Author Archives: John Krull

Amazon WorkDocs home page

WorkDocs end of support coming

I logged into an AWS account early this week, ready to review the Amazon WorkDocs service and train a customer. However, an unwelcome notification greeted me at the top of the WorkDocs console.

Support is ending in April 2025. That is, the service will no longer be available.

Amazon WorkDocs Notification

Apparently Amazon made the “difficult decision” to end support for its WorkDocs document sharing and collaboration platform. So, as of April 26th, 2024, new customer sign-ups and account upgrades are no longer available. And one year later, on April 25, 2025, the Amazon WorkDocs site, APIs, and Drive will be permanently shut down and all customer data deleted. I am disappointed that somehow, I didn’t directly receive this notification.

For customers like me and Tech Reformers clients who have been actively moving content into WorkDocs, this announcement comes as a major blow. According to Amazon’s email notification, there is an April 2025 cutoff date. “[The] Amazon WorkDocs site, APIs, and Drive will no longer be available, and all data will be permanently deleted.”

Migration Choices

AWS has built a data migration tool to help customers export their content to Amazon S3 storage. It’s still, however, a significant disruption for those of us who had bought into WorkDocs as our go-forward content management solution.

Interestingly, Amazon seems to be pointing impacted customers to Dropbox as an alternative. AWS is offering discounts on Dropbox licenses purchased through the AWS Marketplace.

Did You See the End of Amazon WorkDocs Coming?

The writing may have been on the wall. Business Insider reported last year that Amazon itself had purchased over one million Microsoft 365 licenses for its own workforce, representing a $1B+ commitment to Microsoft’s competing productivity and content management suite.

As an AWS spokesperson stated, “[Amazon] must sometimes make the difficult decision to pivot when [they] believe [their] resources should be invested elsewhere to better serve [customers].” It seems Amazon WorkDocs simply failed to gain enough traction.

This situation underscores the importance of having contingency plans and exit strategies in place, even when leveraging services from trusted providers like AWS. Sometimes with little warning, cloud providers will eliminate solutions.

I’m curious if other AWS customers were caught off guard by this WorkDocs announcement like I was. Share your thoughts and experiences in the comments!

Unlocking the Power of Generative AI for Public Sector Success

Understanding Generative AI

Gen AI refers to algorithms capable of creating new content and ideas autonomously. Whether it’s generating conversations, stories, images, or music, this technology relies on large machine learning models trained on extensive datasets. It has garnered interest for its ability to drive innovation across various market sectors, including the public sector.

Empowering Public Sector Entities

Public sector organizations face unique challenges in meeting the diverse needs of their constituents. However, AI technology presents an opportunity to address these challenges by streamlining processes, enhancing decision-making, and delivering personalized services.

Key Benefits of Gen AI

Unlocking the Power of Generative AI for Public Sector Success

Here are some of the most compelling reasons to embrace generative AI:

  • Empowering decision-makers: Government agencies can analyze vast amounts of data to identify patterns and trends, enabling proactive decision-making and efficient resource allocation.
  • Accelerated research and discovery: Researchers can leverage this technology to expedite data analysis and experiment design. This facilitates faster discoveries and innovations in fields such as healthcare, education, and public policy.
  • Personalized services: Generative AI enables the customization of services to individual citizens’ needs, enhancing the overall user experience and satisfaction.
  • Improved productivity: Automation of routine tasks frees up human resources, allowing public sector employees to focus on big-picture and mission-critical activities and thereby achieve greater productivity.
Getting Started with Gen AI on AWS booklet image

Take the Next Step

As generative AI continues to reshape the landscape of public sector operations, now is the time to embrace this transformative technology. At Tech Reformers, we specialize in helping public sector organizations unlock the full potential of generative AI on AWS. For more information, please download this guide to getting started. Or contact us today to learn how we can help your organization thrive in the era of AI innovation.

AWS Public Sector Immersion Day in Seattle on May 2 at the AWS Skills Center

On May 2nd, Tech Reformers and AWS hosted a Public Sector Immersion Day at the AWS Skills Center in Seattle. The audience that filled two adjoining classrooms included representatives from school districts, a conservation district, a public utility, a city, and others from EdTech and commercial sectors. They all came to learn about how Amazon Web Services is used in the public sector.

