Professional Documents
Culture Documents
Migrating to the cloud? Get an overview of cloud computing and the key concepts that you
should consider. You can choose from public, private, community, and hybrid clouds and
leverage emerging deployment models, such as multicloud. When you use cloud computing, you
can get extra capacity online and ready for use minutes after you need it, then scale back down
just as easily. Instructor David Linthicum helps you understand what cloud computing is and the
impact it can have on your cost efficiency, agility, and more. David explains how to select a cloud
provider and plan a migration. He reviews the security considerations, typical day-to-day
operations, and tools that IT administrators need to keep their cloud-based infrastructure up and
running. David goes into multicloud operations and advanced cloud operations approaches and
technologies, then he concludes with a thorough discussion of cloud governance.
Contents
Introduction...........................................................................................................................................3
Change your career with cloud computing........................................................................................3
1. Cloud Computing Basics....................................................................................................................3
Overview of cloud computing............................................................................................................3
Cloud characteristics..........................................................................................................................3
Public, private, and hybrid clouds......................................................................................................3
Understanding SaaS, IaaS, and PaaS..................................................................................................3
SaaS clouds........................................................................................................................................3
IaaS clouds.........................................................................................................................................3
PaaS clouds........................................................................................................................................3
SaaS case study..................................................................................................................................3
IaaS case study..................................................................................................................................3
2. Cloud Computing Migration Planning................................................................................................3
Identify which apps to move.............................................................................................................3
Identify which data to move..............................................................................................................3
Understanding total cost of ownership (TCO)...................................................................................3
Cloud migration planning..................................................................................................................3
Select a cloud provider......................................................................................................................3
Establish cloud security.....................................................................................................................3
Cloud roles and skills.........................................................................................................................3
Your first cloud project......................................................................................................................3
3. Cloud Security....................................................................................................................................3
Cloud security planning.....................................................................................................................3
Cloud security requirements.............................................................................................................3
Selecting cloud security technology..................................................................................................3
Security implementation and operations..........................................................................................3
4. Cloud Operations...............................................................................................................................3
Planning cloud operations.................................................................................................................3
Cloud technology and toolsets..........................................................................................................3
Cloud monitoring and management..................................................................................................3
Multi-cloud operations......................................................................................................................3
Advanced Cloud Ops..........................................................................................................................3
5. Cloud Governance.............................................................................................................................4
Cloud governance planning...............................................................................................................4
Cloud governance requirements.......................................................................................................4
Selecting cloud governance technology............................................................................................4
Cloud governance ops.......................................................................................................................4
Conclusion.............................................................................................................................................4
Cloud news and resources.................................................................................................................4
1. Cloud Computing Basics....................................................................................................................5
Overview of cloud computing............................................................................................................5
Introduction
Change your career with cloud computing
Cloud computing has become the most significant force in the world of technology in the past five
years, and for good reason. Cloud computing provides the ability to do much more with much less
cost, and the ability to change the technology, and thus the business solutions in a much more
efficient and agile way.
I'm going to show you what cloud computing means, including types, models, and typical business
uses of cloud. I'll use state-of-the-art examples of cloud computing, including public cloud providers
that you can leverage today for no or very little cost. I'm Dave Linthicum. I've been in the field of
enterprise technology for 35 years, and in the field of cloud computing for over 15 years. If you're
ready to learn what cloud computing is, and what it can do for you and your enterprise, come join
me on this LinkedIn Learning course on learning Cloud Computing Core Concepts.
renting or building data center space to house hardware and software assets you needed to
buy.
Now we have
Private cloud,
public cloud,
community cloud,
multi-cloud
hybrid cloud.
Ultimately the biggest advantage of cloud computing is that it allows you to only pay for the
resources that you need when you need them. There is no need to purchase hardware and
software well ahead of demand. Cloud allows you to deal with demand elastically. Meaning you can
scale the resources up and down according to need. Just as importantly, you only pay for the
resources you use.
Cloud characteristics
First, it's on demand and self-service, meaning that you can access the resources anytime for any
reason almost instantly. You can sign into a cloud-computing provider right now and spin up
whatever resources you might need. You don't have to contact the cloud provider's IT
department just to get them to provide the resources.
you no longer have to try to guess now how much computing power, storage, and
infrastructure you'll need and put out the capital investment for hardware, software,
location, and personnel to run it.
you don't have to pay for services you don't use.
you don't have to work closely with your cloud provider to launch, decommission, or scale
up your resources, so you and your business are not at the mercy of someone else's
availability.
