3. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
IT mission &
CIO mission
• Create business value through technology
• Strategic planning of business growth objectives
• Ensuring the tech systems and procedures lead
to outcomes in line with business goals
3
How would you reduce the gap and achieve your mission?
4. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
AND THE ANSWER IS – CLOUD NATIVE
5. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
s
Cloud native
operations
Cloud Native
Development
PROJECT
E V E R Y C O O L
S T A R T S H E R E
Technical, process
and data debt
payment
01
02
03
04
06
05What is Cloud
Native IT?
Post virtualization
infrastructure Zero Trust security
Cloud Native
as R&D lab
5
5
5
6. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
CLOUD NATIVE TECHNICAL DEBT:
T H E FA S T E R W E M O V E , T H E M O R E D E B T A N D I N T E R E S T W E A C C U M U L AT E
6
7. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Technical debt repair &
avoidance: managerial &
process ways
Increase awareness
Place "technical debt" executive C-
level related (from OCIO or internal
auditor)
Keep backlog of debts + interest
Set “quality first” policy for data entry
Source: Accenture
7
8. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Technical debt repair & avoidance by
selecting proper architecture: decoupling
Decouple GUI from logics
Decouple applications from the legacy
infrastructure.
Decouple the business process systems from
one another.
8
9. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Other ways to
repair &
avoid
technical
debt
• Cloud reduces technical debt
• Infrastructure as Code (IaC) enables to
remediate debt faster
• Use of data governance tools (data
debt)
9
10. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Place “reduce technical debt” as organization goal
• Place “technical debt executive” (from C’ level or internal
audit)
• Set technical debt notification process
Place “reduce technical debt” as organization goal
Place “technical debt executive” (from OCIO or internal audit)
Set technical debt notification process
• Place “reduce technical debt” as organization
goal
• Place technical debt executive (“C” level
related)
• Vote for “Decouple”!
10
11. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
s Cloud native
operations
Cloud Native
Development
PROJECT
E V E R Y C O O L
S T A R T S H E R E
Technical, process
and data debt
payment
01
02
03
04
06
05What is Cloud
Native IT?
Post virtualization
infrastructure Zero Trust security
Cloud Native
as R&D lab
11
11
11
12. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Post-virtualization is a set of technologies that
replace the core of IT infrastructure
12
13. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
IT compute Load
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
today tomorrow after tomorrow
physical virtualized container serverless
Total load (old
+ new)
Source: STKI
13
14. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
IT compute load
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
today tomorrow after tomorrow
physical virtualized container serverless
New application
load
Source: STKI
14
15. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
The Cloud Platform will be the core of IT infrastructure
15
16. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
The core of “Cloud Platform” is:
Containers & Kubernetes
(prerequisite for this presentation)
Microservices architecture
(prerequisite for this presentation)
Serverless (FaaS) & EDA (event
driven)
Servicemesh
APaaS (“cloud native” in a box)
16
17. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
FaaS (Functions as a Service)
& Serverless
17
18. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Event driven programming architecture (EDA)
18
19. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
The good, the bad and the evil of
Serverless and EDA:
Scale to zero (the real “pay as you
go”)
Easier & faster to the developer
(no need to compile, build, etc.)
Increase (cloud) vendor lock in
Open-source projects (OpenFaas,
Kubeless ) are emerging
Expensive in high utilization and
performance instability
19
20. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Containers
vs.
Serverless
(FaaS)
20
21. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
IT should explore Serverless and EDA
21
22. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Service Mesh
Architecture
22
23. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Servicemesh
architecture:
• The evolution of SOA, ESB and
Rest
• Enables to control how
microservices interact
• Tradeoff is increased latency
• The next major features to
expect from Servicemesh tools
is Zero Trust enablement !!
23
24. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Integration team is now responsible for setting the tools
of inter–application interfaces
Integration team is now
responsible for setting the tools
of inter–application interfaces
24
25. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
APaaS “All in one” cloud platform
tools:
The highway to “Cloud Platform”
25
26. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
APaaS “all in one”
native cloud tools:
• The evolution and combination of
IDE, DevOps and private cloud tools
• Tradeoff between fast installation
and operations and less control of
technology stack
• Different APaaS flavours:
• For infraops
• For development (CICD)
26
27. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
When implementing “All in one”
APaaS platforms the
development is in the center
27
What about traditional infrastructure?
28. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Business process, Data
Application = code
Cloud platform: Containers , Serverless
Basic infrastructure
What is basic infrastructure?
