Learn HashiCorp's key message.

1. Copyright © 2020 HashiCorp
Unlocking the Cloud
Operating Model
Chad Armitstead
Director of Solutions Engineering, NY Metro

2. ⁄
The Transition
to Multi-Cloud

3. The Transition to Multi-Cloud
Traditional Datacenter
“Static”
Dedicated
Infrastructure
Modern Datacenter
“Dynamic”
GCP Cloud 2 Cloud 3+ + +Private Cloud +

4. Implications of the Cloud Operating Model
Dedicated servers
Physical and Virtual Machines
Capacity on-demand
Mixed: VM, Container, Serverless
DYNAMICSTATIC
Provision

5. Implications of the Cloud Operating Model
Dedicated servers
Physical and Virtual Machines
High-trust
IP-based, clear network perimeter
Capacity on-demand
Mixed: VM, Container, Serverless
Low-trust
Identity-based, no clear perimeter
DYNAMICSTATIC
Provision
Secure

6. Implications of the Cloud Operating Model
Dedicated servers
Physical and Virtual Machines
High-trust
IP-based, clear network perimeter
Host-based
Static IP
Capacity on-demand
Mixed: VM, Container, Serverless
Low-trust
Identity-based, no clear perimeter
Service-based
Dynamic IP
DYNAMICSTATIC
Provision
Secure
Connect

7. Implications of the Cloud Operating Model
Dedicated servers
Physical and Virtual Machines
Dedicated infrastructure
High-trust
IP-based, clear network perimeter
Host-based
Static IP
Capacity on-demand
Mixed: VM, Container, Serverless
Scheduled across the fleet
Low-trust
Identity-based, no clear perimeter
Service-based
Dynamic IP
DYNAMICSTATIC
Provision
Secure
Run
Connect

8. The Process Transition
Traditional Datacenter
“Static”
Dedicated
Infrastructure
Modern Datacenter
“Dynamic”
+ + +Private Cloud +
ITIL / ITSM
TICKET DRIVEN SERVICE
DEVOPS
API DRIVEN SELF-SERVICE
GCP Cloud 2 Cloud 3

9. Defining “Digital Transformation”
Self-Service Process
ITIL / ITSM practices
organized platform and
middleware teams into central
functions that optimized for
cost rather than enablement.
Groups need to empower
internal audiences to self-
service to improve agility.
Front Office
Applications
The biggest driver for digital
transformation is the shift of
applications from back office
enablers, to front office drivers
of business value. This
creates huge pressure to
iterate quickly rather than
optimize cost.
Cloud Adoption
Traditional datacenters are
being replaced with adoption
of multi-cloud infrastructure,
including private cloud. Focus
is on API-driven consumption
and providing a library of
services to accelerate
application development.

10. ⁄
Framing the
Challenge

11. Existing
Principles
Ownership of
Technical Domain
Each team is organized
around the ownership of a
particular technical domain.
This could be “Compute”
which is implemented with
VMware, or “Firewalls” which
is implemented with Palo Alto
Networks.
Gatekeeping of
Access
Each team provides access
to the resources they
manage by acting as a
centralized gatekeeper. This
is often operationalized
through ticketing queues.

12. Necessary
Changes
Ownership of
Process Domain
Each team is organized
around the ownership of a
particular process domain.
This could be provisioning of
infrastructure, but abstracts
the specific technical designs
of the underlying platform.
Self Service Driven
Enablement
Each team provides access
to the resources via an API
or self service mechanism
they are responsible for. This
enables a center of
excellence without
gatekeeping.

13. Systems of Coordination
DEVELOPER
TEAM
OPERATIONS
TEAM
TICKET QUEUE

14. Systems of Coordination
API DRIVEN
SYSTEM
DEVELOPER
TEAM
OPERATIONS
TEAM
API

15. DevOps Process
PROVISIONING
TEAM
DEPLOYMENT
TEAM
SECURITY
TEAM
API APIAPI
DEVELOPER
TEAM

16. DEVELOPER
TEAM
PROVISIONING
TEAM
DEPLOYMENT
TEAM
SECURITY
TEAM
API APIAPI
NEW SYSTEMS TO
UNDERPIN PROCESS

17. Multi-Layer Impact
People
Process
Changing Skills
Promote Autonomy &
Responsibility
Enable Self Service Workflow Orientation
Systems API Driven Cross-Team Coordination
Automation Oriented

