Berlin

#awssummit

@AWS_Aktuell

AWS Cloud Adoption Framework

an overview

Marcus Fritsche

AWS Cloud Adoption Journey

What skills and

capabilities are

required?

How to compose

adoption team?

How to structure

cloud programs?

Strategy for quality

delivery and

operations?

Customers are asking us for the

high-level enterprise-wide

organizing logic for mapping their

business needs to IT capabilities,

reflecting the agility, integration and

standardization changes that cloud

computing brought to IT industry.

Strategic relationships are opening-

up new set of questions, requiring

AWS to demonstrate delivery

capability, technology insight, and

practical business value to our

customers.

Will risk increase?

Can we run cloud

secure and

compliant?

What are the

priorities?

When to deliver

solutions?

How to design

foundations?

How to migrate

workloads?

What tooling do we

need?

What is the new

ITSM cycle?

Business Impact?

What to measure?

How to measure?

AWS Cloud Adoption Framework

The AWS CAF organizes and

describes the perspectives in

planning, creating, managing, and

supporting a modern IT service.

Offers practical guidance and

comprehensive guidelines for

establishing, developing and running

AWS cloud-enabled environments.

It provides a structure where business

and IT can work together towards

common strategy and vision,

supported by modern IT automation

and process optimization.

People

PerspectiveProcess

Perspective

Security

Perspective

Maturity

Perspective

Platform

Perspective

Operations

Perspective

Business

Perspective

KEY PERSPECTIVES AND

MODELS

AWS Cloud Adoption Framework

Business Perspective

CAF

Business PerspectiveInformation Technology (IT) is used by

organizations to process, manage and

communicate information efficiently and

is a vital capability within modern

business environments. Increasingly, IT

also serves as the basis for delivering

innovative products and services that

can transform conventional ways of

doing business.

The Business Perspective represents

areas that business and IT people must

focus on to ensure that IT is utilized in an

optimum way to deliver the maximum

value.

Budget and

Cost

ManagementIT Strategy

Governance

Supplier

Management

Risk

Management

Benefit

Management

IT Strategy Model

Customer

Internal Business

Processes

Learning and Growth

FinancialMaximize

shareholder

returns

Manage

cost of IT

Enable value

creation

Demonstrate

competitive

costs

Deliver quality IT

services

Maximize

business

productivity

Achieve

business

strategies

Attract and retain

key talent

Enable strong

career

development

Promote culture

of innovation

Acquire skills in

enabling

technologies

Understand

emerging

technologies

Propose

enabling

solutions

Understand

business

strategies

Standardize

platforms and

architectures

Manage IT

service quality

Optimize IT

processes

Empower and

support

end-users

Improve IT

productivity

Deliver on

schedule and

within budget

Utilize

economies of

scale

Application Disposition Model

Discover/Assess/Prioritise

Applications

Use Migration Tools

Transition

Production

Retain / Not

Moving

Redesign Application/

Infrastructure Architecture

App Code

Development

Purchase COTS/

SaaS & licensing

Test

Modify underlying

Infrastructure

Full ALM /

SDLC

Manual Config

Manual

Deploy

Manual Install

Retire /

Decommission

Determine

Migration Path

Automated

Manual Install

& Setup

Integration

Process PerspectiveCAF

Process Perspective

What is a process in Cloud Adoption?

For the purposes of the CAF, process can

be defined as a set of interrelated actions

and activities performed to achieve a

specified set of results, outcomes or

services.

The Process Perspective components cover

activities across complete IT lifecycle, help

structuring the work, re-engineer manual

processes, assure quality and govern

delivery of agreed outcomes.