How is it built and maintained?
28
29. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What is basic
infrastructure:
• Bare metal
• HCI
• Networks
• Virtual Machines
• Object storage
• Public / hybrid cloud
• Cloud on prem
• Openstack
29
30. Copyright@STKI_2019 Do not remove source or attribution from ant slide or graph
How is it
built? Build with IaC “Infrastructure as
Code”:
• Puppet
• Chef
• Ansible
• Terraforms
30
31. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
IaC maturity model
IaC benefits to the end user:
• Reduce cycle times
• Reduce human errors
• Reduce cost
• Provides visibility
Source :ThoughtWorkshttps://www.slideshare.net/garystafford/infrastructure-as-code-maturity-model
31
32. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Infrastructure should embrace IaC
and set IaC metrics
32
33. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
s Cloud native
operations
Cloud Native
Development
PROJECT
E V E R Y C O O L
S T A R T S H E R E
Technical, process
and data debt
payment
01
02
03
04
06
05What is Cloud
Native IT?
Post virtualization
infrastructure Zero Trust security
Cloud Native
as R&D lab
33
33
33
34. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What is Low Code?
• Create application software through
graphical user interfaces and
configuration instead of traditional
computer programming
• The new “4GL”
• Low Code vs. No Code platforms
34
35. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
>10x
improvement
Typical Low Code presentation by vendor
35
36. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Potential Low Code
benefits
• Reduce IT backlog and
boost organization usage
of technology
• Enables legacy developers
be part of latest
technology applications
• Reduces risk since apps
are developed faster with
less effort
• Smoother operations and
visibility of production
applications
36
37. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• IT should investigate Low Code platforms
for its benefits and limitations
• Departmental & limited time use
applications are natural fit for Low Code
exploration
37
38. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
DevOps
01 02
03
04
05
Deploy &
implement
Define requirements
based on customer
metrics
Design system & test
outcomes with
customer metricsAgile development
& test with
outcome metrics
JOB TO BE
DONE
DESIGN
PRODUCT
PROTOTYPE
& TEST
DEVELOP THE
PRODUCT
FRUITION
Outcome-Driven
Development®Product
strategy
Problem
definition
Product
prototype
Deploy
ment
Maintain
Implementation
& Training
TIM Methodology®Define market/
product strategy
based on unmet needs
Agile development
alone
(without management
support and LoB full
involvement) can’t
bring the real
change that the
organization needs this will be explained during
the session on
“organizational & IT
initiatives”
38
39. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What architects do?
Draw lines that separate things
Draw lines that connect things
Describe the whole landscape
Strong IT architecture team is
needed for TIM® implementation
IT needs to act faster – must see the whole landscape
Visibility of dependencies is a crucial
Backwards compatibility and API documentation is crucial
However, architecture team must be agile and not hold back
the organization
39
40. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Enhance (build) your ArchitectCTO team
• Define Architecture vs. CTO roles
• Define SLA for ArchitectureCTO team
40
41. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What stops
cloud native
development?
• Process is not done right (skip DT, skip
LEANprototype, aim for features instead of
goals, etc.)
• InfraOpsSec stops the cloud platform
• Business is not part of the dev process
• Outdated budgeting yearly plan and
evolution from “projects” to
“products”(explained during “organizational
& IT initiatives”)
• Midrange managers jeopardize the move
41
42. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Agile teams
work
independently
during sprint
cycle
Source of graphics: SAP STKI modifications
The
“Team”
42
43. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Managers in TIM (Agile): completely change their role
(discussed later in “organizational and IT employee
initiative”
43
44. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Please take a deep breath and adapt
• Adopt TIM® and remove barriers
• Everybody in development should expect
big change in processes and responsibility
especially mid-managers.
44
45. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
s Cloud native
operations
Cloud Native
Development
PROJECT
E V E R Y C O O L
S T A R T S H E R E
Technical, process
and data debt
payment
01
02
03
04
06
05What is Cloud
Native IT?
