![](\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/20\/l\/achieve-operational-excellence-in-your-cloud-workload\/achieve-operational-excellence-in-your-cloud-workload.jpg\")
<\/p>\n<\/p>\n
<\/div>\nRelated articles in the Well-Architected series:<\/span><\/p>\n In today\u2019s landscape, achieving operational excellence can be difficult, but not impossible. With operations often viewed as distinct from the rest of the business, it sometimes isn\u2019t integrated into the flow like it is for other departments.<\/p>\n We have seen the industry recognize this divide with the creation of DevOps\u2014combining development and IT operations into one process to enable more streamlined creation and implementation of software throughout the software development life cycle (SDLC).<\/p>\n Microsoft\u00ae Azure\u00ae and Amazon Web Services (AWS) continue to publish design principals for building applications that adhere to their well-architected frameworks. The best practices for the AWS Well-Architected Framework are based on five different pillars, operational excellence, security, reliability, performance efficiency, and cost optimization, however this article will be focused on the pillar of operational excellence. In this pillar, AWS defined five design principles that spread across four areas: \u201corganization\u201d, \u201cprepare\u201d, \u201coperate\u201d, and \u201cevolve\u201d. Let\u2019s take a look.<\/p>\n 5 Operational excellence design principles<\/span><\/p>\n Embedding operational excellence into your organization<\/span> The area of \u201corganization\u201d is the first area up for discussion. The way your business organizes who is responsible for what, in relation to your engineering and operations departments, is critical to your success. Who is responsible for the platform, who is responsible for applications, how do we communicate between our different departments? At the end of the day, you need to be organized in a way that enables you to build software, applications, etc. that fulfill your business’ strategy.<\/p>\n In order to make any decisions about organization, the priorities of the business must first be reviewed and determined.<\/p>\n DevOps risk management<\/b> Cloud operating models<\/b> Note, it may be necessary to alter your business culture to conform to any one of these models<\/p>\n Prepare for operational excellence<\/span><\/p>\n The next one up is \u201cprepare\u201d, which is where you start to get into the work software developers are more familiar with. However, just because it is more familiar, doesn\u2019t mean it is more important than the area of organization. Without having proper organization in your business and processes, it would be very difficult to address the other three areas required to fulfill your business’ strategy.<\/p>\n Design telemetry into your cloud workloads<\/span><\/p>\n Telemetry provides you with information on the current health and risk level of your applications and infrastructure, giving you the ability to better manage and respond effectively to events or incidents. This is done predominantly with logs and metrics. Trend Micro and its Trend Micro Cloud One\u2122 Conformity Knowledge Base provide steps that you can take to confirm AWS CloudTrail is enabled<\/a> or Amazon CloudWatch Logs are encrypted<\/a> with instructions on how to remediate according to best practice. It is also good to ensure that you have metrics configured to monitor things like the functional status of your APIs.<\/a><\/p>\n You can audit your environment manually with 750+ industry best practices articles or give our free trial a shot<\/a> and have your entire environment audited automatically in real time and continuously.<\/p>\n Improve your cloud workload flow<\/b> As a result, configuration management is a crucial topic. This relates back to one of the design principals: Making small, frequent, and reversible changes is critical to build into our processes. It is good to setup services, such as Amazon Simple Notification Service (Amazon SNS) to receive messages for services like AWS CloudFormation. Receiving a notification when stack events occur<\/a>, such as create, update, and delete, allows for a faster response to unauthorized actions.<\/p>\n 5 Deployment Risk Mitigation Processes<\/b> Understand your operational readiness<\/b> Operate<\/span><\/p>\n The third area is \u201coperate\u201d, which includes three key understandings that are required to successfully manage the operation of the cloud and ensure you achieve your business outcomes. AWS says that it is critical to:<\/p>\n Understanding the health of your workloads or operations comes down to metrics. In order to know how to improve, it is critical to be able to show how things are functioning and how your customers are interacting with your sites. Enabling logging on Amazon CloudWatch Logs, and then aggregating those logs for analysis is very important. These logs can help generate the information needed to produce the metrics you need to improve operations and can be delivered through AWS Health Events<\/a> on the AWS Personal Health Dashboard. The Conformity Knowledge Base also has rules to assist in the creation of logs and health events. It is possible to use these rules manually, or to use an automated tool like Trend Micro Cloud One\u2122 \u2013 Conformity,<\/a> which is always looking for misconfigurations.