Culture of Innovation –Thinking BackwardsWith AmazonRalf Kleber
Country Manager Amazon Deutschland
Frankfurt, February 2017
Invention comes in many forms and at many scales. The most radical and transformative of inventions are often those that empower others to unleashtheir creativity – to pursue their dreams.
Jeffrey P. BezosFounder and Chief Executive OfficerAmazon.com, Inc.
…
TheInstitutional
YES!
OUR MISSIONwe want to be earth’s most customer centric company
TheInstitutional
YES!
OUR COMMITTMENTwe make our customers’ lives easier
EARTH’S BIGGEST SELECTION the store where customers can buy what they want, not what the store offers
Prime Memberships as % of Households
13Amazon Confidential
TheInstitutional
YES!
TheInstitutional
YES!
WHERE INNOVATION STARTSwe start with the customer and work backwards
TheInstitutional
YES!
»Customer Obsession“Start every process with the customer and work backwards.”
»Long Term Thinking“Be stubborn on the vision but flexible on the details.”
» If you want to be inventive, you have to be willing to fail.“We are willing to go down on a bunch of dark alleys and occasionally we find something that really works.”
»You have to be willing to be misunderstood for a long time.“We are very comfortable being misunderstood.”
Our culture of innovation
Every one of us is a leader on our mission
TheInstitutional
YES!
STUBBORN ON THE VISIONbut flexible on the details
amazon vertraulich
TheInstitutional
YES!
WILLINGNESS TO BE MISUNDERSTOODfor a long period of time
amazon vertraulich
TheInstitutional
YES!
WORKING FROM THE CUSTOMERbackwards
TheInstitutional
YES!write the press release
TheInstitutional
YES!write the FAQ
TheInstitutional
YES!define the user interaction and write the manual
TheInstitutional
YES!
*NOT* BEHIND THE SCENESwe do make mistakes
TheInstitutional
YES!
TheInstitutional
YES!
THANK YOUdankeschön
THE ROLE OF LEADERSHIP IN DRIVING AGILITY AND INNOVATION
Dr.-Ing. Rainer KallenbachCEO Bosch Software Innovations GmbH
Bosch Group: Technology to enhance quality of life
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.2
Four business sectors Key Facts (2015)
manufacturing sites223
associates incl. 55,000 in R&D375,000
in sales€70.6 billion
Consumer Goods
Industrial Technology
Energy andBuilding
Technology
Mobility Solutions
Bosch Software Innovations GmbH -IoT Software and Systems House
> 750 IoT experts
in 10 global locations
Bosch Software Innovations GmbH
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.3
We help you on the way into IoT….… to your new services & solutionsFrom your idea …
Identifying & developing IoT
business opportunities
Creating a working prototype to
evaluatetechnical feasibility
Agile development of solutions for the
mass market
Fast realization of minimum viable products to test
product ideas and get early customer
feedback
Defining core requirements and
creating a visual modelon functionality, user
experience, and business value
Solution hosting including first,
second and third level support
IoT businessmodel
Minimumviable product
Cloud Hosting and operations
SolutionDevelopment
Consulting Proof ofconcept
THE INTERNET OF THINGS:FUNDAMENTAL CHANGESIN OUR BUSINESS
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.5
We are living in a highly connected world …
World population People with internet access
0.04 billion 0.75 billion > 6.6 billion
Connecteddevices
1995
of 5.7 billion people...... 0.7% are online
2005
of 6.5 billion people...... 15% are online
of 7.3 billion people...... 75% are online
2015
Web 3.0/4.0 “Internet of Things”interconnecting also objects of everyday use to create- Industry 4.0- Connected Mobility- Smart Home …
Web 1.0 “Classic Web” connecting enterprises/ organisa-tions with people, rather static- Homepages- E-Commerce ≈1990
Web 2.0 “Social Web” interconnecting also people, dynamic interaction between common users- Blogs, Social Communities- Platforms like Facebook,
Twitter, YouTube… ≈ 2005
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.6
Vision: Connected World
Industry Mobility Smart HomeEnergy Smart City
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.7
Enabler: miniaturized, low power sensors “Moore’s Law” in MEMS*:
*MEMS: Micro electro-mechanical systemsSource: Bosch Sensortech, www.bosch-sensortec.com
200620102007 2013
2005 2006 2007 2010 2013
Bosch Sensortec 1st
with 1.2 x 1.5 mm2
Bosch Sensortec 1st
with 2x2 mm2
Bosch Sensortec 1st
with 3x3 mm2
Continuously shrinking size / footprint reducing power consumption
Bosch – world’s leading manufacturer Producing sensors on industrial scale
since 1995 Six billion MEMS sensors produced 100% in-house from MEMS design to
manufacturing
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.8
Nobody can do it alone: Bridges between different worlds required This is not only a technical task: different business, development
and operational paradigms need to be brought together
Cloud technology playing a central role as enabler
Web
2.0
People
Mobile Devices
EnterprisesEnterpri-se(s)
Things
„Embedded Systems“ „Enterprise IT“ „Consumer IT“
SaaS: IoT ApplicationsPaaS: i.e. Bosch IoT SuiteIaaS: Cloud Infrastructure Operations
„IoT Cloud(s)“
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.9
Giving birth to new services
Complement and strengthen traditionalhardware product business
Grow with potentially disruptivebusiness models
Higher margins and differentiation throughproduct-related services
Will everything become a service?
