silicon valley grade it and cloud maturity assessment for startup ecosystem in turkey

İTÜ GATE Startups - Maturity Assessment | Creative Commons CC0 - Attribution License | 2017-04-06 |

SiliconValley-grade ITIT & Cloud Maturity Assessment for iTÜ GATE Startups

Hasan Basri AKIRMAK

Mentor at ITU Çekirdek, Cloud Evangelist at Ericssonhttps://www.linkedin.com/in/hasanbasriakirmak/

Engin Deveci

Cloud Evangelist at Ericssonhttps://www.linkedin.com/in/engindeveci/

Engin Polat

Cloud Evangelist at Microsofthttps://www.linkedin.com/in/polatengin/

Beta

https://www.linkedin.com/in/hasanbasriakirmak/

https://www.linkedin.com/in/engindeveci/

https://www.linkedin.com/in/polatengin/

This session was presented in ITU GATE, http://www.itugate.com/enThe Istanbul Technical University Startup Acceleration Program in Istanbul, on April 6th, 2017.

http://www.itugate.com/en

This work is an effort of technologists from Ericsson and Microsoft who came

together with the following goal:

Providing ITU Teknokent Ecosystem institutionalized and structured ways of

improving the Startups by;

1. Advising startups assessing the role of IT in their business strategy

2. Highlighting key Silicon Valley expectations on IT assets of startups

3. Assessing the maturity of ITU GATE Software Startup IT assets

4. Using public cloud services from Microsoft (Azure), Amazon (AWS), Google

(GCP) for web-scale service development and operations

Motivation


The opinions expressed here represent presenter’s own and not necessarily those

of their employer or any other trademarks/companies mentioned herein.

DISCLAIMER

Creative Commons License

Licensees may copy, distribute, display and perform the work and make derivative works and remixes based on it only if they give the

author or licensor the credits (attribution).

LICENSE

CC 0


Ericsson ContributionAddressing a Gap in the Turkey Software Startup Ecosystem

Unaddressed Gap between formal

education vs Industry Research.

› Ericsson has been investing in Turkey in the form of local R&D, acquisitions, CSR projects.

› Ericsson provides expertise to the startup ecosystem in Turkey via mentorships, seminars and access to global industry & market data.


What you should Expect from this Session

› Part 1

– Understanding Your Priorities – Cloud adoption snapshot. Drivers and Inhibitors Check

– Why IT as Strategic Asset – Startup Death Valley. Google Ventures

– Maturity Model Overview – Technology & Operating Model Dimensions

– Approach – RFI, Deep Dive Workshop, Vendor Balanced View

› Part 2

– Key Cloud Characteristics – Components & Best Practices for Technology & Operating Model

–Elasticity, Pooling, Measured SLA, Broad Access

– Security, Service Dev & Ops – Approach & Best Practices

› Part 3

– Cloud Service Overview – Google, Microsoft and AWS

– Reference Architectures – Google, Microsoft and AWS

– To Be Architectures – Technology & Operating Model Roadmaps

– Wrap up – Q&A and Next Steps


“When a startup begins to take off, the technical requirements for data, computing, and networking skyrocket. At GV, we’ve built a team that lives for these challenges. They’re a group of experts with a track record of working at massive scale, and they love to help.”

— Graham Spencer

General Partner at GV

Why is IT a Strategic Asset?Google Ventures Engineering Support

Source: Google Ventures


“Startup is not an IBM, but a smaller version. All the tools are divide by zero. You have customer development team. (Including engineers) and you need to sell)”

— Steve Blank, Stanford University

[4 steps to epiphany]

Why is IT a Strategic Asset?Life Cycle of a Startup & the IT Impact

Our view: IT is different. Transitioning the technology

infrastructure from something designed for learning &

discovery to a well-oiled engineered machine later is

expensive.

Effective IT can decrease the breadth and depth of the Death Valley Curve.

İTÜ GATE Startups - Maturity Assessment | Creative Commons CC0 - Attribution License | 2017-04-06 | Page 10

AS IS Technology & Operating Models(CONFIDENTIAL DATA REMOVED)

Technology Model

Clo

ud

Se

rvic

e M

od

el

Cloud Adoption Stage

Exploration Optimization

Iaa

SS

aaS

PaaS

Operating Model

Bu

sin

ess P

roce

ss In

teg

ratio

n

Business Process Automation

Low High

Low

Hig

h

Source: Enterprise Architecture as Strategy. Creating a foundation for Business Execution.

