Home > Blogs > VMware Accelerate Advisory Services > Monthly Archives: October 2015

Monthly Archives: October 2015

Increase the Speed of IT with DevOps and PaaS

Reg Lo By Reg Lo

How do you increase the speed of IT?

In this 5 minute video whiteboard session I will describe two key strategies for making IT more agile and improving time to market.  For your convenience there is also a transcript of the video below.

Two key strategies for increasing the speed of IT are:

  1. Deliver more applications using DevOps. Traditional waterfall methods are too slow.  Agile methodologies are an improvement but without accelerating both the infrastructure provisioning and application development, IT is still not responsive enough for the business.  Today, many organizations are experimenting with DevOps but to really move the needle, organizations must adopt DevOps at scale.
  2. Deliver new Platform-as-a-Service faster. Infrastructure-as-a-Service is the bare minimum for IT departments to remain relevant to the business.  If IT cannot provide self-service on-demand IaaS, the business will go directly to the public cloud.  To add more value to the IaaS baseline and accelerate application delivery, IT must deliver application platforms in a cloud model, i.e. self-service, on-demand, with elastic capacity.

Let’s start with this second key strategy: delivery new PaaS services faster.  PaaS services include second generation platforms (database-as-a-service, application server-as-a-service, web server-as-a-service) as well as third generation platforms for cloud native applications such as Hadoop-as-a-service, Docker-as-a-service or Cloud Foundary-as-a-service.

In order to launch these new PaaS services faster, IT must have a well-defined service lifecycle that it can use to quickly and repeatably create these new services.  What are the activities and what artifacts must be created in order to analyze, design, implement, operate and improve a service?

Once you have defined the service lifecycle, you can launch parallel teams to create the new service: platform-as-a-service, database-as-a-service, or X-as-a-service where X can be anything.  Each service can be requested via the self-service catalog, delivered on demand, and treated like “code” so it can be versioned with the application build.

Each service needs a single point of accountability – the Service Owner.  The service owner is responsible for the full lifecycle of the service.  They are part of the Cloud Services team, or also called the Cloud Tenant Operations team.  The Cloud Services Team also manages the service catalog, provides the capability to automate provisioning, and manages the operational health of the services.

The Cloud Services Team is underpinned by the Cloud Infrastructure Team. This team combines cross-functional expertise from compute, storage and network to create the profiles or resource pools that the cloud services are built on.  The Cloud Infrastructure Team is also responsible for capacity management and security management.  The team not only manages the internal private cloud, but also the enterprise’s consumption of the public cloud, transforming IT into a service broker.

Now that we’ve described the new cloud operating model, let’s return to the first key strategy for increasing the speed of IT: deliver more applications using DevOps.  Many organizations have tasks one or two applications teams to pilot DevOps practices such as continuous integration and continuous deployment.  This is a good starting point, however, in order to expand DevOps at scale so IT can provide a measurable time-to-market impact for the business, we need to make the adoption easier and more systematic.

The DevOps enablement team is a shared services team that provides consulting services to the other app dev teams; contains the expertise in automation so that other app dev teams do not need to become the expert in Puppet, Chef, or VMware CodeStream; and, this team drives a consistent approach across all app dev teams to avoid a fragmented approach to DevOps.

Remember how we talked about expanding PaaS?  With self-service on-demand PaaS provisioning, app dev teams can build environment-as-a-service: an application blue print that contains multiple VMs (the database server, application server, web server, etc.)  Environment-as-a-service lets app dev teams treat infrastructure like code, helping them adopt continuous deployment best practices by linking software versions to infrastructure versions.

By delivering more applications using DevOps and by delivering new PaaS services faster, you can increase the speed of IT.

Reg Lo is the Director of VMware Accelerate Advisory Services and is based in San Diego, CA.  You can connect with him on LinkedIn.

Software Defined Networking for IT Leaders – 5 Steps to Getting Started

Reg Lo By Reg Lo

In Part 1 of “Software Defined Networking (SDN) for IT Leaders”, micro-segmentation was described as one of the most popular use-cases for SDN.  With the increased focus on security, due to growing number of brand-damaging cyber attacks, micro-segmentation provides a way to easily and cost-effectively firewall each application, preventing attackers from gaining easy access across your data center once they penetrate the perimeter defense.

This article describes how to get started with micro-segmentation. Micro-segmentation is a great place to start for SDN because you don’t need to make any changes to the existing physical network, i.e. it is a layer of protection that sits on top of the existing network.  You can also approach micro-segmentation incrementally, i.e. protect a few critical applications at a time and avoid boiling the ocean.  It’s a straightforward to dip your toe into SDN.

5 Simple Steps to Get Started:

  1. Software Defined Networking ProcessIdentify the top 10 critical apps. These applications may contain confidential information, may need to be regulatory compliant, or they may be mission critical to the business.
  2. Identify the location of these apps in the data center. For example, what are the VM names or are the app servers all connect to the same virtual switch.
  3. Create a security group for each app. You can also define generic groups like “all web servers” and setup firewall rules such as no communication between web servers.
  4. Using SDN, define a firewall rule for each security group that allows any-to-any traffic. The purpose of this rule is to trigger logging of all network traffic to observe the normal patterns of activity.  At this point, we are not restricting any network communications.
  5. Inspect the logs and define the security policy. The amount of time that needs to elapse before inspecting the logs is application dependent.  Some applications will expose all their various network connections within 24 hours.  Other applications, like financial apps, may only expose specific system integration during end-of-quarter processing.  Once you identify the normal network traffic patterns, you can update the any-to-any firewall rule to only allow legitimate connections.

Once you have completed these 5 steps, repeat them for the next 10 most critical apps, incrementally working your way through the data center.

In Part 3 for Software Defined Networking for IT Leaders, we will discuss the other popular starting point or use case: automating network provisioning to improve time-to-market and reduce costs.

Reg Lo is the Director of VMware Accelerate Advisory Services and is based in San Diego, CA.  You can connect with him on LinkedIn.