Henry Gao, Public Cloud COE Lead, ING Australia
Many CIOs would put ‘Cloud-first’ as one of their most critical strategy. It is an approach to cloud computing that involves the adoption of cloud technologies for all new applications, platforms and infrastructure, a strategy that prioritizes cloud computing services over legacy IT systems. Australia’s big four banks claimed that more than 70 per cent of their computing workload is on public cloud. However, all of them still have to schedule “customer down time release”. So what can be the common challenges for them?
One big missing pillar here could be Automation! 'Automation' is not the same thing as 'building things yourself when you can buy off the shelf', Automation is something like putting things that you buy together to become something unique that gives the business competitive advantage.
Automate Infrastructure, automate platform, automate your full application stack’s release process and automate security. By putting them together, you create the unique business competitive advantage! Following examples are the patterns that you can adopt in your infrastructure, application and database automation design.
Infrastructure Automation design:
The starting point is Infrastructure, it is your foundation. This can help you achieve two major business goals:
1. The DR (disaster recovery) solution. If you can rebuild your full infrastructure automatically in a short time, you are close to achieving your DR target.
2. Infrastructure automation is the foundation for you to achieve Zero day vulnerability. Furthermore, adopt immutable infrastructure pattern in the enterprise application design.
This example uses Terraform to automate your AKS (Azure Kubernetes Service):
You have AKS Prod cluster 1 as your running production. When you need to update or patch your AKS platform, you create AKS Prod cluster 2. Redeploy all applications on cluster 2 and switch your cluster 2 as running production. Development environment is designed the same way so there’s no down time for developers when you update development platform.
Application automation design:
Infrastructure alone will not help you to achieve the end goal. The next step is automating your applications. We use a containerized micro service application to demonstrate what you should considered when you design the application automation. This process includes your Docker base image (your company’s hardened SOE image), OS (Operating System) patching, vulnerability patching, application build automation and security scanning. When the application Docker images are built into your Docker registry, you can use DevOps tools such as Azure DevOps to orchestrate your application deployment to AKS cluster. Following is an example of container application build process you can apply to your environment. It integrates code quality check and security scanning as a typical DevSecOps implementation
Database automation design:
A common mistake for many is neglecting database automation. Before we introduced automation in our environment, we experienced manual database execution errors almost every quarter, if not every month. These errors affected our application availability, sometime even caused direct financial lose. Automation not only helped us remove the chance of manual mistakes, but also improved our SQL change efficiency by more than 80 per cent. Application releases rely on database changes. You would not be able to achieve a complete release-automation without database automation. Following implementation demonstrates an integrated SQL deployment automation tooling in the build and release pipeline.
Build Automated Reporting to Help you Analyse Usage Pattern and Resource Consumption, Making it Possible to Perform Further Tuning of Compute and Storage Usage with Confidence, Optimizing your Cost/ Value Ratio, Without Sacrificing Application Performance
The automation design principle remains the same regardless if it is on premise data centre or in public cloud. Using the design principle, take advantage of the cloud native functionality to optimize your implementation.
Automation help you optimize public cloud cost from day 1:
This is one key lesson-learnt item for our development and testing environment configuration running in the cloud. As part of the cloud migration project, you need to design start up and shutdown processes to ensure the VM (virtual machine) only up during the time the delivery team need them. Provide a self service portal so that the development squads are not bottlenecked waiting for intervention from infrastructure team. Also build automated reporting to help you analyse usage pattern and resource consumption, making it possible to perform further tuning of compute and storage usage with confidence, optimizing your cost/value ratio, without sacrificing application performance.
In summary, we conclude that Cloud-First strategy is incomplete without Automation strategy. As automation matures, it transforms from something that you have to maintain, into building-blocks for more ambitious projects.