Skills Center Exhibit

Despite traffic and a 9:00 am start, we began promptly with an introduction from Tech Reformers. Maria Petrova from AWS then briefly introduced the Skills Center and its mission. Participants later got to spend time with the exhibits at the Skill Center. These exhibits cover robots, machine learning, internet of things (IoT), gaming, and space. AWS Skills Center Seattle is a free training center for anyone in the Seattle community who is curious about cloud computing and future job possibilities in the cloud. The center is designed to help people with little to no technology background.


Security on AWS

John from Tech Reformers started the presentations with Getting Started – Security and Architecture. It began with the drawbacks of using the root account created with the email address from the account setup. From Identity and Access Management (IAM), we moved to AWS Organizations and AWS IAM Identity Center. We covered the advantages of a multi-account architecture and using Single Sign-On (SSO). The presentation wrapped up with adding security, governance, and compliance controls with Control Tower.

Next, Venkat, an AWS Solutions Architect, dug more deeply into Advanced Security Features that should be considered when architecting an AWS infrastructure – particularly a multi-account architecture. He started out with Guard Duty, a threat detection service that monitors your AWS accounts for malicious activity. Guard Duty then delivers security findings for visibility and remediation. Venkat then went on to give an overview of Security Hub, which centralizes and aggregates security alerts into a single “pane of glass.” He showed how it helps with overall security posture across all AWS accounts under governance.

Venkat presenting

Hands-On Lab – Elastic Disaster Recovery

No Immersion Day is complete with a hands-on lab. Muni, another AWS Solutions Architect, led the lab Disaster Recovery on AWS. AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. There was a lot to cover here, and the group did a great job (especially coming in with different skill levels and experience with AWS). In the end, we recovered two servers in a new region with literally the push of a button.

Immersion Day classroom with students. View from back of the room.

Visit to The Spheres

No visit to Amazon HQ1 is complete without a trip to The Spheres. Amazon describes it as:

A space to think and work differently, surrounded by nature and the wellness benefits it provides. The Spheres are a result of innovative thinking about the character of a workplace and an extended conversation about what is typically missing from urban offices–a direct link to nature. The Spheres are home to more than 40,000 plants from the cloud forest regions of over 30 countries.

https://www.seattlespheres.com/

We headed there in two groups. Since The Spheres is an Amazon office space, it is generally not open to the public. Visitors must be accompanied by an Amazon employee, who can escort as many as six guests.

Group of attendees posing at the top of The Spheres
interior of The Sphres
The Spheres as the sun is setting.

Finished Up With Desktop Computing and AI

We finished our AWS Immersion Day with two areas of interest in the public sector: Desktop Computing in the cloud and Generative AI (Gen AI). After briefly discussing AWS Workspaces and AWS AppStream 2.0, we heard from attendees how they use App Stream in their environments. We passed around the new WorkSpaces Thin Client.

Muni teaching Gen AI

It was too bad we didn’t have more time for Gen AI. After hearing a little about what attendees are doing with Gen AI, Muni did an excellent overview of the concepts and introduced Amazon Bedrock. AWS is holding another Immersion Day in Seattle on June 7 that will dig deeper into Bedrock.

Be sure to sign up for our mailing list to learn more about our upcoming AWS events.

[hubspot portal=”7246398″ id=”3da0e473-cfe5-4349-bc49-9f8a9e530ea9″ type=”form”]
AWS Public Sector Immersion Day in Seattle on May 2 at the AWS Skills Center
SFTP with AWS Transfer Family

Organizations need efficient and secure file transfer methods. They can reap the benefits of SFTP on AWS. AWS Transfer Family offers a robust solution for managing file transfers using various protocols, including SFTP (SSH File Transfer Protocol). This service simplifies the setup and management of file transfers, providing numerous benefits for businesses of all sizes.

SFTP with AWS Transfer Family

Key Benefits of AWS Transfer Family:

Easy Setup:

  • Setting up an SFTP server with AWS Transfer Family is straightforward. With just a few clicks in the AWS Management Console, you can create a server and configure it to meet your specific requirements.