Margin
Time
Service
Product
Thing
Thing-basedFUNCTION
Connectivity[HW | SW] [Physical | Local]
DigitalSERVICE[Digital | Global]
Prof. Elgar Fleisch, 2010
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.10
Digital Service Challenge: “Software is eating the world” [Marc Andreessen, 2011]
Facebook is the world's biggest and
most up-to-date registration office
–without legal regulation.
Airbnb is the world's biggest hotel chain
–doesn't own a single room.
Amazon is the biggest book store
–without a single
bookshelf.
Pixar has won16 Oscars
–never employed
an actor.
Uber is the biggest cab operator
–doesn't operate a
single car.
TAXI
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.11
From Physical Products to Digital Services
Hybrid Product Scheme: Prof. Elgar Fleisch, 2016
Example: EV Charging
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.12
New Business Chances for BoschConnected Energy and Building
Connected Industry & Logistics(“Industry 4.0”)
Connected Home
Connected Mobility
The Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.13
Success Factors in a Networked EconomyCloud
Connectivity
Software
Eco-systems
Horizontal Integration
Open Source
Agility
Strong Customer Relations
Cultureand
Leader-ship
Fast Innovation
Cycles Develo-pers
Tech Know How
New Business Models
HOW DO WE PREPARE AT BOSCH ?
Bosch in the Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.15
Bosch is active on three layers
One Bosch IoT platform connecting ALL domains: mobility, home, industry, energy
New Services & Applications
Divisions
Smart Things
Divisions
IoT Middleware & Cloud Platform
Bosch Software Innovations
Bosch IoT Cloud
Bosch in the Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.16
Cloud-based microservices make complex IoT applications easy
SaaS
IaaS
PaaS
Storage Network SecurityCompute
Connected home & building
Connected mobility
Connected cityConnected energy
Connected industry
Marketplace
Bosch IoT Cloud Base Services
Things Rollouts Remote Manager Hub
Integrations AnalyticsPermissions Rules
Bosch in the Internet of Things
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.18
Innovative cloud-based solutions across all domains
WHAT DOES THIS MEAN FOR LEADERSHIP ?
New Organisations for Innovation and Agility
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.20
Some Bosch ExamplesBosch Software Innovations
GmbH www.bosch-si.com
Bosch Connected Devices and Solutions GmbH www.bosch-connectivity.com
Bosch Start-up GmbHwww.bosch-startup.com
Bosch Venture Capital GmbHwww.rbvc.com
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.21
Fast = Central
Hierarchy = Fast
Yesterday …
© Robert Bosch GmbHSpark plug production, 1920
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.22
Today …
Iterative
Flat© Robert Bosch Software Innovations GmbHAgile Software Business, 2016
Bosch Software Innovations
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.23
Agile DevOps Teams 2 Leaders instead of oneBusiness Responsibility at
working levelSpeed & FreedomDecisions regarding
Technology and TeamPerformance always
transparent and visible
Bosch Software Innovations
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.25
The Role of Leadership in an Agile Organisation
Bosch Software Innovations
Bosch Software Innovations GmbH | INST/P | 12.01.2017© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.27
Agile Leadership & People are Key for Success
collaboration
empowered
leadership
organization
trust interactionadaptRespon-
sibility
speed
teams
self
changeto
learn frommistakes courage
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Taimur RashidDirector, AWS Platform Business Development
January 26th, 2017
The Importance of Innovation & Culture
Innovation is Everywhere
Amazon is innovating across many domains
Drone Development
Advanced Shopping
Kindle Reader In-house Entertainment
Grocery Delivery
Video Streaming
Home AutomationCloud Computing
“SignAloud”: Translating Sign Language to Speech
• Bluetooth enabled gloves
• Records hand position and movement
• Uses deep learning to match gestures with words
• Text to speech
Innovation is Creativity with Execution
« Invention requires two things: the ability to try a lot
of experiments, and not having to live with the
collateral damage of failed experiments »
Andy JassyCEO
Amazon Web Services
How to Create a Culture ofInnovation?