The next characteristic of cloud computing is ubiquitous network access, meaning that if you have an
internet connection, you'll have access to cloud services.
Another key characteristic of cloud computing is that it utilizes resource pooling, meaning that cloud
computing is able to access resources, leverage them for a period of time, and return them to the
resource pool for others to use.
This ties into the next characteristic which is rapid elasticity, meaning cloud resources can scale up or
down as needed. When using cloud computing, the extra capacity is online and ready for use within
minutes after you launch it.
The final characteristic is that cloud computing is pay per use. It's a metered service so you're only
paying for the services you actually consume.
Each of these characteristics on its own is powerful. Taken together, these characteristics have
helped redefine the way the world leverages computers.
Public, private, and hybrid clouds
These are the different types of cloud deployments, private, public, community, multicloud and
hybrid.
Private means the hardware on which your cloud runs is for only your organization's use.
Public means that you're leveraging cloud services over the open internet, using
hardware and software that you don't own.
Community is much the same as public cloud, but it's only accessible through a limited
group of organizations or employees.
Multicloud means two or more public or private clouds, considered the most flexible.
Hybrid clouds use both private and public clouds, allowing you to run workloads on either
cloud deployment model and having them work seamlessly together.
Private cloud. The main advantage of leveraging a private cloud is that the resources are
provisioned for exclusive use by a single organization. Some believe that this provides the best
security over public and hybrid, as private clouds maintain a certain degree of
isolation. Private clouds can be on premises or in a data center of an internal cloud provider. The
idea here is that the resources are not multitenant, meaning that systems are not shared while
provisioned. There are a few types of organizations who are required by law to maintain the
separation of resources and data, such as those who deal with medical or financial data. For
those organizations, private cloud is the only viable option.
Public clouds run over the open internet and you may not even know where your
application and your data physically exists. Some consider this less secure as a resource may be
multitenant, meaning that they are shared concurrently among many users. For example,
storage devices may be partitioned, and one partition may contain data from one
company while another partition may hold that of a different company or a computer may
service multiple accounts and in one well-documented hack, memory from one tenant was
accessed by another. However, public clouds don't require that you purchase hardware or
software and you don't have to maintain the systems. Thus, the concept of avoiding capital
expenses is a core value of leveraging a public cloud. And these days, security is top of mine of
the major cloud providers whose servers are constantly patched with the latest updates. On-
premise servers may not be as quickly patched depending on the onsite IT team.
Multi-clouds concurrently leverage the cloud platforms of multiple cloud providers. So it's when
an organization uses a mix of Amazon web services, Azure Google cloud platform or other cloud
providers. There are a few reasons why organizations may want to use multiple cloud
providers. The first is that some cloud providers have benefits not offered by others, or maybe
better at certain types of service. Choosing different providers based on their strengths to
handle particular services is one way to address that. Another reason organizations exercise a
multi-cloud strategy is that they may not want to depend solely on a single cloud provider. It's
exceedingly rare, but from time to time a cloud service from one provider may
regionally become unavailable and using a multi-cloud solution is seen as a way to hedge your
bets. However, they require a great deal of planning and do end up being more complex.
Hybrid clouds can provide the best of private clouds and public clouds. Since you have two cloud
deployment models that are paired you can leverage the strengths of each to meet the needs
of the workload. In some instances, workloads can be moved between public and private clouds
to maximize the value of leveraging cloud platforms.
The best cloud deployment model for your organization really depends on your own
requirements. Part of the process of moving to the cloud is to understand the characteristics of
your workloads and match them to the correct types of clouds.
Software as a service or SaaS which is an application that you rent over the open Internet.
Infrastructure as a service or IaaS which is basically storage, compute, and other
infrastructure services that you leverage from a remote cloud.
And finally, platform as a service or PaaS which is an application development, testing, and
deployment that is on demand.
There are huge fundamental differences between the different cloud types.
Again, the use of cloud-based resources mean that we're sharing resources and avoiding buying
our own hardware and software. This really defines the value of cloud computing in general.
SaaS clouds
A software as a service or SaaS model means that a third-party provider hosts the
application software on behalf of the end-user. SaaS is more like applications that are delivered
through web browsers - ERP or enterprise resource planning, or CRM, customer relationship
management.
