İTÜ GATE Startups - Maturity Assessment | Creative Commons CC0 - Attribution License | 2017-04-06 | Page 1 SiliconValley-grade IT IT & Cloud Maturity Assessment for iTÜ GATE Startups Hasan Basri AKIRMAK Mentor at ITU Çekirdek, Cloud Evangelist at Ericsson https://www.linkedin.com/in/hasanbasriakirmak / Engin Deveci Cloud Evangelist at Ericsson https://www.linkedin.com/in/engindeveci / Engin Polat Cloud Evangelist at Microsoft https ://www.linkedin.com/in/polatengin/ Beta
39
Embed
Silicon Valley Grade IT and Cloud Maturity Assessment for Startup Ecosystem in Turkey
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
This session was presented in ITU GATE, http://www.itugate.com/enThe Istanbul Technical University Startup Acceleration Program in Istanbul, on April 6th, 2017.
“When a startup begins to take off, the technical requirements for data, computing, and networking skyrocket. At GV, we’ve built a team that lives for these challenges. They’re a group of experts with a track record of working at massive scale, and they love to help.”
— Graham Spencer
General Partner at GV
Why is IT a Strategic Asset?Google Ventures Engineering Support
“Startup is not an IBM, but a smaller version. All the tools are divide by zero. You have customer development team. (Including engineers) and you need to sell)”
— Steve Blank, Stanford University
[4 steps to epiphany]
Why is IT a Strategic Asset?Life Cycle of a Startup & the IT Impact
Our view: IT is different. Transitioning the technology
infrastructure from something designed for learning &
discovery to a well-oiled engineered machine later is
expensive.
Effective IT can decrease the breadth and depth of the Death Valley Curve.
planning, deployment, integration & use in support
of digital business
InnovationMore flexible and agile ways of working that will form the basis for an effective digital
business
5 Pioneering
1 2Source: Ericsson analysis
AS IS Digitalization Maturity(Confidential Data Removed)
Scope of
Assessment
3 64 5
L1: A digital-specific, ICT architecture exists or is being developed. Existing or planned digital architecture has been evaluated based on a recognised industry reference to support digital.
There is a process to evaluate IT investments based on their alignment to the digital strategy.
L2: Changes to ICT are ongoing - tactical investments are aligned to target architecture.
Platforms are being deployed to support digital services, e.g. Cloud Infrastructure, Management & Orchestration Platform.
An integral API and security strategy for supporting services (including 3pp) is being defined.
Support systems are being implemented to support digital services, e.g. self service provisioning
– Understanding Your Priorities – Cloud adoption snapshot. Drivers and Inhibitors Check
– Why IT as Strategic Asset – Startup Death Valley. Google Ventures
– Maturity Model Overview – Technology & Operating Model Dimensions
– Approach – RFI, Deep Dive Workshop, Vendor Balanced View
› Part 2
– Key Cloud Characteristics – Components & Best Practices for Technology & Operating Model
–Elasticity, Pooling, Measured SLA, Broad Access
– Security, Service Dev & Ops – Approach & Best Practices
› Part 3
– Cloud Service Overview – Google, Microsoft and AWS
– Reference Architectures – Google, Microsoft and AWS
– To Be Architectures – Technology & Operating Model Roadmaps
– Wrap up – Q&A and Next Steps
Creating a software system is a lot like constructing a building. If the foundation is not solid there might be structural problems that undermine the integrity and function of the building.
When architecting technology solutions, do not neglect the four pillars of security, reliability, performance efficiency, and cost optimization. Long Tail
Following sections elaborate on NIST definition of essential cloud characteristics, by
› highlighting IT components
› identifying best practices and guiding principles
› listing relevant services from 3 major public cloud providers
We encourage startups to use them as checklist for cloud adoption, enterprise architecture development with focus on business process automation and integration.
Create a program for security, privacy, compliance & risk management. Do account governance, data classification, asset management & compliance (ISO27000 ISMS or Security controls based on CSA CC Matrix
Create a security architecture and consider
IdAM, Infrastructure protection (API GW, WAF,
OS hardening), and Data Protection to protect
data in transit and data at rest.
Provide full visibility and transparency over the
operation using a single logging & monitoring,
security testing and change management: SOC.
Protect workloads and mitigate threats and
vulnerabilities management using automated
incident response and recovery and via analytics.
Incorporate top down security policies into the DevOps cycle and implement Programmable and Automated security controls into CI/CD proceses
based goals, also architect for recovery behavior.
When measuring service performance, include
3PP API and services.
Make your tasks specific, and test your BC plan
for every possible failure, underperformance
case including HW, OS, DB, Network resources.
If you discard data too soon, or if after a period of
time your monitoring system aggregates your
metrics to reduce storage costs, then you lose
important information (baseline, seasonality…)
You don’t care if an ephemeral instance goes
down, but you do care if latency for a given
service, category of customers, or geographical
region goes up. Tagging helps in identifying
SMART Goals
Design for E2E Recovery
Test Everything
Keep Long Lived
Tag Resources
Components
› Observability– Instrumenting all compute resources, apps, and services with ‟sensors” that report metrics.
– Making those metrics available on a central platform, where observers can bring them together to reconstruct a full picture of the system’s status and operation.
› Dynamic Behavior– Fire off an alert when a metric crosses a set threshold.
– Offer flexible alerts that adapt to changing baselines, relative change alerts, automated outlier/anomaly detection
› . Service Level Measurements– DR approaches: Backup/Restore, Active Standby, Active-Active.
Service-interrupting events can happen at any time. Your network could have an outage, your latest application push might introduce a critical bug, or—in rare
cases—you might even have to contend with a natural disaster. When things go awry, a well tested business continuity plan will help you recover from these
incidents.
Measured SLAsExamples of cloud services your IT can benefit from
Microsoft Google Amazon
Azure DNS, Load Balancer, Monitoring, Logging,
Geo-replicated blob storage, Geo-replicated table
storage, Geo-replicated queue storage,
DataLake, CDN, Batch,Application Insights, Azure
Monitor, Azure Advisor
• Use a global network with full redundancy, scalability and e2e security.
• Use Cloud Storage, Cloud SQL and Big Query for data backup and recovery
• Use Cloud DNS and HTTP Load Balancer for handling fail overs, load balancing and
routing
• Create diff based backups of persistent disks using Compute Engine Instance Snapshots
• Use Stackdriver logging and monitoring to measure, monitor and take action based on
KPIs.
• Use Cloud Deployment Manager for easy environment creation
• Use Cloud Interconnect and VPN for remote backup/recovery