18. ⁄
Separating Buzz
Words from Crucial
Technologies

19. Infrastructure as Code
DEVELOPER
TEAM
OPERATIONS
TEAM
TICKET QUEUE MANUAL
INTERACTION
WITH UI
GUI

20. Infrastructure as Code
DEVELOPER
TEAM
OPERATIONS
TEAM
API/UI INFRASTRUCTURE
AS CODE
API/GUI

21. Infrastructure as Code
Split Execution from Definition
The definition of the infrastructure to be provisioned is distinct from the
execution. This allows execution to be automated and doing via API, CI systems,
or User Interfaces. Updates to the definition are asynchronous and don’t block
consumers.
Repeatable, Consistent, and Documented
By capturing infrastructure as code, there is always an up-to-date documentation
of how infrastructure is being managed. Execution is automated, which makes it
scalable and ensures a consistency across all instances.

22. Terraform
Provision and
Manage any
Infrastructure
▪ Collaborate on infrastructure
as code
▪ Self-Service Infrastructure
▪ Policy and Governance

23. Identity Based Security
WEB SERVER FIREWALL DATABASE
FIREWALL RULES
IP1 >> IP2

24. Identity Based Security
WEB SERVERS
FIREWALL DATABASE
REGISTRY

25. Identity Based Security
Scale Independent, Enable Dynamic Infrastructure
Controls are expressed on the basis of logical service identity instead of physical
properties such as IP. This allows for services to dynamically scale up/down
without needing to manually update the rules based on the physical
representation.
Zero Trust Networking, Improve Security Posture
Most networks are very flat, meaning all the nodes in a particular zone (Dev,
Stage, Prod, PCI, etc) can all talk to each other. Identity based security is the
foundation to do more granular access controls and authorizations.

26. Service Discovery and Service Mesh
Automate Network Middleware
Having a central registry of where services are running enables programmatic
access and automation. Applications can perform service discovery by querying
the registry, and automation can use a publisher/subscriber model to update API
gateways, load balancers, and firewalls automatically.
Secure Multi-Cloud Networks
Traditional networking uses hardware based middleware to provide authorization
with firewalls and routing with load balancers. Service Mesh architectures push
this logic to the edge and use an identity based approach to security. This
simplifies network topology and enables secure multi-cloud networks.

27. Deployment Tooling
Empower Developers to Self-Service Deployments
Container Platforms provide developers a self-service way to deploy their
applications and manage lifecycles. Everything from deployment, configuration
changes, scale up/down, and decommissioning is API driven
Consistent and Scalable for Operations
Operations teams maintain a consistent platform, regardless of the application or
framework. Containers allow a single portable unit to be managed, and container
platforms provide a consistent way to run them. Operations is responsible for the
platform and enablement of developers.

28. Implications of the Cloud Operating Model
Dedicated servers
Physical and Virtual Machines
Dedicated infrastructure
High-trust
IP-based, clear network perimeter
Host-based
Static IP
Capacity on-demand
Mixed: VM, Container, Serverless
Scheduled across the fleet
Low-trust
Identity-based, no clear perimeter
Service-based
Dynamic IP
DYNAMICSTATIC
Provision
Secure
Run
Connect

29. ⁄
Conclusion

30. Digital Transformation Impacts Everything
People
Process
Systems

31. Invest In
People
▪ Hire “Cloud Native” Practitioners to bootstrap
▪ Invest in retraining
▪ Leverage the coalition of the willing
▪ Change resistant staff ITIL org

32. Rethink
Process
▪ Any ticket based process is a flag
▪ Design for self service
▪ Orient around workflows, technology is a
“detail” of the API contract

33. Adopt New
Systems
▪ Replace ticketing queues with systems for
coordination
▪ API driven to enable self service and
automation
▪ Designed to support heterogeneous
environments

34. Accept the
Journey
▪ VMware adoption took 10+ years
▪ People, Process, and Systems cannot be
changed overnight
▪ Align to business groups with highest value

35. Thank You
www.hashicorp.com