Using a SaaS cloud removes the need for enterprises to spend too much cash on enterprise
software, and the SaaS cloud provider maintains the hardware and software. Also, there is almost
unlimited scalability for growing enterprises since you can add seats or subscriptions as you add
employees to the team. Additionally, there is no need to update or patch the software updates are
continuous and automatic. There are more than 2000 SaaS cloud providers in the market
today. Prime examples include Salesforce.com, a customer relationship management solution that's
popular within enterprises focusing on customer services and sales and management. Google apps
providing storage, word processing, spreadsheets, and maybe shared among many users. And
Microsoft 365 which is a SaaS version of the popular Microsoft Office platform.
First, you can avoid buying hardware and software in support of an on-premise business
application
shift the risk to the SaaS cloud provider.
The ability to pay for only the subscription typically per person that you use, allows you to
align your usage directly with spending.
Finally, SaaS supports pervasive application delivery including desktop and mobile
devices.This allow SaaS to reach most users on the devices that they prefer to use. Software
as a service is a revolution in the way in which we consume software. Moving forward, you'll
find that this model is going to be the desired model that your enterprise is going to use.
IaaS clouds
Infrastructure as a Service or IaaS is about using an internet service model to leverage resources
traditionally found in an organization's own data center such as storage and compute. While IaaS
Clouds provide infrastructure services found in traditional data centers such as compute and
storage, they can also provide application and data hosting for existing enterprise workloads such
as applications and databases or both. IaaS Clouds are the fastest growing type of Cloud with
Amazon Web Services being a major player with revenues over several billion dollars. Finally, IaaS
Cloud services can be deployed as private, public or hybrid Clouds. In addition to AWS, Microsoft
Azure and Google Cloud platform are also IaaS plats. There are many differences between brands of
IaaS Clouds including the number and types of IaaS services they provide.
avoiding the expense of buying hardware and software. This means that we're shifting
spending from CapEx or capital expenditures to OpEx or operational expenditures.
you only pay for the services that you use. IaaS providers may bill by time or volume of
data.
IaaS Clouds provide elastic scaling. This means that IaaS Clouds can scale up or scale
back based on the needs of the application workload. This also means that we pay more or
pay less depending on what capacity is needed.
Shifting risks to an IaaS public Cloud provider means that we're relying on the public Cloud
provider to take care of hardware and software as well as make the initial
investment. They're accepting not only the risk but also the cost of the risk. IaaS supports
public private and hybrid Cloud deployment models.
PaaS clouds
Platform as a service or P-A-A-S or PaaS model means that a third party provider provides
application development, testing, deployment, and hosting service as a service. This provides
efficient application development platforms that can be leveraged by any enterprise to make
applications development more cost-effective. PaaS also reduces the complexity of
building, testing, and deploying applications by keeping the developers inside of a well-defined
environment that limits the ability for the developers to make mistakes. . There are dozens of PaaS
providers out there with Amazon Web Services Elastic Beanstalk being an example of a PaaS
cloud that runs within an infrastructure as a service cloud. The same infrastructure as a service and
PaaS combinations can be found within Microsoft Azure as well as Google App Engine.
The integration and combining of PaaS and infrastructure as a service cloud services is a trend that
we're currently seeing. So what's the business case for platform as a service or PaaS?
When moving from traditional application architectures to those that are specific to the
business, you'll notice that much changes. An example of a big change is that applications where
the database is tightly coupled to the application itself may work fine for traditional computing
systems but might have to be decoupled and moving to the Cloud. But macro changes will also be
occurring as well as changes to specific technologies.
You'll need to do your homework and be able to make a business case to gain the necessary
approvals and secure funds for moving companies cloud applications to the Cloud. For this you'll
need to do breath analysis to understand the basics of each application and determine what needs
to be done to move it to the Cloud. And you'll need to focus on modernization meaning that we're
looking for opportunities to improve the applications before they migrate to the Cloud.
Here are the Cloud migration terms and processes that are helpful to be familiar with.
Move applications through the Cloud means that you are going through the process. Notice
that we're moving through this process starting with a very primitive crawl and working to
the fly.
Migration means actually moving the applications and application data.
Finally, let's move to operate and improve meaning that we're going to find ways to operate the
Cloud to meet user expectations as well as continuously improve the applications ongoing.