Innovation is Not a Goal,it’s an Ongoing Process
30 missions prior to Apollo 11 moon landing
50% failed!
Learn from mistakes
Success comes after iterations
Innovation Requires Commitment
Inspire Your People & Give thema Sense of Purpose
« We reach for new heights and reveal the
unknown for the benefit of humankind »
What is NASA’s Vision?
« We're a company of pioneers. It's our job to make bold bets, and we get our energy from inventing on behalf of customers. Success is measured against the possible, not
the probable. »
Identify and Understand Your Company’s
Culture
Formulaic
Well-defined VisionProcess-Oriented
Over-optimized on team coordinationValue system above breakthroughs
“Play it safe, keep the customer base”Entrepreneurial
Primary Inventor Scrappy
Autonomous teamsDisruption vs incremental growth
“Go big, or go home”
vs
10+ Years Later…Circa 2006
Everyone Should Know the Company’s Growth Strategy
Amazon’s Growth Flywheel
Value
Selection
Convenience
Intuit’s Innovation Approach
Design for Delight
Create Mechanisms for a“Learn & Be Curious” Culture
Too Much to Learn : Rapid Pace of AWS Innovation
61 82159
280
516
722
1000
0
200
400
600
800
1000
1200
2010 2011 2012 2013 2014 2015 2016
New
features
and/or
services
~
Mechanisms for Continuous Learning
Introductory videos
Certifications
Instructor-led courses
Online self-paced labs
AWSome Days
Encourage Experimentation
Adobe’s Innovation-in-a-box Program
Kickbox program to boost Internal innovation:
$1,000Notebooks and Post-its
Chocolate Starbucks card
Create a Structure for Unstructured Innovation
Atlassian’s ShipIt Days
24-hour hackathon to
work on anything related
to Atlassian products
and ship it in 24 hours
Make Your Technology & ToolsAvailable as “Self-Service” Platforms
“We are creating powerful self-service platforms that allow thousands of people to boldly experiment and
accomplish things that would otherwise be
impossible or impractical."
Self-Service Platforms without Gatekeepers
HYBRID
ARCHITECTURE
Data Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
MARKETPLACE
Business
AppsDatabases
DevOps
ToolsNetworkingSecurity Storage
Business
Intelligence
ENTERPRISE
APPS
Virtual
Desktops
Sharing &
Collaboration
Corporate
Backup
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Queuing &
Notifications
Workflow
Search
Transcoding
One-click App
Deployment
Identity
Sync
Mobile App
Testing
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
API
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
Single Integrated
Console
TECHNICAL & BUSINESS SUPPORT
SupportProfessional
Services
Account
Management
Partner
Ecosystem
Solutions
Architects
Training &
Certification
Security &
Billing Reports
GAMING
3D Game
Engine
Character
Designer
Multiplayer
Service
Twitch
Integration
Cloud
Integration
RegionsAvailability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling, Load Balancing,
Containers, Cloud functions
StorageObject, Blocks, File,
Archivals, Import/Export
DatabasesRelational, NoSQL,
Caching, Migration
CDN NetworkingVPC, DX, DNS
Access ControlIdentity
Management
Key
Management &
Storage
Monitoring
& Logs
SECURITY & COMPLIANCE
Resource &
Usage Auditing
Configuration
Compliance
Web application
firewall
Assessment and
reporting
Most Robust, Fully-Featured Technology Infrastructure Platform
Measure Your Progress
“Our theories determine what we measure.”
– Albert Einstein
Identify your assumptions
Look beyond your frame of references
Be a “Culture of Metrics”
A/B test for optimization
Improve and iterate quickly
Measure, Improve, and Iterate
Jointly Recognize & Reward Innovation
Share and Give Back to Innovation
AWS “This is My Architecture” Talks
Innovation from the AWS Ecosystem
Netflix Open Source
Software Center
Big Data
Build and Delivery Services
Content Encoding
Pinterest Engineering
Application Configuration
Secrets management
MySQL Management Tools
Airbnb OpenSource
Machine Learning
Workflow
WebUI
Stay Focused on Your Vision
« We've had three big ideas at Amazon that we've stuck with for 20+ years, and they're the reason
we're successful: put the customer first, invent, and be patient »
Jeff BezosCEO and Founder Amazon.com, Inc
Thank you!
Remember to complete
your evaluations!
