TechArch Day 2018

A Magical Story of Cloud Transformation

Miha KraljAccenture

Complex Cloud Transformations Require a Structured RoadmapPLANNING THE CLOUD JOURNEY

CLOUD STRATEGY

BUSINESS CASE

ORGANIZATION ROLES AND

SKILLS

MANAGEMENT AND

GOVERNANCE

SECURITY, RISK AND

COMPLIANCE

OPERATING MODEL

LEGACY APPLICATIONS DISPOSITION

APPLICATION MIGRATION FACTORY

MODERN APPLICATION

ARCHITECTURE

NEXT-GEN APPLICATION

DEVELOPMENT

INFRA-STRUCTURE

ARCHITECTURE

CLOUD MANAGED SERVICES

COST REDUCTION

Reducing technical debt and operation cost, and

optimizing company assets

RISK REDUCTION

Ensuring alignment of security policies

INCREASEDSPEED AND AGILITY

Driving migration and adoption at the right pace

ENABLE EXPERIMENTATION

Preparing for the future

Cloud transformation should bring more value than just reduced cost of ITINITIAL ASSUMPTIONS

ENTERPRISE INSIGHTSMeet demands with

greater precision

Governance and ControlEnsure continuous compliance and effective governance

Cloud Service ManagementDeliver business-focused customer and user experience

OPERATIONAL EXCELLENCEImprove operating expenses

and optimize processes

Cost OptimizationHarness cloud economies of scale

Acceleration, Flexibility, and ChoiceAccelerate migrations to take advantage of the cloud

PRODUCT LEADERSHIPPromote innovation

InnovationDrive strategic business differentiation

Speed, Agility, and AccelerationIncrease speed to business outcome and innovation

THE CLOUD BUSINESS CASEFinding the Business Drivers of Cloud Transformation

CLOUD PROGRAM GUIDING PRINCIPLES

CLOUD FIRST Instill a “Cloud First” philosophy for new application and functionality development

RAPID PROTOTYPING Take advantage of cloud services to rapidly prototype new capabilities and quickly scale them to production

AVOID ADDITIONAL COSTMigrate based on ROI and eliminate any unused infrastructure

MAXIMIZE CLOUD BENEFITSFocus on refactoring to gain scalability and elasticity

SECURITY AND COMPLIANCE Ensure that the cloud meets the security and compliance requirements for the systems that migrate

RISK CONTROLUse the cloud to improve the resiliency, availability, and performance of the systems

A set of basic guidelines that maintain the north star of the program

CLOUD MIGRATION PROGRAMFully leverage cloud services as a standard, across multiple cloud providers

DRIVEAn enterprise-wide migration roadmap

LEVERAGEReusable tools,reference architectures, and implementation guides

AUTOMATEIncrease speed, self-service, resiliency, and accuracy through automation

• Centralized overarching view across all cloud efforts• Accounting and consolidation of infrastructure• Capacity and cost management for the future

Cloud Program Governance

• Collaboration with cloud vendors• Federated model • Allowed separation across organization

ACCELERATEProvide migration services to increase the velocity of migrations

OPTIMIZE Aggressive cloud provider rates and ROI

INFRASTRUCTURE PATTERNSConsistent and repeatable enterprise management in the cloud

VM Factory Backup/DR

Sec ToolsMonitoring

Logging

DirectoryDNS

Networking

REFERENCE ARCHITECTURESReference architectures (RAs) and implementation guides (IGs) provide guardrails and best practices

RA: Architecting Cloud-aware Applications

RA: Cloud Resilience & High Availability

RA: Cloud Interconnectivity

RA: Configuration Management

RA: Data Management

RA: Log Formatting

RA: Messaging

RA: Security Credentials Handling

RA: Secure Config Management

IG: Cloud Account Segmentation

IG: Data Classification

IG: Public Cloud Cost-effective Architecture

IG: Secure Config Mgmt for AWS IaaS

IG: Securing Sensitive Data

SECURITY CONSIDERATIONSDefining the security workflow at scale allows high reusability

WHITELISTCloud services to enable

consistency at scale

REVIEWAll security policies for

cloud readiness and data classification

DEFINEThe validation process that allows

selection of cloud service according to data classification

CLOUD DEPLOYMENT OPTIONSApps choose the right deployment model, not the other way around!

TRADITIONAL VIRTUALMACHINES CONTAINERS SERVERLESS

CLOUD NATIVE

HARDWARE

OS

RUNTIME

APPLICATION

HARDWARE

OS

RUNTIME

APPLICATION

HARDWARE

OS

RUNTIME

APPLICATION

HARDWARE

OS

RUNTIME

APPLICATION

IT system is defined by its ability to expose control of system lifecycle, provide meaningful instrumentation/telemetry, enable resilient operations and supports fast deployment, iteration and reconfiguration.