Portfolio

Management

Service

Delivery

Management

Program &

Project

Management

Continuous Integration/ Continuous

Delivery

Process

Automation

Quality

Management

Cloud Lifecycle Model

- Effective ongoing service

management

- Governance and monitoring

- Initiation of new activities

- Feedback loop and

Optimization

- Creating/building/coding IT services

that meet/exceed defined expectations

- Testing/validating IT services against

testing plan and acceptance criteria

- Transition/deployment of IT services

into operations

- Assessing and analyzing the current

state

- Defining strategic vision and direction

- Setting financial, GCR and

organizational structure

- Validation before delivery begins

Iterative

Development

Strategy Analysis Design Transition Operations Improvement

Value-based

Planning

Automated

Operations

Initiative Roadmap

Cloud Adoption Strategic Initiative

Launch and mobilize

Cloud Adoption – Service Analysis & Design

Maturity and Gap Analysis

Cloud Technology Foundation Design

IT Organization Redesign

IT Process Redesign

Application Portfolio Assessment

Cloud Adoption – Service Transition

Integrated IT Operating model

Provisioning, Migrations, Handover

Cloud Adoption – Service Operations

Monitoring, ITSM Management

SLA Management, Billing, Reporting

Cloud Adoption – Portfolio Governance

Weeks 1-4 Weeks 5-8 Weeks 9-12 Weeks 13-16 Weeks 17-20 Weeks 21-24 Weeks 25-28 Weeks 29+

Define Cloud Strategy & Team

Maturity PerspectiveCAF

Maturity Perspective

Maturity model helps customers with

structured, systematic assessment

and planning of capability maturity,

defining the most optimal map

towards effective use of cloud

computing.

Focus of maturity perspective

components is on consistent

implementation towards more secure,

well-managed and cost-optimized

cloud-based IT capabilities.

Cloud

Readiness

Assessment

Cloud Maturity

Heat-map Assessment

Target Platform

Capabilities

Application

Portfolio

Analysis

Roadmap

sequencing

IT Management

Assessment

Customer State Roadmap

Traditional

Cost-

focused

Innovative

Quality-

driven

Growth-

obsessed

Leading

Stimulating

Innovation

Preparing

For M&A

People Perspective

CAF

People Perspective

People perspectives covers

organizational capacity, capability and

change management functions that

are required for efficient Cloud

Transformation.

Activities include assessment,

organizational re-alignment and

training/readiness required to build

agile IT organization capable of

leading the change towards effective

cloud computing adoption.

Organizational

Structures

Roles and

Job

Descriptions

Training

Certification

Readiness

Manage

Staffing

Organizational

Change

Management

Skills

and

Competencies

Cloud Adoption Team Skills

IT Architecture

Feasibility Analysis

Technical Requirements

Cloud Architecture

Application Migration Design

Technology Blueprints

Validation

SOA Strategy

IT Delivery

Infrastructure Provisioning

Solution Development

Service Deployment

Application Migration

- Rehosting

- Replatforming

Solution Deployment

IT Operations

Monitoring

SLA Management

Incident Management

Metering

Billing

Business Continuity Mgmt.

Disaster Recovery

Project Mgmt. Office

Scheduling

Progress Monitoring

Reporting

Orchestration

Initiative Leadership

Governance

Risk & Compliance Mgmt.

Cost Management

Information Assurance

Strategy Definition

Business Alignment

Adoption Roadmap

Benefit Management

Migration V-Team Org Model

Architecture Team

Lead Architect

Migration Team

Migration Lead

Operations Team

CloudOperations Lead

Program Mgmt. Office

Lead Program Manager

Security Lead Networking Lead Foundation Lead Cloud Ops - Network

Storage & DB Lead

Linux Compute Lead

Windows Compute

Lead

Automation Lead

DevOps Process

Lead

Program/Project

Manager

Web migration Lead

Linux app stack Lead

Win app stack Lead

Oracle DB Lead

Cloud Ops - Automation

Cloud Ops – Front-end

Cloud Ops – Middleware

Cloud Ops – Database

Business

Sponsors

Tools Lead

People and Team Modeling

Sourcing

Skills and Capabilities

Team Composition

Partnering/sourcing options – structural, geo and legal

Validating vendor capabilities & SLAs

Hardened interfaces – defined expectations and penalties

Scalable teaming model – based on

2-pizza teams

Roles and accountabilities for

delivery and operation

Well-rounded universalists for cloud

computing era

Skills profiles for various roles in the team

Balancing development, sysops, project

management and business skills

Core Team

Strategy Architecture

Support Engineering

Security DevOps

Skill

Dom

ain

s

Competency Levels

Platform PerspectiveCAF

Platform PerspectiveHelps architects and technology

teams understand the relationship of

abstractions used to model cloud

computing elements that are common

across an enterprise.

Platform Perspective components

describe the fundamental

organization of a hybrid IT system

spanning multiple environments, that

is embodied in its components, their

relationships to each other and their

design and evolution.

