Proposed Cloud Strategy: Fall 2018 v4.5 ITAG Meeting 19-NOV-18 Joe - PowerPoint PPT Presentation

Proposed Cloud Strategy: Fall 2018 v4.5 ITAG Meeting 19-NOV-18 Joe Johnson Director of Cloud Strategy joe.c.johnson@wisc.edu 608.263.1557

Agenda • Strategy scope, goal, and stages • Defining “cloud” • Guiding Principles • Quick Wins • Data governance model • Implementation teams • Job roles • Measures of success • Summary and next steps

Approach Strategy Scope • UW-Madison administrative and academic computing environments • Department of Information Technology (DoIT) • Administrative Information Management Services (AIMS) • Colleges, Schools, Departments, and Divisions • Collaboration and support for outreach partners such as UW-Extension, State Lab of Hygiene, Wisconsin Public Television, and Wisconsin Public Radio • Collaboration with UW System Administration • Work with teams as a trusted partner when requested Out of Scope • Telling you how you must do things • Making you stop what you’re already doing

Strategy Goal Support research, teaching and learning, administrative, and outreach activities by delivering secure, predictable services which are focused and easy to consume.

Strategy Stages = iterative process Establish Understand Define Prepare for Begin Initial Current Desired Cloud Cloud Direction State Future State Journey Journey Design Implement Existing Cloud Identify services Define “cloud” foundational foundational services to deliver infrastructure infrastructure Document operational Build MVP operational Define cloud Standardization and Standardization and objectives and objectives and guiding principles automation level automation level procedures procedures Staff new cloud Define or revise Tiger Team(s) to Data governance Data governance positions IT roles deliver “quick wins” Define or revise Define and Look for quick wins Security controls Security controls IT policies report metrics

Defining “Cloud” “The cloud is just “We used to call it someone else’s outsourcing, now computer.” we call it cloud” Cloud is not a place. Cloud is a way of delivering IT services “ The power of the cloud was not in doing business elsewhere, the power of the cloud was in doing business in new ways that are impossible to replicate on- premises.” Andrew G. Page, Rutgers University Office of Information Technology https://livestream.com/accounts/4838057/events/8388978/videos/180884067 (30:45)

Guiding Principles for Cloud General Tenets: • “The cloud” is not a place, it is a way of delivering IT resources. • Cloud options will be considered for all IT solutions. • Automation is paramount across the entire technology stack. • Virtualization and standardization are keys to automation. • A new application architecture is required to fully leverage the benefits of most cloud services. • People and process are a critical part of cloud adoption • Data governance and IT security model will drive deployments.

Guiding Principles for Cloud Public Cloud Corollary: • Can provide required data security when properly configured • May provide cost savings over private cloud • Competition will drive down costs of commodity infrastructure • Non-infrastructure services will differentiate cloud providers • New roles will emerge as adoption expands • Not all workloads are suitable for public cloud • Develop an exit strategy during implementation phase Public

Guiding Principles for Cloud Private Cloud Corollary: • Compute, network, and storage resources will be viewed as a pool, from which IT services can be delivered. • New infrastructure models such as hyper-converged infrastructure (HCI) may be needed to fully realize benefits. • Deployments should be designed with portability to public cloud in mind. • New roles will emerge as adoption expands. Private

Guiding Principles for Cloud SaaS Corollary: • Understand vendor’s maturity level at delivering their application via cloud • Obtain vendor’s SOC Type I and Type II reports to support Cybersecurity • Adjust existing business processes to application design/flow • Understand the application’s full capabilities • Understand the application’s available APIs • Configure application through use of application settings, don’t customize • Control costs by licensing appropriately • Plan to re-visit configurations recommended during implementation • Investigate options for implementation partners • Develop an exit plan during implementation