Flexible Authentication:

  • AWS Transfer Family supports multiple authentication methods, including AWS Directory Service, IAM roles using just the service itself, and custom identity providers like Microsoft Active Directory. This flexibility allows you to choose the authentication method that best suits your needs.

Scalability:

  • AWS Transfer Family scales effortlessly as your business grows to accommodate increased file transfer demands. You can easily adjust server capacity and storage to match your requirements.

Security:

  • AWS Transfer Family offers built-in security features to protect your data during transfer. It supports encryption in transit and at rest, ensuring that your files remain secure at all times.

Integration with S3:

  • AWS Transfer Family integrates seamlessly with Amazon S3, allowing you to store files in S3 buckets. This integration simplifies file management and provides a scalable storage solution.

Cost-Effective:

  • ‘With AWS Transfer Family, you only pay for what you use. There are no upfront fees or long-term commitments, making it a cost-effective solution for file transfer needs.’With AWS Transfer Family, you only pay for what you use. There are no upfront fees or long-term commitments, making it a cost-effective solution for file transfer needs.

By leveraging AWS Transfer Family, businesses can streamline their file transfer processes, improve security, and scale their operations efficiently. Whether you’re a small business or a large enterprise, AWS Transfer Family offers the flexibility and scalability you need to manage your file transfer requirements effectively.

To take advantage of the benefits of SFTP on AWS and learn more about setting up an SFTP server using AWS Transfer Family, check out our detailed guide: SFTP (SSH File Transfer Protocol) in AWS Transfer Family – Setup Instructions. This quick how-to guide will walk you through the process of creating an SFTP server and configuring it to meet your specific needs.

VPN Ban in Russia

As of March 1st, Russia has implemented a ban on VPN services, marking a significant step in its ongoing efforts to regulate access to information and increase surveillance. This move has raised concerns not only for Russian citizens but also for US businesses operating in or dealing with Russia.

The Digital Iron curtain - Russia's total ban on VPNs.

For Russian citizens, the ban means a further restriction on their ability to access unrestricted information and communicate privately online. VPNs are often used to bypass government censorship and access content that may be blocked or restricted by authorities. With VPNs now banned, Russian citizens may find it more challenging to protect their privacy and access the open internet.

From a business perspective, the VPN ban in Russia could have several implications for US companies. Many businesses rely on VPNs to secure their communications and data when operating in countries with less secure internet infrastructures or higher levels of surveillance. With VPNs banned, US businesses operating in Russia may face increased cybersecurity risks, as their communications and data may be more vulnerable to interception.

Furthermore, the ban on VPNs could also impact US businesses that have operations in Russia or rely on Russian markets for revenue. Restrictions on internet access and communication could hinder the ability of these businesses to operate effectively and could potentially lead to increased costs or disruptions to their operations.

Overall, the VPN ban in Russia highlights the challenges of navigating the complex regulatory environments and cybersecurity risks businesses face when operating in global markets. US businesses operating in or dealing with Russia will need to carefully assess the implications of this ban and take steps to mitigate any potential risks to their operations and data. Read more at https://www.vpnmentor.com/news/report-russia-vpn-ban/

Running stride graphic

In the ever-evolving landscape of cloud computing, security remains a top priority for organizations. Threat modeling is a crucial step in identifying and mitigating potential security risks. One popular framework for threat modeling is the STRIDE model, developed by Microsoft. Let’s explore how the STRIDE model can help enhance the security of your AWS environment.

What is the STRIDE Model?

The STRIDE model categorizes threats into six categories, each representing a potential attack vector:

  1. Spoofing: This refers to the act of impersonating a user, system, or service to gain unauthorized access. In an AWS environment, spoofing could occur if an attacker gains access to AWS credentials or keys.
  2. Tampering: Tampering involves modifying data or code without authorization. In AWS, tampering could occur if an attacker intercepts and alters data in transit or modifies data stored in AWS services.
  3. Repudiation: Repudiation refers to the ability to deny that a specific action took place. In AWS, this could include denying that a particular API call was made or that a resource was accessed.
  4. Information Disclosure: This involves the unauthorized disclosure of information. In AWS, information disclosure could occur if sensitive data is exposed through misconfigured permissions or insecure storage.
  5. Denial of Service (DoS): DoS attacks aim to disrupt services and make them unavailable to users. In AWS, DoS attacks could target AWS services or applications running on AWS infrastructure.
  6. Elevation of Privilege: This refers to gaining higher privileges than authorized. In AWS, elevation of privilege could occur if an attacker exploits a vulnerability to gain administrative access.
Stride Model

