2. ABOUT ME
Amir Arama – Sr. Director Operation Engineering
@ Perion Networks
Cloud Center of Excellence
Worked 17 years @ HPE and past 4 years as
AWS evangelist, establishing the AWS practice,
both financially & technically. Involved &
engaged with AWS leadership in all levels
including contracts, financial tools, technical
leadership & partners ecosystem
20+ years experience in software organizations
with background in RnD, Product Mgmt., SaaS
Operations , Architect, Biz Operation & AWS
CCoE
6. WHAT CLOUD FINANCIAL GOVERNANCE MEANS?
Cloud Center of Excellence
Methodology to gain financial directives, visibility, predictability, control &
cost savings capabilities into organizations that wants to run workloads in
the public cloud.
7. UNDERSTAND FINANCIAL GOVERNANCE BENEFITS
Cloud Center of Excellence
Monetary
- Volume & special discounts
under one umbrella
- Drives cost optimization tools (RI,
Spot, Lambda, config rules…)
- Favorable contract terms with AWS
- Financial support from AWS for
cloud migrations
Control & Visibility
- Provide Biz eyes to cloud spend
per BU, product & intent of use
- Provide Biz controls and alerts
on spend anomalies
- Provide Biz controls on budgets
and forecasting tools
Security Baseline
- Allows covering mandate security
Aspects
- Protect consumption abuse by
unauthorized personals
- Aligns over unified access control
standards
8. Establish relationship, contracts with AWS & Partners ecosystem
(EAP, EDP, Resellers …)
Cloud Center of Excellence
BUILD YOUR FINANCIAL GOVERNANCE PLAN
Plan accounts structure & shared services strategy
Establish hooks with BizOps/CFO for budgets &
allocation controls
Enroll existing cloud accounts
workloads
Qualify & on-board
new workloads
Ongoing mgmt.
& reporting
OPTIMIZE
9. Cloud Center of Excellence
Past Experience:
Central financial governance
lowers your costs while
preserving flexibility
How?
- Centrally manage your AWS
relationship & programs
- Plan your cloud structure
- Centrally manage budgets
reports & alerts using relevant
organizational hooks
- Centrally drive execution of
AWS financial best practices **
Outcome
Realistic targeted effort together
with executive sponsorship should
result in between 30% to 40%
annual cost reduction
PUBLIC CLOUD FINANCIAL GOVERNANCE - SUMMARY
** AWS financial best practices: RI’s, Spot, Rightsizing, Tagging, Config rules automations, unattached disks, aging
cleanup policies, scheduled shutdowns…
12. STEP 1: AWS & PARTNERS ECHO SYSTEM
Cloud Center of Excellence
• Work with your AWS Account Manager to understand how can you both
collaborate and what assistance he can provide.
• Find out if there are “weight” opportunities by working with your AWS account
team
• Plan contractual approach together with your AWS Account Manager: EAP, EDP,
Resale?
• Identify (inherit) your suitable cost management tool
Establish relationship & contracts with AWS & Partners ecosystem
(EAP, EDP, Resellers …)
13. STEP 2: ACCOUNTS STRUCTURE
Cloud Center of Excellence
Plan accounts structure & shared services strategy
Master Billing
SandboxShared Services
Production Non Production
14. STEP 3: FINANCE TEAM HOOKS
Cloud Center of Excellence
Establish hooks with BizOps/CFO for budgets &
allocation controls
Visibility Control Projections
• Provide CFO/BizOps spend
reports per BU, Product,
intent of use
• Provide Dashboard for
spend, budgets, and actuals
• Align budgets with
CFO/BizOps per BU, Product,
intent of use
• Generate approval flow
process in collaboration with
CFO/BizOps
• Establish projection reports
capabilities for quarter &
annual spend
• Provide projection vs. actuals
reports to increase spend
visibility
15. COST MANAGEMENT TOOLS
Cloudyn CloudHealth Cost Explorer
Israeli startup bought by Azure
Cost reporting & chargebacks
Dashboard & restricted views
Supports RI’s management
Budgets allocations & alerts
Supports cost allocation
Supports custom tags
Multi-dimensional approach
Provides cost optimization
recommendations
Immature ‘actions’ automations
“Azure first” shop
Not very intuitive GUI
Leading Cost Mgmt. technology
Cost reporting & chargebacks
Dashboard & restricted views
Supports RI’s management
Budgets allocations & alerts
Supports cost allocation
No support for custom tags
Two dimensional approach
Provides cost optimization
recommendations
Mature ‘actions’ automations
“AWS first” shop
Slick GUI
AWS Cost Mgmt. utility
Cost reporting
Limited Dashboards
Budgets allocations & alerts
No support for cost allocation
No support for custom tags
No OOTB cost optimization
recommendations
No ‘actions’ automations
Good enough tool to start with
Its free