Guiding Principles for Cloud: Alignment Strategic Priority Strategic Initiative • Ensure graduate student, professional student, and postdoctoral fellow mentoring, support, Educational Experience and opportunities to enhance their experiences and future success • Nurture excellence in research, scholarship, and creative activity across all divisions Research and Scholarship • Optimize the research and scholarship infrastructure of the university • Engage our interdisciplinary strength to generate creative solutions • Extend our educational mission to Wisconsin and the world with new technology and The Wisconsin Idea partnerships • Nurture growth of our people through professional development and performance excellence Our People • Create the best possible environment in which our people can carry out their responsibilities to the university • Promote resource stewardship, improve service delivery and efficiency , and ensure Resource Stewardship administrative capacity

Look for “Quick Wins”

Data Governance: Future State Public Data Internal Data Sensitive Data Restricted Data Examples: Examples: Examples: Examples: • Published Research • Student Records w/o PII • Unpublished research • FERPA data • Campus Maps • Admission Applications • Export controlled • PHI & HIPAA data Data User’s • Job Postings • Employment applications • DNA Profile information under US Data User’s • Course Information • Date of Birth • PCI data Shared Laws Shared Responsibility Responsibility Security Restrictions: Security Restrictions: Security Restrictions: Security Restrictions: • Low • Medium • High • Very High Defined Cloud Controls: Defined Cloud Controls: Defined Cloud Controls: Defined Cloud Controls: • VPN • Public internet • VPN with encryption • VPN with encryption • Any server type • Any server type • Approved server images • Approved server images • Any storage type • Any storage type • Encrypted storage • Encrypted storage • Basic firewall rules • Minimal firewall rules • Customary firewall rules • Special firewall rules Approved Cloud Uses: Approved Cloud Uses: Approved Cloud Uses: Approved Cloud Uses: • Experimentation • Data analytics • Data analytics • Data analytics • Innovation • Data storage • Data storage • Data storage • Public-facing apps • Presentations • Public and Internal apps • Internal apps Very High Very High Level of Institutional Risk Level of Institutional Risk Very Low Very Low

Implement Foundational Infrastructure Minimum viable security Minimum viable logging Cloud Security Specialist Cloud Engineer Cloud Foundations DevOps/Automation Cloud Coordinator Team WAN and Campus LAN Teams Public Cloud Providers Design recommendations Minimum viable connectivity

Form Cloud Tiger Teams Cloud Tiger Team. Noun . A nimble team of five to seven technical specialists who relentlessly identify opportunities to deliver secure and reliable cloud services in a highly automated manner. Sol. Eng. & Network Srvs. Cybersecurity Cloud Security Specialist Cloud Engineer Automation Support Cloud Coordinator Integration Specialist Application Dev & Int. Appl. Integration Services Application Owner & SME

Define or Revise IT Roles: Summary Existing Infrastructure Roles New Cloud Roles Existing Operational Roles New Cloud Roles • • • • Network Services Broker Environmental Controls Hybrid Cloud Mgmt • • • • Storage Infrastructure Coder Infrastructure Installers Capacity Analyst • • • • Server Full Stack Engineer Physical Security Cost Engineer • • • • Database Integration Specialist Upgrades and Patching Lifecycle Management • • • • Middleware Automation Specialist Monitoring and Alerting Access Control • • • Messaging Level I, II, and III Support Automation Mgmt Cybersecurity • • Data Movement Monitor and Alert • • Cybersecurity Level I and II Support Existing Developer Roles New Cloud Roles • • System Analyst Product Owner • • Designer Microservice Owner Existing PMO Roles New Cloud Roles • • Coder Continuous Integration • • Business Analysts Solution Discovery • • QA/Tester Continuous Delivery • • Project Managers Solution Implementation • • Release Manager Automation Support • • Operations Security Operations Cybersecurity

Define and Report Metrics Quality Adoption • Optimization Score • Service Availability • Number Available Cloud Services • Service Response Time • Number of Cloud Native Apps • Service Throughput • Number of Re-hosted Apps • Repatriation Rate • Number of Refactored Apps • User Satisfaction • Number of Revised Apps • Cloud Team Reputation • Number of Rebuilt Apps • Time to Provision • Number of Retired Apps • Level of Automation • Institutional Penetration Rate • Innovation Score • Number of Cloud Tiger Teams • Time to Value

Summary