MIT Sloan Center for Information Research


MaturityLevel

4 Optimizing

3 Integrating

2 Enabling

1 Initiating

OrganizationStructure, culture, training &

knowledge management

OperationsDigitised, automated and

flexible operation

TechnologyEffective technology

planning, deployment, integration & use in support

of digital business

InnovationMore flexible and agile ways of working that will form the basis for an effective digital

business

5 Pioneering

1 2Source: Ericsson analysis

AS IS Digitalization Maturity(Confidential Data Removed)

Scope of

Assessment

3 64 5

L1: A digital-specific, ICT architecture exists or is being developed. Existing or planned digital architecture has been evaluated based on a recognised industry reference to support digital.

There is a process to evaluate IT investments based on their alignment to the digital strategy.

L2: Changes to ICT are ongoing - tactical investments are aligned to target architecture.

Platforms are being deployed to support digital services, e.g. Cloud Infrastructure, Management & Orchestration Platform.

An integral API and security strategy for supporting services (including 3pp) is being defined.

Support systems are being implemented to support digital services, e.g. self service provisioning


A Very Lean AppoachThe ITU GATE Experiment

Research activities:

Data collection

IT & Cloud strategy & dimensions

Maturıtymodel

overview

Offline work

feedback & Discussion sessions

1-on-1 workshops(aprIL 2017)

RFI – Requestfor Info

SEMINAR(TODAY)

› Optional Feedback collection for assessment questionnaire

› Maturity Assessment Seminar (This Session)

› Optional One-to-one assessment result sessions with interested startups.


Agenda› Part 1





› Part 2




› Part 3





Creating a software system is a lot like constructing a building. If the foundation is not solid there might be structural problems that undermine the integrity and function of the building.

When architecting technology solutions, do not neglect the four pillars of security, reliability, performance efficiency, and cost optimization. Long Tail

• Automation• On-demand

Elasticity/Scale• Maintainability• Self Service• Hybrid• Resource

Pooling

Security

Availability

Performance

Cost Opt.


Following sections elaborate on NIST definition of essential cloud characteristics, by

› highlighting IT components

› identifying best practices and guiding principles

› listing relevant services from 3 major public cloud providers

We encourage startups to use them as checklist for cloud adoption, enterprise architecture development with focus on business process automation and integration.

Remark


SecurityComponents and Best Practices

Best practices and Guiding principles

Level

Create a program for security, privacy, compliance & risk management. Do account governance, data classification, asset management & compliance (ISO27000 ISMS or Security controls based on CSA CC Matrix

Create a security architecture and consider

IdAM, Infrastructure protection (API GW, WAF,

OS hardening), and Data Protection to protect

data in transit and data at rest.

Provide full visibility and transparency over the

operation using a single logging & monitoring,

security testing and change management: SOC.

Protect workloads and mitigate threats and

vulnerabilities management using automated

incident response and recovery and via analytics.

Incorporate top down security policies into the DevOps cycle and implement Programmable and Automated security controls into CI/CD proceses

Security Program(Directive)

Secure Infrastructure (Preventive)

E2E visibility(Detective)

Self healing Threat Mgmt(Responsive)

Policy Driven Security

Source: Open Security Architecture


Ensure that your services are secure starting from the data center physical security up to application level security.

SecurityExamples of cloud services your IT can benefit from

Microsoft Google Amazon

Azure Security Center, Azure Active Directory,

Key Vault, Disk Encryption, BitLocker, Log

Analytics, Azure MFA, Api Management, Virtual

Networks, Azure Dev/Test Labs, LogAnalytics,

Blob Storage, Firewall, VPN Gateway, Traffic

Manager,

• Enable audit logging and monitoring on all

resources

• Maintain your network firewall rules

• Use SP tools (Cloud Security Scanner, Trusted

Advisor) to identify most common vulnerabilities for

services

• Create encrypted channels between your on

premise equipment and cloud using Cloud

Interconnect and managed VPN

Cloud IAM

Cloud Security Scanner, Cloud Platform Security

Cloud Interconnect, Managed VPN

Management Tools (Stackdriver, Logging,

Monitoring, Error Reporting, Trace, Debugger,

Cloud Endpoints, etc.)

• Implement IdAM for dev & ops team

• Implement OpenID or Active Directory Integration

• Use IDS, IPS, WAF services from 3PP

• Design to handle for DDoS attacks

• Implement self healing actions Analytics Services

IAM – Identity and Access Management & Policy

STS – Secure Token Service

Security Groups – VM Instance ACL

NACL – Network Access Control Lists

VPC – Private Network

Ser

vice

Nam

eC

onsi

dera

tions


Measured SLAComponents and Best Practices


LevelIn addition to specifying only Specific-

Measurable-Actionable-Realistic-Time/KPI

based goals, also architect for recovery behavior.

