How We Ushered a CCoE for a Top Finserv

By March 11, 2021 Powerlearnings

Written by Hari Bhaskar, Head – Business Development, LTI

Contributor Agnel Bankien, Head – Marketing at Powerup Cloud Technologies

Summary

A leading client was seeking to modernize its entire business for which, we employed our CCoE practices as a roadmap to direct the cloud adoption journey in three stages. The CCoE team began with a migration readiness assessment and planning (MRAP), followed by offering consulting, migration, deployment and managed services across all business functions.

Index

1. Preface

2. Business Needs

3. Solutions devised by the CCoE team

3.1 Building a case for cloud

3.2 Migration Readiness Assessment and Planning (MRAP)                         

3.2.1 Pre-requisites

3.2.2 Assessment

3.2.3 MRAP Deliverables

3.2.4 Key Findings

3.3 Migration

3.3.1 Security Consulting

3.3.2 Database Consulting 

3.3.3 Data Migration

3.3.4 API Gateway Migration

3.3.5 Implementing DevOps     

3.4 Deployment and Managed Services

3.4.1 Deployment

3.4.2 Managed Services

3.4.2.1 Service Monitoring 

3.4.2.2 Security Management

3.4.2.3 Backup Management

3.4.2.4 Alerts and Report Management

3.4.2.5 DevOps Support

3.4.2.6 Continuous Integration

3.4.2.7 Reviews

3.4.2.8 Value Added Services

4. Control Handover

5. Benefits and Outcome

CCoE as-a-service – A Case Study

1. Preface

In the previous three blogs of this CCoE series, we have extensively looked at what a CCoE is, why organizations need it, the factors influencing an effective CCoE set up and where can organizations instrument them. In this blog, the 4th in the series, let us look at LTI-Powerup CCoE practices administered on one of their esteemed clients to direct their cloud transformation.

The client is a leading name in the finance industry offering a broad range of financial products and services to a diversified customer base. They have a sizable presence in the large retail market segment through their life insurance, housing finance, mutual fund and retail businesses across domestic and global geographies.

Cloud computing has gained significant momentum in the financial sector and the client is looking at modernizing their technological profile across all business functions.

  • However, the current setup was heavily fragmented with 27 LOBs and independent IT strategies)
  • They lacked the nimbleness of newer players in the market with slow service launches
  • IT compelled business to accept SLAs that were not ideal
  • And IT leaders were not sure how to quantify Cloud benefits

LTI-Powerup exercised their CCoE implementations as a roadmap and deployed a team to regulate the client’s entire cloud adoption journey. This team followed the Build-Operate-Transfer (BOT) model, moving on to steadily transition the core operations to the client. Once the client team was well versed with cloud deployment & operations, they and LTI-Powerup jointly managed Cloud solutioning and L1, L2 and L3 capabilities in due course of time.

2. Business Needs

LTI-Powerup CCOE to –

  • Offer Consulting to build a business case for the cloud. Propose and carry out a cloud readiness assessment in order to understand how well prepared the client is for the technology-driven transitional shift.
  • Impart Cloud Migration Solutions
  • Provide a transformation roadmap for applications and services

Provide Deployment and Managed Servicesolutions devised by the CCoE team

3.  Solutions Devised by the CCoE Team

3.1 Building a case for cloud

LTI-Powerup CCoE team was to build a business case that would help in smooth transition of the client’s current set up on to cloud. This involved carrying out an assessment of the client’s existing applications and operations, detecting improvement areas to enhance the transition, as well as identifying all the key stages of cloud adoption and the associated costs that come with it. The team was also to cater to analysis of existing and anticipated future workloads to create the best subsequent migration plan in order to oblige to increase in workload demands, if any. The basic intention was to enhance customer experiences, win the support of key stakeholders and reap maximum benefits and savings achieved from moving to cloud.

3.2. Migration Readiness Assessment and Planning (MRAP):

3.2.1 Pre-requisites

LTI-Powerup CCoE team’s scope of services was to define and plan a business case for the Migration Readiness Assessment & Planning (MRAP) to assess and analyze the client’s current on-premise environment to state how well equipped it is to migrate to the cloud. An MRAP report would then be drafted which would act as a roadmap to the actual migration. 

The team planned the MRAP exercise to understand the number and type of applications involved, identify the right stakeholders for interviews, tools to be installed, different types of installations and creation of project plan. The application migration assessment covered 2 Data Centers, 1500 VMs and around 500 applications in all.

