 Hey everyone. How's it going? How's everybody liking liking everything so far? Is it good? Awesome awesome awesome Hopefully hopefully I can continue to add to that real quick before we get started this picture right here Does anybody happen to actually know where this picture is taken show of hands? So this picture was actually taken this is probably the most iconic picture that you can take along the Appalachian Trail this particular Picture was it's taken a place called McAfee's Knob. It's near Roanoke, Virginia Which is relatively close to to my home office in Lynchburg And I thought it was actually relatively appropriate because it's you know, it's a guy You know overseeing Some some clouds there. So I felt it was relatively appropriate A little bit about myself my name is Frank Ford my actual title at Genworth is application development manager My real role is more of an IT architect. I was originally hired as a Java developer So I have a development background and I've been at Genworth for 13 years now Can I hold a little bit? No, okay. Sorry So what is Genworth how many of you have actually heard of Genworth in in this particular room anybody a couple hands Hey, there you go. Cool. All right, so we're a financial services company primarily selling long-term care and mortgage insurance We're headquartered in Richmond, Virginia. My home office. Like I said is in Lynchburg, Virginia And the company traces its roots all the way back to 1871 There was a company called life of Virginia was founded in Richmond Because the long-term care insurance products that we sell are considered health insurance We are bound by HIPAA regulations which adds a significant layer of complexity when we start talking about Data processing where we can store data what workloads we can we can put where? And I also gave a talk at a GitLab commit about our journey to DevOps If you're interested in that there's a there's a YouTube link I have been warned that I tend to sway a bit in the video And it might make people nauseous if you are if you're watching and if anybody so this is me doing that Right now today go ahead and just yell or something and tell me to stop and I'll and I'll try to stop So today I'm going to go over Jim worse multi-cloud journey kind of in our roadmap I'm going to go over some of the technologies that we're using to help enable some of that And then some considerations that we that we had along the way so This is a extremely high-level roadmap of Kind of kind of where we were and kind of where we are and kind of where we plan to go with our our our cloud migration strategy, so Everything started with containerizing our existing legacy applications Like I said, we're an insurance company. We have a lot of legacy applications everything from mainframes to dot-net applications to Job enterprise applications you name it. We have it We look into how can we break apart these monolithic applications? How can we containerize the various components? How can we offer services that are available for? various customers to call and How do we make that available like centralizing business logic in various areas and delivering consistent data? Next we We're a GitLab customer and so we're using the the GitLab CICD pipelines to manage our build and deployment processes, of course automated testing Is extremely important in all of this stuff without you know automated testing none of this really moves forward. I Don't trust manual tests. So And then of course container orchestration You know, we started playing around with Docker several years ago, and you know, I started personally and then you know, you kind of go figure out Okay, how do I move this into a corporate type environment and unbeknownst to me there was another group inside the company that was also looking at doing the same kind of things and they bought Red Hat OpenShift and so that's the Containerization and in orchestration platform that we are that we are currently using So We're here Right right there. I know and it looks kind of like we're in the middle of this Looks kind of like we're in the middle of this journey, but we're really really just at the beginning So this is just the the tip of the iceberg here And of course containerization isn't the only thing that we're looking at doing. It's what can we do? Serverless, what can we use various other products from various other vendors like, you know pinpoint for for messaging Google? Firebase or Google Google was it cloud Firebase cloud messaging for push notifications to mobile phones and things like that Technologies this is relatively run-of-the-mill stuff if you are Playing around with Docker or or something just kind of getting started just install Docker on your local machine and start having fun When you start to get serious about it We have a Docker community edition box that you can point some stuff at you can start playing around with get lab See I you can run some get lab runners out there And kind of get your get your CI process up and running and then when you're ready to Productionalize we will go ahead and move you over to to OpenShift in terms of external cloud vendors we use Amazon and Microsoft Azure as well as a few fun other things down there, too so All right deployment, this is where things start to get interesting for us. So we're mostly on-prem with Red Hat OpenShift being the the primary Means to do some of this I just touched on kind of the difference that we we use Docker CE and OpenShift and kind of when you migrate from one to the other one So The big takeaway here and what we're working towards is I think what we all kind of kind of came here looking looking to do Is developers shouldn't have to care where your workloads run? I shouldn't have to care about that my development staff shouldn't have to care about that Nobody should have to care about that That's that's really kind of where we want to get to So The next part