4. Compelling reasons to move Cloud
Agility/dev
productivity
Digital
transformation
Data center
consolidation
Cost
Reduction
Large scale
compute intensive
workloads
Acquisitions
or divestitures
Colocation
or outsourcing
contract changes
Facility or
real-estate
decisions
9. 2-pizza cloud business office
Procurement CISO CFO Head of
Infrastructure
Head of
Delivery
Engineering Risk Leader
Audit Leader
HRLegal
Single-Threaded Leader
!
3
12. Amazon.com
Big Data & Analytics
Business Apps
Migration Acceleration Program
Compute Options
Contracts & Legal
Database Options
Container Options
Desktop & App Streaming
DevOps
Management Apps
Digital Transformation
Edge Services
Enterprise Strategy
General AWS Topics
Industry Specific Solutions
Internet of Things
Machine Learning
Mobile Options
AWS Executive Briefing Sessions
AWS Cloud Adoption Framework
AWS Well Architected Framework
AWS Migration Acceleration Program
13. 5 Establish your principles
Be clear on your
business goal
Choose AWS as the
predominant public cloud
partner
Agree on your
security objectives
The team you have is
the team you need
You build it,
you support it
Trust,
but verify
…unless you have better ones
14. …unless you have better ones
Cloud First
Cloud Native
Run Less Software
Focus on Data and Logic
Predominant Public Cloud Partner
Minimum Viable Cloud Product
Exit existing DC’s by a set date
Save as you earn
Frugality Matters
Cos
to remove as much undifferentiated heavy lifting as soon as possible, all new development will be
Public Cloud First.
wherever possible we leverage AWS features rather than build our own solutions. We build the
thinnest possible control plane over AWS, to leverage their efficiencies of scale. We acknowledge
that “perfect” is the enemy of “good enough”. While we bias to using AWS features, when blocked,
we will innovate with our own temporary solutions.
If a component has become a commodity you shouldn’t be spending precious development time on
maintaining it, instead you should be consuming it as a Service.
we strive to build and support the companies data and logic structures, not systems that do not
differentiate our product.
we will select a cloud partner that will allow focus for our organization to get to an expert level rapidly
with a chosen platform, avoiding the distractions that come with too many platforms, across people,
process, and technology paradigms.
we will investigate the minimum Security, Availability and efficiency objectives to get the first
production work load to the cloud. We will expand our research to other tools, as customer features
demand it.
We will have migrated or found the right homes for all our systems, to enable the close of our data
centres by a specified date.
the team and product manager are accountable for their cloud spend, if a means to end justifies the
use of something that delivers material fiscal benefit to to the organisation they are allowed to use.
being prudent and owning your cloud spend is important, teams should strive to continually lower
their costs. Money spent on wasted resources could have been better spent on customer features.
15. …unless you have better ones
Assume the Enemy Knows Your
Code
Dance like no one is watching, encrypt like everyone is
Security
Source Code Security All code will be securely held in Enterprise GitHub, access will be restricted and monitored.
Policies Matter While teams have autonomy to choose their tooling, the tools and solutions must comply to
Security, Compliance and Availability Objectives.
Radically Restrict and Monitor
Human Access to the Data
Restrict the access to the data by a profound amount (i.e. 90%) this will force the development of
tooled mechanisms.
Immutability Rules The authoritative data source and logs will be immutable, we will have a copy of data held separately
from the teams that support the data.
Trust, but Verify We will intrinsically trust out leaders, engineers and developers to make the right decisions to
protect our data and systems, but will have mechanisms in place to verify that trust.
16. …unless you have better ones
Everybody is a Security
Engineer
Everybody has security engineering responsibility to design and engineer solutions to be secure.
Failure is not an option in security.
People
Pair Programming Works
For both training and development of Production Code and Support the concept of 2 programmers
working together on a single machine and verifying each others works continually has been proven
to increase productivity more than the sum of the parts.
Tooled Correctly for
Continually Learning
Ensuring that Engineers and Developers have the right tools for the job is essential. To complement
this mechanisms for continually self development must be in place. For example, an Enterprise
ACloudGuru licence. Attendance to re:invent. Rotations to other teams to experiment with ideas.
Get to 10% AWS Certified
Scientists at Rensselaer Polytechnic Institute in New York in July 2011, found that when just 10
percent of the population holds an unshakable belief, their belief will always be adopted by the
majority. The same has been true for customers have achieved 10% of Technology Staff holding an
AWS certification.