 Application discovery services were configured to help collect hardware and server specification information, credentials, details of running processes, network connectivity and port details. It also helped acquire a list of all on-premise servers in scope along with their IP addresses, business application names hosted on them and the stakeholders using those apps. The scope ensured that the CCoE team looked into and advocated the prediction analysis of future workloads as well.

3.2.2. Assessment

Once the tool was deployed with the necessary access, servers were licensed to collect data for a span of 2 weeks before building and grouping the applications in scope.

The team conducted assessment and group interviews with the application, IT, security, devOps and network teams to bridge gaps if any. A proposed migration plan was to be developed post-analysis that would state identified migration patterns for the applications in scope, create customized or modernized target architecture to plan a rapid lift & shift migration strategy.

3.2.3. MRAP Deliverables

A comprehensive MRAP report included information on the overall current on-premise infrastructure, the architecture of all identified applications, suggested migration methodology for each application which included leveraging PaaS solutions, key changes to the application, a roadmap with migration waves, total cost of ownership (TCO) analysis and an executive presentation for business cases.

The CCoE in coordination with the client team, set up a framework to create, automate, baseline, scale and maintain a multi-account environment. This is considered as a best practice usually recommended before deploying applications on the cloud. This architecture catered to not just application and network deployment but also covered non-functional requirements, data security, data sizes, operations and monitoring and logging. The production environment was isolated as the customer had several applications running development, test and production from the same account.

3.2.4. Key Findings

  • Current Infrastructure provisioned was utilized to only 30%.
  • Close to 20% of servers were already outdated or turning obsolete within the next year and another 20% of applications could be moved to new architectures to save cost.
  • Databases were being shared across multiple applications whereas several applications were found to be running on the same servers, with servers being shared across various lines of business.
  • Up to 50% savings on TCO can be achieved over the next 5 years by moving to the cloud.

Above is a snap shot of how our team performed and recorded the peak utilization assesment for prediction analysis. This assisted the client in having clearer visibility towards future demands on cloud and accordingly plan for provisioning a strategic build up on the cloud.

3.3. Migration:

The agreement between LTI-Powerup and the client is to provide cloud CoE resources to form a consulting services pod to help the customer understand and adopt cloud services. Once the CCoE consultants suggest the design and development of a cloud team, they collaborate with cross-functional teams to check if the proposed architecture, cloud applications and processes are the right fit. Based on the MRAP findings, they put forward any alterations if necessary before moving on to migrating existing data or legacy workloads. Analysis and recommendations are also provided based on parameter-wise assessment done for future requirements and expansion purposes where modernized techniques like devops and containerization are suggested as required. The team is also responsible for training the technical as well as the non-technical workforce to conduct smooth cloud migration operations.

3.3.1. Security consulting

The scope of this engagement is for the CCoE team to help the customer design a security framework on the cloud. LTI-Powerup understood the list of applications, their current account and traffic mapping to categorize all those applications that had common security and compliance requirements.

A security framework was designed incorporating all the identified security components, after which, the existing setup was validated to recommend changes. The team also developed the scope of work for implementation of the same.

3.3.2. Database Consulting

LTI-Powerup database professionals detailed the scope of work and the responsibility matrix for database services. The team offered consultative services for database administration and suggested regular database health checks, maintain database server uptime, configure security, users and permissions as well as perform backups and recovery.

3.3.3. Data Migration

The client had been running their data analytics and prediction workloads in an on-premise cluster, which took approximately 12 hours to process data. Therefore, they wanted to validate the move to the cloud with the intent of reducing costs as well as processing time.

With their cloud-first initiative in mind, LTI-Powerup deployed its CCoE team to evaluate the feasibility to have all their systems tested and working on an Infrastructure as-a-code service to ensure the cloud meets all their future expansion plans.

The cloud solutions architects along with senior cloud engineers and data architects understood the existing setup and designed, installed and integrated the solutions on cloud using managed cluster platforms where highly available cluster configuration management, patching and cross-data-center replication were undertaken.

Solutions were also customized wherever required and data was then loaded onto a cloud data warehouse with provisions for backup, disaster recovery, upgrade, perform on-demand point-in-time restores, continuous support and maintenance.

