Higher Ed Cloud Forum – Lightning Round #1

Phil Robinson – Cloud Progress at Cornell Student Services IT

First AWS account – July 2015 – adopted a cloud first strategy. Now have about 30 apps on AWS (migrations, rewrites, new apps). Automate with Jenkins and Ansible. Retiring on-prem VMs.

Custom class-roster app, used by students to decide what to take. Added central syllabi feature this year. Using SNS+SQS as message bus, orchestrating events; CloudFront delivery for syllabi; On fly ClamAV scans on upload; ElasticSearch for searching; SES for notifications by email. Developed in 3632 hours.

Looking towards containerizing and VDI.

Gerard Schockley – BU iPaas RDS AWS

IPaaS ODS in RDS – integration service designed to integrate many data feeds into SnapLogic platform. Operational Data Store. Using AWS Aurora.

Bob Winding – Cloud Automation Journey

Most fully automated in GovCloud project. CloudFormation (VPCs, IAM, Security Groups, Centralized alerts); ANsible and CloudFormation for server builds; Consol federation with ADFS; Consistent process for all project accounts; new project account in a couple of hours; decentralized maintenance of CF Templates.

Penn –

What does “cloud native” mean at Penn?

Case study 1 – online giving portal: Data ETL (Talent); to Postgres RDS (fundraising metadata); S3 / Cloudfront; to Oracle on prem. Near real-time

Case study 2: Service ordering (VDI and Backup requests). On prep powershell makes changes in AD groups, sends messages through SQS

Case study 3 – Device registration. On prep registration; does API keys in Lambda

Sara Jeanes – Considerations in moving HPC workloads to the cloud

Initial framing questions: Do they have a preference for which cloud provider (do they have credits, different tech); Is there a multi-cloud resiliency need?

Workload questions: Can it be interrupted (use spot instances), large workloads firewall considerations (ScienceDMZ);

Jeff Minelli – Penn State – CloudCheckr enabling transparency at Penn State

Gain insights into financial transparency, spend optimization, resource utilization and right-sizing, cost allocation, best practices, security & compliance, collection and unification of AWS API data, continuous monitoring, reporting and alerts

Working with CloudCheckr to enable SAML. Basic group email notifications. Configuration of $100 spending alerts.

Trying to get CloudCheckr into InCommon.

Network Firewall Policies for Hybrid Cloud – Brian Jemes – University of Idaho

In cloud managing firewalls with server tags. Gets complicated when managing across on-prem and cloud. On prep have Cisco tools to manage ASA firewalls.

Options: manage hybrid cloud policy in on-prem firewall; manage hybrid policies with traditional firewalls in cloud; develop a hybrid tool.

Looking at a startup called Bracket Computing – cloud firewall policy manager. brkt.com – Provides micro-segmentation.

John Bailey – Washington University (St. Louis). Cloud IAM

Balance between security and usability. Enhncing usability with SPNEGO integrated auth. leverages kerberos token from machine login to perform a web SSO login, making the web login invisible to the customer.

Lou Tiseo – how categorizing resources help to understand cloud usage

Requiring seven different tags. Using Cloudyn management dashboard. Helped save costs by using reserved instances.

Chris Malek Caltech – Automation tools for AWS ECS and Batch

deployfish – configure almost all aspects of an ECS services (load balancing, app autoscaling, volumes, environment, etc). They’ve open sourced it. Create, inspect, scale, update, destroy and restart ECS services with single commands; manage multiple environments (test, qa, prod, etc). Integrates directly with terraform.  YAML driven

batchbeagle — allowing people to manage AWS Batch. Create, update, disable, and destroy queues. Create, update, disable, and destroy compute environments. Create job descriptions. Submit and manage jobs, etc.

Amanda Tan – Washington

Enabling cost notifications on AWS. Cost monitoring is difficult – should be zero effort. Two prong attack: auto-tag resources, send email notification with total spend and resource usage daily. Cloud Formation Template sets up Cloudwatch which invokes auto tag lambda function. AutoTag tags resources with owner and principal-id. Notification works off DLT billing records, provided in S3 buckets twice a day.




Cloud Forum 2016 – Cloud DevOps and Agile, 1 Year In

Melanie McSally, Ben Rota – Harvard

Cloud Program since February 2015 – Migrated 285+ applications (43% of goal), implemented Cloud Shield, Designed and implemented centralized cloud billing. Only 42 apps were lift and shift. Even simplest migration ends up having lots of refactoring.

All new applications have been put in the cloud

IdM team realizing $8500/month in savings by using elastic sizing of resources

Lessons learned –

  1. Get security and network design right as early as possible. Goal was to make cloud security as good or better than on premise
  2. Moving to cloud is 2 parts culture : 1 part technology. Be prepared to answer basic, non-technical questions – If things are working fine now, why move? Will cloud really save money? I understand cloud is the future, but we’re really busy! Doing thing the right way takes too long!
  3. You won’t do as well when you have to split your focus. When things get migrated, the app teams have to manage in two environments. Better to migrate entire portfolios at once.
  4. Everyone is accountable for the cloud – teams need a shared vision, shared goals, and aligned priorities. Corollary: When teams come forward really fast, it’s likely because they have a technical challenge you might not want to touch. Understand training needs of those you work with, before you get there.
  5. Communicate, communicate, communicate! Create a unified baseline understanding. Build partnerships to figure out the questions. Be open and transparent. Address the workforce fears up front.
  6. Don’t max out all the dials at once! Started with new program with new teams, new technology (Cloud), new management, and new processes (Scrum). In retrospect would have provided more help for the team. They didn’t have developers in their cloud program – they would change that if doing it over.
  7. Migrations + engineering + operations = impossible. Recommendation is to create small teams and have them focus on a specific goal. Separated migrations from operations. Operations will quickly consume all capacity.
  8. Cost savings take time to actualize. Learning how to manage costs in the cloud takes time. Could save money if they could close the data center (power and real estate expensive in Cambridge), but in a shared environment that’s hard. Push other benefits of cloud.
  9. Don’t forget about cost management.
  10. Be open to changing your strategy when new information presents a better way.