level People Process Technology

Level 1 Ad-Hoc

• Silo based • Blame, finger pointing• Dependent on experts• Lack of accountability

• Manual processes• Tribal knowledge is the norm• Unpredictable, reactive

• Manual builds and deployments

• Manual testing• Environment inconsistencies

Level 2Repeatable

• Managed communications• Limited knowledge sharing

• Processes established within silos

• No standards• Can repeat what is known,

but can’t react to unknowns

• Automated builds• Automated tests written as

part of story development• Painful but repeatable

releases

Level 3 Defined

• Collaboration exists• Shared decision making• Shared Accountability

• Processes are automatedacross SDLC

• Standards across organization

• Automated build & test cycle for every commit

• Push button deployments• Automated user &

acceptance testing

Level 4Measured

• Collaboration backed on shared metrics with a focus on removing bottlenecks

• Proactive monitoring• Metrics collected and

analyzed against business goals

• Visibility & predictability

• Build metrics visible and acted on

• Orchestrated deployments with auto rollbacks

• Non functional requirements defined and measured

Level 5 Optimized

• A culture of continuous improvement permeates through the organization

• Self service automation• Risk & cost optimization• High degree of

experimentation

• Zero downtime deployments• Immutable infrastructure• Actively enforce resiliency by

forcing failures

DevOps Maturity Model


26

Maturity Level People Process Technology

Level 1 Ad-Hoc

• Silo based • Blame, finger pointing• Dependent on experts• Lack of accountability

• Manual processes• Tribal knowledge is the norm• Unpredictable, reactive

• Manual builds and deployments

• Manual testing• Environment inconsistencies

Level 2Repeatable

• Managed communications• Limited knowledge sharing

• Processes established within silos

• No standards• Can repeat what is known,

but can’t react to unknowns

• Automated builds• Automated tests written as

part of story development• Painful but repeatable

releases

Level 3 Defined

• Collaboration exists• Shared decision making• Shared Accountability

• Processes are automatedacross SDLC

• Standards across organization

• Automated build & test cycle for every commit

• Push button deployments• Automated user &

acceptance testing

Level 4Measured

• Collaboration backed on shared metrics with a focus on removing bottlenecks

• Proactive monitoring• Metrics collected and

analyzed against business goals

• Visibility & predictability

• Build metrics visible and acted on

• Orchestrated deployments with auto rollbacks

• Non functional requirements defined and measured

Level 5 Optimized

• A culture of continuous improvement permeates through the organization

• Self service automation• Risk & cost optimization• High degree of

experimentation

• Zero downtime deployments• Immutable infrastructure• Actively enforce resiliency by

forcing failures

DevOps Maturity Model

Chaos Reigns

Continuous Integration

Continuous Delivery

Continuous Deployment

Continuous Operations


27

• Version Control

• Build and Deploy

• Functional and Non-functional

Testing

• Provisioning and Change Mgmt

DevOps – Controls and Automation Tools - Considerations


28

Thanks!

Questions?

David Linthicum

[email protected]

Accelerating government agility with cloud computing v1

Technology

Transcript of Accelerating government agility with cloud computing v1