3.3.4. API Gateway Deployment

The client was planning to deploy their APIs on cloud as well as create an open API to cater to external developers across their business groups with robust multi-factor authentication policies. The scope of this engagement between LTI-Powerup and the customer was to provide cloud resources to help understand and adopt cloud API services.

The LTI-Powerup CCoE team proposed API configuration and deployment solutions on the cloud along with the required Identity and access management (IAM) roles.

The proposed solutions covered all the APIs being deployed. It included API gateway usage plans that control each API’s usage, caching was enabled for faster access, scripts were run to deploy developer portal and multiple cloud services were initiated to host web pages, as well as store API key for user mapping. User pools with roles to grant access to the portal when required were also created. Additionally, the APIs were integrated on the cloud to generate customer-wise API usage billing reports to keep a check on costs whereas the client team constructed documents for each API gateway for future reference.

3.3.5. Implementing DevOps

The client had a 3-tier infrastructure for its applications based on a content management system (CMS) framework with close to 10 corporate websites and open-source relational database management systems running on cloud.

However with increasing workloads, the demand for hardware and infrastructure will certainly scale up. To cater to such rising demands, the CCoE team conducts a predictive analysis that helps analyze the current data to make predictions for the future. The team then gives out recommendations to the client with respect to building Greenfield applications on the cloud to accommodate for future workloads.

The client in this case, wanted to build a CI/CD pipeline with the help of cloud services for their future workloads. The CCoE team recommended devOps solutions to optimize and modernize the client’s setup that was spread across varied cloud and on-premise environments with multiple deployments in store. In this approach, due to the variety of connectors to be integrated with various stages of the pipeline, an entire orchestration of CI/CD pipeline was to be managed on cloud right from storing the cloned code to building the application code, integrating with other tools, code analysis, application deployment on the beta environment, testing and validation.

The code pipeline on the cloud would also facilitate customization at every stage of the pipeline as needed. Once validation was done, the applications were deployed to production instances on cloud with manual and automatic rollback support in case of a failure or application malfunction.

3.4. Deployment and Managed Services 

3.4.1. Deployment

The scope of this engagement between LTI-Powerup and the customer was to build a team to understand and deploy cloud services for the various lines of business adopting cloud. The CCoE recommended deployment team consisted of the deployment engineers and the consulting experts who looked after cloud servers, OS, API gateway deployment and development, scripting, database, infrastructure automation, monitoring tools, hardware, continuous integration, docker orchestration tools and configuration management.

3.4.2. Managed Services

The scope of the LTI-Powerup team was to facilitate:

  • Provide 24*7 cloud support for production workloads on cloud and
  • Provide security operational services for applications hosted on the cloud.
  • Provide Cost optimization services
  • Ensure automation and continuous optimization

After the introductory onboarding process, LTI-Powerup in discussions with the client IT team provided a blueprint of the complete architecture and was responsible to detect failure points, servers and databases without backup schedules, missing version control mechanisms for backups and the absence of high availability set up that would otherwise lead to Single Point of Failures (SPOC).

The CCoE team comprising of the service delivery manager, lead cloud support engineer and the technical lead prepared the escalation matrix, SPOC analysis, shared plan to automate backups, fix security loopholes, implement alert systems, service desk, client sanctioned security measures and metrics, cloud service monitoring agents and a helpdesk.

The day-to-day tasks performed by cloud operations team in the customer environment were:

3.4.2.1. Service Monitoring

The devOps team supported continuous monitoring of the cloud infrastructure health including CPU, memory and storage utilization, URL uptime and application performance. The team also monitored third party SaaS tools and applications that were integrated into cloud. Defects, if any, were raised as a ticket in the helpdesk, client communication would be sent out and logged issues would be resolved with immediate effect based on severity.

LTI-Powerup devOps team would thus provide L0, L1, L2, L3 support including support for infrastructure and application. Any L3 issues were to be escalated to the cloud vendor and LTI-Powerup would follow-up with the cloud platform support team for resolution on an on-going basis.

3.4.2.2. Security Management

Security in cloud was a shared responsibility between the client, cloud provider and LTI-Powerup managed services team with the latter taking complete responsibility for the infrastructure and application security on behalf of the client. Security components for the cloud could be broadly classified into native cloud components and third-party security tools.

