Modernization of your AWS based SaaS platform
CloudHesive
78 views
43 slides
Jul 26, 2024
Slide 1 of 49
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
About This Presentation
Modernization of your AWS based SaaS platform
Slide Content
Modernization of your AWS based SaaS platform AWS New York | Official Meetup New York, New York, US July 25th, 2024 Patrick Hannah CTO CloudHesive
The future, my friend, is products
Where you may have started Small team Building an app To get customers Now you have customers And those customers have unstated, but expected, expectations Customers are not always the ones paying for the service
What are those expectations? It’s easier to build SaaS on AWS than it was 5 or even 10 years ago, and while many reference architectures are based on net-new development, how can you retrofit these capabilities into your existing platform? In addition to that, how do you balance development of new feature/functionality with addressing risk and technical debt, while also presenting a viable product for further investment and the diligence that comes with it. A big part of that is the evolution of security frameworks within an organization, typically working backwards from customer demand, growing to a sprawl of policies, procedures, and technical controls. In this presentation, we will review some of the low hanging fruit that many platforms can take advantage of on AWS, through the lens of Well Architected, using real-life customer examples. We will also explore some of the SaaS friendly AWS programs such as the Marketplace, Vendor Insights, Foundational Technical Review and APN. We will round out the discussion with an overview of FinOps practices, including cost allocation and unit economics, as well as some of the recent trends observed in the SaaS space.
You’re going through transformation Bimodal is the practice of managing two separate but coherent styles of work: one focused on predictability; the other on exploration. Mode 1 is optimized for areas that are more predictable and well-understood. It focuses on exploiting what is known, while renovating the legacy environment into a state that is fit for a digital world. Mode 2 is exploratory, experimenting to solve new problems and optimized for areas of uncertainty. These initiatives often begin with a hypothesis that is tested and adapted during a process involving short iterations, potentially adopting a minimum viable product (MVP) approach. Both modes are essential to create substantial value and drive significant organizational change, and neither is static. Marrying a more predictable evolution of products and technologies (Mode 1) with the new and innovative (Mode 2) is the essence of an enterprise bimodal capability. Both play an essential role in the digital transformation.
CloudHesive’s SaaS Evolution
CloudHesive’s SaaS Evolution
Value Optimization – Building a Cloud and Product Business Approaches Cost Optimization Portfolio Management Cloud Workload Lifecycle Management Governance, Risk, Compliance (or the cost of lacking it) Next Generation Managed Services Philosophy of Continuous Improvement People (Skilling), Processes, Technology and Measures – CCOE Sustainability Outcomes Organizational Value Creation Customer Value Creation Partner Value Creation Investor Value Creation
Considerations Product/Development Responsiveness Accuracy Allocation Security and Compliance Libraries Infrastructure Code Intellectual Property Events Vendors, Licenses, SaaS, Software, NF Systems (DevOps), People Backgrounds, Training, Phishing – Corporate and App Infrastructure Availability Performance – Sync Performance – Async Customer Trials Conversions Attrition Growth NPS Financial Budget to Plan Margin Vendors, Licenses, SaaS, Software, NF Systems (DevOps), People Backgrounds, Training, Phishing People – Corporate and App
Measures KPIs Tiering Portfolio Health Customer Specific Resource Specific Corhorting Geo Customers and Teams Line of Business Customers and Teams Vendor Management Customer Margin Non Customer Margin/Utilization Actions ROI Proving Churn Detection Continuous Improvement/Optimization Pipeline
Perspectives How you operate as a corporate entity How you enable your portfolio for success How you operate your portfolio How you approach diligence of prospect additions to your portfolio
Sets of Challenges Infosec Sprawl (Contracts, Software, Licenses, Services, Hardware), Auth, Unique Risks/Threats Data Generative AI Machine to Machine Platforming Compute is a commodity Containerization as a default Serverless as a way forward Stack consolidation ( Stackolidation )
Broad Impact Financial – Waste Security/Compliance – Breaches Operational – Employee, User and Customer Sentiment Vendors – Integration Vendor Relationship Management Vendor Administration User Integration