When measuring service performance, include

3PP API and services.

Make your tasks specific, and test your BC plan

for every possible failure, underperformance

case including HW, OS, DB, Network resources.

If you discard data too soon, or if after a period of

time your monitoring system aggregates your

metrics to reduce storage costs, then you lose

important information (baseline, seasonality…)

You don’t care if an ephemeral instance goes

down, but you do care if latency for a given

service, category of customers, or geographical

region goes up. Tagging helps in identifying

SMART Goals

Design for E2E Recovery

Test Everything

Keep Long Lived

Tag Resources

Components

› Observability– Instrumenting all compute resources, apps, and services with ‟sensors” that report metrics.

– Making those metrics available on a central platform, where observers can bring them together to reconstruct a full picture of the system’s status and operation.

› Dynamic Behavior– Fire off an alert when a metric crosses a set threshold.

– Offer flexible alerts that adapt to changing baselines, relative change alerts, automated outlier/anomaly detection

› . Service Level Measurements– DR approaches: Backup/Restore, Active Standby, Active-Active.

– 3PP integrations (E-Commerce, Payment GW)

– Cloud Provider SLA’s (Google, Microsoft, Amazon)

Cloud resources are be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.


Service-interrupting events can happen at any time. Your network could have an outage, your latest application push might introduce a critical bug, or—in rare

cases—you might even have to contend with a natural disaster. When things go awry, a well tested business continuity plan will help you recover from these

incidents.

Measured SLAsExamples of cloud services your IT can benefit from


Azure DNS, Load Balancer, Monitoring, Logging,

Geo-replicated blob storage, Geo-replicated table

storage, Geo-replicated queue storage,

DataLake, CDN, Batch,Application Insights, Azure

Monitor, Azure Advisor

• Use a global network with full redundancy, scalability and e2e security.

• Use Cloud Storage, Cloud SQL and Big Query for data backup and recovery

• Use Cloud DNS and HTTP Load Balancer for handling fail overs, load balancing and

routing

• Create diff based backups of persistent disks using Compute Engine Instance Snapshots

• Use Stackdriver logging and monitoring to measure, monitor and take action based on

KPIs.

• Use Cloud Deployment Manager for easy environment creation

• Use Cloud Interconnect and VPN for remote backup/recovery

Cloud DNS, HTTP Load Balancer

Instance Snapshots

Cloud Interconnect, VPN

Cloud Deployment Manager

Nearline, BigQuery, Cloud SQL

Stackdriver, Monitoring, Logging, Error Reporting

Route 53, ELB, VPC, CloudWatch, CloudTrail,

CloudFront, DynamoDB, S3, QuickSight,

DynamoDB, Elastic Beans Talk (EBT),

OpsWorks, Elastic Container Service (ECS)

Ser

vice

Nam

eC

onsi

dera

tions


Broad AccessComponents and Best Practices


Level Ensure your cloud provides low latency access to

static and dynamic contents.

Look for interconnect service providers to have

secure and reliable connections to your cloud

Use a CDN to deliver your static content.

Select regions and zones based on your

consumers geographic locations

Isolate your resources with a virtual network(VPN, IPSec…)

Ensure Low Latency

Consider InterconnectAmong Regions

Use CDN for static content

Implement Geo-location

Isolation

Components

› Low latency and high throughput access to your services

› Worldwide access

› Global and local traffic management (DNS and LoadBalancers)

› Hybrid Cloud scenarios, mixing on-prem and off-prem

› Remote access to cloud from on-premise network

› Secure access to your services on Cloud and to cloudresources within your service

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous client platforms.


When every millisecond of latency counts, ensure that your content is delivered with the lowest latency.

Broad Access Examples of cloud services your IT can benefit from


Regions

Zones

Azure VPN

Azure CDN

Load Balancer

Azure Stack

• Isolate your resources from each other with Google Cloud Virtual Network

• Scale and balance your resource worldwide with HTTP Load Balancer and

Cloud DNS

• Connect to cloud via enterprise-grade connections using Cloud Interconnect

• Use Cloud CDN to lower network latency, offload origins and reduce serving

costs

Regions, Zones

Google Cloud Virtual Network

HTTP Load Balancer

Cloud DNS

Cloud CDN

Cloud Interconnect

Regions, Availability Zones

Edge locations (POP)