Recruit for alignment to your
tenets
Recognise what Motivates
Engineers and Developers
As simple as it sounds, formalise into your HR and recruiting cycles.
Motivation comes from Autonomy, Mastery and Purpose allowing people to run with their own ideas,
master them and have impact with them.
17. …unless you have better ones
2 Pizza Teams We will organise ourselves into small teams no larger than 12, the teams wherever possible will be
self contained and have the ability to own their destiny and work schedule.
Flexibility
You Build It, You Run It As the 2 Pizza Teams create features, they will own the support of the them 24x7. A storng
emphasis on pipelines, automation will Cloud Native will reduce overheard.
The Team We Have is the Team
We Need
We are always working to re-skill and retool and promote our workforce with the best knowledge so
that they can execute our cloud vision first, before trying to hire externally.
Teams Choose
The team with their product manager decides how to build and what tools to use to do so, as long as
it meets the organisations security and availability objectives.
One Size Doesn’t Fit All
Our business is large and diverse. Use the right tool for the job. We do not assume one size (tool or
product) fits all, but we do have strong opinions on how to solve common problems. We automate
out opinions into simple, integrated experiences. We remove and deliberately avoid undiffentiated
engineering effort.
Get Out Of The Way
Allowing service teams to own their AWS adoption themselves, we decouple and decentralise
development. We prefer to build guardrails, not gates. We automatically audit for compliance.
18. …unless you have better ones
Everything Fails All The Time Design and test for failure to levels appropriate for the customer problem we are solving. Using Site
Reliability Engineering Principles as we go and it 2nd nature to us.
Compliance &
Availability
Deliberately Fail In Production Be be bold and use Chaos Engineering to deliberately fail applications components in a controlled
but resilient way.
Production Always Run in
Multiple Availability Zones
Production services and their date are always run in more than 1 Availability Zone.
Understand The Rules Each team will understand the technical articulation of the regulations applicable to them. And will
Design and Execute with compliance in mind. They say ‘How’.
Audit Ready, All The Time Each team is ready to be internally or externally audited at any time. Each time will strive to use
their tools to automate such audits as much as possible.
23. Get clear on your objectives8
Cost
21%
1%
2%
42%
26%
8%
Facility (lease/power/maint)
Facility Improvements
Connectivity
Hardware - Refresh/Growth
Hardware - Buildout
Software
84%
16%
Cloud
Software
On-Premise AWS
5-Year On-Premise vs. Cloud Costs = (GAAP) savings of 68.9%
24. Customer
AWS
AWS is responsible for
security of the cloud
Customer is responsible for
security in the cloud
Customer data
Platform, applications, identity, & access management
Operating system, network, & firewall configuration
Client-side data encryption &
data integrity authentication
Server-side encryption
(file system &/or data)
Network traffic protection
(encryption/integrity/identity)
Compute Storage Database Networking
Edge
locations
Regions
Availability Zones
AWS Global
Infrastructure
Get clear on your objectives8
Security
25. Get clear on your objectives8
Security
AWS has a deep set of security tooling
Virtual Private Cloud
Isolated cloud resources
Firewall Manager
Filter malicious web traffic
Advanced Shield
DDoS protection
Certificate Manager
Provision, manage, and
deploy SSL/TSL certificates
Networking
Key Management Service
Manage creation
and control of
encryption keys
CloudHSM
Hardware-based
key storage
Server-Side Encryption
Flexible data
encryption options
Encryption
IAM
Manage user access
and encryption keys
SAML Federation
SAML 2.0 support
to allow on-premises
identity integration
Directory Service
Host and manage Microsoft
Active Directory
Organizations
Manage settings for
multiple accounts
Identity & management
Service Catalog
Create and use standardized
products
Config
Track resource inventory
and changes
CloudTrail
Track user activity and
API usage
CloudWatch
Monitor resources
and applications
Inspector
Analyze application security
Compliance
Macie
Discover, classify & protect data
Secrets Manager
Rotate, manage & retrieve
credentials.