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Protection & ComplianceInnovations in Information Security and Data Protection
Chad Woolf, Director, Risk & Compliance
26.01.17
What to Expect from the Session
Discussion about AWS scale, security, and Germany C5
Three examples of how we deal with massive scale in compliance
1. Access Management
2. Change management
3. Vulnerability management
For each example:
• AWS Services that we utilize for operationalizing compliance
• Lessons learned
Amazon CloudWatch AWS CloudTrail AWS Lambda Amazon API Gateway Amazon Redshift
Scale, Complexity,
Security
AWS: Huge Scale
AWS Security: A Very High Bar
AWS: Complex System?
Gall’s Law:
A complex system that
works is invariably found to
have evolved from a
simple system that worked.
A complex system
designed from scratch
never works and cannot be
patched to make it work.
You have to start over with
a working simple system.
+ C o m p l e x S y s t e m s
+ Highest Security Bar
= Impossible Task
(in a manual world)
Huge scale
Customized, Customer-centric Approach
7,710 Audit
Artifacts
40+
services
2,670
Controls
3,030 Audit
Requirements
Designed and released by the BSI in February 2016, the C5 control set offers additional assurance to customers in
Germany as they move their complex and regulated workloads to Cloud Computing Service providers such as AWS.
The following international standards had been taken by BSI into account:
• ISO/IEC 27001:2013 (ISO - International Organization for Standardization)
• CSA Cloud Controls Matrix 3.01 (CSA - Cloud Security Alliance)
• AICPA Trust Service Principles Criteria 2014 (AICPA - American Institute of Certified Public Accountants)
• ANSSI Référentiel Secure Cloud 2.0 (Draft) (ANSSI - Agence nationale de la sécurité des systèmes d'information)
• IDW ERS FAIT 5 04.11.201 (draft statement on accounting: "Grundsätze ordnungsmäßiger Buchführung bei Auslagerung
von rechnungslegungsrelevanten Dienstleistungen einschließlich Cloud Computing" [Generally accepted accounting
principles for the outsourcing of accounting-related services including cloud computing], version of 4 November 2014)
• BSI IT-Grundschutz Catalogues, 14th version 2014•
• BSI SaaS Sicherheitsprofile 2014 [BSI SaaS security profiles 2014]
Cloud Computing Compliance Controls Catalogue
Mapping table https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ComplianceControlsCatalogue/Referencing_Cloud_Computing_
Compliance_Controls_Catalogue.pdf
C5 =
IT-Security standards as the BSI C5 catalogue
are an essential part for defining digitalization,
which can’t be successful without cyber security. The
requirement catalogue of the BSI offers the possibility for cloud
provider, to receive an attestation during a compliance audit or
an accounting with minor additional work and expense.
We are pleased, that Amazon Web Services, an international
accepted and important cloud provider received at first an
attestation according the C5 catalogue.
This shows that this standard is accepted and implemented by
the market.
BSI president Arne Schönbohm
AWS Automated Compliance
We'll walk you through 3 examples today:
1. Access Management
2. Change management
3. Vulnerability management
+ Lessons learned
Example 1: Access Management
Example 1: Access Monitoring of Critical Systems
• Problem: monitoring access to a large number of hosts
• Our response: remediation controls that evaluates who AND
what
• How we use it: monitor, validate, remediate access controls
at AWS scale quickly
• Benefit: ensure principle of least privilege access
Near real time validation
Baseline rule review
Example 1: Access Management layered controls
Critical Assets
Rules based permission management
Step 1: Principle of Least Privilege
Example 1: Step 1 Under the hood
HR
Permission
store
On-prem
hostsAmazon
Redshift
S3
AWS
Data
Pipeline
Job
Management
service
EC2 Worker
fleet
AWS
Lamdba
Group owners
Notifications
Amazon
Kinesis
Firehose
On-prem
hostsAmazon
SQS
“On prem like” environmentA
1
2
3
4
5
ETL SolutionB
6
78
9
Continuous Monitoring & Notification SolutionC
10
11 12 13
Example 1: Step 2 Under the hood
Step 2: Principle of Least Privilege
Amazon S3 Log
Repository Apache Spark
cluster
(Amazon EMR)
ETL using
Lambda
S3 bucket to
store extracted
SSH logins
Amazon Redshift
1 2 3 4 5
Example 1: Lessons Learned
• Revoke access of users who
haven’t used their access to critical
AWS resources/systems
• AWS CloudTrail + Credential
Usage Report + Service Access
Report
• Logins to your EC2 fleet vs. SSH
keys access list
Example 2: Change Management