VPC

Direct Connect

Route 53

CloudFrontSer

vice

Nam

eC

onsi

dera

tions


PoolingComponents and Best Practices


LevelUse commitment based discounts, loyalty based

discounts for steady-state workloads to decrease

cost

A scalable service should become more cost

effective when it grows (Cost per unit reduces)

by multitenancy, automation and PAYU pricing

Increasing resources should result in a

proportional increase in performance (scale

horizontally by distributing app components,

federating their datasets and employing a

service-oriented design)

Focus on aggregate health and performance of services rather than isolated hosts / datapoints

Select the right Price Model

Decrease IT unit costs with increased capacity

Benefit from webscaleScale out

Manage Cattles, not Pets

Components

› On-demand self service access to pooled resources

› Web-scale: You can scale your applications up and down to match unexpected demand without any human intervention and at infinite scale

› Pooling is at every service layer: Compute, Storage, Networking, LB, DB, MQ , MapReduce etc.

Resource pooling and utility model in the cloud creates enormous economies of scale. IT Infrastructure shall make use of pooling for cost efficiency

Startups at growth period require huge infrastructure for processing, storage, and analytics of data.


Pooling is the most fundamental pillar for cloud. Therefore, EVERY public cloud service is built upon pooling principle.

PoolingExamples of cloud services your IT can benefit from


Google Services Amazon ServicesMicrosoft Services


ElasticityComponents and Best Practices


LevelCooling periods and dynamic scale down shall

be implemented for cost control.

no longer any need to place orders ahead of time

and to hold unused hardware captive

Monitor compute/storage fine grained KPIs (CPU

utilization, instance load,

Microservices, serverless, stateless app design,

12-Tuple Principles, REST Arch,,

Assume everything will fail (HW, Network, SW), demand exceeding capacity. Always design, implement and deploy for automated recovery from failure.

Scale Up/Down KPI

Disposable Dev/Test Environment

Fine Grained Monitoring

Scalable service architectures

Design for failure

Components› Elasticity at the Architecture Level:

– Design for failure

– Cloud native architectures as opposed to monolithic

› Controlling Elasticity– KPIs with different abstraction Levels

› IaaS Layer: CPU family, Cores, IOPS, MPS

› App Layer: HTTP Requests/Sec, Transaction queue length

– Time Based or Event Based KPIs (CPU/Mem/Network Load, Fault…). Ramp up/down durations/delays

› Elasticity at the Region, Inter-zone, intra-zone

› Load Balancing strategies: RTT, geo-LB, round-robin.

Elasticity is the power to scale computing resources up and down easily and with minimal friction

Startups at growth phase require elastic infrastructures to adapt to unpredictable demand: From 0 to “planet-scale”.


Offload scalability to the cloud service provider, and avoid complexity and cost of managing the infrastructure yourself.

ElasticityExamples of cloud services your IT can benefit from


Load Balancer

Auto Scaler

Application Insight

HTTP Load Balancer

Auto scaler

Stackdriver logging, monitoring

Elastic Load Balancer

Auto Scaling Groups

CloudWatch

• Use managed services for storage, DB, analytics, PaaS that provides scalability as a

service as first choice.

• If you’re building DIY scalability, Use autoscaling, monitoring and LB services to

dynamically scale all other services such as Web Apps, Data Virtual Networks. Storage.

• Explore server-less computing. It is the next big trends because I further removes

complexity of managing hosts, OS, or the application layer .

Ser

vice

Nam

eC

onsi

dera

tions


Service Creation, Transition and OperationComponents and Best Practices


Use a central IdAM function covering dev/test

and production environments.

Have a template based everything approach to

SDLC (SW Development Life Cycle) including

Dev/Test/ and production environments.

Preintegrated runtime environments, templates

provided by cloud provider (LAMP stack, Hadoop

Cluster) or managed services

Use centralized account governance for all teams

Infrastructure as Code

Use managed services

Components

› Technology Aspects– Centralized IdAM (for dev/test/prod environments, including

virtual teams and resources

– Source Code Repository

– Task Management (issue tracking, project task assignment)

– Automated Test *Unit Test, Smoke test/ Regression test, Performance , function/UX test test), A/B test)

– CI/DC

› People/Process/Culture– DevOps Culture

– Agile Development

– ITIL

Startups should invest in people, process and technology for modern approaches to service creation, transition and operation.

Optionally, have a look at ITIL processes for IT

Service Management, for designing processes

for service creation, development, operation and

change management.

Inspire from ITIL


Be able to create/destroy ephemeral and programmable dev/test/prod environments on demand.