Conceptual

ArchitectureLogical

ArchitectureImplementation

Architecture

Application

Migration

Patterns

Cloud design

principles and

patterns

Conceptual Architecture Mapping

Measured elastic IT resource that can be rapidly provisioned on-demand,

such as: Object storage service

Service

A technology collection that can be transparently

obtained from collection of available stencils, such as a

LAMP stackStack

An aggregated IT functionality performed by

collection of various IT stacks, such as: Managed

DesktopWorkload

An ability of IT to provide value to the

business through a collection IT workloads,

such as: Line of Business PlatformIT Capability

An IT component that includes pre-defined and configured cloud

services, such as Spot instances in auto-scaling group Stencil

Pla

tfo

rm S

erv

ices

Fo

un

da

tio

na

l S

erv

ices

Networking Cloud Isolation Connectivity Elasticity Name Resolution

Security Firewall Identity & Access Auditing Encryption

Storage Object Store File Store Archiving Backup/Recovery Storage Integration

Compute General Purpose Compute optimized Memory Optimized GPU Optimized Storage Optimized

Server OS BSD Linux Windows Other

Database Relational NoSQL In-memory DB Data Warehouse

Data Integration ETL/ELT Replication Queueing Data Load MDM

Ap

p S

erv

ices

Composites Search Workflow Messaging

Mobile App Store Push Analytics Identity

Streaming TranscodingOrchestration

Data Analytics Data streaming Data Processing Data Mining Machine Learning

Protocols HTML REST SMTP IM/SMS SOAP/WS-* RDP/VNCSSH

Clients Browser Email Legacy App Mobile App TXTStore app Term Remote Desktop

App Server Java PHP Python Ruby .NET Node.js

Event Processing

Dev Env

Content Delivery

Man

ag

em

en

t &

Dep

loym

en

t

Monitoring Management

App Containers Provisioning

Ap

p

Develo

pm

en

t

SDK kit IDE kit

BC

P &

Co

nti

nu

ity

High Availability Disaster Recovery

SAP

HANA

Functional Architecture Modeling

Implementation Architecture Modeling

Availability Zone Availability Zone

Internet Gateway

External Subnet External Subnet

External

ELB

Internal Subnet Internal Subnet

Internal ELB

VPN Gateway

Operating Perspective

CAF

Operating PerspectiveEvery organization has an operations

group that defines how day-to-day,

quarter-to-quarter, and year-to-year

business will be conducted. IT

operations must align with and

support the operations of the

business.

Operating Perspective components

describe the focus areas used to

enable, run, use, operate and recover

IT workloads to the level agreed to

with business stakeholders.

Cloud Service

ManagementSLA/OLA

Strategy

Business

Continuity

Planning

Incident &

Problem MGMT

Change and

Configuration

Management

Performance

&

Operational

Health

Operating Model

Transition Operations Improvement

Architectural Governance

• Standards

• Cloud Architecture & Strategy

• PMO

Cloud Transition

• Foundational cloud services

• Application migrations in volumes

• Training, coaching, communications

MSP Transition

• Foundational MSP requirements

• SLA definition

• Transition to Managed Services

Cloud Operations

• Access control (traffic & connectivity)

• Tooling (self service, automation)

• Knowledge Mgmt (insights, metrics)

• Monitoring (reliability, BCP)

Legacy Operations

• On-premise infrastructure & platform

• Tooling (integration)

• Incident Management

Environment Optimization

• Service Management

• Alerting & Escalations

• Problem Management

• Reporting

• IT & Cost Optimization

• BCM

• Improvement Management (portfolio,

lifecycle, sun-setting)

Risk & Security

• 1st Line of Defense

• Security architecture & advisory

• Tooling (PenTest, IDS)

• Forensics & Insights

Operational Governance

• Operational Assurance

• Resource Management

• Cost Management

Security PerspectiveCTF

Security

PerspectiveEvery company is concerned with

protecting information and assets as

they grow the business. They also

want to ensure they are operating

within the legal boundaries and

standards set by and on the behalf of

governmental agencies and industry

associations.

Security Perspective components

provide guidance that enables a

comprehensive and rigorous method

of describing a structure and behavior

for an organization’s security and

compliance processes, systems and

personnel.