Applying the Threat Modelling in AWS

To apply the STRIDE model in AWS, start by identifying potential threats in each category based on your AWS environment’s architecture and configuration. For example:

  • Spoofing: Ensure that AWS credentials and keys are stored securely and rotated regularly to prevent unauthorized access.
  • Tampering: Use AWS services such as AWS CloudTrail and AWS Config to monitor and detect unauthorized changes to your resources.
  • Repudiation: Enable AWS CloudTrail logging to track API calls and resource access, providing an audit trail for accountability.
  • Information Disclosure: Implement encryption for data at rest and in transit to protect against unauthorized disclosure.
  • Denial of Service: Use AWS Shield to protect against DDoS attacks and ensure that your application is resilient to traffic spikes.
  • Elevation of Privilege: Apply the principle of least privilege and regularly audit permissions to minimize the risk of unauthorized access.

By applying the STRIDE model in your AWS environment, you can identify and mitigate potential security threats, helping protect your cloud data and applications. As a next step, you can subscribe to the AWS Security Blog, consider joining the Cloud Security Alliance, and have Tech Reformers conduct a Well-Architected Framework Review of your workload.

Backup and Migration of VMware with AWS

When customers running VMware on-prem consider the cloud for backup or even migration, they sometimes want to stay on their current hypervisor. Organizations stay with VMware because of their skillset and familiarity or they need to move quickly with what they have. They have a challenge. They need to find a solution that doesn’t require changing their whole system. At the same time, they need to keep their applications and data safe. VMware Cloud on AWS is the answer. It provides an easy way to move from on-premises environments to the cloud. This can be done just for backup. Or it can be a full migration.

Overview: Backup and Restore with VMware

AWS Backup, a fully managed backup service, easily centralizes and automates data backup across AWS services in the cloud and on-premises environments. When it comes to backing up on-premises VMware workloads, AWS Backup integrates seamlessly with VMware Cloud on AWS. Customers can back up their on-premises workloads to the cloud with AWS Backup and then restore the backups to VMware Cloud on AWS. This enables a streamlined migration process that’s secure, efficient, and doesn’t require additional operational complexity.

Diagram of Backup, migration, and disaster recovery using AWS Backup with VMware Cloud on AWS

VMware Disaster Recovery

When it comes to disaster recovery, VMware Cloud on AWS, in conjunction with AWS Backup, provides a robust solution. Customers with strict Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements have good options. They can use VMware Cloud Disaster Recovery and VMware Site Recovery. These solutions will meet their needs for keeping data safe and recovering it quickly. However, AWS Backup offers a simpler approach for smaller migration or more flexible disaster recovery requirements.

In the event of a regional disaster, customers can leverage the cross-Region copy capability of AWS Backup to copy the backups to a different AWS Region. This ensures that customers can restore their backups to VMware Cloud on AWS in another region, thereby ensuring business continuity.

Migration

Using VMware Cloud on AWS for migration has significant benefits. It lets customers move their on-premises VMware workloads to the AWS cloud. This process helps scale their data protection solution in a cost-effective way. With AWS Backup, customers can set the backup frequency based on their Recovery Point Objective (RPO) requirement in the backup plan. This level of customization ensures that customers only pay for what they need, thereby keeping costs in check.

Cost Considerations:

When considering a migration or disaster recovery solution, it’s important to consider the associated costs. AWS Backup and VMware Cloud on AWS provide cost-effective solutions that provide flexibility in storage and restore options. Implementing lifecycle rules in AWS Backup can help customers maximize the benefits of lower-cost storage options, thereby further reducing costs.

Consider using the AWS Backup lifecycle feature to automatically transition your recovery points from a warm storage tier to lower-cost cold storage for archival use cases.

