Provision Cloud Services with Governance and Security Policies – InApps 2022

A HyperGrid team recently completed a project at one of the largest banks in Asia. The IT team in that organization was looking to accelerate the delivery of infrastructure and application services to support the growing demands of application development teams building business applications that drive competitive advantages for the bank.

In the absence of automated workflows, the IT organization was stuck with manual processes that resulted in long waits experienced by end users, rising operational expenses, inconsistent infrastructure, and overall dissatisfaction by business users.

The customer was drawn towards HyperCloud’s full-stack offering, which provides cloud services for the enterprise on-premises on a pay-as-you-go consumption model, with integrated governance for IT control and orchestration for any application on bare-metal, VMs and containers. The no CapEx pricing model allowed the organization to get all of the benefits of the public cloud while maintaining security and control over infrastructure spending. Comparing HyperCloud against other public cloud providers using the new Cloud Made Clear cost comparison tool suggested to this organization that running cloud services on HyperCloud would be more cost efficient.

Pull the Trigger

The customer was looking to create three tiers for its infrastructure services; platinum, gold, and silver. Each tier would be allocated a specific amount of compute, network and storage resources based on the type of workload and the environment on which it would be provisioned:

For each of these tiers, out-of-box services had to be available in the self-service library for on-demand consumption by development teams. For virtual machines, blueprints with operating systems like Ubuntu, CentOS, Windows Server 2012 and Windows Server 2016 were needed for common use cases where manual software installation was expected. Additionally, fully configured application stacks for PHP and .NET on containers was needed for quick deployment in the development and testing environments using the latest code checked in by developers.

Machine blueprints and application blueprints were quickly created based on these requirements and made available in the self-service library ensuring consistency across the business. Advanced infrastructure and application modeling was used to standardize application provisioning using:

• IT-blessed scripts (e.g. BASH, PowerShell, Puppet, etc.) that can be invoked at 15 different life cycle events (triggers) to standardize application deployment on any infrastructure.
• Data injection to support dynamic application dependencies in multi-VM or multi-container deployments.

However, IT had some important questions to answer before rolling out these services to their users.

• If an automated, self-service model is adopted for provisioning, how can IT ensure that approval workflows and entitlements are enforced for governance?
• How can IT enforce quota and cost metering policies to ensure appropriate usage of infrastructure with show back reports to track the cost of infrastructure and application services?
• How can IT manage not just the initial provisioning workflows but the lifecycle management operations for infrastructure and applications post-provision?

The governance framework in HyperCloud provides role-based access controls, entitlements, approval, quota and cost metering policies to enable secure and holistic management of resources, workloads, and operations across any cloud with the cost visibility needed to control spending. These controls were configured in the “Cloud Provider” that IT registered for HyperCloud.

HyperCloud automates both the provisioning and the lifecycle management operations for both infrastructure and application services — allowing teams to access to monitoring, backup, in-browser terminals, log analysis, scale in or out, continuous delivery workflows and application updates to speed up DevOps processes. By adopting automated lifecycle management, IT can automate downstream operations, lowering the cost to apply patches, scale out resources, and update configurations.

Ultimately, the winning feature, according to who we spoke with at this bank, was the self-service library that enabled self-provisioning of infrastructure, storage, network, database, and application services in minutes, not the days its previous processes required.

Even more important for a financial institution under strict regulations, all the provisioning workflows that were initiated through the self-service library adhered to IT-defined governance controls, entitlements, approvals and quota policies allowing the IT organization to be in full control while providing the agility and flexibility to the application development teams.

The bank is able to realize a clear competitive advantage with an accelerated time to market for new services and business offerings and now has the ability to consistently and quickly deliver compliant applications and the required infrastructure in just minutes.

Feature image by Chris Holgersson on Unsplash.