Investing in a

Cloud-First Strategy

Justin Proud

Director Virtual Services & Cloud Operations

Joe Brown

Senior Infrastructure Reliability Engineer

Cloud Migration & Modernization at Manulife

Agenda

3

Manulife Overview

• Business strategy

• Technology direction

Cloud-Native or Not Cloud-Native?

• Understand your applications

• Pairing the right cloud to the right apps

• One size doesn’t fit all

• Pros and Cons

• Purpose-built clouds have a place

The Road Ahead

• Continuous learning & Recommendations

Business Overview

5

* As of September 30, 2018

>$1.1 trillionAssets under Management

& Administration*

26 million customers

worldwide, served by

+35,000 employees

+$27.6 billion

paid to customersin benefits & claims

in 12 months

Manulife is a leading international financial services group that helps people make their decisions easier

and lives better.

Global Strategy &

Technology Landscape

6

15 yrs.outsourced

infrastructure & datacenter

support to IBM

Applications are old,

acquired

from M&A,

and many are

mission critical

IBM Mainframes

~ 3,000 applications globally,

on-prem, legacy code across

many architectures

80% of all workloads in

the cloud in 5yrs,

2015 CTO projections

Cloud-First vs. Cloud Agnostic

8

All new applications

to be designed

for the “cloud”

Pick one cloud

to get good at,

Azure first

Leverage Skytap to

enable application

transformation

Journey to the Cloud with Microsoft Azure

9

Commercial campaign during NFL Superbowl that drove

high volumes to our insurance websites

• The website used to reside on-premises datacenters in the USA

• Incurred outages and client frustration during high volume causing loss of

sales and reputation

• Virtually impossible to have enough spare capacity on-premises to required

capacity within cost and space constraints

• Moved the website to Azure, refactored to automatically scale

Using Azure App Services +++

allowed Manulife to seamlessly spin up enough capacity to

avoid outages

11

IBM

A key partner to

manage

datacenters

& Private Cloud

Move to

IBM Cloud

Orchestrator

+

VMware

Dynamic Hybrid

Services (DHS)

is born

Improve Our On-Premises Private Cloud

Build It Ourselves! - Limitations of Our Private Cloud

13

$$$

Requires a lot of capacity to

handle unanticipated growth

and hardware failures

No Savings

Turning off VMs may

have saved the Business

money, but IT was still

paying for the capacity

of the hosts

TIME CONSUMING, UNFEASIBLE

Customization of ICO & ability to add

key features of public cloud

NOT TRUE SELF-SERVICE

Unsuccessful rebuilds from template

Long configuration post-build made it

unusable for app developers

15

Many applications need

to be modernized, or

replaced

Lack of application

knowledge & time

available from

Business Unit

IT SMEs

Legacy + Azure =

all-in?

NOT

POSSIBLE.

What about Legacy Applications?

Moderator Question Joe - What are some of the types of user requests that you were looking to address with

Skytap?

16

• Self Service for end users: Empower the different LOBs to deploy what they want, when they need to with guard rails. As well, let them create/manage/destroy the items that are in the menu to deploy so the options are not just vanilla VMs but fully configured application environments.

• Quota model vs dedicated to project

• Use off-the-shelf vs customize ourselves: Users to suspend/shutdown environments as a whole when not being used, cloned copies of applications run in parallel within minutes

• Capacity model (i.e. save $$$ on capital costs): Users are incented to shutdown based on the cost model that has been implemented.

• Zero Production Impact: A team doing vulnerability testing was able to take an entire copy of their application (around 8 VMs) and run it within ICSS isolated

• Connected back on-prem using the existing dedicated connection to IBM Cloud: Applications run in ICSS access on-prem Mainframe and Active Directory

Accelerating Application

Modernization

17

LATENCY A NON-ISSUE

Tied into our IBM Datacenters through

IBM Cloud for proximity to Mainframe

& SQL clusters

Skytap Cloud enables

our developers to be

agile and provides

a stepping stone to

cloud-native

applications in Azure

IBM Mainframes

ZERO PRODUCTION

IMPACT

Quickly test patching, hardening,

vulnerability management changes to

an application

APPLICATION

ENVIRONMENTS

Migrate the ENTIRE application

stack & dependencies

Build, Test, Release and Innovate Faster

Benefits for Development

• Reduce time waiting for resources

• Full stack environment provisioning in < 1 hour

• Enable parallel development work streams to deliver higher quality software, faster

• Leverage existing & modern CI/CD Toolchains & APIs

Benefits for Test

• Unlimited cloning, zero configuration drift across release gates

• Gain comprehensive, timely test pass coverage

• Suspend state when bugs occur, provide to dev for immediate remediation.

