investing in a cloud-first strategy · support to ibm applications are old, acquired from m&a,...
TRANSCRIPT
Investing in a
Cloud-First Strategy
Justin Proud
Director Virtual Services & Cloud Operations
Joe Brown
Senior Infrastructure Reliability Engineer
Cloud Migration & Modernization at Manulife
Agenda
3
Manulife Overview
• Business strategy
• Technology direction
Cloud-Native or Not Cloud-Native?
• Understand your applications
• Pairing the right cloud to the right apps
• One size doesn’t fit all
• Pros and Cons
• Purpose-built clouds have a place
The Road Ahead
• Continuous learning & Recommendations
Business Overview
5
* As of September 30, 2018
>$1.1 trillionAssets under Management
& Administration*
26 million customers
worldwide, served by
+35,000 employees
+$27.6 billion
paid to customersin benefits & claims
in 12 months
Manulife is a leading international financial services group that helps people make their decisions easier
and lives better.
Global Strategy &
Technology Landscape
6
15 yrs.outsourced
infrastructure & datacenter
support to IBM
Applications are old,
acquired
from M&A,
and many are
mission critical
IBM Mainframes
~ 3,000 applications globally,
on-prem, legacy code across
many architectures
80% of all workloads in
the cloud in 5yrs,
2015 CTO projections
Cloud-First vs. Cloud Agnostic
8
All new applications
to be designed
for the “cloud”
Pick one cloud
to get good at,
Azure first
Leverage Skytap to
enable application
transformation
Journey to the Cloud with Microsoft Azure
9
Commercial campaign during NFL Superbowl that drove
high volumes to our insurance websites
• The website used to reside on-premises datacenters in the USA
• Incurred outages and client frustration during high volume causing loss of
sales and reputation
• Virtually impossible to have enough spare capacity on-premises to required
capacity within cost and space constraints
• Moved the website to Azure, refactored to automatically scale
Using Azure App Services +++
allowed Manulife to seamlessly spin up enough capacity to
avoid outages
11
IBM
A key partner to
manage
datacenters
& Private Cloud
Move to
IBM Cloud
Orchestrator
+
VMware
Dynamic Hybrid
Services (DHS)
is born
Improve Our On-Premises Private Cloud
Build It Ourselves! - Limitations of Our Private Cloud
13
$$$
Requires a lot of capacity to
handle unanticipated growth
and hardware failures
No Savings
Turning off VMs may
have saved the Business
money, but IT was still
paying for the capacity
of the hosts
TIME CONSUMING, UNFEASIBLE
Customization of ICO & ability to add
key features of public cloud
NOT TRUE SELF-SERVICE
Unsuccessful rebuilds from template
Long configuration post-build made it
unusable for app developers
15
Many applications need
to be modernized, or
replaced
Lack of application
knowledge & time
available from
Business Unit
IT SMEs
Legacy + Azure =
all-in?
NOT
POSSIBLE.
What about Legacy Applications?
Moderator Question Joe - What are some of the types of user requests that you were looking to address with
Skytap?
16
• Self Service for end users: Empower the different LOBs to deploy what they want, when they need to with guard rails. As well, let them create/manage/destroy the items that are in the menu to deploy so the options are not just vanilla VMs but fully configured application environments.
• Quota model vs dedicated to project
• Use off-the-shelf vs customize ourselves: Users to suspend/shutdown environments as a whole when not being used, cloned copies of applications run in parallel within minutes
• Capacity model (i.e. save $$$ on capital costs): Users are incented to shutdown based on the cost model that has been implemented.
• Zero Production Impact: A team doing vulnerability testing was able to take an entire copy of their application (around 8 VMs) and run it within ICSS isolated
• Connected back on-prem using the existing dedicated connection to IBM Cloud: Applications run in ICSS access on-prem Mainframe and Active Directory
Accelerating Application
Modernization
17
LATENCY A NON-ISSUE
Tied into our IBM Datacenters through
IBM Cloud for proximity to Mainframe
& SQL clusters
Skytap Cloud enables
our developers to be
agile and provides
a stepping stone to
cloud-native
applications in Azure
IBM Mainframes
ZERO PRODUCTION
IMPACT
Quickly test patching, hardening,
vulnerability management changes to
an application
APPLICATION
ENVIRONMENTS
Migrate the ENTIRE application
stack & dependencies
Build, Test, Release and Innovate Faster
Benefits for Development
• Reduce time waiting for resources
• Full stack environment provisioning in < 1 hour
• Enable parallel development work streams to deliver higher quality software, faster
• Leverage existing & modern CI/CD Toolchains & APIs
Benefits for Test
• Unlimited cloning, zero configuration drift across release gates
• Gain comprehensive, timely test pass coverage
• Suspend state when bugs occur, provide to dev for immediate remediation.