of the the the conversation is going to be around some some considerations that we had Vendor agreements so This this is one of these fun things That's just kind of a fact of life when you start getting into when you start getting into buying software products and and dealing with dealing with these these these vendors You know Cloud computing it generally changes away from being a You know it changes the traditional model of I'm going to buy this off-the-shelf piece of software And then I'm going to pay 20% maintenance on this piece of software and I have this fixed cost that I just roll forward Every single year and I can kind of count on that You know With a lot of these being subscription based and a lot of them being Consumable type things. I'm paying for the compute. I'm using I'm paying for the storage. I'm using I'm paying for Things like that. It's kind of it's kind of changing Changing the way that we're we're dealing with cost structures It's a big shift for your sourcing Organization and your finance organization So your finance wants a Forecastable number that they can say okay. Here's what this is going to cost this month. Here's what this is going to cost the next month And of course you could use some analytics and kind of figure out when do you have bursty loads and when do you have downtime so for us the the big times are Tax season and then usually the month of January Like I said, we sell long-term care insurance and a lot of people go home to visit family during December and If you have elderly parents or something like that, you may not and you don't live near them You may not necessarily know that the things may not be all that great And you you may come back and you may say okay I need to file a claim on the long-term care insurance policy. So January actually is a is a relatively high month for us So we could we could look at some of that we can say You know, we we can anticipate higher costs during January and tax season and then after April things tend to just kind of trail off So That's a yeah All right, so finding finding a balance The the process of onboarding new vendors can sometimes be cumbersome and can sometimes take a long time At least for for us and I'm sure for for other organizations as well It can it can sometimes take months to negotiate a contract You go back and forth redlining the redlining the items and then and then agree to something This if if this is the way that we have to continuously onboard new products from vendors This adds a lot of time to the development cycle because we may we may be Developers just want to want to test things. I want to experiment with something. I want to play with something I don't want to have to deal with any of this contractual nonsense that The legal folks are making me deal with You know, I just want to do my job, but we have to do is to cover some bases The big thing here is try and negotiate contracts To open up a toolbox that your development staff can can use Don't negotiate product to product to product that that adds a lot a lot of time The Once you actually get The your development staff has has played around with stuff and they decide on a particular solution try and get that solution into A forecastable state so that your finance groups will will be happy And they can say I can count on this spend every month moving forward So Right now Jim or developers are able to use any product in AWS or Azure as long as they meet certain security requirements so if a developer wants to start playing around with a new product in AWS or Azure The only thing they need to do is make sure that they understand the workload that they are running They understand the data that they are running through it and make sure that that particular product that they want to use meets the requirements so Make sure that it's for us hip is a big one for other folks. It may be something something else GDPR Anything like that for for some European guys The new EU US privacy shield that that that may have some implications Coming up here here pretty soon But as long as we can say that the service that the development staff wants to use it Genworth is is compliant with whatever regulation for the data. They want to run through it. They can use it So that's that's a good thing Security I touched on HIPAA You know again understanding the data that you want to put out there You know, we're an insurance company. The cloud is scary for us. We don't necessarily like Change so These are these are big steps for us to take actually signing agreements and getting real production workloads out out in the cloud You know Amazon a couple years ago. I think it was 2017 remove the requirement to have Dedicated EC2 for for HIPAA compliance But what does your legal and compliance department say about that? You know, not all of this regulation is external some of its some of its internal some of its You know your legal staff may not be comfortable with Having having that data out there like that And we touched on touched on making sure that the the data in the workload that you want to do is is is compliant And the only thing that really our developers have to do is just confirm That it meets those those security requirements Workload management Understanding the type of workloads that you're running out out in the cloud Are you running are you running container workloads or you're running serverless workloads? Are you using a particular product for a particular purpose? Are your workloads running in the most cost-effective space? We we actually have a part-time person now who's tasked with understanding what Workloads we currently have running. Are they running in the right place? Is there a more cost-effective place to run them and then any new workloads that we want to put out there? His job is to analyze that and and make sure that we put it in the correct location All right, so in conclusion We're just kind of getting