Example 2: Change Management
• Problem: controlled automated deployment and validation of
daily deployments
• Our response: automated auditable deployment and validation
environment
• How we use it: auditor validation of our preventative and
detective change management controls
• Benefit: all changes to environment and controlled and
documented
Example 2: Under the hood
1 2 3 4 5
Example 2: Under the hood
QA & Code Review
1 2 3 4 5 6
Example 2: Lessons Learned
• AWS CodeCommit – authoritative source code
repository
• AWS CodeDeploy – controlled deployments to
instances
• AWS CodePipeline – continuous delivery of software
releases
AWS CodePipelineAWS CodeCommit AWS CodeDeploy
Example 3: Vulnerability
Management
Example 3: Vulnerability Management
• Problem: analyzing large data set of fleet information and
identifying ‘actionable’ patching data for our large fleet of
hosts
• Our response: utilize active and passive assessments to
accurately capture and identify opportunities for updates
• How we use it: utilizing 3rd-party scanners and on host
agents to reduce false positives and increase accurate
‘actionable actions’ for remediation
• Benefit: Our hosts are patched, preventing security issues
Example 3: Under the hood
Amazon
RDSAmazon
Elasticsearch
Service
Distributed
sensorsAmazon
EC2Dashboard
Example 3: Lessons Learned
• Active Scans are costly in time and resources
• False positives are hard to deal with
• Datatype definitions matter
Amazon
Inspector
Amazon
RDS
Amazon
Redshift AWS
Lambda
Amazon
Elasticsearch Service
Amazon
QuickSight
ASSESS STORE PROCESS VISUALIZE
Recap
• Our lesson learned: automate to survive.
• You have the same opportunity for these examples and others.
• AWS can be used to strengthen data protection in Cloud and on-
prem environments.
Thank you!
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scott Wiltamuth
VP for AWS Dev & Management Tools
January 26, 2017
The New Era: How to
Innovate Faster
Confluence of Industry Trends Disruption
• Cloud
• Social
• Mobile
• IoT
• Big Data
Sky High Customer Expectations
• Web + Phone + Tablet
• Secure
• Always available
• Worldwide
• High performance
• Continuously updated
• Smart use of Big Data
Growth in Developer IQ?
IQ
Time
???
Recipe for Success: Use Higher Level Services
Use Case Higher Level Service
Web Apps and Services Elastic Beanstalk
API Gateway
Compute Containers with ECS
Functions with Lambda
Big Data Elastic Map Reduce
Search CloudSearch
Elasticsearch
Batch Computing AWS Batch
Configuration Management OpsWorks
CloudFormation
Reliability
Recipe for Success: Adopt DevOps
SpeedScale
Rapid DeliveryImproved Collaboration
Security
DevOps: Culture & Organization
• Dev & Ops coming together: “no more silos”
• Shared responsibility
• Ownership
• Visibility and communication
DevOps: From Monoliths to Microservices
DevOps: Continuous Integration & Delivery
DevOps: Infrastructure as Code
DevOps: Monitoring and Logging
• Track and analyze metrics and logs
• Understand real-time performance of
infrastructure and application
• Automated alarms with escalation
= 50 million* deployments a year
Thousands of teams
× Microservice architecture
× Continuous delivery
× Multiple environments
*as of 2014
AWS DevOps Portfolio
AWS CodeCommit AWS CodeDeploy AWS CodePipeline
Continuous
Integration &
Delivery
AWS CloudFormation
Infrastructure
as Code
Monitoring
& Logging
AWS CodeBuild
AWS OpsWorks
Stacks
AWS ConfigAmazon CloudWatch AWS CloudTrail
new
new
new
AWS X-Ray
AWS OpsWorks for
Chef Automate
Is this safe?
Enterprise Controls in a Cloud Era
• Governance
• Compliance
• Risk
• Security
• Data Protection
• Cost
• Availability
Recipe for Success: Account Strategy
• Use AWS accounts for ownership and role clarity
• By Ownership
• Central IT
• Business Group #1
• Business Group #2
• …
• By Use
• Dev
• Integration Test
• Production
Recipe for Success: Guardrails
Standard configuration across all AWS accounts
• Multi-factor authentication (MFA) for root
• Identity federation with enterprise directory
• CloudTrail turned on – record of all API activity
• Config turned on – record of configuration changes
• Config Rules to encourage/enforce your policies
• Log aggregation to CIO/CSO
What is AWS CloudTrail?
AWS CloudTrail is a fully
managed service that
records API calls made on
your AWS account.
CloudTrail helps you gain
visibility into API activity,
enables you to
troubleshoot operational
issues, conduct security
analysis and meet internal
or external compliance
requirements.
Customers are making API calls...