10 Days per Dev and Tester
Days Days Days
Dev Test Deploy
Traditional Serial Dev/Test Provisioning
Service Request from Dev
InfrastructureProvisioning
by IT
NetworkConfiguration
by IT
App Environment ConfigurationBy IT & Dev
Reduce you IT backlog. Tailor-made environments matching the application’s on-prem configurations down to the Layer 2 networking layer simplify deployment & configuration.
With Skytap,
provision in
< 1 hour
Benefits for IT
• Focus on application & cloud strategy to deliver business value vs. infrastructure configuration
• Provide on-demand, self-service infrastructure and app resources at the pace of the business
• Effectively manage resource usage & cost while enabling innovation
Skytap Self-Service, On-Demand Environments
19
Feature
Blended
Environments
Template Clone Share Auto-Suspend Delete VPN & NAT
For Development
Combine AIX,
VMs, and
containers for end
to end testing
Access resources
anytime,
anywhere without
submitting a ticket
Eliminate
configuration drift
with identical
environments
Enable “follow the
sun development”
and faster defect
triage
Pause and return
to environments
always in their
most current state
Easily delete
environments
when no longer
needed
Connect to
components in
other clouds or
on-premises
datacenter
For Operations
Provide self-service
while governing
access and
utilization
Configure
environments once,
then save for
future provisioning
Reduce
infrastructure
capacity
requirements
Enable global
collaboration
across teams
Utilize capacity
only when
environments are
in use
Eliminate
environment
hoarding and idle
infrastructure
Securely connect
environments with
external networks
What We Learned
Do Communicate
Intended use of new cloud solution
New benefits and functionality
A sponsorship message
Don’t Assume
All workloads can/should move from other environments
Standard network connectivity will work
for all use cases
Do Recognize & Acknowledge
There will be changes in your support models
Provisioning, asset & change management will be impacted
User access & control of resources must be thought
through
21
Global Strategy &
Technology Landscape
24
15 yrs.outsourced
infrastructure & datacenter
support to IBM
Applications are
old, acquired
from acquisitions,
and many are
mission critical
IBM Mainframes
~ 3,000 applications globally,
on-prem, legacy code across
many architectures
80% of all workloads in
the cloud in 5yrs,
2015 CTO projections
Investing in a Cloud-First StrategyJustin ProudDirector Virtual Services and Cloud Operations
Joe BrownReliability Platform Engineer
February 13, 2019
Cloud Migration and Modernization at Manulife
Agenda
26
• Manulife Overview
• Business strategy
• Technology direction
• Cloud-Native or Not Cloud-Native?
• Understand your applications
• Pairing the right cloud to the right apps
• Hyperscale pros and cons
• Complementary purpose-built clouds
The Road Ahead
• The saga continues…
• Recommendations
About Manulife
• Manulife is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. Manulife trades as MFC on the TSX, NYSE and PSE, and under '945' on the SEHK.
• Assets under management and administration over $1.1 trillion (US $849 billion) as of September 30, 2018.
• More than 35,000 employees serving 26 million customers worldwide.
• Over $27.6 billion paid to customers in benefits and claims in 12 months.
27
About Manulife
• Cloud First approach adopted in 2015
• At the time, CTO projected 80% of all workloads will be in cloud in 5 years
• ~ 3,000 applications globally, mostly legacy code
• Large Mainframe presence
• Large AIX platform
• VMware platform in on-premise datacenters
• Outsourced infrastructure and datacenter support to IBM in Canada for past 15 years
• Cloud first strategy, one of biggest consumers of Azure in Canada
28
Manulife IT Landscape, Cloud Adoption
29
• Outsourced Datacenters, with large VMware clusters
• Windows (2003, 2008, 2012, 2016)
• Linux Redhat
• AIX
• Physical SQL clusters in Datacenters
• Applications are old, acquired from many acquisitions, and are mission critical in many cases
• So what can we do to realize our cloud goals?
• Talk about partnership with IBM and bridge to next slide about IBM SO partnership, how it works, etc.