So when migrating to cloud computing, it's essential to keep in mind security issues, compliance
issues, and performance issues.
Understanding total cost of ownership (TCO)
Before making an investment or change, almost all organizations ask for the total cost of ownership,
or TCO, and the return on investment, or ROI. This means that solid business cases need to exist
before migration can begin.
We need to understand operational impact, and business impact when approaching this
problem. This means creating three models, including a pure TCO, which has all costs calculations,
a TCO plus the transactional costs, or the cost of migration.
Finally the ROI, which also includes full program cost, versus value
calculations.
I
t's important that you understand the source and assumptions of all of these costs, and how you
came to understand these figures. This means getting the initial data correct, understanding that is
how and why you make the correct decisions around TCO and ROI.
We need to understand what's important to data in the Cloud, looking at value categories. Only then
can we understand the impact of each category by providing a weight, or what it means to our
enterprise.
As part of this process, you need to create a current state assessment. This is basically how things
are now, or the as is. Next, we move to the to be, architecture or what the Cloud deployment will
look like once it's done. Then you can create the TCO model as we described in the last slide. From
there, you can get to the more formal ROI, as well as create a budget.
To create the current state assessment, we need to do an application inventory estate level
assessment. This means doing a sample application assessment, full estate inventory, and defining
the application migration approach.
Service levels and operational environment assessment means that you're working up to current
infrastructure and operational costs, current state architecture qualities and requirements, and
then current state operational models and processes.
Value of agility is often an overlooked area, and in many cases, this is the primary value point of
leveraging Cloud computing. Moreover, the cost of retiring selected application infrastructure or
data centers needs to be understood as well.
You need to figure out the real costs, that includes what to do with leftover hardware and
software. Also understand the changes required to maintain service levels and software
costs. And don't forget about the organizational transformation costs.
Researching and being able to discuss the total cost of ownership, or TCO, and the return on
investment, or ROI, is an essential step. Without this part of the project, we'll have no idea of
what success looks like. Keep in mind, we're leveraging Cloud to enhance and improve the
overall business.
These seven steps are a great guide to planning steps to your migration.
1. Replace, means that we're replacing the software with a software as a service system or
solution.
2. Reuse means that we're dividing up the application as sets of services and then leveraging
those services for one or another application.
3. Refactoring means that we're altering the application to be more cloud native and thus
more efficient.
4. Replatform, means that we're placing the application on a different cloud platform than the
traditional system of origin.
5. Rehost, means that we're lifting and shifting which means that we're moving the application
to the cloud without modification.
6. Retain, means that we're not moving the application.
7. Retire means that we remove the application completely from service.
You need to consider the cost of people, resources, and the time it will take to migrate your
applications to the cloud. However, you must consider the value over time relative to the
resources expended. It's an imperative that the value exceed the investment over time else it
does not make sense for you to move to the cloud.
1. understand data, services, business processes and system integration points, they
need to be a part of this process as well, and if they are neglected you won't have a
complete solution. This is where the majority of work comes in.
2. Determine an integration strategy for internal and external systems or how the data
will be shared. It's often overlooked and has to be redone. Keep in mind that these are
much more difficult to deploy without planning.
3. Outline a migration path for legacy systems to the new architecture. Some may move
some may not. You need to add the ones that move to the plan as well as determine the
value. You follow the steps outlined here, you'll get cloud migration right the very first
time.
It's only then, that you went understand how they function, and understand which cloud will
match your requirements. Finally, if you make a mistake, just try again.
Keep in mind, we need flexible resource configurations. This means we're dealing with a
cloud that allows you to configure resources in different ways. As you may recall, from the AWS
demo, Amazon Web Services had the ability to be completely configurable.
Dynamic Scale-Up and Scale-Down of resources, means that we can add service instances as we
need them, and remove them when we don't need them.
Seamless support of Multiple Clouds, mean that we can use different cloud brands, and types as
needed.
Flexible Resource Quotas means that we can add or remove resources without suffering
penalties.
Role-Based access controls are available. This means that we can set up policies to govern how
the resources are allocated and used.
Comprehensive Monitoring and Logging means that we can log all aspects of the Infrastructure
as a Service cloud and read those logs at any time. Also, we have the ability to monitor the cloud
service using some sort of dashboard.