On a growing set of services around the world…
CloudTrail is continuously recording API
calls…
And delivering log files
to customer
s
AWS Config & Config Rules
Changing resourcesAWS Config
Config Rules
History, Snapshot
Notifications
API Access
Normalized
Recipe for Success: Use Higher Level Services
Use Case Higher Level Service
Web Apps and Services Elastic Beanstalk
API Gateway
Compute Containers with ECS
Functions with Lambda
Big Data Elastic Map Reduce
Search CloudSearch
Elasticsearch
Batch Computing AWS Batch
Configuration Management OpsWorks
CloudFormation
Recipe for Success: Service Catalog
UsersAdministrator
Control
Standardization
Governance
Agility
Self-service
Time to market
AWS Service Catalog allows organizations to create and manage catalogs
of IT services and software on AWS described as AWS CloudFormation
templates. It enables users to quickly deploy approved IT services they need
in a self-service manner.
Private Catalog for Organizing and Launching Infrastructure & Software
Services on AWS
Summary
• Confluence of Industry Trends Disruption
• Sky High Customer Expectations
• Innovating Faster
• Use Higher Level Services
• Adopt DevOps
• Automate, automate, automate
• Enterprise controls in cloud era
• Guardrails for governance, compliance, and risk
• Use higher level services
Helpful Resources
https://aws.amazon.com/devops/
https://aws.amazon.com/tools/
https://aws.amazon.com/products/management/
Internet of trains –
Why change and cloud makes senseGerhard Kreß, Data Services
www.siemens.comUnrestricted © Siemens AG 2017
Unrestricted © Siemens AG 2017
January 2017Seite 2 Gerhard Kreß | Mobility Customer Services
Mobility is a backbone of our society, especially in metro areas
Rail automation for passenger
and freight services
Automated
payment systems
Mass transit and
mainline rail vehicles
Regional and
high speed trains
Services for rail
and road transport
Power supply for rail
and road vehicles
Turnkey rail
systems
Road traffic
management
Integrated, intermodal
mobility solutions
Locomotives
Unrestricted © Siemens AG 2017
January 2017Seite 3 Gerhard Kreß | Mobility Customer Services
Turn
dataInto
information
Imagine –
Your rail assets have 100 percent availability for their schedule
• Rail vehicles today send between
1 and 4 billion data points per year
• Rail infrastructure can send
billions of messages per year
inside the system
• Additional data
• Work orders
• Spare parts data
• Geographical data weather data
The data available The challenge
Ensure
100% operational
availability
And drive appropriate actions
Unrestricted © Siemens AG 2017
January 2017Seite 4 Gerhard Kreß | Mobility Customer Services
In order to implement such offerings, Siemens built a large
team of data scientists enabled by the Railigent platform
• Open and cloud based
architecture
• Scalable data storage
• In-database analytics
• Data scientists
• Implementation managers
• Technology experts
10
11
10
01
011010101101000111011010
00101011010001110110
01100110100111011010
10101011010001101110
011010101101000111011010
0110101010
1010110111
001001011
1011010111
011001111
00100101111010
01110
Management
Dispatcher
Maintenance engineer
Data visualizationData evaluationData processingData transmission
Railigent Connect
Secure data transmission
from sensor to central
data storageTurning data into value and enabling Digital Services
solutions (Smart Monitoring,
Smart Data Analysis and Smart Prediction)
Railigent
powered by Sinalytics
Advanced
algorithms
Expertise domain
Know-how
Best practises
Data management
capabilities
Human Resources
Unrestricted © Siemens AG 2017
January 2017Seite 5 Gerhard Kreß | Mobility Customer Services
Target is operational decision support –
From data access to automated generation of insights
Machine
learning
Data access Search for
patterns
Automated
insight generation
Unrestricted © Siemens AG 2017
January 2017Seite 6 Gerhard Kreß | Mobility Customer Services
Example automated failure prediction –
Bearing monitoring on a high speed train
Alarms
Simplified picture – In reality 8 machine learning models analyse the complete
drive train and help identify the exact component and the failure type
Operational applicationMachine learning
Unrestricted © Siemens AG 2017
January 2017Seite 7 Gerhard Kreß | Mobility Customer Services
Real examples show that tangible business value can be achieved
Velaro
Spain
Metro
Bangkok
Velaro
Russia
Thameslink
Class 700
Examples Achievements based on data usage
Market share gains against the plane on the route Madrid –
Barcelona due to punctuality
Availability: 99.98%
100% vehicle availability in rush hours
allows to operate without reserve trains
Availability: 99.96%
Component monitoring especially for doors
reduces delays and increases availability
Successful service provision on the route Moscow –
