Introduction

As the GDCT project winds down, Cloud Operations are in full swing. GDCT created a lot of technologies and processes that need to be supported, enhanced, and updated.

The list below outlines the types of activities that are being done or will be done by cloud operations. As the teams progress, we need to transition from a project to a product. In fact, there are 3 products identified that need to be supported.

Approach for Cloud Product Management

The approach for managing the cloud is based on the application of the Seagen Well ARchitected Framework. This framework outlines 7 key pillars that are applied to each feature being developed in each product. Feature releases follow the Agile incremental product release process and are delivered frequently to affect change quickly and with quality.

To read about the Seagen Well Architected Framework in detail please visit our Enterprise Architecture Site

The 7 pillars are;

  1. Modern Design and Workload Architecture

  2. Reliability

  3. Security and Network

  4. Value Optimization

  5. Operational Effectiveness

  6. Performance Efficiency

  7. Sustainability

As we evaluate resources and cloud operations, we evaluate the impact those operations will have on the overall 7 pillars. Each operational function should affect 1 to many pillars in a positive way. If it does not, that function becomes a risk that needs to be mitigated.

Ongoing Cloud Governance

Ongoing Cloud Governance deal with maintaining the cloud, its governance, supportability, billing and the overall process of managing the cloud.

Ongoing cloud governance include things like,

  • Provisioning and scaling of resources

  • Monitoring and logging of resources and composite applications

  • Backup and disaster recovery

  • Security and access management

  • Performance optimization and troubleshooting

  • Compliance and regulatory

  • Team onboarding to GitHub and modern development practices

Resources Needed

  • Application Developer

  • DevOps Engineer

  • Solution Architect

  • Test Automation Engineer

2023 Roadmap

  • Ongoing Cloud Governance will focus on the following efforts to standardize and support ongoing operations.

    • Azure and Google Policy Creation and Curation

      • Tagging improvements

      • Naming standardization

      • Hub/Spoke alignment and changes

      • Environment separation enforcement

      • Network and security enforcement

    • Monitoring strategy using cloud native tooling

      • Standardized monitoring processes for all resources running in cloud

      • Correlation algorithms

      • Connectivity to on-premises

    • Definition of backup and disaster recovery strategy for enterprise

      • Infrastructure migration strategy for use with Azure Arc

      • Total Cost of Ownership and Operations

      • Basic ROI Model

    • Application of network and security standards and implementation of other practices to support Cloud Governance

      • No public IP enforcement

      • Global cloud gateways for each cloud

      • Complete connectivity to all assets via cloud computing

    • Reporting and Analytics based on conformance to standards

      • Report showing apps

      • Report assigning costs

      • Report showing TCO/ROI for an app or platform

      • Integration with LeanIX VSM

    • New policies for cloud recommendations

      • Strategy for managing cloud recommendations

      • New process for activating cloud recommendations

      • Dashboard tracking application of recommendations, before/after

Cloud Engineering and Networking

Cloud Engineering and Networking includes application development, tooling, supportability and reliability of the platform and delivery of new applications or platforms to the cloud using modern architecture and practices.

These types of practices include,

  • Code scanning

  • Cloud governance

  • Policy creation and alignment

  • Security scanning

  • Network design and development

  • Network and access automation

  • Vulnerability scans

  • Network and infrastructure management

Resources Needed

  • Cloud Engineers

  • Cloud Network Engineers

2023 Roadmap

  • Code scanning will increase and policies will be created to remediate issues found

    • Snyk Critical and High vulnerability remediation

    • GitHub Advanced Security Critical and High issue remediation

    • Secure Code Training

    • Threat Modeling and Analysis

    • VNET and Hub/Spoke Evolution

    • Cross cloud connectivity

    • Cross region connectivity

    • Cross geographic zone connectivity

    • Common gateway to access resources

    • Removal of dependence of Seagen on-premises VPN access

DevOps Automation and Operations

DevOps Automation and Operations includes ci/cd practices, Terraform practices, automation with runners, setup of teams on GitHub Enterprise and Snyk. This also includes helping teams migrate their code from ADO, GitLab, and other tools to a standardized GitHub Enterprise.

