STScI Cloud Adoption Journey: Framework, Migration Methodology, and ProcessP. Mishra (mishra[at]stsci.edu)
Cloud computing and the adoption of cloud services have grown dramatically over the last 10+ years. Cloud-service providers have rapidly innovated and expanded the capabilities available to all types of customers.
Today, cloud computing enables the science and research communities to ingest large-scale data in a single place, conveniently creating secure data-lakes with Bigdata programs. It also allows access to shared analytics along with that data, so the entire science community can use the data with large-scale computing facilities in the cloud, without the necessity of handling the data locally. This is a major step forward; scientists world-wide could look at the challenges and unanswered questions and try to solve them rapidly, without thinking about the hardware—just focusing on the science.
AI and Quantum Computing
The potential of artificial intelligence (AI) has been on the horizon for a long time; cloud computing has made it easy to implement. It has put the power of machine learning and deep learning in the hands of every developer and scientist.
The idea of quantum computing is very exciting for the science and research communities. This new paradigm will play a large role in accelerating research results. The concept was invented quite some time ago, but now cloud computing can offer the power of quantum computing to researchers and developers. Classical computers cannot compete with quantum computing power for solving theoretical or practical problems and answering questions.
Relevance to STScI
This accelerated pace of change is both a blessing and a curse. Rapid innovation introduces new ways to provide services and process data, often at increased savings. However, it also requires continual evaluation and training for customers to keep pace with the providers. STScI is working on a long-term roadmap and Cloud Adoption Framework (CAF) to help the institute travel an accelerated path to successful cloud adoption, with the intent of leveraging cloud computing for research and operations of the missions it supports.
The journey began with the STScI leadership team reviewing the five pillars/perspectives of the institute's Cloud Adoption Framework (CAF) The CAF calls for the following five areas of focus in a model named "SIPPS."
While the first four pillars of the framework are defined individually, the Security pillar needs to be integrated into all four pillars to highlight the fact that security is a shared responsibility between the Cloud Service Provider (CSP) and the customer. It is highly critical that we have security integrated as a core part of all the pillars of the Cloud Adoption Framework.
STScI Cloud Adoption Framework*
Focus points for the STScI Cloud Adoption Framework are listed below:
Services/Applications pillar focus
- All STScI applications will be evaluated to determine how suitable they are for cloud migration and in what form. Some will stay on premises at the institute, and some will move to the cloud depending on the cloud adoption path for each service/application—based on the "The 6 R's" Application Migration Strategies named Retire, Retain, Re-purchase, Re-host, Re-platform, and Re-factor.
- After an architecture review, it is important to identify required cloud infrastructure and service type for each application. This should include identifying common infrastructure/Cloud Services needed for multiple applications/services, including application security and compliance requirements.
- As per the cloud-adoption best practices, it is recommended to quantify resource requirements and plan the budget for cloud migration of the Application/Service in advance.
- It is strongly recommended to follow the "Well-Architected Framework" guidelines on Cloud with continual well-architected framework review through the Software Development Life Cycle (SDLC).
Infrastructure and Operational excellence pillar focus
- STScI plans to adopt centrally managed infrastructure with Multi-Account Framework and enable use of centralized Identity and Access Management, including central monitoring and logging.
- Building and enabling automation for account and infrastructure lifecycle management will be helpful, and an important part of the strategy for on- and off-boarding of application/services/user access to Cloud platform.
- Implementing SOAR (Security Orchestration, Automation, and Response) for cloud framework with centralized Security Operations Center (SOC), which will be highly critical for Infrastructure Ops, security & compliance analysis, and automated security-incident response.
- Cost optimization should always remain a focus to avoid or eliminate unneeded cost or suboptimal resources.
People pillar focus
- With the Dev-Ops and Dev-Sec-Ops becoming a standard practice, it will be necessary to identify development and operation roles and identify overlapping skill areas, including required skillsets for each role and the skillsets available with the current resource pool at the institute.
- Identifying the skillset gap and preparing training plans for filling that skill gap is highly recommended for a successful cloud adoption at the institute.
- Defining the importance of and understanding the shared security model on cloud is highly critical; institute staff working on the cloud framework should always maintain focus on this major responsibility.
- The IT Service Desk plays a very important role in providing level-one support for IT services at the institute, so it is critical that the Service Desk is prepared to support the cloud.
Policies/Governance pillar focus
- Defining cloud adoption policies—like Cloud possible or Cloud first and Cloud security policies including governance/compliance—with clear guidelines for security-incident response is highly recommended as part of the organizational cloud adoption framework.
- As the institute supports multiple critical missions, defining resource requirements and allocation of resources—including setting up a Cloud Center of Excellence (CCoE) with a Cloud Applications Review Board (CARB) for cloud-framework adoption—will be helpful.
- Budgeting and spending on cloud resources are different when compared to the spending model for an on-premises IT infrastructure, so defining a budget allocation plan for cloud spending—including reallocating organizational resource funding to cloud funding while funding migration to the cloud—will be an important factor for the institute.
The cloud can be a catalyst for revolutionary change. At this point, typical drivers for Cloud Adoption are Business Agility, Cost Optimization, Improve Quality, Modernize IT & Innovation, Improve Security, and Provide Shared Services for fulfilling the demands of the institute. What remains in the industry and science community is increasing adoption of cloud services. We're still in the very early days, but if the trend of the past five years is any indication, by 2025 the picture will be dramatically different as the adoption of cloud services continues to increase across the globe.
Reference: 6 Application Migration Strategies: "The 6 R's"**
* Due to STScI’s size and its environmental and contractual complexities, a single Cloud Service Provider is required. Based on internal assessments, the institute prefers AWS as the Cloud Service Provider.