Image Lifecycle Management refers to the fact that we can manage images from the creation, to
the disposal.
integration into Incident and Change Management, either as a part of DevOps structure, or as
part of existing configuration management approach.
Service Provisioning means leveraging a portal into all cloud endpoints, meaning that we can
launch new storage and compute instances at any time. Also having a robust service catalog that
meets all of the customer cloud needs, including most of your requirements. It's at this point,
that you want to pay special attention to this feature, ensuring that most of your requirements
are met.
End-to-End Automation meaning that we have to compare automation control over the
Infrastructure as a Service cloud.
The cloud should include supported APIs or Application Programming Interfaces, allowing the
applications and data sources to communicate with one another.
With Self-Service Resource Provisioning, we can allocate resources such as storage and
compute, when and where we need them.
Also, provides Rapid Elasticity, meaning that we can expand and contract our cloud usage at
will.
Capacity on Demand ensures resources are always available, and rapid disaster recovery using
active-active approach, meaning that we can provide business continuity and disaster recovery
services to ensure that our applications never stopped supporting our users.
Employs Seamless Support for different cloud endpoints. This will ensure a consistent
operational support for each cloud component.
Metering and Chargeback refers to the fact that we can monitor the cloud usage as dollars, and
allocate the charges to different departments in the company. Pay-as-You-Go Consumption
based billing. You only want to pay for the cloud services that you use.
Reliable Asset Tracking and Usage Reporting, so you can understand what you're paying for, who
is using the cloud services, and when they used.
When picking a cloud provider, it's helpful to create a set of requirements such as storage and
compute, as well as the relative importance of those requirements to the enterprise. This force
ranking will assist you in determining, which cloud is most likely to be the correct
choice. Weighing the different categories such as compute and network demonstrates the
relative ranking for each category.
Defining your business needs, and then researching various cloud providers to understand how
they function, will go a long way to figuring out which cloud, will match your
requirements. However, each evaluation process and criteria will be unique to your needs.
Clouds are basically complex distributed systems, and Cloud security can be broken down into two
types of domains.
Business domain is all about dealing with the business side of security, audit and assurance for
example. This means that we're building our security solution with audit in mind, either from
internal auditors or from outside agencies. Anything that we address as business
requirements should be on the list. This really answers the question, what needs to be done.
The technical domain deals with anything technology related, including architecture, technology
and tools. It's here that you define the how of your security solution, getting down to the types of
technologies, even the name brands that you'll likely leverage. It's important that you define both
domains in detail, and take your time in doing so. Missing something here could mean that you fail
an audit, or out of compliance, or worse, suffer an attack.
It's also helpful that you start your journey to the Cloud security by understanding what you're
dealing with, doing detailed analysis and making recommendations as to how the problem should be
solved.
Discovery is just that. Understanding what you're dealing with. This is where you define what the
users are doing, what data exists, and how it moves current security issues, things like that.
Assessment means that we're looking at the data that we just gathered and coming to certain
conclusions. For example, is the security solution keeping us in compliance, and what are the other
risks that are currently present?
Recommendation means that we understand the needs of Cloud security in detail. And now we're
going to make the recommendation for both business and technology solutions.
Carefully assess your Cloud security needs within the two domains of business security and technical
security. While security in the Cloud is typically much better than with on-premise security, it does
take a bit of planning and an understanding of what's being protected.
It's easier to transform your existing IT talent to cloud enabled people versus trying to hire
experience cloud professionals and get them up to speed the company and the culture.
Hire outside consultants for the first project at least. This way removes some of the risk and
should be the most cost-effective.
Finally, always evaluate the market costs for talent. Make sure to upgrade pay and align
with what the market is paying else, you'll have those people walking out the door.
We'll focus on a few core positions that you'll need to have a successful transition to cloud. This
includes
cloud architect or a person that can design and build cloud solutions.
Cloud developer or a person that can build cloud applications or migrate applications.
Finally, cloud security engineer or a person that can provide enough cloud security
experience to be effective.
Here's the breakdown of what experience each person will need within these roles.
Cloud architects
need to understand cloud holistically. Meaning that they know the market, which cloud
does what and how to align your requirements with a cloud solution.
They understand the process of application migration at a high level, assisting in planning
and budgets, know how long something takes and the resources you'll need to do it.
Also, they should have a good understanding of cloud providers. Including the provider
selection criteria we presented in the previous video.
Cloud developers
need to understand how to build applications on specific clouds. Such as Amazon web
services or Google.