26. Certifications & attestations Laws, regulations, and privacy Alignments & frameworks
C5 🇩🇪 ✅ Argentina Data Privacy 🇦🇷 ✅ CIS (Center for Internet Security) 🌐 ✅
Cyber Essentials Plus 🇬🇧 ✅ CISPE 🇪🇺 ✅ CJIS (US FBI) 🇺🇸 ✅
DoD SRG 🇺🇸 ✅ FERPA 🇺🇸 ✅ CSA (Cloud Security Alliance) 🌐 ✅
ENS High 🇪🇸 ✅ GDPR🇪🇺 ✅ EU-US Privacy Shield 🇪🇺 ✅
FedRAMP 🇺🇸 ✅ GLBA 🇺🇸 ✅ FFIEC 🇺🇸 ✅
FIPS 🇺🇸 ✅ HIPAA 🇺🇸 ✅ FISC 🇯🇵 ✅
IRAP 🇦🇺 ✅ HITECH 🌐 ✅ FISMA 🇺🇸 ✅
ISO 9001 🌐 ✅ IRS 1075 🇺🇸 ✅ G-Cloud 🇬🇧 ✅
ISO 27001 🌐 ✅ ITAR 🇺🇸 ✅ GxP (US FDA CFR 21 Part 11) 🇺🇸 ✅
ISO 27017 🌐 ✅ My Number Act 🇯🇵 ✅ ICREA 🌐 ✅
ISO 27018 🌐 ✅ Data Protection Act–1988 🇬🇧 ✅ IT Grundschutz 🇩🇪 ✅
K-ISMS (Korea) 🇰🇷 ✅ VPAT/Section 508 🇺🇸 ✅ MITA 3.0 (US Medicaid) 🇺🇸 ✅
MLPS Level 3 🇨🇳 ✅ Privacy Act [Australia] 🇦🇺 ✅ MPAA 🇺🇸 ✅
MTCS 🇸🇬 ✅ Privacy Act [New Zealand] 🇳🇿 ✅ NIST 🇺🇸 ✅
PCI DSS Level 1 💳 ✅ PDPA—2010 [Malaysia] 🇲🇾 ✅ Uptime Institute Tiers 🌐 ✅
SEC Rule 17-a-4(f) 🇺🇸 ✅ PDPA—2012 [Singapore] 🇸🇬 ✅ Cloud Security Principles 🇬🇧 ✅
SOC 1, SOC 2, SOC 3 🌐 ✅ PHIPA [Ontario, Canada] 🇨🇦 ✅
TISAX 🇩🇪 ✅ PIPEDA [Canada] 🇨🇦 ✅
🌐 = industry or global standard Spanish DPA Authorization 🇪🇸 ✅
Get clear on your objectives Compliance
27. Get clear on your objectives8
Availability Downtime per year Categories
95% (1-nine) 18 days 6 hours
Batch processing, data extraction,
load jobs
99% (2-nines) 3 days 15 hours Internal tools, project tracking
99.9% (3-nines) 8 hours 45 minutes Online commerce
99.99% (4-nines) 52 minutes Video delivery, broadcast systems
99.999% (5-nines) 5 minutes Telecom industry (ATM Transactions)
Availability
28. Get clear on your objectives8
Part X Part Y
A = AX AY
Availability
29. Get clear on your objectives8
Component Availability Downtime
X 99% (2-nines) 3 days 15 hours
Y 99.99% (4-nines) 52 minutes
X and Y Combined 98.99% 3 days 16 hours 33 minutes
…availability in series
Availability
Part X Part Y
A = AX AY
30. Get clear on your objectives8
A = 1 – (1 – AX)2
Part X
Part X
Availability
31. Get clear on your objectives8
Component Availability Downtime
X 99% (2-nines) 3 days 15 hours
Two X in parallel 99.99% (4-nines) 52 minutes
Three X in parallel 99.9999% (6-nines) 31 seconds
A = 1 – (1 – AX)2
Part X
Part X
Availability
32. Get clear on your objectives8
“Component redundancy increases
availability significantly”
Availability
33. Get clear on your objectives8
Availability Zone A Availability Zone B Availability Zone C
Availability
36. Get clear on your objectives8
CORE SERVICES
Integrated Networking
Rules Engine
Device Shadows
Device SDKs
Device Gateway
Registry
Local Compute
Custom Model
Training & Hosting
Conversational Chatbots
Virtual Desktops
App Streaming
Schema Conversion
Image & Scene
Recognition Sharing & Collaboration
Exabyte-Scale
Data Migration
Text to Speech
Corporate Email Application Migration
Database Migration
Regions
Availability Zones
Points of Presence
Data Warehousing
Business Intelligence
Elasticsearch
Hadoop/Spark
Data Pipelines
Streaming Data
Collection
ETL
Streaming Data
Analysis
Interactive SQL
Queries
Queuing & Notifications
Workflow
Email
Transcoding
Deep Learning
(Apache MXNet,
TensorFlow, & others)
Server MigrationCommunications
MARKETPLACE
Business Apps Business Intelligence DevOps Tools Security Networking StorageDatabases
API Gateway
Single Integrated Console
Identity
Sync
Mobile Analytics
Mobile App Testing
Targeted Push
Notifications
One-click App
Deployment
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource Templates
Build & Test
Analyze & Debug
Identity
Management
Key Management
& Storage
Monitoring