Conclusion

For organizations running VMware workloads on premises, the combination of AWS Backup and VMware Cloud on AWS offers a comprehensive solution for backup, migration, and disaster recovery. This solution not only ensures that customer data is protected and secure but also provides a cost-effective and efficient way to migrate to the cloud. For details for implementation, read the prescriptive guidance from AWS. Using AWS Backup and VMware Cloud on AWS helps customers relax, knowing their important business applications and data are safe in the cloud.

Free Downloads from s3

At Tech Reformers, we know how critical technology is in today’s K-12 educational environment. Schools and districts are continually seeking ways to enhance learning, support teachers, and improve overall operations. But budget concerns are always an issue. I have some good news. Amazon Web Services (AWS) is now offering its Global Data Egress Waiver (GDEW) to K-12 customers.

The Journey to the Cloud, Simplified

Embracing cloud technology can be a game-changer for educational institutions. AWS is the perfect partner in this journey, providing on-demand, pay-as-you-go compute and storage services. This approach enables schools to shift from capital infrastructure expenses and upfront cost. AWS allows for a pay-as-you-go model with more manageable operational expense model. The flexibility and scalability of AWS services ensure that districts and schools can adapt to changing needs while keeping costs in check.

And remember, Districts and schools start with a Free Tier Account which gives 12-month free access to many services. But once the free period ends or usage exceeds the free-tier limits, costs can become a big worry.

Maximizing the Benefits with the Global Data Egress Waiver

One variable cost is Egress fees. Downloading data out from AWS over the internet creates egress fees. There is always no cost to upload data into AWS. Likewise, it’s free to move data between Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2).

K-12 IT staff get worried about the variable cost of egress, downloading their files. So, in support of K-12 Education, AWS offers the Global Data Egress Waiver (GDEW). Under normal circumstances this will waive any download costs. It makes AWS less expensive and easier to budget.

The GDEW is specifically designed to support K-12 education, offering a maximum discount of 15% of total monthly spending on AWS. The 15% of the total AWS spend is several times the egress AWS typically sees among its Education customers. This discount, coupled with no cost for uploading data to Amazon Simple Storage Service (Amazon S3) and free data egress from S3 to Amazon Elastic Compute Cloud (Amazon EC2) within the region, significantly reduces the barriers for schools and districts looking to leverage AWS’s cloud storage, computing, and database services.

The Global Data Egress Waiver (GDEW) allows K-12 districts and schools to avoid fees for downloading data from Amazon S3 buckets.

The Global Data Egress Waiver (GDEW) allows K-12 districts and schools to avoid fees for downloading data from Amazon S3 buckets.

The Impact on Student Outcomes

By minimizing or even eliminating data egress fees, school districts can increase agility and security, reduce costs, and analyze data faster, leading to improved student outcomes. Technology leaders in districts will have more resources and flexibility to innovate and tailor solutions that meet the unique needs of their students and educators.

Eligibility and How to Apply for the Data Egress Waiver

AWS’s data egress waiver is available to K-12 education customers who meet the following criteria:

  • Located or reside in the US
  • Work at an educational institution, such as a public or private K-12 school, in a district, regional, or state administrative office of a public educational institution, or for the boards of education in the US
  • Use district/school/LEA e-mail addresses for AWS accounts
  • Work in an approved AWS Region
  • Data Transfer Out Must Be Via AWS Direct Connect or Over NRENs from Peered AWS Regions

To request the AWS Data Egress Waiver, contact your AWS Account Manager or complete the form below and we’ll work with your account manager to initiate the request.

[hubspot portal=”7246398″ id=”0676e2ff-d5e2-429d-b030-41756ba1c77f” type=”form”]

In conclusion, AWS’s GDEW is an incredible opportunity for K-12 schools and districts to accelerate their digital transformation journey. As an AWS Public Sector Partner specializing in K-12, Tech Reformers is here to help you navigate this process and make the most out of the tools and services offered by AWS. Let’s work together to harness the power of technology and create a brighter future for our students!

serverless architecture

The serverless paradigm, once a promising glimpse into the future of cloud computing, has now comfortably taken its seat at the tech table. Datadog’s ‘State of Serverless 2023‘ report affirms this by highlighting the impressive growth in serverless ecosystems, especially with the advent of container-based applications.