10 Days per Dev and Tester

Days Days Days

Dev Test Deploy

Traditional Serial Dev/Test Provisioning

Service Request from Dev

InfrastructureProvisioning

by IT

NetworkConfiguration

by IT

App Environment ConfigurationBy IT & Dev

Reduce you IT backlog. Tailor-made environments matching the application’s on-prem configurations down to the Layer 2 networking layer simplify deployment & configuration.

With Skytap,

provision in

< 1 hour

Benefits for IT

• Focus on application & cloud strategy to deliver business value vs. infrastructure configuration

• Provide on-demand, self-service infrastructure and app resources at the pace of the business

• Effectively manage resource usage & cost while enabling innovation

Skytap Self-Service, On-Demand Environments

19

Feature

Blended

Environments

Template Clone Share Auto-Suspend Delete VPN & NAT

For Development

Combine AIX,

VMs, and

containers for end

to end testing

Access resources

anytime,

anywhere without

submitting a ticket

Eliminate

configuration drift

with identical

environments

Enable “follow the

sun development”

and faster defect

triage

Pause and return

to environments

always in their

most current state

Easily delete

environments

when no longer

needed

Connect to

components in

other clouds or

on-premises

datacenter

For Operations

Provide self-service

while governing

access and

utilization

Configure

environments once,

then save for

future provisioning

Reduce

infrastructure

capacity

requirements

Enable global

collaboration

across teams

Utilize capacity

only when

environments are

in use

Eliminate

environment

hoarding and idle

infrastructure

Securely connect

environments with

external networks

What We Learned

Do Communicate

Intended use of new cloud solution

New benefits and functionality

A sponsorship message

Don’t Assume

All workloads can/should move from other environments

Standard network connectivity will work

for all use cases

Do Recognize & Acknowledge

There will be changes in your support models

Provisioning, asset & change management will be impacted

User access & control of resources must be thought

through

21

Global Strategy &

Technology Landscape

24

15 yrs.outsourced

infrastructure & datacenter

support to IBM

Applications are

old, acquired

from acquisitions,

and many are

mission critical

IBM Mainframes

~ 3,000 applications globally,

on-prem, legacy code across

many architectures

80% of all workloads in

the cloud in 5yrs,

2015 CTO projections

Investing in a Cloud-First StrategyJustin ProudDirector Virtual Services and Cloud Operations

Joe BrownReliability Platform Engineer

February 13, 2019

Cloud Migration and Modernization at Manulife

Agenda

26

• Manulife Overview

• Business strategy

• Technology direction

• Cloud-Native or Not Cloud-Native?

• Understand your applications

• Pairing the right cloud to the right apps

• Hyperscale pros and cons

• Complementary purpose-built clouds

The Road Ahead

• The saga continues…

• Recommendations

About Manulife

• Manulife is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. Manulife trades as MFC on the TSX, NYSE and PSE, and under '945' on the SEHK.

• Assets under management and administration over $1.1 trillion (US $849 billion) as of September 30, 2018.

• More than 35,000 employees serving 26 million customers worldwide.

• Over $27.6 billion paid to customers in benefits and claims in 12 months.

27

About Manulife

• Cloud First approach adopted in 2015

• At the time, CTO projected 80% of all workloads will be in cloud in 5 years

• ~ 3,000 applications globally, mostly legacy code

• Large Mainframe presence

• Large AIX platform

• VMware platform in on-premise datacenters

• Outsourced infrastructure and datacenter support to IBM in Canada for past 15 years

• Cloud first strategy, one of biggest consumers of Azure in Canada

28

Manulife IT Landscape, Cloud Adoption

29

• Outsourced Datacenters, with large VMware clusters

• Windows (2003, 2008, 2012, 2016)

• Linux Redhat

• AIX

• Physical SQL clusters in Datacenters

• Applications are old, acquired from many acquisitions, and are mission critical in many cases

• So what can we do to realize our cloud goals?

• Talk about partnership with IBM and bridge to next slide about IBM SO partnership, how it works, etc.