started on our journey. We utilize a combination of on-prem and and Truditio the the big cloud vendors as well as a few sass and pass solutions The big things for us like I said is Regulatory things making sure that we stay in compliance with with HIPAA and and and other other regulations So when we talked about the consideration for sourcing contract security and in the workload management There you go, and thank you very much. There's my email and my Twitter I will warn you that my Twitter doesn't really have a lot of tech information on it I'm normally tweeting about either Virginia Tech football or auto racing. So Would you like to take some questions? Sure? Any questions folks? Okay? Hi, my question is I got an impression that you don't really have a central like a platform team that takes care of the the platform to run all those services like you talking about different developer teams Speaking I know making that choice. Is that right or did I um, so we do have a platform team Come find me afterwards. I'll I'll I will say we we do have a platform team That platform that that particular piece of the puzzle is in flux for us right now And come find me and I'll give you more information, but You said you let your developers use any AWS service I was kind of curious how you think about products in the AWS marketplace And if that simplifies your sourcing issues and paying people issues the AWS marketplace is somewhat of a concern for us just Just because I don't necessarily know that those those pieces are as vetted as the actual product offerings from from Amazon It wouldn't bother me so much if somebody can come to me and say This particular thing in in the Amazon marketplace meets Certain compliance criteria If we could do that, I could probably check some boxes and we could probably move forward using that But for the most part I tend to avoid it if possible You ask developers to vet the security compliance of cloud services. That sounds hard for them. How well does that work for you? Great question. Yeah, that's that's that's a very good question I Really the way that we kind of we kind of work this is the developers kind of come to us and say I want to use this product And then they turn stuff over to our security organization and our security organization is the ones that actually tracks that down So we have a team that's kind of dedicated to handling that for us and then they when they come back after they've vetted it They'll say yeah, you're good to go or no, you can't you can't do this Any more questions? All right, I'll come back No, no, that's great Maybe you could elaborate. What was the driver for you to go multi-cloud? As I alluded to in the in the panel discussion a lot of this is regulatory You know we We're trying to reduce cost in our on-prem we have we have an on-prem data center in one of our facilities We have a contract data center in another location in the country And we're really just trying to reduce the the cost of those data centers by pushing stuff out Into some of the some of the big the big cloud vendors the When it comes down to particular solutions like I said regulatory compliance is the main thing that's driving us to certain things so, you know if Amazon released the greatest thing since sliced bread and I want to run a Sensitive workload through it, and it's not HIPAA compliant. I can't I can't look at it. I can't touch it I can't I can't use it If Microsoft comes along and says well, we've got the same thing in Azure and it's HIPAA compliant Well, that's probably where my workloads gonna go if If that's the case, but really cost reduction is the is the main driver So you move your workloads from one cloud to another you don't run them at the same time two places. No, no we don't Thank you last question All right, I'll be over in a second Yeah Thank you so I get the the gist the the the feel that You're part of a very traditionally bureaucratic Org that has a lot of compliance and and Slow-moving parts etc. Right? Yeah, and that's fine. That's that's great My question is we're trying to change that but it's a it's a it's a slow process Yeah, yeah, and you seem to be making great progress. That's actually what's interesting to me is you're moving towards this multicloud cloud native CICD world How does that fit with? the more traditional change management processes and and and how have you found that to Be something that you have to tackle versus something. You're not tackling right now That that's actually a very very interesting and very very good question that I wish I could provide a succinct answer to you Like the other gentleman over here talk to me after this and and and I'll I'll give you a little bit more detail into Into why I can't answer that question right now That I that I really would I really would love to answer it But there's a there's some behind-the-scenes stuff that's going on the the the the big thing is I Have a very strict separation of duties that I have to adhere to I personally cannot Modify any of the stuff that actually does Deployments to any of our production systems There's another group that has to handle that that are technically non-employees of our company, so That's why things get really interesting So given that we've had two questions that you know There's juicy details that you can tell off siege might I recommend that you folks grab a table at the Unconfront section in the hard rock cafe because sounds like there's lots of discussion to be had and Frank if you'll be willing I think that would be fun sure Awesome. Well, thank you so much Frank This was awesome as we could tell by the number of questions that happened for all you folks Just FYI Frank's so good at sharing knowledge and being part of this community and giving back This is the second time I think if not third time I've invited you on stage And he's very generous with this time and shares his learnings with everyone