csra’s migration to aws govcloud (us): an all-in case study | aws public sector summit 2016
TRANSCRIPT
ENDURING VALUES. INSPIRED PERFORMANCE.®
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
John Dancy, Chief Information Officer
June 20, 2016
Cloud Adoption Speeds Divestitures, Mergers
CRSA’s 5-month journey to perform a Spin-Merge
2
Agenda
• CSRA’s Cloud Migration Story
• Legacy CSC/SRA Integration –
Cloud Enablement
• Migration Advice/Findings
• CSRA’s Future Cloud Plans
Spin-Merge Challenge
3
$4.1B*Public Sector
$8.2B*Commercial
Public Sector Financial Software
Corporate Software, Hardware,
Data Centers,Networks
IT SYSTEMS
Public Sector Administrative
Minimal IT
CorporateTax
TreasuryContractsHuman
ResourcesFinance
(CFO, Controller)
IT
Business Functions
$4.1B*Public Sector IT
Services Company
SPINCO
$5.5B* Public Sector IT
Services Company
TransitionServices
Agreements
$1.4B*SRA
* TTM revenue heading into spin/merge
Structured Approach: Data Center & Cloud Migration
4
APPLICATION DISCOVERY
OPERATIONS ONBOARDING
CLOUD ADOPTION ASSESSMENT
TARGET ASSESSMENT & ARCHITECTURE
APPLICATION AFFINITY GROUPING
MIGRATION EXECUTION
APPLICATION TREATMENTS
MIGRATION VALIDATION
OPERATIONS PLANNING
CONTINUOUS IMPROVEMENT
Business Goals & Objectives
Technical Goals & Objectives
Constraints
SHAPE
TRANSFORM
MANAGE
1
2
3
4
5
6
7
8
9
Structured Cloud Migration
5
App Inventory
Data Flow Diagram
Define Scope
Determine Strategic Objective
Current State
Analysis
Process Centric
Analysis
Future State
AnalysisRoadmap
Cloud Maturity
Map
Documentation
Discovery Tools
System Owners
PUBLIC CLOUDON PREM SaaS
APPLICATION DISCOVERY
CLOUD ADOPTION ASSESSMENT
TARGET ASSESSMENT & ARCHITECTURE
OPERATIONS PLANNING
1
2
3
4
SHAPE
SHAPEWhy AWS GovCloud (US)?
6
Self-Service Infrastructure Provisioning to Match our Pace
FedRAMP Compliance
Protect PII datato DoD Impact Level 4
Customer Service and Partnership
Migration Targets, Approach
7
• Physically move workloads to 2 new Data Centers
• Build New CSRA Software Defined Network
• WAN cutover• Build IT Staff & Capability,
Interim Policies• Build a new Security
Architecture• Resolve Underlying
Architecture Issues
• Move all x86 Workload to Amazon Cloud
• Extend CSRA Network to AWS
• Use Racemi to Perform Server Image Copies
• Use IBM for Lotus Notes Hosting
• Replicated 38 Subscription/SaaS Instances
CSRA IT Capabilities Cloud
• Minimum Viable Capability• Shadow IT Discovery• Lotus Notes Applications• Negotiate ~500 Vendor &
License Agreements• 10 Releases – Completed
Ahead of Spin-Merge
Application Migration
Once in a lifetime opportunity to rethink and rebuild everything
SHAPE
Structured Approach: Data Center & Cloud Migration
8
APPLICATION DISCOVERY
OPERATIONS ONBOARDING
CLOUD ADOPTION ASSESSMENT
TARGET ASSESSMENT & ARCHITECTURE
APPLICATION AFFINITY GROUPING
MIGRATION EXECUTION
APPLICATION TREATMENTS
MIGRATION VALIDATION
OPERATIONS PLANNING
CONTINUOUS IMPROVEMENT
Business Goals & Objectives
Technical Goals & Objectives
Constraints
SHAPE
TRANSFORM
MANAGE
1
2
3
4
5
6
7
8
9
Migration Approach
9
APPLICATION AFFINITY GROUPING
Rehost / AWS GovCloud (US) Treatment:• Automated Tools – best route
was to use our partners to help• Racemi Dynacenter tool &
methodology: Discover, Capture, Clone, Configure
• AWS Import/Export• Some Straight Rebuilds where
automation was not possible
MIGRATION EXECUTION
• Connectivity, Regression Tests• Performance Baseline Comparison• ~10,000 Test Cases / Tests• Release Strategy & Go-No Go Decision• Go Live Support and Hyper-care
MIGRATION VALIDATIONAPPLICATION TREATMENT
5
6
7
8
App Inventory
Data Flow Diagram
ON PREM
AWS GOVCLOUD (US)
SaaS
REFACTOR
CONVERT
REBUILD
REHOST
REVISE
Impact
Affinity Group N
Dependencies
Dependents
Readiness
Business Goals
Analyze
Affinity Group 2
Affinity Group 1
Group
TRANSFORM
TRANSFORMCloud Architecture
10
AWS GovCloud (US) – FedRAMP
Cloud Architecture
Traffic is routed through CSRA Gateways to AWS
Using AWS Direct Connect
Amazon Virtual Private Cloud (Amazon VPC)
Strategy Reduces Risk
Spread Workload Across Two Availability Zones
Result?