Journey to the CloudTechnology Direction

30

• Cloud-First vs. Cloud Agnostic

• All new applications to be designed for the Cloud

• Utilize SaaS or PaaS preferred (Pivotal shop)

• Pick one cloud to get good at (Azure first)

• Dynamic hybrid clouds, focus on 1 public space

• Leverage our hybrid solution (Skytap) to enable application transformation

Microsoft Azure

• Big early win with High Performance Computing actuarial software moving to Azure

• Worked with Vendor to full support product running in hyperscale Azure cloud

• Able to scale up at month-end, quarter-end, and year-end effortlessly

• Jobs ran faster with ability to consume more capacity (10,000 cores, etc)

• Cost reduction as we could turn off the majority of the platform when not being used

Another early win…Technology Direction

31

• Commercial campaign during NFL Superbowl that drove high volumes to our insurance websites

• The website used to reside on premise datacenters in the USA

• Was almost impossible to have enough spare capacity on premise to be able to scale up to required capacity during Superbowl (within cost and space constraints)

• Incurred outages and client frustration during high volume

• Loss of sales, reputation

• Moved the website to Azure and made some changes to be able to automatically scale as required

• Was able to seamlessly spin up enough capacity to avoid outages

What do we do with our legacy apps?Technology Direction

32

• Lots of applications that need to be modernized, or replaced

• Currency challenges (Windows 2003, etc)

• Lack of application knowledge in business unit IT teams (tribal knowledge lost)

• Skillsets that need to exist in house, were outsourced long ago

• Lack of resource time available for Business Unit IT SMEs (competing priorities)

Why not move everything into Azure?• Dependency on proximity to Mainframe

• Support for older platforms not available in Azure

• Cost of applications that need to run 24x7

• Licensing costs

• AIX prevalence

Improve our Private CloudBuild it ourselves!

33

• IBM responsible for the private cloud platform in our Canadian Datacenters (as well as Network/Storage/Security)

• Worked with IBM to move to ICO platform for VMware

• DHS (Dynamic Hybrid Services) was born

• Support for automated provisioning from select hardened patterns

• Add/Modify/Delete of VMs done through automation (cheaper/faster)

• Ability to delete servers when not required, and build from a template quickly if required again

• Enforcing currency on new builds by not allowing templates for any deprecated software or O/S

Limitations of our Private CloudBuild it ourselves!

34

• Customization of ICO and ability to add key features of public cloud was time consuming and in some cases not possible

• Require a lot of capacity to be able to handle unanticipated growth, or hardware unavailability $$$

• Turning off and rebuilding VMs from a template was not successful due to amount of time to configure VMs after to get it usable for development applications

• Turning off VMs may have saved the Business money, but IT was still paying for the capacity of the hosts (no savings)

Where do we go from here?

IBM Cloud and Skytap

35

• Working with IBM, brought in Skytap on IBM cloud for certain development workloads

• Ability to copy whole application platform into Skytap to test out various modernization options

• Clone existing applications, quickly assess changes and then destroy when required

• Ability to quickly test patching/hardening/vulnerability management changes to an application before impacting production

• Tied into our IBM Datacenters through IBM Cloud (proximity to Mainframe, SQL clusters, etc)

• Only charged for what you consume, when turned off, saving money

• Supporting our BU developers ability to work Agile, and leading as a stepping stone to a Cloud Native application for Azure

The traditional development dilemma

36

1) User requests environment from IT

2) IT Provisions VMs

3) Network gets configured

4) Software gets installed

5) Application, middleware and DBs configured

5) Completed Environment

Days or Weeks to Complete

IBM Cloud for Skytap Solutions

Unparalleled development workflow

for mission-critical applications

37

2) Fully configured environments rapidly

cloned

3) Ability to run multiple cloned environments for

parallel dev/test activities

1) Users requests environment from template via Self-Service

Portal

Scaling these capabilities to all teams = massive efficiency gains.

Skytap Segway where we can talk to lessons learned here as well

• Lessons learned

Support model changes

• IBM support / monitoring reduced to provide flexibility. No longer required for VM management.

• CI creation/tracking – due to the dynamic nature of Skytap, tracking inventory was a new challenge.

• Patching – Now an internal responsibility. Platform owners need a new process to track and secure virtual assets.

Network connectivity

• Sandbox isolation / Skytap internal network automation.

• BU requirements – connectivity to other networks.

• NAT vs. No NAT – Solution to provide static routable IP vs. internal Skytap DNS to translate IPs

• AD integration - SSO for users in multiple domains and IBM support staff.

38