ARCHITECTURE• Requirements• Views• Decoupling• Componentization• Governance• Encapsulation• Fail-fast design• Instrumentation

SWITCHING TO CLOUD-NATIVE ARCHITECTURE

PROCESS• Architecting• Planning• Development• Testing• TDD/BDD• Integration• Release• Operations

TOOLCHAIN• Source control• Deployment• Repo management• Release management• Configuration control• Packaging• Tracing• Collaboration

PLATFORM• Automation• Runtime platform• Service discovery• Image/container

registry• Service catalog

management• Scheduling• Choreography

DEFI

NES

USES

RUNS

COD

E ON

13

Cost

to D

eplo

y

Speed to DeployMonths Seconds

$ $$

$$$$

Monolith

Physical hosts

VMs

Containers

Serverless

Faster and cheaper deployment of exponentially increasing number of independent units.VALUE AND BENEFITS OF NEW STYLES

Complexity of InteractionsNu

mbe

r of u

nits

Monolith

Physical hosts

VMs

Containers

Serverless

BUILDING CLOUD-NATIVE APPLICATIONSFrom IaaS and CaaS to PaaS and FaaS

VMs•Infrastructure resources (CPU, network, disk) as the unit of work•Provides APIs and tooling for automating the provisioning

Apps as Containers•Infrastructure and resource scheduling is managed by the container platform•Teams package their workloads as containers, and the platform is responsible for the application lifecycle•Teams can run any framework, stack, or technology as long as it’s packaged as a container

Cloud-native Apps•Teams provide source code; the PaaS builds, packages, and deploys the application•The platform handles the lifecycle of the entire application•Provides a ready-made set of backing services such as databases, caches, and load balancers

Apps as Functions•Code with a clear entry point and exit point (a “function”) is deployed to the platform•The platform manages the lifecycle of the function•Horizontal scaling is completely automatic, elastic, and managed by the platform

Flexibility Application-centricity

CLOUD MIGRATIONS SERVICE CATALOG

MIGRATION PLANNING SERVICES

ECP Engagement Model Overview

Security & Risk Policy Conformance

Application Migration Planning

MIGRATION ANALYSIS SERVICES (DISCOVERY)

Run Tools / Processes

Interpret Results and System Dependencies

MIGRATION DESIGN SERVICESInfra / Platform Architecture (High Level Design)

Application Migration Blueprint (Detailed Design)

Architecture Review

MIGRATION TOOLS AND TEMPLATES

Migration Templates

Migration Tools

Templates, Scripts, Code Snippets

Cloud Reference Library

MIGRATION EXECUTION SERVICESMigration Execution Management

New Server Build

Host Based Migration (Re-Host)

ApplicationRe-Platform

Front End Website Migration

Data Conversion Data Migration (Files, Objects)

Containerization

System Level Improvements (Remediation)

Front End (Web/Mobile) Refactoring

Business Logic (Middleware) Refactoring

Backend (Data Layer) Refactoring

Migration to SaaS

Decommission (Retire)

VALIDATION SERVICE

Functional Validation

User Acceptance Validation

Security Validation

Performance Validation

SUPPORTING SERVICESCloud License Acquisition / Procurement

Cloud Vendor Support

SME Support Staff Aug.

SUSTAINMENT SERVICESCloud Operations Planning

Infra Ops Sustainment

Cloud Optimization

Application Sustainment

Sustainment Transition

CLOUD OPERATIONS DISCIPLINEService-Oriented Organization Can Support a Multi-tenant Cloud Environment

Affordable – Globally Distributed – Scalable – Elastic – Available – Recoverable – Self-Healing

MONITORMeasure Operational

Metrics

MANAGECorrect Errors and Issues

PREPAREAccept into Operational

Control

IMPROVEChange and Optimize

PEOPLE, CULTURE, AND CHANGE MANAGEMENTAs the technology transforms, so should the people