They need to know the native programming languages and tools.
They also need to understand how to leverage cloud native features or capabilities that are
specific to a cloud. For instance, how to build auto-scaling features into an application that is
controlled by the application.
need to understand how to design security solutions for the cloud including, native security
features of cloud providers as well as external security tools that can be implemented.
Also, they need to understand the security tools and technologies that are available in
great detail. This means governance, compliance as well as security.
I urge you to consider your skills, consider your culture and consider your organization before you
migrate to the cloud.
Your first cloud project
3. Cloud Security
Cloud security planning
Be proactive is the best defense.
Make sure that you focus on monitoring and taking corrective action.
being reactive to the ultimate insecurity solution where you can be proactive or spot issues before
they become real problems.
After using integrated tools is the first time that we reach minimum viable cloud security, which is
good enough.
Most enterprises, however, should set the objective of being predictive and thus the most secure.
Leveraging standards are needed to achieve business benefits while encouraging adaptability,
flexibility, and innovation. If using a standard not required by law means that we're making the
end user less productive, then perhaps it should not be used.
Security is as much a people issue as it is a technology issue, and thus we need to focus on what
roles and processes exist.
Cloud security requires that we understand all aspects of security from being reactive, all the way to
being able to be predictive and spot issues before they become real problems. The core idea here is
to craft the right security strategy and technology stack to meet the needs of the cloud
deployment and thus the needs of the business. Follow these guidelines, and you'll have a first-rate
secure cloud.
Never assume that things are secure, instead, assume the opposite, and prove them to be secure.
So, as you build your requirements, make sure to centralize the following;
policies so that everyone is on the same page when it comes to setting up roles.
Access controls, or a consistent use of access control technology throughout the cloud
deployment.
APIs, Application Programming Interfaces that ensure that we can programmatically
access the security systems and features.
Repository so that we can keep track of all entities within the cloud, computing
problems, domain from security, and governance purposes.
Centralized logs to ensure that we have the central understanding of what's happening.
Integrated monitoring and single pane of glass, so that we have one place to look and
determine what's going on right now.
Establish consistency across systems, leverage industry security standards that benefit the
organization, but keep in mind, that it's not one size fits all. Some standards zap
productivity, and thus should not be adopted.
Encryption strategy, or how we're going to encrypt data in flight and data at rest.
Common tool chain, meaning that we're using the same tool sets.
Standard OSS and BSS capabilities. OSS is either operational or Operations Support
Systems. BSS stands for Business Support Systems.
Shared security services are security services that should be shared with on-premise
systems and cloud-based systems.
Blueprints are how we're going to implement security services, and who will do it.
Patching or how we're going to patch software issues that can lead to vulnerabilities.
Scanning, meaning that we proactively scan the environment to ensure that we're seeing
problems.
Event management so that we're able to deal with hacking events in a pre-planned and
orderly way, using tools to automate the processes.
One touch deploys where we're able to deploy security solutions with a single push.
Automated metadata tagging, meaning that we're not only are able to manage the data
better by providing identifiers.
Measure and communicate results, drive continual improvement, build on existing
capabilities. This means that we're also looking to improve, and thus there is a sound
feedback loop that exists that allows cloud security admins to improve security ongoing.
Discover, understand the security architecture controls and stakeholder
requirements. Gain an understanding of the needs of the business by looking at the target
architecture, talking to the business leaders, identifying domains, et cetera.
This is a good template for you to use, as you gather your own security requirements,
So, what are the best practices in selecting the right security technology? Here are a few that I
recommend that you consider.
Security systems availability. The responsiveness needs to be considered a top priority. This
means that you need to test and benchmark your security tools.
Degree of compliance. There are typically laws that have to be adhered to in your industry
from technical as well as the business standpoint.
Number of application groups. Developers trained on security tools, including
operations, developers and other roles that exist in the organization. Percent of systems and
application utilizing security services. This needs to be understood. A few applications are
leveraging the security technology, the holistic approach to cloud security has much less
value. Completeness of system documentation, meaning that we need a complete set of
documentation to ensure that we're detailing out the use of the tools. Improvement in the
ability to enforce security and privacy policies, meaning that we're automating this process
as much as possible. If you follow these guidelines in picking your security tools, you find
you'll pick the right tools the first time.