Post virtualization
infrastructure Zero Trust security
Cloud Native
as R&D lab
45
45
45
46. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
DevOps speeds up software
development and
operational deployments
46
47. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
DevOps benefits are:
business agility and a
responsive technology
function
• Faster delivery of features
• More stable operating
environments
• Improved communication
and collaboration
• More time to innovate
(rather than fix/maintain)
47
48. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
“DevOps & Sons”
DevSecOps
CloudOps
GitOps
AIOps
DataOps
MLOps
NoOps
48
49. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
The final cut: NoOps
NoOps is the next logical progression of DevOps
The complete process is automated via “cloud platform” tools
Development team do not need to communicate with system administrators anymore
49
50. Copyright@STKI_2019 Do not remove source or attribution from ant slide or graph
• OCIO should co-manage DevOps (along with
Dev and Infra/Ops)
• Work visibility is step #1
• Testing automation is step #2
50
51. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Things developers are doing with
DevOps & Cloud Platforms:
Set and update security policy
Add/reduce compute power
Add/reduce storage capacity
Set and update backup policy
Set and update monitoring policy
Set and update clusterrestart
configuration
Define and activate deployment tactics
51
52. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
The balance
between dev. and
ops. is changing
52
53. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
“Total Commitment”
• I want my team to serve
the business - be able to
do everything they need
to do:
• write, ship and
support their code
• deploy a build
• monitor production
find and fix
production problems
• I want my team to take
ownership
• I want everyone else to get
the hell out of the way
Based on: https://stackify.com/what-is-devops/
“You build it - You run it”
53
54. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Development
(the team) is
part of every
incident
54
55. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Development
(the team) is
looking at their
monitoring /
business
console
55
56. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Teams (“developers”) should take
more end to end (production)
responsibility
56
57. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What will happen to
infrastructure &
operations?
Things developers are doing with
DevOps & cloud native platforms:
Set and update security policy
Add/reduce compute power
Add/reduce storage capacity
Set and update backup policy
Set and update monitoring policy
Set and update clusterrestart configuration
Define and activate deployment tactics
57
58. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What will happen to
infrastructure &
operations?
Infrastructure will have
to adopt and to become
the “new kid”:
To be the “DevOps” and
take responsibility for
CICD
To be the “cloud
platform”
For the same workload,
Infrastructureops head
count will be reduced :
90% reduction if 100%
public cloud
30% for cloud native on
prem
Not today
58
59. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Please take a deep breath and adapt
• Become “DevOps” and take responsibility for
CI/CD
• Become the “Cloud Platform” owner
59
60. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
s Cloud native
operations
Cloud Native
Development
PROJECT
E V E R Y C O O L
S T A R T S H E R E
Technical, process
and data debt
payment
01
02
03
04
06
05What is Cloud
Native IT?
Post virtualization
infrastructure Zero Trust security
Cloud Native
as R&D lab
60
60
60
61. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Yesterday :the organization had perimeters
Inside= safe
Outside=not safe
61
62. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Today :the organization has no perimeters
“Never trust – Always verify”*
Forrester-The Zero Trust eXtended (ZTX) Ecosystem
62
63. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
First zero trust implication: decentralize everything
Inside= safe
Outside=not safe
IBM Datapower
F5
Checkpoint
63
64. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Every protection is edge protection
64
65. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should we verify?
• The device
• The user
• The network
• What is transferred (data, docs,
web)
• Role-based access control
(process, port, protocol) – provide
the minimal access
65
66. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Network nano segmentation (IP-protocol-port-process) vs. SDP
software defined perimeter
66
“Feb 12, 2019 - Symantec said on Tuesday that it's acquiring Luminate Security…”
67. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
67
SDP architecture example: Cyxtera
2
Controller checks context,
passes Live Entitlement to client
3
Using SPA, client uploads Live
Entitlement, which gateway uses to
discover applications matching the
user’s context
5
Continuously monitors for any
context changes, adapts Segment of
One accordingly
1 Using Single-Packet Authorization,
client makes access request to
controller
4 Dynamic Segment of One network is
built for this session
CONTROLLER
GATEWAY
CLIENT
APPLICATION
IDENTITY PROVIDER
APPLICATION
APPLICATION
67
68. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Zero Trust SDP via Servicemesh: set the role based access level in
servicemesh?
68
69. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Implement cyber security solutions that are
based on edge protection
• Explore Zero Trust SDP solutions while
understanding the current north-south,
east-west solutions gap
69
70. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
s Cloud native
operations
Cloud Native
Development
PROJECT
E V E R Y C O O L
S T A R T S H E R E
Technical, process
and data debt
payment
01
02
03
04
06
05
What is Cloud
Native IT?Post virtualization
infrastructure Zero Trust security
Cloud Native
as R&D lab
70
70
70
71. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Technology is the core of
differentiation in each
organization
All organizations are
“Technology Companies”
All organizations should
invest in technology R&D!!