St. Petersburg without spare capacity
Availability: 99.99%
Unrestricted © Siemens AG 2017
January 2017Seite 8 Gerhard Kreß | Mobility Customer Services
Siemens moved its data analytics into the cloud to increase agility,
improve performance and lower cost
Railigent
• Cloud native
• Built on AWS services
• Powered by Mindsphere
Performance targets
• Data ingest >200,000 events/second
• Data volume >1 PB
• >1,000 data analytics models in place
On-premise platform
Selected performance values
• Data ingest >25,000 events/second
• Data volume between 100 and 200 TB
• <50 data analytics models in place
Started in July 2016
Development
goals
Performance 10x
Cost reduction 10x
Increased agility
July 2015
1Phase
2Phase
Unrestricted © Siemens AG 2017
January 2017Seite 9 Gerhard Kreß | Mobility Customer Services
The technology shift has not been easy to master …
• Understanding of the new technologies
recently deployed in Europe
• Mastering the large set of platform
services
Amazon PaaS layer From monolithic applications
to microservices
Fulfilling Siemens security
requirements in the cloud
• Refactoring of large parts
of key applications to take advantage of
cloud agility
• Development of microservices instead of
monolithic legacy applications
• Development of standalone security
concepts for applications fully visible in
the internet – not behind corporate
firewalls
• Development of a new IT security
approach for agile development in the
cloud
Unrestricted © Siemens AG 2017
January 2017Seite 10 Gerhard Kreß | Mobility Customer Services
… But the challenges on the business side were even more significant
• Getting all developers on board to embrace
and master AWS PaaS
• Keeping people up to speed with the new
developments/innovations in AWS PaaS
• Growing architects able to design such
platforms, linking a large set of new and
modern technologies
People Culture
• Empowering the developers for work
in an agile environment
• Working together across unit borders in a
continuous deployment setting
• Product development towards customer
focused, agile approaches
• Changing the whole unit into an agile way of
approaching topics
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thomas Blood
26 Jan 2017
Technologie und Kulturwandel
Wieviel Zeit bleibt ihnen für Produktentwicklung?
Welchen Anteil ihrer Zeit brauchen sie für Betrieb und Wartung?
…
Was wäre wenn sie 30% mehr von ihren
Ressourcen für ihre Kunden verwenden
könnten ?
Common Priorities
• Time-to Market
• Inflexible Platform
• Technical Debt
• Unplanned Work
• Customer Experience
• Collaboration
6 months per release
Months to procure/provision
60 – 80% of effort
Outages, bugs, compliance
Performance and outages
Integrating with other business
units is technically difficult
High cost & low productivity
Theorie (Momentum)
People,
Process
and
Technology
Entwicklung
Betrieb
Markt
Feedback
Produkt-
verbesserung
und Innovation
Praxis (Bremsen der Produktivität)
CCOE
Technical Debt
Resistenz
gegen die
Veränderung
Hemmende
Organization &
Struktur
Fähigkeiten &
Verfahren die
nicht ganz passen
People,
Process
and
Technology
Was tun?
Neue Prinzipien
Think Big, Start Small, Go Fast
1. Act like a start-up (that is funded and has domain expertise)
2. Embrace cloud computing
3. Use the right tool for each requirement
4. Use out-of-box functionality whenever possible
5. Create a microservices architecture
6. Enforce YAGNI (You Aren’t Going to Need It)
7. Cultivate DevOps
8. “You build it, you own it!”
9. With great power comes great responsibility!
10.With great responsibility comes great power!
Re-Invent
Monolith development lifecycle
developers
releasetestbuild
delivery pipelineapp
Conway’s Law
organizations which design systems
…
are constrained to produce designs
which are copies of the
communication structure
of these organizations
Conway in Praxis
Produkt
Entwickler
QA
DBA/DBE
Architektur Betrieb
Design
NOC
Konzept Entwicklung Produktion
Conway in Praxis
Produkt
Entwickler
QA
DBA/DBE
Architektur Betrieb
Design
NOC
Konzept Entwicklung Produktion
Conway in Praxis
Produkt
Entwickler
QA
DBA/DBE
Architektur Betrieb
Design
NOC
Konzept Entwicklung Produktion
Conway in Praxis
Produkt
Entwickler
QA
DBA/DBE
Architektur Betrieb
Design
NOC
Konzept Entwicklung Produktion
Ticketing
System
Den Monolithen dekonstruieren
developers
releasetestbuild
delivery pipelineapp
Microservice development lifecycle
developers delivery pipelinesservices
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
2 Pizza Teams
6 – 10
developersservices
Kundenverwaltung
Zahlung
Bestellabwicklung
Registrierung/Login
Feature A
Feature B
Native Cloud Architektur
Infrastruktur-Als-Code
Cloud Center of Excellence
Cloud Center of Excellence
Training
Identity
management
Asset
managementReference
architectures
Cost and account
managementHybrid
architecture
Wie fängt man damit an?