What is Serverless?

When we say “serverless,” it doesn’t mean there are no servers. Yes, that’s counterintuitive. What we mean is there are no servers for the customer to manage. The management of the server hardware, scaling, and operating system are all managed by the cloud provider. The customer only needs to manage the code. Besides not managing the underlying infrastructure, customers only pay for what they use. For example, in AWS Lambda, you only pay when a function is invoked. Likewise, with AWS Aurora Serverless, charges occur when the database is called.

Who are the Players?

Cloud giants like AWS and Google Cloud are leading the revolution to outsource server management, with a vast majority of Datadog clients embracing this technology. Not to be forgotten, Azure trails close behind. But it’s AWS, with its diverse offerings, that’s particularly eye-catching. Take AWS Lambda, for instance, a pioneering serverless computing service that automatically runs your code without needing to provision or manage servers. Couple that with AWS’s other marvels like App Runner for containerized apps, Fargate for serverless compute for containers, and CloudFront Functions for edge computing. It’s clear AWS isn’t just riding the wave – it’s shaping it.

Sample Architecture

In the sample serverless architecture below, the client browser requests a static webpage hosted in Amazon S3, which is storage with web hosting capabilities. Using this webpage, the client browser communicates with API Gateway using a REST API. API Gateway authenticates and authorizes (using Cognito) the request and invokes a Lambda function communicating with DynamoDB.

sample serverless architecture: the client browser requests a static webpage hosted in Amazon S3, which is serverless storage with web hosting capabilities. Using this webpage, the client browser communicates with API Gateway using a REST API. API Gateway authenticates and authorizes (using Cognito) the request and invokes a Lambda function communicating with DynamoDB.

Frontend development has also joined the serverless fiesta. Platforms such as Vercel, Netlify, Cloudflare, and Fastly are expanding their horizons by providing capabilities tailored for front-end needs. This evolution reveals a fascinating shift in web development priorities, emphasizing scalability, performance, and deployment ease.

Chart showing python and node.js as the most popular language for AWS Lambda followed by Java.

Regarding deployment tools, Terraform has emerged as a top choice, especially for AWS Lambda deployments among larger organizations. This underscores Terraform’s adaptability for complex workloads. And when it comes to the developer’s choice of language for AWS Lambda? Node.js and Python remain firm favorites, but Java is making waves, a testament to enterprises warming up to serverless wonders.

Serverless, the bottom line

Though the findings are based on Datadog’s cloud-savvy clientele, the message is clear: serverless is not just a fleeting trend. It’s the present and future of efficient and innovative cloud computing. And with AWS at the helm, the serverless sky seems limitlessly bright!

Tech Reformers can help you explore serverless options for your workloads.

cloud enablement summary
AWS logo

As an AWS partner, Tech Reformers, strives to help organizations to innovate with the cloud. The goal is innovation while improving information technology (IT) in six areas: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability, The 6 Pillars of the AWS Well-Architected Framework. The Cloud Enablement Engine (CEE) is a guiding process bringing together the business and technology teams and, in education, the instructional team. The goal is a digital transformation moving from an on-premises operating model to a Cloud Operating Model (COM) to achieve district goals.

Once dubbed a “Cloud Center of Excellence,” Philip Potloff, the Head of Enterprise Strategy at AWS, describes it in Challenging Conventional Wisdom About How to Build a Cloud Center of Excellence as

“a multi-disciplinary team that is assembled to implement the governance, best practices, training, and architecture needed for cloud adoption in a manner that provides repeatable patterns for the larger enterprise to follow.”

He cites research and experience that shows the best team is not a well-honed IT team, a successful project team, or an egalitarian mix of staff. Transformation enterprisewide is more likely when there is a mix of “A-team” players with success in IT and project management working with “new blood” that brings in a supply of new ideas relevant to the district.

The team must have top-down support from an influential executive sponsor. In school districts, this would be the superintendent or other cabinet leader. A key pattern for success is to have not just an executive sponsor but an Executive Cloud Steering Committee that includes senior executives that are not on the CEE. They serve as the North Star and ensure the CEE is in support of district strategy and goals.