  • Continuous integration and deployment

  • Terraform upgrades

  • Module and resource retrofit

  • Runners and management

Resources Needed

  • DevOps Engineers

  • L1 Support Engineers

  • Test Automation Engineer

2023 Roadmap

  • CI/CD

    • Terraform evolution

    • Resource and module maintenance

    • 100% test coverage for all GDCT pipelines and supported resources

    • Click button test automation through Octoperf

    • Terraform resource migration to new version process

Platform Needs

There are certain platform needs that are accommodated via the three teams. A platform is a series of technologies that work together to form a product that is supportable, reliable, and follows our standards. The following areas detail platform support.

GitHub Enterprise

  • Primary Support: Application Engineering

    • License renewals and changes

    • Organization configuration

    • New user profiles

    • All GDCT related actions

    • Connectivity to LeanIX VSM

    • Connectivity to SSO

    • Approved usage policies

    • Test automation

Snyk

  • Primary Support: Application Engineering

    • License renewals and changes

    • Organization configuration

    • New user profiles

    • All GDCT related actions

    • Connectivity to LeanIX VSM

    • Connectivity to SSO

    • Alerts for remediation of issues

    • Collaboration with EA support on scans

    • Approved usage policies

    • Test automation

Octoperf

  • Primary Support: Test Automation and BDD

    • Initial profile setup

    • Initial baseline setup

    • Initial performance/load setup and scaffold

    • User setup

    • Token management

    • Connectivity via actions

    • Approved usage policies

    • SAML setup

    • Test automation

Terraform

  • Primary Support: DevOps

    • License support

    • Workspace management

    • State management

    • TFC Registry

    • Upgrades to modules, resources

    • New resources, modules

    • Error resolution

    • Key management

    • Approved usage policies

    • Connectivity to SSO

    • Test automation

Sentinel

  • Primary Support: DevOps

    • License support

    • Organizational setup and support

    • Configuration management

    • Policy creation and management

    • Policy governance and monitoring

    • Approved usage policies

    • Connectivity to SSO

Artifactory

  • Primary Support: Application Development

    • License support

    • Repository creation

    • Integration with GitHub and code

    • SSO and user management

    • Upgrades

    • Compliance review and remediation

    • Approved usage policies

    • Test automation

Ansible Cloud

  • Primary Support: Application Development

    • License and configuration management

    • State management

    • Delivery models

    • Cost models

    • Approved usage policies

    • Connectivity to SSO

    • Cross cloud configuration

    • Acceptable use policies

    • Test automation

Cloud Account Management

  • Primary Support: DevOps

    • Global Admin management

    • Tenant configuration and management

    • Azure Cloud ownership

    • Azure Security Center

    • Azure Recommendation Engine

    • Google Cloud ownership

    • Google Security Command Center

    • Google Recommendation Engine

    • Oracle Cloud ownership

    • Salesforce Cloud ownership

    • Billing Management

    • Test automation

Cloud Server Management

  • Primary Support: Systems Engineering

    • On-premises creation and management via automation

    • Azure creation and management via automation

    • Google creation and management via automation

    • Oracle Cloud creation and management via automation

    • Patching

    • Scanning

    • Asset management

    • Test automation

Cloud Network Management

  • Primary Support: Cloud Network Engineer

    • Code Development: Application Engineering

    • Core IT: DevOps

Ephemeral Environments

  • Primary Support: DevOps

    • Standard creation

    • Sandboxes

    • Containers

      • Azure Managed Kubernetes (AKS)

      • Kubernetes (K8s)

      • Google Managed Containers (EKS)

      • Docker

    • Automation

Monitoring

  • Primary Support: Systems Engineering

    • On-premises setup and configuration

    • Correlation

    • Activity monitoring

    • Authentication and authorization monitoring

    • Anomaly detection

    • Log aggregation

    • Log segregation

Cloud Monitoring

  • Primary Support: Cloud Monitoring Engineer

    • Cloud setup and configuration using native tooling

    • Correlation

    • Activity monitoring

    • Authentication and authorization monitoring

    • Anomaly detection

    • Log aggregation

    • Log segregation

Application Support

  • Primary Support: Application Team

    • Installation

    • Configuration and setup

    • SSO configuration

    • Activity monitors and logs

    • User access and setup

    • Monitoring

    • SLA support through tiers

    • Upgrades and validation

    • Alerting and eventing