11
Divestiture, IT Separation, set CSRA up for even
stronger move to cloud, SaaS,Systems Integration, Software Defined Everything
SUCCESS
Structured Approach: Data Center & Cloud Migration
12
APPLICATION DISCOVERY
OPERATIONS ONBOARDING
CLOUD ADOPTION ASSESSMENT
TARGET ASSESSMENT & ARCHITECTURE
APPLICATION AFFINITY GROUPING
MIGRATION EXECUTION
APPLICATION TREATMENTS
MIGRATION VALIDATION
OPERATIONS PLANNING
CONTINUOUS IMPROVEMENT
Business Goals & Objectives
Technical Goals & Objectives
Constraints
SHAPE
TRANSFORM
MANAGE
1
2
3
4
5
6
7
8
9
CSRA IT Integration Focus Areas
13
• IT integration projects will lead CSRA to define corporate operating model.• Early emphasis on application integration, foundational architectural elements.• “Adopt and Go” – select best business system implementation and scale to serve entire corporation.
Network, Security and IDAM
Collaboration
Finance
UCS (AD, Email, Skype and SSO)
Human Resources
Sales Contracts
Build IT Foundation & Operating Model
Core Planning Principles
MANAGE
MANAGETwo-Part Move to Integrated Architecture
14
Legacy Final
Shared: Resources, Services, Trust
Interim
Legacy CSC (now CSRA)
Phase I (Interim State) Activities▪ Establish IT Org, Policy, Procedures▪ Establish baseline security measures;
remediate issues in either legacy architecture▪ Establish shared resources & trust▪ Build final architecture▪ Integrate core Business Systems▪ Asset discovery
Phase II (Final State) Activities▪ Establish Joint Operations▪ Move all IT Servers, Workstations, Services to
the CSRA Domain (High Complexity)▪ Shift to normal Run & Maintain Operations
MANAGEEnd State Architecture
15
• AWS Well Architected Program•Improved High Availability and Security Posture
•Simplified, Optimized Architecture
•Accomplishments•Streamlined VPCs to support enterprise architecture strategy
•Migrated from our initial state to CSRA end state VPCs
•Deployed scalable Development and Test environments
•Streamlined VPC deployment for rapid CSRA managed tenant onboarding
•Sanitized legacy data
MANAGEHybrid IT Architecture Delivers Flexibility, Agility
16
•Create multiple enclaves across both AWS and CSRA infrastructure
•Benefits: Serves internal and
external customers
Flexibility to provide multiple security models to meet each tenant’s requirements.
Rapidly deploy and scale AWS hosted enclaves
Corporate EnclaveSaaS
Apptio
Concur
Salesforce
Workday
ServiceNow
Business Applications
HR
Finance
Collaboration
Sales
Security Services
Back Office Services
Mobility Services
Leveraged Enclave
Security Services
Application Services
Infrastructure Services
Network Services
Customer Enclaves
On Prem PaaS / CloudAWS GovCloud (US)
AWS GovCloud (US)
Okta (SSO)
AWS Migration – Advice / Findings
17
• Today: ~40% of CSRA’s workload is in Cloud or SaaS. • Cloud is used for hosting critical IT capabilities & business systems (HCM,
Payroll, Management Servers)…
it is an integral part of CSRA’s IT architecture.
AdvantagesCost Flexibility Safety Net Application Architecture
Lessons Learned• There is no magic bullet for an enterprise
migration – leadership, planning, technical discipline will get you there
• Plan for Bandwidth!• Automation cannot migrate everything• Re-IPing may be required• Listen to your partners… they’re experts!
Cloud is an Enduring Element of CSRA’s IT Strategy
18
2016 2018 2021
60%20
%
20%
50%30%
20% 35%
40%
25%
CSRA On Premises
CSRA IT Roadmap
AWS / Public Cloud
SaaS
ENDURING VALUES. INSPIRED PERFORMANCE.®
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you