Generalized Approach Policy Adoption of Policy Vendor Management Platform Integration SSO Integration Non-Privileged Privileged Service Management Integration Audit (ongoing) Cost Allocation
Hardware Specific Approach Service Management Requests CMDB RMM Team Deploys Returns Finance Integration Depreciation Vendor Management Inventory Support Renewals
Security Frameworks SOC ½ Type ½ PCI DSS FedRAMP / CMMC HIPAA / HITRUST
Information Security Information Risks Policies Procedures Controls Assessment/Audit/Testing People Onboarding, Offboarding, Change Permissions: Privileged Access, Business Need Credentials: Strength and Factors Training Background Phishing Vendors Software/Services
Shared Responsibility Model
What’s do customers often miss? Ingress Security Group Egress Security Group (Internet) Security Groups to/from other Services (AWS and On Premises) Security of the Environment Security of supporting servers (Active Directory) Security of other network-accessible resources (Web Servers) User Permissions (Non-Local Admin, Local Admin, Global Admin) Access of the environment (PKI Cert, PKI PIV, Network, MFA) The rest of the AWS Account? The rest of the AWS Account! (Services, APIs)
What could go wrong? Ingress Security Group Egress Security Group (Internet) Security Groups to/from other Services (AWS and On Premises) Security of the Environment Security of supporting servers (Active Directory) Security of other network-accessible resources (Web Servers) User Permissions (Non-Local Admin, Local Admin, Global Admin) Access of the environment (PKI Cert, PKI PIV, Network, MFA) The rest of the AWS Account? The rest of the AWS Account! (Services, APIs)
Revenue to Usage to Cost Attribution Revenue Hierarchy of Needs Usage Typically tied to revenue if you are offering a SaaS based product Cost Attribution Labor Capitalized Software Opex vs. Capex Services Third Party Okayish AWS With serverless (or well managed servers) margin should be linear, or better with scale of usage Optimization at Scale Savings Plans
Common Opportunities Unused Resources (All the time/some of the time) Oversized Resources (Undersized Resources) Inappropriate Resources (EC2 versus Fargate) Discounting Schemes
Priority Funnel Inappropriate Resources (EC2 versus Fargate) Rightsizing (Compute Optimizer/CloudWatch Memory) – EC2 Unused/Underused EC2-Other (EBS Unused, Underused) Trusted Advisor (EBS Unused) Egress Well Architected Pillars Savings Plans (Compute) Reserved Instances (RDS, ElastiCache) Discount/Other Commitment Schemes
Available Discounting Schemes Enterprise Agreement – Customer Customer Enterprise Agreement – Service Org - CloudFront Service Tiering Org Savings Plans EC2, Lambda, Fargate Reserved Instances EC2, RDS, Elasticache
Sustainability in Technology Industry Goals AWS Goals – Water Positive 2030, 100% Renewable Energy 2025 Partner Impact – 1 of 13 domains in MSP Audit focus on sustainability Industry Impact – 1 of 6 pillars in Well Architected Framework focus on sustainability Customer Impact – Proactive (planning) and reactive (actual consumption) visibility into a workload’s Carbon Footprint Organizational Goals Our Goals – Influence and impact our customers through leadership Our Unique Position Cross section of customers Influenced Impact Direct Impact Sustainability in technology starts with optimization (cost, performance, etc.) – it doesn’t end there Defining operational parameters – how “fast” does ”it” need to be? Service selection (which can be influenced by/influences cost optimization objectives) – running 24 hours a day servicing work-day application
Marketing, Sales, Finance Driven Customer Onboarding Process Partner Onboarding Process Partner Customer Onboarding Process Flag End Customer as Partner Customer Tiering Consider Entitlements, Features, Quotas, Quota Behavior, Metering, Billing
Transacting Measures Agents: Total Defined, Peak Logged In, Average Logged In per Role, per Minute x Bundle Rate Minutes/Conversations/Messages: Total, Peak, Average per Channel, per Minute x Bundle Rate Support: Hours/Fixed/Package Consulting: Hours/Fixed/Package Tiers of the Above Terms On Demand Committed Usage Committed Length Payments Up Front Pre-Paid Post-Paid Drawdown Billing Invoice ACH Autopay Credit Card Autopay
Transacting Discounting/Markup Commitment to Term Commitment to Usage Bundled Services (multiple Measures, Tiers, Roles) Direct/Partner Agreement Type Click Through Marketplace General Collections/Non Payment/Termination Overages? Quotas? Quota Enforcement? Integration Reporting Integration
