Randy's AWS SA DEMO

A cloud journey – plan, design, and build

Welcome! During the next hour, I will guide you through how I navigated and delivered on one of the most dynamic and challenging customer profiles that I have had the opportunity to field. Prepare yourself to get a deeper insight into how I approach an enterprise-level hybrid cloud effort through design thinking, proactive customer engagement, persistence, and heightened technical acumen.

Agenda

Scenario

IBM won a multi year contract for their MFaaS (zCloud) environment for a large scale Federal entity. This entity's mission was to provide Treasury payment processing services on time and in a conistent and reliable manner. If they failed at achieving this then millions of federal workers would be negatively impacted during payroll processing. 

I was identified as the key personnel performing as the lead solution architect and technical subject matter expert. 

My full scope of responsibilities and deliverables encompassed the planning, designing, and build functions of bridging the distributed workload hosted in AWS to the IBM SmartCloud for Government environment. This required me to ingest the customer requirements, design a solution to ensure contractual obligations were met, and ensure the end result was meeting and/or exceeding client expectations in terms of Hybrid Cloud Connectivity, Performance, HA, DR, Information Security, and Cost.

Technical Details / Requirements

Performance

The customer required the following SLAs and SLOs during their application processing tasks:

Low latency (5ms – 30ms)
Average 4 Gbps throughput with a burst to 9 Gbps throughput
Compute (Memory, CPU) varied based on mainframe and distributed workload

Network

Hybrid cloud integration was a key element to bridge AWS, On-Prem, and IBM SCG environments:

Dynamic Routing (BGP)
Layer3/Layer2 network configurations
PaloAlto, Juniper SRX, VMWare NSX ESG configurations
AWS DirectConnect
VPN IPSec tunnels
VXLAN / VLAN

HA

It was mission-critical that all components were built for failure and ensure high availability:

Network connectivity
Distributed workload
Mainframe components

Cost

Most federal entities have a firm budget allocation. With firm-fixed pricing it was critical to solution for cost efficiencies:

Workload analysis and placement
Compute Optimization
Network integration efficiencies

BCP/DR

Given the criticality to the customer’s mission to achieve 99.99% uptime and the general COOP requirements it was imperative to design to meet SLAs for various components of the full stack:

Data replication
Network redundancy
Tenant enclave replication

InfoSec

Information Security was a heavy emphasis given the data being handled, processed, and transferred:

Secure network communications for full-stack
FedRAMP / FISMA Moderate
NIST SP800-53
DISA Impact Level 2

Challenges / Risks

Delivery Schedule

The customer had an aggressive schedule derived from the fact that they were up against a concrete date to completely evacuate their existing data center or incur millions in costs to secure a longer timeframe. This generated an urgency where they required IBM to have the mainframe, interconnectivity, applications, and information security mechanisms in place for their production workload in place.

Customer Technical Depth

The customer had a limited staff that had in-depth mainframe experience, but they were not technically deep on hybrid cloud migrations and cloud technology in either IBM SmartCloud for Government or AWS.

Rigid Budget / Constrained Capital

When the contract was signed and IBM received approval to move forward it was established that the budget was concrete and had minimal contingency dollars for unknown/unforeseen issues.

Regulatory Requirements

There were aggressive and complex regulatory requirements that the customer required. This introduced functionality impact and slowed delivery velocity due to having to weave a significant amount of security controls with implementation efforts and having to remediate security-related break/fix.