<\/p>\n Optimize your AWS Systems Manager OpsCenter<\/b> AWS Systems Manager OpsCenter is a central place to manage issues. You can view, investigate, and resolve issues within this tool, while ensuring that information is kept confidential. There is a Conformity rule for this: SSM Parameter Encryption.<\/a> And as with all the rules, it is included in the Conformity automated tool. When beginning on the path to operational effectiveness, having an automated tool to analyze our cloud looking for missing configurations is essential.<\/p>\n Automate event detection<\/b> Evolve to operational excellence<\/span><\/p>\n The final area is \u201cevolve\u201d. AWS believes that, in the context of the cloud, to properly evolve, you must learn, share, and improve. For example, use your post-incident meetings, to learn from what has occurred and make improvements for the future. There needs to be a process to manage and promote continuous improvement in an effort to change behaviors that are not working.<\/p>\n As more security breaches hit the news and data protection becomes a key focus, ensuring your organization adhere to the well-architected framework\u2019s design principles is crucial. Conformity<\/a> can help you stay compliant to the well-architected framework with its 750+ best practice rules. As mentioned above, if you are interested in knowing how well-architected you are<\/a>, see your own security posture in 15 minutes or less. Learn more by reading the other articles in the series, here are the links: 1) overview of all 5 pillars<\/a> 2) Security<\/a> 3) performance efficiency<\/a> 4) reliability<\/a> 5) cost optimization<\/a>.<\/p>\n References<\/b>\n
\nHigh-level organization priorities:<\/b><\/p>\n
It is critical that business manage business. You can determine your businesses risk by looking at the possible attacks that could occur, as well as the likelihood of it coming to fruition. While the cloud has been around for a while, we need to pay close attention to managing the risks it can introduce, as it is still considered a new ecosystem that we are all learning to manage. How we deploy software and manage patches and updates have an impact on the businesses threat landscape.<\/p>\n
In a white paper by AWS, Operational Excellence Pillar, they outline four operating models in the context of engineering and operations. AWS looks at engineering as the process of developing and testing applications and the infrastructure. Then, operations is responsible for the deployment and ongoing maintenance of the applications and infrastructure in production. But it isn\u2019t always this straight forward and every business has its own processes, which is why they discuss four different operating models that businesses can use:<\/p>\n\n
AWS says we need to adopt approaches that \u201cenable refactoring, fast feedback on quality, and bug fixing\u201d. Improving the way changes flow into production is what AWS is pointing to here. So, it is essential to have version control and ensure that you test and validate any changes before they reach production.<\/p>\n
There are many steps that can be taken to mitigate deployment risks, before those, it is crucial to have the attitude that changes pushed to production don\u2019t always work. This will help you to always be prepared. Before pushing to production, always look for what would cause a failure:<\/p>\n\n
Once you understand what operational readiness is, the next step is to verify that your personnel is just as knowledgeable, so they can provide operational support. From there, you\u2019ll want to determine whether or not you\u2019ve automated everything you can.<\/p>\n\n
Once the logs are created, delivered, and analyzed, it is possible to respond to an event. In ITIL\u00ae language, an event is a change of state. These may be planned monitored, or unplanned and problematic. With the latter, we need to ensure that we able to respond effectively.<\/p>\n
Automating responses to detected events is the next step. You can utilize Amazon CloudWatch Events<\/a> to create rules that respond to specific triggers. Otherwise, there would be alarms that might get missed. For example, the Conformity Knowledge Base and the Conformity tool have alarms to alert us when costs are reaching a threshold<\/a> we have defined.<\/p>\n
SQS Dead Letter Queue<\/a>
Stack Failed Status<\/a>
ACM Certificate Expired<\/a>
EBS Volumes Attached To Stopped EC2 Instances<\/a><\/p>\n