Transacting Partner Custom URL Static Content Bundles (e.g. Logo, Branding) Feature Suppression (e.g. Support) Custom Support Portal Integrated Billing Cost, Usage, NPS Analytics Agreement Content We will create resources in your AWS Account These resources will provide us systemic access These resources will also provide us interactive access for support These resources have these permissions These resources will cost you The user you signed up with is considered a fully permissioned user Your sign up implies you are authorized in your organization You may add additional users
Marketplace Listing Subscription Metering
Market your Product
The many ways to run software Bare Metal Not AWS EC2 Virtual EC2 Container EC2 ECS EKS Fargate Serverless Lambda
Service Categories Analytics Application Integration AR & VR AWS Cost Management Blockchain Business Applications Compute Customer Engagement Database Developer Tools End User Computing Game Tech Internet of Things Machine Learning Management & Governance Media Services Migration & Transfer Mobile Networking & Content Delivery Quantum Technologies Robotics Satellite Security, Identity, & Compliance Storage
Product Architecture
Cloud Workload Lifecycle Management Workload Architecture Monitoring Automation Processes Integration
Monitoring
Workload + Architecture Drives Service Selection Containers Container File Versioning Multi-threaded/Single-task Minutes to Days Per VM/Per Hour Virtual Machines AMI Patching Multi-threaded/Multi-task Hours to Months Per VM/Per Hour Functions/Services Code Versioning Single-threaded/Single-task Microseconds to Seconds Per Memory/Second/Per Request
Automation + Processes Drives Lifecycle Management Selection Organizations Cross-Account Asset Management + Governance Control Tower Account vending/default standardization Service Catalog Workload platform vending/default standardization CloudFormation IaC Ephemeral Compute + API Managed Data/Control Plane for Persistence Tiers Hands off/Lights out
Processes Patching Backup/Restore Testing Failover Testing (AZ) Credential Rotation/Credential Audit Event Response Testing Incident Response Testing Performance Testing Performance/Cost Review Vulnerability/Penetration Testing
Integration
Customer Example - Architecture Notable percentage of Managed Services incidents could have been avoided through up-front architecture ~9 EC2 instances (NGINX, Front End, Back End, Database) = 4 hours/instance/month in caring for/feeding is 108,000.00 USD/Year @ 250.00 USD/Hour That’s customer cost, what about opportunity cost? Opportunity for tremendous customer value (customer saves 108,00.00 USD/Year) and provides us an opportunity to be more strategic with our partner (moving up the stack) What can we do? None of the above systems need to be servers Increases the customers we can touch without a direct correlation to headcount
Customer Example - Monitoring Previous Example entails hundreds of monitorable events and metrics, with a composite required to understand state Interesting events feed into event driven automation Eliminate the instances and changes focus monitoring on customer outcomes Increasing the scope of automated data collection eliminates manual checking but introduces complex correlation engines (people), which Outcome based monitoring minimizes the need for/increases positive customer sentiment
A thought?
And another?
Customer Example - Automation Previous example also has numerous automation touch points (AWS Services, Operating System, Services, etc.) A move to serverless drops this number to practically none Automation skills shifted to development automation Provides a consistent experience intra and inter customer, and again increases the value of our impact to our customers without a direct tie to headcount
Well Architected Framework Pillars Operational Excellence Security Reliability Performance Efficiency Cost Optimization Sustainability Lenses SaaS
It wouldn’t be a presentation in 2024 if I didn’t mention Generative AI Small PoC/PoT/Pilot of Q for Developers in 6 weeks Expanded PoC/PoT/Pilot of Q for Developers in 12 weeks Small PoC/PoT/Pilot of Q for Business in 6 weeks Expanded PoC/PoT/Pilot of Q for Business in 12 weeks Launching Q for Connect for our internal Contact Center in 6 weeks
Conclusion AWS continues to increase the breadth and depth of their service offerings I wish it did that I didn’t know I needed that It’s easier to get started today than it was yesterday Simplicity Support Cost Conclusion Consider sustainability when choosing an approach – Maslow’s Hammer Don’t forget about team enablement Limited by your imagination and ability to execute
Thank you!
Tags
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 78
- Slides 43
- Age 493 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views