Und wie breitet man das aus?
Suche Nach dem Talent
Companies need cloud expertise now more than ever
Indeed Job Postings that include “AWS”
0
100
200
300
400
500
600
700
2012 2013 2014 2015 2016
Relative
Percentage
*Indeed.com job trends, http://www.indeed.com/jobtrends/q-AWS.html
Interne Kandidaten
Lernvermögen
Kompetenz in mehreren Programiersprachen
Erfahrung mit Scripting
Erfahrung mit Verwaltung von Betriebssystemen oder DevOps
Leidenschaftlicher Ingenieur
Fullstack Entwickler
Teils Techniker – Teils Tüftler
Jemand den andere um Rat fragen
Teamfähig
Ingenium: [schöpferische] Begabung; Erfindungsgabe
Mensch mit besonderen geistigen, schöpferischen Fähigkeiten
Ein Beispiel (2014 - 2015)
AugSep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Sep Oct Nov
Proof of Concept Complete MVP Soft Launch
Go/NoGoStart
1 Exec Sponsor
1 Architect
1 Consultant
2 Product
4 Frontend
5 Backend
+ 1 Consultant
+ 2 Product
+ 2 Mobile
+ 2 Frontend
+ 4 Backend
+ 2 Platform
MVP Launch
Gradual increase of staffing
Production Ready
Ein Trainings Beispiel
1st Training Delivered
1400 students trained
11 months
Production
Applications
TimeJan 2015 Sept 2016
0
~100
Unterstützung
AWS Partners AWS Training AWS Professional Services
Und was bringt das dann?
16MM Ledger Saving Velocity = 50 apps/qtr.
Operational CostsWorkforce ProductivityCost AvoidanceOperational ResilienceBusiness Agility
• 98% reduction in
P1/P0’s
• 77% faster to deliver
business applications
• 52% average
TCO savings
• 35% reduction in
compute assets (792)
• 15 automated bots
developed
• 80% cloud first
adoption
• 15 cloud services
created
• 50 applications
decommissioned• 8 cloud migration
parties• Improved security
posture
• Shift to self-service
culture
• Rapid
experimentation
• Reduced technical
debt• 14M YOY Savings
• Improved
Performance
• Streamlined M&A
Activity• DevOps in Practice
Progress as of May 2016
14.2M
InvestmentFocus
18
Months311 Apps
in Cloud &14M YOY
Savings
Sample outcome – GE
http://www.slideshare.net/AmazonWebServices/demystifying-cloud-economics-how-to-build-an-investment-case-for-scale-migration-to-the-cloud-business
Lessons Learned
Automate, then Automate
MoreEverything we do is with automation
in mind, from deployment to
operations. This is the only way to
survive at scale.
Security at Every LayerFully utilizing the security provided in
the public cloud allows us to have
confidence in a multi-tenant world.
Embrace AgileFrom organization structure to project
management, everything we do is with
agile principles in mind.
Bias toward actionEveryone has a reason not to move to
cloud. Our mission is to find more
reasons why we should.
Work Instead of WorkflowEmbracing automation has allowed our
employees to concentrate on doing work,
instead of filling out workflows.
Encourage (calculated)
Risks Celebrate failure. Talk about pivots.
Continuously examine new tools. This
leads to rapid innovation resulting in
progress.
Transformation – Rebuild technology skill
sets, encourage diversity and embrace “hands-on”
Pipeline – A pipeline of 50+ will ensure
consistent velocity
Collaboration - Embed Security & Risk
teams, CIO + CTO + Corp partnership
Cloud Aware – Rehosting is OK if it
maximizes margin, agility, resilience & performance
Enablers
Fragen sie
• Entwickler für 3 einfache Sachen die sie gerne reparieren würden
• Das Infrastrukturteam für 3 Sachen die man automatisieren könnte
• Die Datengruppe nach 3 Berichten die kaum gelesen werden
• Das QA team nach Sachen die sich immer wiederholen
• Ob jemand eine Lunch’n Learn oder Meetup Gruppe leiten möchte
Bieten sie
• Möglichkeiten für ein Hackathon an
• Training an (es gibt da viele Möglichkeiten)
Weitere Empfehlungen
Fowler on Microservices
Building Microservices - Sam Newman
DevOps and AWS
The DevOps Handbook
The Phoenix Project
Release It!
Antifragile
Unser Enterprise Blog
Thank you!
Groß ist des Meisters Kraft, wenn er mit dem Hebel schafft!
@groberstiefel
Thank you!
Remember to complete
your evaluations!