The CEE is ready to go upon completion of the 5 kick-off activities:

  • Build the team
  • Train and coach
  • Pilot projects
  • Architect for the cloud
  • Operate in the cloud.

Build the Team

The initial team member may be the CIO, CTO, or director in IT with hands-on experience who knows the capabilities of AWS but also has the political capital to bring in business leaders aboard with the CEE. With other leaders on board, the goal is to build a ‘two-pizza” team, small enough to share a couple of pizzas. To start, less is more. Technology is the team focus initially. Some successful organizations have also had a larger cross-functional Cloud Steering Committee that ensures progress, removes roadblocks, and helps with decision-making that affects the organization.

Train and Coach

Initial members beyond the leader may include infrastructure, networking, and operations which will be cloud leaders. Core member training is the next step. Creating learning paths and training in cooperation with Human Resources creates a process for extending cloud adoption. The CCE team leverages the AWS Well-Architected framework and will become familiar with AWS reference architectures, AWS Quick Starts, and AWS Solutions. Successful CEE implementations include AWS training for the entire organization. At AWS, for example, every employee becomes a Certified Cloud Practioner. Districts could have a Cloud 101 that covers the core of transforming with the Cloud.

IT probably has an existing Project Management Office (PMO) or project management team. This team is critical to the success of the CEE. They are closely aligned with the business verticles and should be armed with agile project management skills. Now a Cloud PMO, the team can create a manifesto to guide decision-making for project onboarding, process changes, role definitions, organizational changes, cloud architecture, and cultural change. Communication skills are the key to bringing the organization along the cloud journey.

Pilot Projects

The CEE then develops pilot projects in a lab environment. It’s important to keep the sponsor and senior leadership engaged in the progress and aware of the pilot projects. What pilot may have an impact beyond the IT team? Identify pilots that could improve the business, have the potential to save money, would increase reliability, or can deliver on a business need.

Architect for the Cloud

Before going live with AWS, it’s important to architect the AWS environment for the enterprise. AWS must be integrated into the fabric of the technology environment. Plan on using Organizations or Control Tower. Build a multi-account architecture with unified security controls, centralized billing, and governance. Integrate with an existing Identity Provider like Active Directory to provide familiar login credentials and account management.

Operate in the Cloud

The Well-Architected pillar, Operational Excellence, focuses on people, not technology. The CEE should develop a Cloud Operating Model (COM). The COM may include infrastructure as code, code repositories and version control, monitoring, alerting, notifications and reporting, escalation policies, financial tracking and auditing, service deployment policies, and examination of opportunities for agile practices. This is important even if your district has few or no custom applications. The “Super Power” of the cloud is automation. So, even compute, storage, databases, and Commercial Off-The-Shelf Software (COTS Software) can all be deployed by code using, for example, Cloud Formation Templates and user data scripts.

With the 5 kick-off activities complete, the CEE moves into production and continuous improvement.

Cloud Enablement Engine summary graphic

Kickoff and Continuous Improvement

With guidance from the executive sponsor, steering committee, and stakeholders, the CEE delivers early value. Like the pilots, identify projects to improve the business to save money, to increase reliability, or to deliver on a business need. An IT focus with financial and reliability benefits might be to move from tape or local disk backup to backup to Amazon S3. A project for educators may be to deploy Amazon AppStream 2.0 to enable Career and Technical Education (CTE) students to use high-end applications on any device. Or is there an application from the AWS Marketplace that could fit the need for, say, HR?

Striving for continuous improvement builds on early successes. Perform AWS Well-Architected Reviews on the new workloads and on potential legacy data center workloads. This builds the capacity of the team while driving the CEE forward. Organization-wide improvement can be achieved by leveraging early adopters to help others. A Community of Practice identifies and shares best practices not just to IT but to business units and other stakeholders.

Cloud Adoption is a journey, and the Cloud Enablement Engine: A Practical Guide provides prescriptive guidance. Following the CEE will enable a district to transform and innovate with the cloud. Additionally, information technology (IT) will improve in six areas: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.