Security implementation and operations
Establishing and maintaining secure Cloud operations is a matter of people and processes. ,
Make sure to focus on training so that everyone understands their roles.
Successful security operations are dependent upon proactive monitoring.
Securing your data is the most important element around all security operations, and this
includes requiring transparency. Meaning that we can only see what's going on, and where,
and react accordingly.
Make data available everywhere, either through APIs, application programming
interfaces, or dashboards, allowing anyone to see the current state of security and
monitoring of the data.
Be proactive, not reactive. Yes again, the data will provide you with the ability to be
proactive and predictive.
Mine data for patterns. This will lead you to trends that will lead you to finding issues that
need to be corrected. Always evaluate KPIs, or key performance indicators, or SLAs, or
service level agreements. Keep in mind that they are places where the security tools will run
into conflicts. You need to get ahead of those.
Fast feedback loops trigger higher learning, as well as providing real-time data as much as
possible. The number of security standards is daunting. The good news is that most won't apply to
you. You do need to be aware of which standards are required, and which ones are just
helpful. Standards should only be employed where there are clear benefits. Don't let this graphic
scare you. It's pretty much everything that you need to do when doing
Cl
oud operations and a few things more. What's at issue here is that you need to integrate security
operations with Cloud operations, including dealing with the same people, processes and
technology. There cannot be a separate security operations team and a separate Cloud operations
team. They need to be one unified team in which everyone understands one another's roles and
tools. If you break down the process you'll see before you, you'll understand that security should be
systemic to operations. In the next video, we'll cover Cloud operations, or Cloud ops in greater
detail. If you follow these processes and procedures here, you'll find you do Cloud operations and
security operations correct the first time.
3. Cloud Operations
Planning cloud operations
The rise of cloud has brought many of the more advanced properties to public cloud-based
platforms including continuous operations. Continuous operations have the ability to run cloud-
based systems in such a way that there is never a need to take an application out of service. We
call this zero downtime objective.
Cloud ops or cloud operations is the formalization of best practices and procedures that allow
cloud-based platforms and applications and data that live there to function well over a long duration
of time.
Redundancy seems to be core to all good cloud operations. Years ago, the use of redundant systems
was costly. So most of those charged with operating systems use a single server. When the server
was being updated with new patches and fixes operations had to stop
Continuous operations are achieved by the effective use of cloud ops procedures and best
practices.
Public and private cloud platforms support auto and self-provisioning which means you can set up
dual independent systems. The result is that operations remain up and running during system or
software updates or even during system failures that would bring down traditional systems
First, cloud managing platforms or CMP tools that allow you to manage cloud services,
provisioning and deprovisioning machines and services and providing the ability to
automate continuous operations since you can place a layer of automation around cloud-
based machine instances and cloud services.
o System failures can typically be worked around automatically therefore most
common problems such as storage system failures, network device failures, et
cetera, can usually be self-healed without users even realizing that there was a
problem.
o Also, when software is updated automatic processes that are typically linked with
automated DevOps processes are able to test, stage and deploy software
updates without any interruption in application services.
Second is AIOps which is short for artificially intelligent IT operations.
o It refers to multi-layer technology platforms that automate and enhance IT
operations through analytics and machine learning.
o It's an evolution in that traditional management and monitoring tools were AI
enabled and thus they became AIOps by simply adding features. These tools are
typically sold by traditional enterprise infrastructure management companies that
have been around for years, many of which are name brands. While the use of AI by
each of the AIOps players differ substantially, there are a few core AI services that
most tools share.
Third, are metrics and monitoring system tools on private and public cloud that are more
data driven.
o The idea with these systems is that we can proactively spot issues when they
arise in operations of cloud-based systems.
The new normal is to be proactive and have the advantage of seeing all of the data from
all of the systems and being able to place the data in context, so spotting or correcting
issues is automated and based on near perfect data. Multi-cloud operations
Multi-cloud operations
The common operational services must logically exist above all cloud brands to leverage the
native services of each cloud.
you want a single user interface. Both visually and API based.
The concept applies to platform, data, and application, management, and monitoring
services, cost management, security, operations, backup and recovery, user management,
and tagging.
The use of common services is key to multi-cloud management and operations.
First, you need to do some of the basic requirements planning. This includes assess the
needs of applications and data sets that you're looking to host in the cloud.
What changes need to be made to support cloud ops? Create an updated deployment
plan that eliminates planned outages were updates to systems and applications do not stop
operations.
