This document discusses migrating IT policies to the cloud. It begins by describing pre-cloud realities like limited hardware and budgets that required strict IT policies. It then explains how the cloud enables greater automation, scalability, and usage-based costs. The document provides examples of how policies can be rethought for the cloud, such as managing infrastructure sprawl through budget caps instead of instance limits. It also discusses rearchitecting applications and infrastructure tiers to fully leverage cloud capabilities. Finally, it addresses how pre-cloud IT teams can continue adding value through cloud migrations.
Search and Society: Reimagining Information Access for Radical Futures
Migrating your it policies to the cloud
1. Migrating your IT policies to
the Cloud
Sriram “Ram” Narayanan
ThoughtWorker
Twitter: @sriramnrn
www.sriramnarayanan.com
2. @sriramnrn
www.sriramnarayanan.com
Agenda
Pre-Cloud realities and the need for IT policies
A perspective on the “Cloud”
Comparing pre-cloud realities to what the Cloud gives us
A migration of policies
Migrating Applications - are we leveraging what a Cloud provider offers?
Re-thinking IT Infrastructure in the Cloud
Your Pre-Cloud IT team - what about them?
3. @sriramnrn
www.sriramnarayanan.com
Physical hardware, limited floor space, limited annual IT budgets
Software licenses
VMs
- Better utilisation of CPU cores
- Needs management to prevent VM sprawl
Internal charging mechanisms
Complaints by users and business - “You restrict us on hardware and on
innovation!”
Pre Cloud Realities and the need for IT policies
4. @sriramnrn
www.sriramnarayanan.com
Essentially, someone else’s massive data center with an API in front of it.
From Capex to Opex
Lots of automation possible
- Compute, Storage, Network policies
- Services (CDN, WAF, DNS, SMTP, SMS, MQ, DB, Cache)
A perspective on “The Cloud”
5. @sriramnrn
www.sriramnarayanan.com
Pre-Cloud vs Cloud
A Comparison point
(among many)
Pre-Cloud Cloud
Costs Capex + Opex - Pay for
everything, and then renewals,
and then Ops
Opex - Pay for what you use
Automation May be present but not used due
to existing processes and a lack
of skills
Comprehensive Automation - in
the cloud providers’ interests to
make it easier for you to use
Scalability Limited by owned infra -
determines scalability, imposes
constraints on what’s possible
Limited by Cloud provider’s infra,
and your Opex budget
Security You own everything You rent everything
6. @sriramnrn
www.sriramnarayanan.com
Moving to the Cloud - how to rethink policies
A Comparison point
(among many)
Cloud-Age policy Approach
Infra provisioning Leverage automation (instead of
using web based provisioning)
Automate once; enable users to
self-service
Managing Infra sprawl Introduce caps by budget, not by
instance count
Facilitate only-the-fly infra
provisioning and
decommissioning to control
spend (vs depending upon
reviews)
Security Leverage Cloud features and
API
Leverage configurable policies;
External automation
What should you gate-keep? Policies Configuration scripts and values;
Not the Infra itself
7. @sriramnrn
www.sriramnarayanan.com
Leverage scripting (by Cloud Provider or Independent) to provision and
decommission infrastructure
Gate-keep VM and Container Templates, configuration scripts and
Configuration values
(templates from known sources, scan the templates, etc)
Mandate all VM and container configuration via scripts - nothing manual
IMPORTANT: Nothing to scan on individual VMs themselves - your templates
and scripts are your source of truth!
On Automation
8. @sriramnrn
www.sriramnarayanan.com
Rethinking IT Infrastructure approaches
A Comparison point
(among many)
Cloud-Age policy Approach
Compute Compute capacity, vs number of
VMs and physical servers
Use auto-scaling + billing caps +
environments-on-demand
Storage Compute-associated storage.
Let the apps manage replication.
No “stretch-clusters” spanning
DCs to ensure HA.
Networks Leverage Cloud features and
API
Network policies in lieu of explicit
firewalls
Services Leverage Cloud features and
API
Manage service configuration
9. @sriramnrn
www.sriramnarayanan.com
Rethinking IT Tiers
A Comparison point
(among many)
Pre-Cloud Cloud
Web Tier Explicit Web servers, “Web Tier” CDN for static content
Web server + stateless apps
co-hosted in the same VM, etc
App Tier VMWare with multi-DC HA, etc Compute on the Edge using
Serverless, stateless
autoscaling, leverage multiple
zones
DB Tier Physical servers with inter-DC
replication via SAN
DBs with replication, caches
Expect and architect for failures
Network Explicit firewalls, WAFs, and
other appliances
Leverage Cloud providers
services and policies
10. @sriramnrn
www.sriramnarayanan.com
Lift and Shift
- Physical to Virtual Migration
- Unavoidable for COTS
Leveraging the Cloud
- Let their automation add and remove compute capacity for horizontal scaling
- Architect for multiple-zones
- Architect for everything to fail - eventual consistency
App Migration - Are we truly using the cloud?
11. @sriramnrn
www.sriramnarayanan.com
“I want to move to the Cloud and reduce IT costs”
- Firing people is not the only way to reduce costs
- Your IT people know your customers, your business, your org’s unique needs
“I’ll help you move to the Cloud and then quit” - True Story
APIs let you create and decommission - Troubleshooting doesn’t go away!
Your Pre-Cloud IT team
12. @sriramnrn
www.sriramnarayanan.com
Help with Lift and Shift
Understand and advise on failure scenarios
Liaise with the Cloud providers for troubleshooting
Maintain automation scripts to encourage self-service
Add more relevant monitoring and alerting
Understand and ready themselves and the org for multi-cloud scenarios
Integration with partners, vendors, service providers
Lots to do!!
How pre-cloud IT staff add value in the Cloud era