Best practices – Security, Automation, Monitoring

1st April 2017

Operational Transformation Best Practices

Based on lessons learned and experience from across the cloud industry, the following best practices should be considered for your organization’s Cloud planning.

TRANSITIONING TO THE CLOUD

Very few organizations can migrate all of their legacy infrastructure and applications to the cloud immediately—nor should they. Here are some considerations:

  • Evaluate what applications are critical to your business customers and which applications most benefit by moving to the cloud.
  • Depending on the applications to be migrated, the decision to use a public cloud provider or build your own private cloud should be discussed. Some- times, organizations will build their own private cloud as well as integrate some services from a public cloud provider.
  • Infrastructure services, VMs, and storage hosted in the cloud (IaaS) are widely available from numerous public cloud providers. You can also deploy IaaS techniques in a legacy datacenter as part of a modernization program that might lead to a future full of private or hybrid clouds.
  • Applications. Moving IaaS storage and VMs to a private or public cloud is relatively easy—it is the custom-built legacy applications that take time to evaluate, sometimes reprogram, and transition to the cloud.

AUTOMATION OF EVERYTHING

The automation of the service ordering, provisioning, billing, and management of all infrastructure and software is critical to an efficient cloud environment. Here are some considerations:

  • Avoid the temptation to implement or continue manual provisioning processes with the intention of automating later. Experience shows that implementing automation after core IaaS, PaaS, or SaaS applications are launched is very difficult and disruptive to the cloud environment.
  • Automation means efficient and fast ordering and constituent provisioning (configuration management) with the lowest operational costs.
  • Automation requires careful monitoring of status, errors, and capacity. Continuously improving the automation tools and scripts is essential.
  • Automation applies to everything in the datacenter, not just cloud-based services. Automation is just one characteristic of a cloud service, but you can automate most technologies and processes within a datacenter to reduce costs, improve delivery times, and improve configuration consistency.

 

SECURITY PREAPPROVALS

Changes to security policies and procedures are necessary to accommodate the automated configuration and deployment of servers (physical or virtual), storage, network segments, and applications. Here are some considerations:

  • OS and server/virtual server configurations should be scanned, vetted, and preapproved by security teams so that they can be deployed in an automated manner, 24-7, whenever a cloud service is ordered.
  • Try to avoid having security involved in the approval process for every cloud order. Cloud service orders should be fully automated with almost immediate provisioning of services. Avoid adopting any manual processes, including security accreditation, in the actual provisioning workflow.
  • Build any security features, tools, and network configurations into prebuilt and precertified services that appear in the cloud portal service catalog.
  • Some organizations, particularly in the public sector, might require that the overall cloud system, management tools, infrastructure, network, and applications be assessed and certified by the government or a third-party entity before the cloud can be officially brought online.

 

CONTINUOUS MONITORING

Monitoring of the automation provisioning, customer orders, system capacity, system performance, and security are all critical in a 24-7, on-demand cloud system. Here are some considerations:

  • All new applications, servers and virtual servers, network segments, and the like should be automatically registered to a universal configuration database and trigger immediate scans and monitoring. Avoid manually adding new applications or servers to the security, capacity, or monitoring tools to ensure continuous monitoring begins immediately when services are brought online.
  • Monitoring of automated provisioning and customer orders is critical in an on-demand cloud environment. Particularly during the initial months of a new private cloud launch, there will be constant tweaks and improvements needed to the automation tools and scripts to continuously remove manual processes, error handling, and efficient resource allocation across multiple server farms, storage, and networks that make up the overall cloud environment.
  • Clouds often support multiple tenants or consuming organizations. Monitoring and security tools often consolidate or aggregate statistics and system events to a centralized console, database, and support staff. When tracking, resolving, and reporting events and statistics, the data must be segmented and reported back to each tenant so that they only see their information—often the COTS tools used by the cloud provider have limitations in maintaining sovereignty of customer reports to multiple tenants.

 

SYNTHETIC  TRANSACTION MONITORING

Monitoring of the network, servers, and applications is commonplace in any cloud or datacenter. Improvements in operations and monitoring should include the following:

  • Utilize a system or third-party provider that can continuously process synthetic transactions to your websites and applications. These scripted transactions actually confirm that your customers are actually able to access and utilize your applications—not just simple ping test monitoring that only confirms the server is online.
  • Also utilize these synthetic transactions to send alerts when an application has a problem and to measure performance treading.