It summit 2014_migrating_applications_to_the_cloud-5

Migrating Applications to the CloudIT Summit 2014

June 5, 2014 Thursday 11:25AM-12:15PM Emerson Hall - 105

Agenda

• Introduction to “Migrating Applications to the Cloud”

• Sharing our experiences

• Lessons learned

Introduction

Presenters

• Magnus Bjorkman, Technical Manager, Identity and Access Management Program

• Carolyn Brzezinski, Technical Lead, Student Information System Program

• Greg Freiter, Software Development Manager, Identity and Access Management Program

• Rob Parrott, Senior Architect, CTO Office

Introduction to “Migrating Applications to the Cloud”

IT Challenges

● Infrastructure cost: doing more with less

● Infrastructure cost: enabling engineering and best

practices

● Bringing services to market quickly

● Reducing operational overhead

● Adapting to rapidly changing technology landscape

● Growing expectations of performance and availability

Cloud platforms are designed to solve these challenges ...

Why go to the Cloud?

Fast and Flexible High Quality

Low Cost

24x7Fault Tolerance / High Availability

Paradigm shift is needed to fully leverage the cloud

• You give them a name

• You have a few

• You care for them when they are sick

VS

• You don’t give them names

• You have many

• There is always more cattle

Sharing our experiences

Identity and Access Management (IAM)

Applications currently in production in the cloud• Harvard Connections• App Portal that handles PIN Registration

Application Architecture Overview• Standard Web based applications and services running in a Java Tomcat

environment• Java applications for moving of data• LDAP/AD/Oracle Database for data storage

Target Scope for Cloud• Migration of all custom applications

● Fast and Flexible - Keep away from Pet mentality - API enables us to Automate Everything, Lose Nothing ● Lower Cost - Cost savings by keeping Production running and deploying the environment in DEV and Test as

needed

● Agile Process - Make it “good enough” and iterate over it again and again

First Deployment: Connections Architecture

Supplied by: Evgeny Platonov

Second Deployment: App Portal

● Higher Quality - Evolved from existing automation which fosters Consistency and Reliability (Higher Quality)

● Highly Available with cloud components such as Load Balancer and Auto Scaling as well as S3. As you can see we have not taken full advantage.

● Lower Cost - Auto Scaling to save Cost and Flexibility with resources such as VMs.

Student Information System and AWS

Applications currently at AWS• Oracle Campus Solutions (CS) Sandbox• Oracle Oracle Business Intelligence Enterprise Edition (OBIEE) demo application• OBIEE demo with scrubbed Harvard data• UPK (User Productivity Toolkit)

Target Scope for AWS• All Campus Solutions VMs

Considerations for Moving a Packaged, Enterprise Application to AWS

Functionality• Will the Campus Solutions application work when deployed to AWS? • How will OBIEE connect to the Exalytics servers that physically reside at 60 Oxford Street?

Performance• How does an environment deployed to AWS handle under load?

High availability• What options are available to ensure the availability of the application on AWS?

Flexibility/scalability• How dynamically can the application be scaled on AWS?

Support• Will you be supporting the AWS environments with an internal team or 60 Oxford Street

resources.

Campus Solutions Scaling Strategy

● Fast and Flexible with Auto Scaling to accommodate seasonal load.● Highly Available with Servers located in different Amazon regions, loadbalancer and Auto Scaling. DR

supported in-house rather than by a third party.● Lower Cost - No need provision, maintain and pay for servers that are only needed to support

seasonal load.

HPAC: Harvard Web Sites

• Includes www.harvard.edu, news.harvard.edu, campaign.harvard.edu (Drupal & Wordpress app platforms)

• Goals:• Better performance:

• Handle arbitrary spikes in traffic, in particular from noteworthy events and DDOS attacks

• Uptime• Fault-tolerant architecture

• Release management• Transition to more rapid release cycles• Move from legacy hosting platform• Automate release cycles

• Cost reduction over Rackspace hosting

HPAC: Harvard Web Sites

Highly Scalable“Caching” layer

Web App Tier: Read-only

Performance & Availability: use of a cache layer that’s highly scalable provides incredible performance at cheaper cost.