INVEST IN PEOPLE DEVELOPMENT

Offer training and development for building and operating modern

cloud systems

HIRE FOR THE FUTURE

Plan your talent strategy for the future needs of the organization

CELEBRATE WINS

Acknowledge team’s accomplishments and

achievement of milestones

SaaSPaaSIaaS

Networking

Database Services

Artificial Intelligence Services

IoT Services

Enterprise Applications

Compute Services

Persistency & Storage

Analytics and Big Data

Managem

ent Automation

Services

Mobile Services

Security, Identity and Access Services

App Services

Enterprise Integration

Development

Services

Cloud Service domains

ContentDeliveryNetwork

DedicatedConnectivity

Domain NameService

NetworkLoad

Balancing

VirtualNetworking

Hybrid Connectivity

Web Load Balancing

InternetTraffic

Distributor

Cloud-native RDBMS

Non-nativemanagedRDBMS

Data Warehouse

Caching

No-SQL

Graph Database

Master Data Management

Machine Learning

Language Recognition

Text-to-Speech

Translation

Speech Recognition

Vision Recognition

IoT Edge

IoT Gateway

IoT Events

Content Management

Managed Email

Services

Unified Comms

Application Streaming

Desktop as-a-Service

MarketplaceScalability

Batch processing

Container Registry

Container Compute

Event-based Compute

Virtual Servers

Simple Compute

Disaster Recovery

Archiving –Cool

Storage

Backup

AttachedDisk

Storage

SharedFile Storage

ObjectStorage

Hybrid Storage

Data Discovery

Big Data Processing

Stream Analytics

Visualization

Data Orchestration

Network Monitoring

Operations Analytics &

Insights

Cloud API Log Service

Configuration Change

Management

ResourceMonitoring

Exception Reporting

Service Catalog

Best Practices Advisor

Fleet DeploymentOrchestration

Instance Management

Job Scheduler

Infra-as-a-Code

Templates

Application Discovery

MobileApps

Development

Mobile Device

Management

Mobile Identity & Data Sync

Mobile Targeting

MobileApp

Testing

Mobile Analytics

Account Management

CertificateManagement

Directory Services

Information Protection

AuthenticationAuthorization

Security reporting

DDoS Protection Service

Firewall

HSMSecurity Module

Key Management

Compliance

Application Hosting

Business Apps

Send Email Notifications

Media Transcoding

Messaging Service

Workflow Service

Push Notification

Managed Search

Data Import Export

Data Integration &

ETL

VM Import Export

Data Migration

Integration Services

Server Migration

Enterprise Application Integration

App Deployment Automation

Distributed Apps

App Testing

DevOpsPipeline

API Management

API Apps

Build Automation

Code AnalysisMicroservices

Managed Source Control

Web Apps

Continuous Delivery

Game Development

Cloud capability canvas

Cloud IDE

Intelligent Bots

NetworkingDatabaseServices

Artificial Intelligence

ServicesIoT

ServicesEnterprise

ApplicationsComputeServices

Persistency, Storage

Analytics and Big

DataManagement &

Automation ServicesMobile

ServicesSecurity, Identity and

Access ServicesApp

ServicesEnterprise

Integration Development Services

Networking

Aurora

RDS

Redshift

Elasticache

DynamoDB

DatabaseServices

Machine

Learning

Lex+

Polly

Translate

Lex

Rekognition

Artificial Intelligence

Services

Greengrass

IoT Gateway

IoT Events

IoT Services

WorkDocs

WorkMail

Chime

App Stream 2.0

Workspaces

Marketplace

Enterprise Applications

ComputeServices

Persistency, Storage

Athena

Elastic MapReduce

Kinesis

Quicksight

Analytics and Big

Data

Data PipelineVPC Flow Logs

Config

Cloud Watch

Trusted

Advisor

OpsWorks

EC2 Systems Manager

Management & Automation Services

Mobile Hub

Cognito

Pinpoint

Device Farm

Mobile Services

Mobile

Analytics

Organizations

Certificate

Management

Directory Service

Macie

IAM

Inspector

Shield

WAF

Cloud HSM KMS

Security, Identity and Access Services

Artifact

Elastic

Beanstalk

Simple Email Notifications

Elastic Media

Transcoder

Simple Queue

Service

Simple Workflow

Service

Simple Notification

Service

App Services

Cloud Search

Snowball

Services

Glue

Server

Migration Service

DB Migration

Glue

Server Migration

Service

Enterprise Integration

Codestar

Step Functions

Code

Pipeline

API Gateway

Lambda @Edge

CodeBuild

X-Ray

CodeCommit

Elastic

Beanstalk

CodeDeploy

Development Services

Lumberyard

Cloud Front

Direct Connect

Route 53

Network Load

Balancer

Virtual Private

Cloud

Virtual Private

Gateway

Application

Load Balancer

Route 53

Auto-scaling Groups

Batch

EC2 Container Registry

ECS Container

Service

Lambda

Elastic Cloud

Compute

LightSail

