Building and deploying workloads in AWS is similar to constructing a building. If the foundation of the building is not solid, structural problems can undermine the stability, integrity and use of the building.
Given the widespread use of cloud technologies, enterprises deploying workloads on AWS are faced with the question “Are You Well-Architected?” A well-architected system is one that should be capable of helping the business achieve set objectives, evolve with new technology and adapt to changes.
With many years of experience architecting and building production workloads and learning from customers in different sectors, AWS developed the Well-Architected Framework. This framework provides the means for enterprises to review workloads running on AWS, validate the architecture against best practices, and provide a mechanism to remediate any potential gaps in the architecture.
AWS Well-Architected Framework (AWS WAF)
The AWS Well-Architected Framework helps enterprises build the most secure, high-performing, resilient, and efficient infrastructure on AWS. It consists of three components:
- Design Principles
The pillars consist of Operational Excellence, Security, Reliability, Performance Efficiency and Cost Optimisation. These pillars specify a set of best practices that should be taken into consideration while architecting a workload that will run on an AWS platform.
The design principles consist of general design and pillar specific principles. These are recommended guidelines to facilitate good design in the cloud. For example, one of the general design principles is not to guess capacity needs during design but to implement a data driven architecture.
To review the alignment of an architecture with best practices, the framework provides a set of questions for each pillar that will help indicate compliance and highlight any potential gaps. These questions form the basis of the discussion with clients during the review and will help highlight the design decisions and assumptions that have been made while architecting the platform.
For clients thinking about migrating to the cloud or already running workloads in the cloud, Insight offers a FREE AWS Well-Architected Review to help baseline the AWS environment and indicate the alignment of the architecture against best practices with potential improvement items required to close any potential gaps.
Our review process consists of five (5) stages as indicated in figure 1.0 below: Engage, Prepare, Review, Implement and Schedule.
Figure 1.0: Insight AWS Well-Architected Review Process
This service is available to both existing and new Insight. For the latter we expect the client to go through our formal customer onboarding process (via the Contact us link on the Insight website). For existing clients, please speak to your Insight Account Manager to engage.
To prepare for the actual review session, we will need to establish a good background of the client and conduct a high level discovery of the AWS environment and the business objectives/drivers for the review. Furthermore, Insight will walkthrough with the client the list of stakeholders required for the review sessions and agree the date and time for the review.
At the complimentary review session, Insight and the client will discuss the AWS architecture using the question set for each pillar as a guide. From this discussion, the Solution Architect will assess how the architecture is currently aligned to the WAF best practices and identify potential gaps. This session will typically last between 2-3 hours at the client location.
Note: This exercise is not an audit, but a constructive conversation with the client to understand the decisions that have been made while designing the architecture. This will help Insight assess the pros and cons of these decisions and suggest potential ways to improve the system.
After the review session and within the agreed timeline, Insight will provide a detailed report of the review that will contain the following:
- Workload definition and properties
- An overview of current architecture
- Answers to Well-Architected Review questions
- Synopsis and current alignment with Well-Architected Framework
- Improvement plans with risk categorisation (high, medium and low risk)
- Cost breakdown of the improvement plans
- Timelines for implementation
Our professional services team can help implement the improvement items identified from the review. Once the review report has been sent, we expect the client to respond to Insight with a view of the improvement plans to be implemented. Insight will work together with the client to refine quotes (if required) based on what has been selected, generate purchase orders and agree implementation timelines.
During the implementation, we will most likely require IAM credentials (created with the principle of least privilege) to be created to implement the work items which can be deactivated once the implementation has taken place.
The client will also receive a report of all of the improvements that have been made to the workload and AWS environment indicating the previous state, the change, and the new state.
After the review and implementation of the changes, Insight recommends scheduling a date/time for the next review within the next 3-6 months. This is to facilitate continuous compliance to the AWS WAF as the client consumes more AWS services or adapts existing workloads to meet business objectives. Furthermore, we recommend that as the client increases consumption of cloud services, there is a need to factor in ways to Learn, Measure and Improve - using Well-Architected Review as an enabler.
In addition to the 3-6 months interval to conduct a Well-Architected review, the following stages (see figure 2.0 below) of a typical workload can also be used as milestones to conduct a review.
Figure 2.0: Proposed Stages for AWS Well-Architected Review
The elasticity and consumption model of the cloud environments mean that the way architecture might have been set up in an on-premise environment may not be optimised for a cloud environment. Cloud native services, especially the managed services, does the heavy lifting enabling enterprises to focus on activities that drive value for the business. The AWS Well-Architected Review will enable clients to identify and leverage suitable AWS services to optimise workloads and save operational overhead.
Visibility of Risks
The WAR will help enterprises gain visibility of the risks within the IT estate. The security pillar of the review will focus on current security posture and identify any vulnerabilities that need to be addressed to eliminate the risk of a security incident.
When designing workloads, enterprises make trade-offs between the five pillars based upon business needs. These decisions can potentially impact the alignment to best practices. The WAR will help organisations to understand the potential impact of architecture decisions and also recommend safe compromise. For example, security and operational excellence are generally not traded off against the other pillars.
Consistent Approach to Reviewing Architecture
The AWS WAF Provides a consistent framework for reviewing architecture, enabling IT teams to share learnings and best practices as well as identifying the critical needs.
Insight as an AWS Advanced Consulting Partner is well positioned to provide the technical expertise for AWS clients to optimise their workloads running on AWS. Achieved using the industry leading AWS Well-Architected Framework as the benchmark, clients can reduce their spend on AWS; improve security posture; increase reliability and performance; and ensure the right operational wrap is put in place to manage the environment.
If you are interested in finding out more, please contact your Insight Account Manager or get in touch via our contact form here.