Reference

Security

Architectures

Governance,

Risk,

Compliance

DevSecOps

Security

Operations

Playbooks

Security

Strategy

Lifecycle

Security

Capabilities

People

Mo

nit

or

Man

ag

e

Network

Storage & Content

Instance

Database

Log,

Audit,

& A

naly

ze

Monitor

& A

lert

Platform

Amazon

CloudWatch

Amazon SNS

Notifications

AWS Abuse

Notifications

Trusted Advisor

Amazon EMR

Amazon Kinesis

S3, CloudFront

Access Logs

Application

Logs

Database Logs

Operating

System Logs

AWS Internet

SecurityELB SSL

Security Groups

VPC VPN

GatewayVPC Subnets

VPC NACLsVPC Routing

Tables

Direct Connect

Geographic

Diversity

S3 ACLs,

Bucket Policies

S3 Server-Side

Encryption

S3 MFA Delete Lifecycle RulesClient-Side

EncryptionS3 SSL

S3 Object

Metadata

Storage

Gateway SSL

CloudFront

Signed URLs

Auto ScalingSSH Keys

Bastion Host

Bootstrapping

Amazon

Machine

Images (AMIs)

CloudFront

Load

Distribution

Penetration

Testing Process

Oracle

Transparent

Data Encryption

MS-SQL SSLOracle NNE

Redshfit Cluster

Encryption

RDS Auto Minor

Patching

MS-SQL

Transparent

Data Encryption

DynamoDB

SSL

EMR Job Flow

Roles

Access Policy

Language

AWS SAs &

ProServe

AWS Sales,

Support, TAM

Security

Operations

Center

Elastic

Beanstalk

Rolling

Patching

MySQL SSLPostgreSQL

SSL

SimpleDB SSL

Redshift

Encrypted S3

Backups

DynamoDB

Fine Grained

Access

Route 53

Health Checks

Access Policy

Simulator

Auth

enticate

& A

uth

orize

IAM Users,

Groups & Roles

IAM MFA

AWS

Marketplace

Offerings

IAM STS

Federation

IAM Password

Policy

IAM SAML 2.0

IAM Web

Identities

S3 Object

Versioning

S3 Object

ETags

AWS Forums &

Documentation

AWS Service

Level

Agreements

AWS Training &

Certification

AWS CloudTrail

Server

Certificates

AWS System

Integration

Partners

Resource-Level

Permissions

Glacier SSL

CloudFront SSLGlacier Server-

Side Encryption

Amazon

Redshift

HIPAA SOC 1 / 2 / 3PCI DSS

Level 1ISO 27001 FedRAMP

DIACAP and

FISMAITAR FIPS 140-2 CSA MPAA

AWS Assurance Programs

Org

aniz

e,

Deplo

y, &

Opera

te

SSL API, CLI,

Console

AWS

CloudHSM

Resource

Tagging

Snapshots &

Replication

AWS

CloudFormation

Desig

n

Overview of

Security

Processes

Logging in AWS

Whitepapers

Governance for

AWS

AWS Webinars

& Videos

AWS Security

Best Practices

AWS Security

Test Drive Labs

Operational

Checklists for

AWS

Security for

Microsoft Apps

on AWS

Pla

n,

Learn

AWS

Compliance

Forum

AWS Simple

Monthly

Calculator

AWS Reference

Architectures

AWS Risk and

Compliance

AWS Auditing

Security

Checklist

Customer &

Partner

Whitepapers

Dedicated

Instances

Security Reference Architecture

Identifying What Needs To Be Done

We examine each of

these perspectives with

you to identify the

goals, implications,

and specifically what

needs to be addressed

Roadmap - Example

Discovery

Workshop

Cloud Business

Case

Define

Security

Requirements

Define

Network

Environment

Organizational

Structure

Operational

Integration

Security

Operations

Playbook

Cloud

Environment

Optimization

Application

Portfolio

Analysis

Cost and

Billing

Analysis

Skills and

Competencies

Define Cloud

Environments

Define EA

Policies and

Practices

Continuous Integration/ Continuous

Delivery

IT

Strategy

WE HAVE THE EXPERTS TO

GUIDE YOUR BUSINESS

SUCCESSFUL INTO THE CLOUD!

AWS Cloud Adoption Framework