The managed services team conducted a monthly security vulnerability assessment of the cloud infrastructure with the help of audit tools, remediated the issues and maintained security best practices. The team also owned and controlled the IAM functions, multi-factor authentication of user accounts, VPN, server and data encryption, managed SSL certificates for the websites, inspected firewalls, enabled and monitored logs for security analysis, resource change tracking and compliance auditing on behalf of the customer.

The managed services team highly recommended detection and prevention from DDoS attacks on websites and portals and took charge of implementing anti-virus and malware protection as well as monitoring and mitigating DDoS attacks, if any.

3.4.2.3. Backup Management

LTI-Powerup devOps team will continuously monitor the status of automated and manual backups and record the events in a tracker. If the customer uses a third-party backup agent then the servers running the backup master server will be monitored for uptime. In case of missed automatic backups, the team notified the client, conducted a root cause analysis of the error and proceeded to take manual backups as a corrective step. Backup policies were revisited every month with the client to avoid future pit-falls.

3.4.2.4. Alerts and Reports Management

Alerts were configured for all metrics monitored at cloud infrastructure and application levels. The monitoring dashboards were shared with the client IT team and alerts triggered for cloud hardware, database or security issues were logged as a ticket and informed to the customer’s designated point of contact. In case of no acknowledgment from the first point of contact, the LTI-Powerup team would escalate to the next level or business heads. The client had access to the helpdesk tool to log or edit change requests for the devOps team to take appropriate action.

3.4.2.5. DevOps Support

A typical devOps support enabled the import of source code from another repository, integrated relevant extensions to the code bundle and allowed zipping and moving it to the respective directory, also facilitating ‘one click’ automated deployments for applications.

In this case, for the production environment, manual checks were carried out to identify the correct environment and servers for deployment followed by verification of event logs and status URL. Rollback, if needed, was executed using snapshots taken during the beginning of the deployment process.

3.4.2.6. Continuous Integration

The managed services team enabled a seamless CI model by managing a standard single-source repository, automating the build and testing it while also tracking the commit for building integration machines. Transparency in the build progress ensured successful deployments and in case of a build or test fails, the CI server alerted the team to fix the issue, generating continuous integration and test throughout the project.

3.4.2.7. Reviews

 LTI-Powerup service delivery manager conducted monthly review meetings with the client team to discuss total downtime for the previous month, total tickets raised and resolved, a best practice implemented, incident and problem management, and lastly, lessons learned for continuous improvisation.

3.4.2.8. Value-added services

The LTI-Powerup CCoE team would handle cloud administration and governance on behalf of the client to ensure all deployment activities like data center account management, IAM access management and controls, billing consolidation and analysis as well as proposing new governance strategies from time to time is accomplished with high standards.

4. Control Handover

LTI-Powerup handover process allows the clients to steadily take over the control of their cloud setup.

A dedicated training unit powered by LTI migration and modernization experts facilitates smooth conduct of cloud skills training by offering to train the employees on multiple facets of the cloud transformation lifecycle.

To begin with, client will participate in the ratio of 3:1 where there will be 1 client employee against 3 LTI-Powerup cloud resources to manage the cloud operations eventually reversing to 1:3 (LTI: client) in the final year. This enables the client’s cloud team to get a hands-on experience in migration related activities over a period of 3 years.

Similarly, the cloud transformation PODs will have participation from client employees in the ratio of 2:1 reversing to 1:2 (LTI: client) in the last year which enables clients cloud team to be better equipped in handling complex cloud transformation processes over a span of 3 years.

For cloud managed services, teams handling client’s workloads will have participation from client employees in the ratio of 2:1 increasing to 1:2 (LTI: client) in the last year. This ensures the client cloud team to be fully efficient on 24*7 cloud management services including the management of CloudOps, DevOps, FinOps and SecOps.

5. Benefits and Outcome

The CCoE implementation by LTI-Powerup enabled the client to experience agility, flexibility, and faster go-to-market strategic solutions through PaaSification allowing the client to achieve 40% reduction in time to market for their products and services. The cloud transformation enhanced business performance and triggered intangible benefits to a large extent.

Significant savings in infrastructure and operational costs lead to cost optimization, reducing the projected TCO with a notable benefit of 45% over a period of 5 years.

A centralized cloud management led to eliminating duplication of efforts and overheads whereas the cloud implementation and tools accelerated migration by 60%, reduced the migration bubble, and leveraged a comprehensive state-of-the-art setup.

Leave a Reply