Service Creation, Transition and OperationExamples of cloud services your IT can benefit from


Azure AD

MFA

TFS Online

Deployment Slots

Onedrive

Mobile Dev Center

Console/CLI/API

Google Cloud Functions

App Engine

Container Engine

Stackdriver logging, monitoring, debugging, IAM

Cloud Tools

Deployment Manager

Console/CLI/API

Elastic Beans Talk

Elastic Container Service

OpsWorks

Code Deploy

Code Commit

Code Pipeline

IAM, Console, CLI, APISer

vice

Nam

eC

onsi

dera

tions

• Be able to create/destroy ephemeral dev/test/prod environments with scipts on demand.

• Make test environments identical to prod environments in functionality and intergations and scalability / elasticity.

• Use Infrastructure as Code practices from your software. Identify resources and environments by tagging/labeling.

• Use Configuration Management and Change Management to identify release versions (Source Code Revision Control,

Requirement Management, SDLC Management Tools, Issue Tracking,) customer infrastructures etc.

• Implement automated build, test, deployment and integration for all your software (including mobile/web client, server side)

.

• Container technologies provide standardization, portability and mobility of software components. Consider using containers

I your development and deployment scenarios.

• Integrate Security policies into your SDLC such as virus scanning of code, or OS patching of VM before deployment to

production.


Agenda

› Part 1





› Part 2




› Part 3






Compute

Compute

Engine

App

Engine

Container

Engine

Container

Registry

Cloud

Functions

Networking

Cloud Virtual

Network

Cloud Load

Balancing

Cloud

CDN

Cloud

Interconnect

Cloud

DNS

Big Data

BigQueryCloud

Dataflow

Cloud

Dataproc

Cloud

Datalab

Cloud

Pub/SubGenomics

Identity & Security

Cloud IAMCloud Resource

Manager

Cloud Security

Scanner

Cloud Platform

Security

Storage and Databases

Cloud

Storage

Cloud

Bigtable

Cloud

Datastore

Cloud

SQL

Persistent

Disk

Machine Learning

Cloud Machine

LearningVision API

Speech

API

Natural

Language API

Translation

API

Google Cloud PlatformServices Overview

Jobs API


Management Tools

Stackdriver Monitoring LoggingError

ReportingTrace Debugger

Deployment

Manager

Cloud

Endpoints

Cloud

Console

Developer Tools

Cloud

SDK

Deployment

Manager

Cloud Source

Repositories

Cloud Tools for

Android Studio

Cloud Tools

for IntelliJ

Cloud Tools

for PowerShell

Cloud Tools for

Visual Studio

Google Plug-in

for Eclipse

Cloud

Test Lab

Cloud

Shell

Cloud Mobile

App

Billing

App

Cloud

APIs

Google Cloud PlatformServices Overview


Putting Pieces TogetherImplementing Scalable Web Application on Google Cloud


Putting Pieces TogetherData Processing on Google Cloud


Microsoft Azure Cloud PlatformServices Overview


Putting Pieces TogetherImplementing Scalable Web Application on Microsoft Azure Cloud


Putting Pieces TogetherN-Tier Application on Microsoft Azure Cloud


Amazon Cloud PlatformServices Overview

Storage & Content DeliveryCompute Networking

Databases & Analytics IoT


Amazon Cloud PlatformServices Overview

Application Services

Security & Identity Management Tools

Mobile Services


Putting Pieces TogetherA Scalable SaaS Platform Implementation

AWS API(order fulfilment triggered by e-commerce platform)

AWS CloudFormationInfrastructure as Code

AWS LambdaSend login and web address information to customerper email using SES

AWS CloudWatchInfra & Application layerFault & Performance Monitoring

AWS CloudTrailCompliance reporting (Log of all requeststo AWS account and API)

AWS ConfigResource Configuration Managementkeeping track of versions of every resource

AWS DynamoDBMetadata repository (file name, size…)

AWS S3Storage with 99.999999999% durabilityTenant isolation by buckets

AWS SNSEmail notifications to Operations Team about alarms

AWS EC2Compute service for Open Source Sync SwSingle tenant for tenant isolation

AWS EBSNAS Storage service, for EC2 cache

AWS ASGReplaces EC2 in case

of sys or health check errors

AWS Route 53DNS Service

Shopify.comSaaS E-Commerce Platform as sales channel

Zendesk.comSaaS Customer Support Channel

: A Marketplace for Partner

Products, Solutions or SaaS running on AWS

AWS IAMMFA & Cross Account Access to Confounders

Bitnami.com3PP Baseline AMIAWS CloudFront

CDN for Joomla Microsite


Pruvanız neta, rüzgarınız kolayınıza olsun.