16. STEP 4: EXISTING ACCOUNTS ENROLLMENT
Cloud Center of Excellence
Enroll existing cloud accounts workloads
Account naming convention & primary contacts
Auditing via CloudTrail
Root User Credentials & API’s Keys
Accounts separation/segregation (Prod vs. Non Prod)
Tagging of resources
Linkage to company master payer account
Federation with company AD
Example of AWS account enrollment steps:
17. STEP 5: NEW ACCOUNTS ENROLLMENT
Cloud Center of Excellence
Qualify & on-board new workloads
18. STEP 6: ON-GOING MGMT. & REPORTING
Cloud Center of Excellence
Ongoing mgmt. & reporting
Setup users & PDLs subscribers from both finance and engineering
Setup budget & budget alerts
Create a customized default dashboard
Provide basic education within enrollment phase
Setup a monthly cost report
19. STEP 7: OPTIMIZE YOUR COSTS
Cloud Center of Excellence
Optimize
Delete stopped instances & their storage
Delete unattached volumes
Stop/Image & Terminate
Delete aged snapshots
Remove unused Elastic IPs
Set shutdown automation per schedule
Right size your instances
Reserve instances
Move to Spot where possible
Minor
Minor
Minor
Minor
Minor
Moderate
Moderate
Moderate
Moderate
20. STEP 7: OPTIMIZE YOUR COSTS
Cloud Center of Excellence
Optimize
On-Demand
Pay for compute capacity by the
second or hour with no long-
term commitments
For spiky workloads,
or apps being developed or
tested on EC2 for the first time
Reserved
Reserved Instances provide you
with significant discount compared
to On-Demand instance pricing.
For applications that have steady
state or predictable usage,
Reserved Instances can provide
significant savings compared to
using On-Demand instances.
Spot
Spot instances allow you to request
spare Amazon EC2 computing
capacity for up to 90% off the On-
Demand price.
For fault tolerant, instance flexible
or time-insensitive workloads
21. CCOE – WHY AND WHAT?
Cloud Center of Excellence
Generate the cloud services
roadmap & best practices
Establish cloud
standard & best
practices
Automate All, CI/CD
pipelines, landing
zones & shared
services
Be Integral part of
R&D and their agile
practice
AWS requires different range of expertise than what traditionally exists in IT/Delivery teams. AWS requires mainly developing
skillsets and methodologies as its very API & automation driven
Expertise
Traditional way of working with tickets and siloed teams are adding a lot of overhead and slows down the organization.
There needs to be tight relationship with R&D teams and their agile practice.
Agility & Pace
Working on multiple agenda’s simultaneously: public cloud, private cloud, production and labs creates a huge
focus challenge to the IT/Delivery teams
Focus
Pay Per use:
Variable workloads: time limited workload & breathing application scale in and outPractically endless capacity on demand
Cheap to start/revise/retire new solutions
Mature cost framework - know exactly how much solution costs
OpEx vs. CapEx spend
New Markets:
Standard AWS capabilities across all locations, with rapid expansion into new countries provides cost effective access to new markets
Nimble expansion to new countries
Resiliency:
The use of multi AZ deployments allows greater resiliency capabilities & built in AA DR capabilities.
Operational Cost
Hundreds of API’s ready to be used programmatically
AWS managed services significantly reduce operational costs.
Focus Infrastructure talent on more strategic activities
Master Billing account – all accounts would be child of this account. Typically No charges in this account and only used for billing proposes. When working through reseller this account belongs to the reseller and not to the company.
Shared Services account – Typically managed by the CCoE team of an organization. Used to provide shared services across multiple accounts. Examples: EPO service, DC service, cross accounts monitoring tools, security services..
Sandbox account – used to provide engineering the freedom to try.. Engineering teams to use when needed to try new solutions, innovations, experimenting …
Non Prod account – can hold multiple Non Prod environments, i.e. QA, Staging, Performance, Security… anything that is not production yet. Staging/Pre-Prod typically assigned with a separate single VPC that is aligned in structure to production. Strict privileges but with more ownership of engineering team.
Production account – where your customers are being served from. Sterile account with very strict privileges. Typically access is granted via tools & automations (i.e Jenkins) and not directly to the account. Typically full privileges are granted to the CCoE team only.