Testing indicates: 70x performance boost even before using CDN, with cost reduction of 25-65%.

SEAS: Datacenter VPC

Goals

• Minimize costs

• Capital costs of equipment and datacenter within SEAS

• Operational overhead of on-site infrastructure

• High cost of HUIT colocation

• Opportunity for rapid adoption and migration to cloud

• Self-governance

• Appropriate level of isolation from Harvard-central services and

networks

• Control over own services and assets, but tied to larger HUIT

environment

SEAS: Datacenter VPC

SEAS Managed Environment

HUIT Central Environment

AWS enables significant cost reduction and fast migration compared to on-campus alternatives.

Lessons learned

How do you manage all this? - People, Definitions and Version Control

Developers

NetworkAdmin

Sys Admin

DatabaseAdmin

VS

Infrastructure as Code (e.g. CF JSON and Puppet MF)

Cloud Infrastructure Engineer or DevOps

Cloud Provider Tools and Change Control Tools

DevelopersCollaboration

Service OperationService Design/EngineeringSME Consultation

(Infrastructure/AWS)

Service Transition

Management and Monitoring Product Team

Architect

Cloud Infrastructure Engineer

Developers

Release Engineer

Infrastructure Definitions (e.g. CF JSON and Puppet MF)

Application Packages

DevOps

Operational Configurations

Management and Monitoring

System

QA

Security Specialist

CI Tests

Stage

Architecture and Standards

Production

Ops Engineer/Support

Environments created as needed and one environment per user

Management and Monitoring System Product

Management and Monitoring Product Team

NetworkSpecialist

Sys AdminSpecialist

DatabaseSpecialist

ManagementApplication Packages

Management and Monitoring

System

TransitionManager

TechnicalWriter

Dev

Identity and Access Management

Active and Collaborative

CI Server (Jenkins)

How do you manage all this? - Service and Release EcoSystem

Application Code

Data Movement in the Cloud

For batch execution and scalable reliable, fault tolerant data movement, use FTP approaches (including S3) and message queues

VPN useful primarily for application migration, legacy apps, and low latency network connectivity. However, not scalable.

IAM team started with VPN access, but is developing alternative approaches

Services Needed for Cloud

As applications are migrated to cloud, need to bring along operational services to support them, or develop new such services.

• Logging and analysis (Splunk in the cloud)• Instrumentation and monitoring dashboards• Bastion and administrative access• Harvard IAM -> Cloud IAM integration• Package management and updates• Resiliency Testing (Chaos Monkey, Simian Army)• Application Testing and Release Tools

Lessons Learned

• Application Requirements Differ. Some applications will be easier to deploy to the cloud than others, and some applications will be able to take advantage of the benefits of the cloud more so than others.

• Move Incrementally. Do not try to move everything at once. Move things incrementally and improve your management of the cloud incrementally.

• Cultural Change is Difficult. Switching from Kittens to Cattle is hard. We have to train ourselves in throwing away environments frequently and rebuild constantly. The process of doing this is a big part in what makes our management of the environment better.

• You Own It!! The cloud provider will only provide service to a specific point with a very clear delineation. Everything else is up to you.

• High Effort. It takes a long time to build this correctly.• High Reuse. When you have built it correctly, you can leverage it over and

over again.

Epilogue: Cloud & HUIT

Cloud Services at HUIT Today

● Access to Amazon Web Services under Enterprise Agreement

● Direct billing to your 33-digit code● Volume discounts ● Onsite training opportunities● Support

○ Access to Solution Architect & Rapid Adoption resources

○ Upcoming Enterprise-level support

● HUIT Private Cloud Pilot● On-premise complement to AWS● Aimed at DevOps workloads● Due for availability at the end of June

http://cloud.huit.harvard.edu/

Cloud at HUIT Tomorrow

Challenge: Cloud democratizes IT, but enterprises need standards and some level of governance.

Challenge: Cloud requires a significantly different set of skills and approaches

Challenge: Organizational readiness.

HUIT has formed a Cloud & DevOps Working Group charged with developing an ambitious HUIT strategy – to be delivered at the

beginning of July – for meeting the challenges of cloud & devops adoption.

Questions

Appendix

Supporting documentations for questions