Create a strategy and technology solution to work around common problems that would
normally cause downtime. Use the auto and self-provisioning mechanisms of your cloud
platforms to build and leverage redundant services that can function independently. Select
cloud ops tools best suited to your needs as covered above.
CMP or cloud management platform tools and monitoring and metrics tools are needed at
a minimum.
And finally create a process to receive continuous feedback as to the true effectiveness of
cloud ops and make sure that there is an ongoing and continuous improvement.
Dealing with complexity is advanced operations. However, it needs to be a part of your
cloud solution.
5. Cloud Governance
Cloud governance planning
Cloud application governance means the placement of policies around the use of cloud
resources, such as storage and compute, as well as cloud services, or application
programming interfaces.
resource governance, or the ability to govern the use of core cloud resources such as
storage and compute, for instance, Amazon Web Services S3 Storage System or Amazon
Web Services DC2 Compute System.
Service and governance are the ability to use an API or application programming interface or
web service that may be part of a service-oriented application or for other uses.
Security and governance are the ability to link core governance capabilities, such as policy
processing and core processing involved with maintaining security.
Compliance and governance used to ensure that we're able to leverage governance to keep
a tight control on complying with laws.
Governance deployment, ensuring that we're able to deploy applications into production
in such a way that we're not causing issues in other places.
Service governance provides the ability to monitor and control specific APIs or services and
microservices.
Security and compliance. Most of the issues that we see around compliance have to do with human
errors. Data is put in the wrong place and is found in compliance audit
Also note that these tools can support a few core patterns such as passive and active.
Active refers to the tool's ability to carry out governance using an automated
framework that carries out governance tasks without human intervention.
Passive must leverage humans to correct issues.
The trend has been toward active, automated governance tools. While planning is not often fun for
any technical project, it's needed here to ensure that we have a solid cloud governance approach in
tooling. Get that right and you'll find that governance is no longer an issue.
Understanding requirements. Define what your governance issues are and what and how to
address them.
Find the right tools or what tools will be needed to automate governance, such as service
and resource governance tools.
Test cloud governance, how will we ensure that our governance systems work properly.
Cloud governance operations are how we'll run all governance operations long term.
Focus on what you're governing, resources, services, security, compliance, et cetera. This is perhaps
the most important aspect of getting governance right. Write use cases as if you are doing
application requirements, meaning that we're defining the actions of the business processes as well
as those leveraging the business processes. Never start with the technology, in that you are likely
not to pick the correct technology unless you understand your requirements. Get the right skill sets
the first-time including cloud governance SMEs, or subject matter experts. This means that org
planning, hiring, and training should be a part of the requirements process. Let's take our cloud
solution to the next level by ensuring all governance services are correct and operationally sound.
However, the steps for selecting the right processes, tooling, and skills are straightforward if you
break it down into a few easy steps.
Finding the right tools or what tools will be needed to automate governance such as service
and resource governance tools. This means that we're looking at the market and picking the
correct technology to solve our governance problems to meet our requirements.
Narrow focus to three or four tools quickly meaning that we're narrowing the tools we have
to understand and test.
Ensure that the tool provider is a solid player meaning look at the business, and if they are
likely to survive, and thrive into the future.
Check on available training and tool subject matter experts understanding that you'll have
to have those skills needed to make governance work.
Make sure that you have a micro plan for deployment getting from architecture to
operations.
Don't be afraid to stop, back up, and retry. Everyone makes mistakes, so make sure you
address those mistakes as soon as they are known.
Cloud governance is the most often overlooked aspect of cloud computing considering that
there are so many other things to do. However, by placing guardrails around resources and
services, you'll find that you'll keep yourself out of trouble using proven technology to assist
you.
Make sure to write operations policies and processes. Who does what and when. This is
typically called a playbook. But it really is defining who is responsible for what.
You need to integrate these operations process in with other operation processes such
as, security, performance, SLA management, or service level agreement management, cost
management, et cetera. This can be done using orchestration engines or tools that are able
to communicate one to another.
This should be a continuously improving process. As you iterate, things should
improve. This means that you're never done. The ops team is always looking to improve
processes, technology, and skills. GovOps assures that we keep governance systems in good
operational states long-term. However, this does take some work and planning but the
payback is many times the effort.
Conclusion
Cloud news and resources