Journey to the CloudTechnology Direction
30
• Cloud-First vs. Cloud Agnostic
• All new applications to be designed for the Cloud
• Utilize SaaS or PaaS preferred (Pivotal shop)
• Pick one cloud to get good at (Azure first)
• Dynamic hybrid clouds, focus on 1 public space
• Leverage our hybrid solution (Skytap) to enable application transformation
Microsoft Azure
• Big early win with High Performance Computing actuarial software moving to Azure
• Worked with Vendor to full support product running in hyperscale Azure cloud
• Able to scale up at month-end, quarter-end, and year-end effortlessly
• Jobs ran faster with ability to consume more capacity (10,000 cores, etc)
• Cost reduction as we could turn off the majority of the platform when not being used
Another early win…Technology Direction
31
• Commercial campaign during NFL Superbowl that drove high volumes to our insurance websites
• The website used to reside on premise datacenters in the USA
• Was almost impossible to have enough spare capacity on premise to be able to scale up to required capacity during Superbowl (within cost and space constraints)
• Incurred outages and client frustration during high volume
• Loss of sales, reputation
• Moved the website to Azure and made some changes to be able to automatically scale as required
• Was able to seamlessly spin up enough capacity to avoid outages
What do we do with our legacy apps?Technology Direction
32
• Lots of applications that need to be modernized, or replaced
• Currency challenges (Windows 2003, etc)
• Lack of application knowledge in business unit IT teams (tribal knowledge lost)
• Skillsets that need to exist in house, were outsourced long ago
• Lack of resource time available for Business Unit IT SMEs (competing priorities)
Why not move everything into Azure?• Dependency on proximity to Mainframe
• Support for older platforms not available in Azure
• Cost of applications that need to run 24x7
• Licensing costs
• AIX prevalence
Improve our Private CloudBuild it ourselves!
33
• IBM responsible for the private cloud platform in our Canadian Datacenters (as well as Network/Storage/Security)
• Worked with IBM to move to ICO platform for VMware
• DHS (Dynamic Hybrid Services) was born
• Support for automated provisioning from select hardened patterns
• Add/Modify/Delete of VMs done through automation (cheaper/faster)
• Ability to delete servers when not required, and build from a template quickly if required again
• Enforcing currency on new builds by not allowing templates for any deprecated software or O/S
Limitations of our Private CloudBuild it ourselves!
34
• Customization of ICO and ability to add key features of public cloud was time consuming and in some cases not possible
• Require a lot of capacity to be able to handle unanticipated growth, or hardware unavailability $$$
• Turning off and rebuilding VMs from a template was not successful due to amount of time to configure VMs after to get it usable for development applications
• Turning off VMs may have saved the Business money, but IT was still paying for the capacity of the hosts (no savings)
Where do we go from here?
IBM Cloud and Skytap
35
• Working with IBM, brought in Skytap on IBM cloud for certain development workloads
• Ability to copy whole application platform into Skytap to test out various modernization options
• Clone existing applications, quickly assess changes and then destroy when required
• Ability to quickly test patching/hardening/vulnerability management changes to an application before impacting production
• Tied into our IBM Datacenters through IBM Cloud (proximity to Mainframe, SQL clusters, etc)
• Only charged for what you consume, when turned off, saving money
• Supporting our BU developers ability to work Agile, and leading as a stepping stone to a Cloud Native application for Azure
The traditional development dilemma
36
1) User requests environment from IT
2) IT Provisions VMs
3) Network gets configured
4) Software gets installed
5) Application, middleware and DBs configured
5) Completed Environment
Days or Weeks to Complete
IBM Cloud for Skytap Solutions
Unparalleled development workflow
for mission-critical applications
37
2) Fully configured environments rapidly
cloned
3) Ability to run multiple cloned environments for
parallel dev/test activities
1) Users requests environment from template via Self-Service
Portal
Scaling these capabilities to all teams = massive efficiency gains.
Skytap Segway where we can talk to lessons learned here as well
• Lessons learned
Support model changes
• IBM support / monitoring reduced to provide flexibility. No longer required for VM management.
• CI creation/tracking – due to the dynamic nature of Skytap, tracking inventory was a new challenge.
• Patching – Now an internal responsibility. Platform owners need a new process to track and secure virtual assets.
Network connectivity
• Sandbox isolation / Skytap internal network automation.
• BU requirements – connectivity to other networks.
• NAT vs. No NAT – Solution to provide static routable IP vs. internal Skytap DNS to translate IPs
• AD integration - SSO for users in multiple domains and IBM support staff.
38