Glacier

Elastic Block

Storage

Elastic File System

Simple Storage

Service

Storage Gateway

Amazon Web Services

Cloud Watch

Cloud Trail

Cloud Watch

Service Catalog

Cloud Watch

Evens

Cloud

Formation

App Discovery

Service

Disaster

Recovery

Backup

Neptune DB

Master Data

Management

Enterprise

Application Integration

Mobile Device Management

Connect

App Testing

Microservices

Cloud9

Lex

Networking

Azure SQL Elastic Pool

SQL Database

SQL Data Warehouse

Redis Cache

Cosmos DB

Cosmos DB

Data Catalog

DatabaseServices

Azure Bot Service

Cognitive Services Lab

Speech API

Machine Learning

Cognitive Services Lab

Cognitive Services Lab

Artificial Intelligence

Services

IoT Edge

IoT Hub

Events Hub

IoT Services

Office365

Office365

Office365

Application Streaming

Desktop as-a-Service

Marketplace

Enterprise Applications

ComputeServices

Persistency, Storage

Data Lake Analytics

HDInsight

Stream Analytics

PowerBI

Analytics and Big

Data

Data FactoryNetwork Watcher

Monitor

Operations Management

Suite

Operations Management

Suite

Application Insights

Application Insights

Service Catalog

Azure Advisor

Automation

Operations Management

Suite

Scheduler

Resource Manager

Management & Automation Services

Operations Management

Suite

Mobile Apps

Intune MDM

Mobile Apps

Mobile Apps

Xamarin Test Farm

Mobile Services

Mobile Engagement

Azure Portal

App Service Certificate

Azure AD

Information Protection

Azure AD –B2B, B2C

Security Center

DDoS Protection

Application Gateway

Key Vault Key Vault

Security, Identity and Access Services

Microsoft Trust Center

App service environment

Flow

SendGridEmail Delivery

Media Services

Queue Storage

Automation

Notification Hubs

App Services

Search

Import Export

Data Factory

VM Import Export

Data Migration Assistant

Logic Apps

Server Migration

Enterprise Integration

BizTalk Services

Web Apps

Service Fabric

DevTest Labs

VSTS DevOps

API Management

API Apps

VS TS CI

VS TS

Service Fabric

VSTS Git

Web Apps

VSTS

Development Services

Game Development

CDN

ExpressRoute

Domain NameService

Load Balancer

VirtualNetwork

VPN Gateway

Application Gateway

Traffic Manager VM Scale Sets

Batch

Container Registry

Container Service

Functions

Virtual Servers

Simple Compute

Service Fabric

Site Recovery

Cool Blob Storage

Backup

DiskStorage

Files

Blob Storage

StorSimple

Microsoft Azure

SSIS

App service plan

Translator API

Networking

Cloud SQL

Non-nativemanagedRDBMS

Big Query

Cloud Memory Store

Cloud Datastore

Graph Database

Master Data Management

DatabaseServices

Cloud Machine Learning Services

Translation API

Natural Language API

Translation API

Speech API

Vision API

Artificial Intelligence

Services

IoT Core

IoT Core

IoT Core

IoT Services

Google Apps

Google Apps

Google Apps

Application Streaming

Desktop as-a-Service

Orbitera

Enterprise Applications

ComputeServices

Persistency, Storage

Big Query

Cloud Dataproc

Cloud Dataflow

Cloud Datalab

Analytics and Big

Data

Pipelines

Network Monitoring

Monitoring

Logging

Configuration Change

Management

Monitoring

Stackdriver

Service Catalog

Best Practices Advisor

Deployment Manager

Deployment Manage

Task Queues

Deployment Manager

Management & Automation Services

Application Discovery

Cloud Mobile Apps

Firebase

Firebase

Mobile Targeting

Firebase

Mobile Services

Firebase

Cloud Resource Manager

GCP CertificateManagement

Directory Services

Information Protection

Cloud IAM

Cloud Security Scanner

DDoS Protection Service

Firewall

Cloud HSM Cloud KMS

Security, Identity and Access Services

Compliance web page

App Engine

App Engine

GSuiteIntegration

Media Transcoding

Cloud PubSub

Workflow Service

Firebase

App Services

Search API

Offline Import

Cloud PubSub

Disk Image Import

Data Migration

Integration Services

Server Migration

Enterprise Integration

Enterprise Application Integration

Deployment Manager

Distributed Apps

App Testing

DevOpsPipeline

Cloud API

App Engine

Build Automation

Code Analysis

App Engine

Cloud Source Repositories

App Engine

Continuous Delivery

Development Services

Game Development

Cloud CDN

Cloud Interconnect

Cloud DNS

CloudLoad Balancing

VirtualNetworking

Cloud VPN

Http Load Balancing

Cloud DNS

Autoscaler

Batch processing

Container Registry

Container Engine

Cloud Functions

Compute Engine

Simple Compute

Disaster Recovery

Coldline Cloud Storage

Backup

Persistent Disk

SharedFile Storage

CloudStorage

Hybrid Storage

Google cloud Platform

Cloud IDE

Intelligent Bots

Thank you