& Logs
Configuration
Compliance
Web Application Firewall
Assessment
& Reporting
Resource & Usage
Auditing
Access Control
Account
Grouping
DDOS
Protection
TECHNICAL & BUSINESS SUPPORT
Support
Professional
Services
Optimization
Guidance
Partner
Ecosystem
Training & Certification Solutions Management Account Management Security & Billing Reports
Personalized
Dashboard
Monitoring
Manage
Resources
Data Integration
Integrated Identity &
Access
Integrated Resource &
Deployment Management
Integrated Devices
& Edge Systems
Resource Templates
Configuration
Tracking
Server
Management
Service
Catalogue
Search
MIGRATIONHYBRID ARCHITECTUREENTERPRISE APPSMACHINE LEARNINGIoTMOBILE SERVICESDEV OPSANALYTICS
APP SERVICES
INFRASTRUCTURE SECURITY & COMPLIANCE MANAGEMENT TOOLS
Compute
VMs, Auto-scaling, LoadBalancing,
Containers, Virtual Private Servers,
Batch Computing, Cloud Functions,
Elastic GPUs, Edge Computing
Storage
Object, Blocks, File, Archivals,
Import/Export, Exabyte-scale datatransfer
CDN
Databases
Relational, NoSQL, Caching,
Migration, PostgreSQL compatible
Networking
VPC, DX, DNS
Facial Recognition
& Analysis
Facial Search
Patching
Contact Center
100+ Services…
Feature
& TTM
37. Ship something to production
that is important, but not critical
9
Amazon Machine image
Create
two-pizza
team
Build your product
Support
your
product
create
deregister
template for the
root volume
AMI #1
Instance
AMI #2
register
launch
copy
38. Train, gain experience, and certify your teams10
Train Certify Scale
Watch: re:Invent talk Read: Medium Blog post
http://amzn.to/2uPrGzRhttp://amzn.to/2GlXeA7
39. “Plans are worthless, but planning is everything”
—Dwight D. Eisenhower
11
March April May June
41. App migration automation/tools
AWS Migration Hub AWS Application Discovery Service
Server & DB migration
Additional third-party
migration tools
Data transfer Partners
AWS Server Migration Service
AWS Database Migration Service
VMWare Cloud on AWS
AWS Schema Conversion Tool
S3 Transfer Acceleration
AWS Storage and File Gateway
AWS Direct Connect
AWS Snowball & Snowmobile
Amazon Kinesis Firehose
44. Migrated ~5,500 instances in
nine months, reduced storage costs
50%, compute costs 20%, and sped
up provisioning by 10x
(4 weeks to 2 days)
Cost reduction
Agility/dev
productivity
Some customers migrating
45. Transforming culture to be a great
place for developers to work by
investing in new skills (thousands of
AWS certifications and counting) and
migrating data centers to the cloud
Agility/Dev
Productivity
Data Center
Consolidation
Digital
Transformation
Some customers migrating
46. Migrating to AWS provides the scalability, security,
and flexibility we need to stay at the forefront of
consumer DNA testing as science
and technology continues to evolve. We’ve rapidly
migrated much of our data and applications to
AWS in less than a year and we’re excited to ramp
up our innovation engine to help more people
discover their family history.”
—Nat Natarajan, EVP of Product and Technology
Data Center
Consolidation
Agility/dev
productivity
Some customers migrating
“
49. 12 steps
1 Just start
2
Single-threaded leader
3
2-pizza cloud business office
4
5
6 7 8
9
10
11
12
Establish your principles
Create your
questions parking lot
Bring in a partner
Get clear on
your objectives
Ship something
to production that
is important but
not critical
Train, gain experience,
and certify your teams
“Plans are worthless, but
planning is everything”
—Dwight D. Eisenhower
Trust, but verify
2-pizza
engineering team
Getting started
with cloud