Self-service IT is an important goal for many of our clients. They are looking for ways to increase their repeatability and speed the rate at which internal customers are serviced. Service Catalog effectively addresses each of these goals by providing automated infrastructure provisioning through easy buttons. Ops teams create these buttons and make them available to internal customers such as developers, engineers, or QA to easily request, receive and provision pre-approved infrastructure.
With these goals in mind, our AWS consultants encounter three specific use cases for AWS Service Catalog that we’d like to share here with you, along with a few examples and benefits of each. (For more in-depth information on AWS Service Catalog, please read our blog post here.)
This first, and the most common, use case is for organizations who are looking to migrate to the AWS cloud on their own terms. While the reasons are varied, they are uniformly not interested in using a third party, blackbox migration. Rather, they prefer to do it themselves. In this case, our AWS experts build the customer a “migration factory,” a Service Catalog with the common resources they would need to provision in AWS for their migrations. These common resources will help them quickly and easily migrate most of their applications. Developers simply go to the Service Catalog, provision the resource that they need, copy the data/code to be migrated, and move to the next thing.
For example, let’s say a company has 500 Windows Server 2012 to migrate to AWS. The first thing that would happen in this process is an assessment and design. Our AWS consultants would meet with the company’s Information Security and Operations teams to evaluate and create a best practices template for the Windows Server 2012 machine, deisgning everything from the IAM permissions to network stacks to the agents that need to run on their windows servers for SEIM/logging. We code this template using AWS CloudFormation.
From here, an easy button would be created in the Service Catalog which would allow the user to spin up a fully compliant Windows 2012 instance using that template in the Service Catalog. Once templates are turned into easy buttons, permissions to use them are granted to the Development team and at this point, developers will see a button for the 2012 Windows Server in the Service Catalog dashboard. Knowing that’s what they need, developers simply push the button, a new resource comes up, they log in, and copy the application/data. At this point, they can go back to the Service Catalog, spin up the next server and keep going.
We recently worked with a client in the energy sector to migrate their Sharepoint in the DMZ to AWS. We met with the Ops and infoSec teams to establish a best practice templates which were put behind a Service Catalog easy button, allowing developers at the firm to deploy with confidence that they are in compliace with corporate policies. As security parameters within a DMZ are critical, knowing that governance was maintained throughout the migration process was very important. Further, the automation that Service Catalog provides helps remove any potential human error, and drastically shrinks any human-related delays. Last, with best practice templates, this organization removed any potential misunderstandings or misreadings of their security and operations policies, ensuring that the migration met policy requirements.
A last example: We recently worked with a Georgia-based legal provider which hosts a solution for corporate contract management. We created a service catalog that allowed them to create load balancers, app servers, and databases. This allowed their team to experiment and set up a solution to match the needs of the multiple environments they planned to host, with very similar basic needs but changing scalability needs.
One Click Deployment
This second use case is for organizations who are looking to replicate or create additional environments. For these organizations, a best practices template is created for the infrastructure that the application needs. The template is put behind the Service Catalog with an easy button. With the easy button in hand, developers can, for example, spin up a new development environment with the press of a button. Similarly, if they want to create a second demo environment, they press a button and the demo environment comes up and provisions. With a one-click environment, this use case provides a more complete solution than Migration Factory.
To give you an example, we are currently scoping work for a healthcare organization who is looking to Service Catalog to create replicable environments in a fraction of the time. By removing snowflakes from the environment, this company will be able to better ensure product quality and stability. Moreover, automation will remove human error from the equation. Ensuring repeatability means that this organization can become exceedingly proficient at building, servicing and securing its environments.
To give you another example, SaaS companies offer to host apps for their customers. While many SaaS customers are fine using multi-tenant environments where other users' data can live on the same system as theirs, other companies require SaaS vendors to spin up exclusive environments for them. We have seen many such examples. Specifically, we worked with a Fortune 100 organization that offers a hosted LMS solution for DoD customers. A portion of their customers prefer dedicated environments. To speed up the process, we coded their solution: a Dockerized, auto-scaling, high-availability Totara (Moodle for Enterprise) setup. Once the easy button had been created, they could onboard new customers in a matter of minutes with no human intervention.
Our third use case is most often seen in organizations with teams, most notably data science teams, who have a regular need to spin up specific resources in AWS for a particular job or experiment. In these cases, the team needs AWS resources for a short period of time for a specific task. While they don’t need these resources long term, each time they do need the resources, additional time is added to the project as they have to go through a manual process of sending email or filing a ticket, and waiting for approval. This delay slows innovation and adds unnecessary work to the Operations team.
With a Service Catalog easy button, these groups can simply press a button to have their resources spun up when they need them. Rather than unchecked access to an AWS account where data teams could potentially open the door to vulnerabilities and risk corporate data, Information Security and Operations teams work together to develop best practice templates for the team’s most common requests. This provides Information Security with governance over the resources used while giving scientists the ability to conduct experiments in a timely manner.
I will leave you with the example of a company we received a call from in the restaurant industry whose data science team often has the need to evaluate massive amounts of data as they evaluate markets for new products, the health of existing products, and more. Operating in a highly competitive industry, this company cannot afford lapse times in their product development and product marketing processes. With an AWS Service Catalog, they will be able to cut delays related to the resource approval process and provide the data science team with an easy button to readily provision their needed AWS resources. Thus allowing the research team to quickly begin evaluation and analysis, giving them a leg-up on the competition.
We see several use cases for Service Catalog, each with their own benefits to the organization. Overarchingly, they provide best practice templates to assure corporate policies are met, security governance is maintained, and most importantly that the proper balance between security and agility is achieved. If you would like to know more about Service Catalog in your organization, please reach out to us today for an assessment.
Read more blogs related to Service Catalog
Did you find this useful?
Interested in getting tips, best practices and commentary delivered regularly? Click the button below to sign up for our blog and set your topic and frequency preferences.