71
72. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Enterprise Organizations should allocate
at least 0.5% from IT investment budget to R&D
72
73. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Summary #1: What are the “Cloud Native”
benefits (CEO level)?
Better business productivity – react fast to business needs (faster development with
TIM® & Low Code, using limitless cloud resources, deploy faster with DevOps)
Reduce cost (open source based, public cloud potential savings, more automation – less manual
work, programming is more efficient)
Reduce technical debt (automation in changes patches, public cloud constantly updates,
microservices enable granular debt payment)
Improved availability, increased security (immutable code & infrastructure is self healing, less
human errors because automation, automatic scale up – applications will not overload, DevOps
enables faster roll-back, zero trust cyber security)
Enable faster business partnerships and regulations compliance (Open API standards
and API management tools, zero trust enables faster co-operation)
73
74. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
• Place “reduce technical debt” as organization goal
• Place “technical debt executive” (from OCIO or internal
audit)
• Set technical debt notification process
• Enhance (build) your ArchitectCTO team
• Define SLA for ArchitectureCTO team
• Embrace Microservices architecture
• Backwards compatibility and API documentation is
crucial
• OCIO should manage DevOps (with Dev and
Operationsinfra)
• DevOps: work visibility is step #1
• DevOps: Testing automation is step #2
• IT should explore Serverless and EDA
• Integration team is now responsible for setting the tools
of inter–application interfaces
• When implementing “All in one” APaaS platforms the
development is in the center
• InfraOps should be responsible for DevOps processes
enablement and cloud native tools (APaaS)
• Implement cyber security solutions that are based on
edge protection
• Explore Zero Trust SDP solutions while understanding
the current north-south, east-west solutions gap
• Enterprise Organizations should allocate at least 0.5%
from IT budget to r&d
74
75. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Cloud
Native
75
Pini Cohen
STKI CTO
pini@stki.info
76. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
APPENDIX: WHAT SHOULD CTO EXPLORE?
T E C H N O L O G I E S A R E D I V I D E D T O “ B U S I N E S S R E L A T E D ” A N D “ I T R E L A T E D ”
76
77. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should
CTO explore?
• Open API standards
opens up the
organization for easier
business partner
enrolment
Name = “Moshe Cohen-Levi”
FullName = “Moshe Cohen-Levi”
77
78. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO explore?
Mobile payment technologies
78
79. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO
explore?
VRAR
79
80. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO
explore?
Quantum computing
80
81. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO
explore (internal IT
proposes): ?
Quantum computing
"Anyone that wants to make sure that their data
is protected for longer than 10 years should
move to alternate forms of encryption now" said
Arvind Krishna, director of IBM Research.
81
82. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO explore? 5G based solutions
82
83. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO explore (internal IT
proposes):
DRaaS as a public cloud starter
83
84. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO explore
(internal IT proposes) ?
Cloud on prem solutions
• Have the cake and eat it, too
84
85. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Public on prem
differentiation &
Trade-offs
• Pay as you go or pay up front.
What type of commitment?
• Work disconnected?
• HW by vendor or by partner?
• Variety of services available?
• Cost for network egress?
85
86. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
What should the CTO explore (internal IT proposes) ?
Platform offering
Same-Day home delivery
Subscribing
Notification service Account opening
Load request
Ask to transfer money
Credit allocation Clearing/SettlementCash management Trade finance
Trust and securities
Inventory management
Payments
document managementidentity BI
WCM
MonitoringData store
Vendor A
Customer Engagement
Transaction/Core services
Data Services Infrastructure services
Vendor B
Payment calculation
AI/ML
86
87. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Platforms solutions
benefits:
• Software/SaaS platform comes with all business
needs (engagement processes + transaction
processes ++)
• Processes are integrated and enable single
source of truth (unified data) without process
conflicts
• Define custom business processes
(configuration, code, 3rd party = “market”)
• The platform's constant update reduces the
technical debt
• Business might need to change processes (high
management attention)
87
88. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
STKI: Business platforms will
dominate the market
88
89. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Technical debt repair & avoidance: technical
• Static code analysis tools give metrics for technical debt (code
complexity, etc.)
• It enables to identify hot spots (debt+commits) and provide
warning lights
89
90. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph
Functional
Programming
• Rather than changing
data they take in,
functions in functional
programming take in data
as input and produce new
values as output. Always.
Source: https://medium.freecodecamp.org/learning-the-fundamentals-of-functional-programming-425c9fd901c6
90