The U.S. Department of Agriculture (USDA) is an extremely large government agency that recently undertook a massive endeavor: moving critical agency services into multi-cloud environments. To make this move, the USDA turned to the team at VVL Systems, who helped provide the strategic and tactical guidance to make this effort a success. In a recent interview, Vinnie Lima of VVL Systems shared his experiences of collaborating with the USDA. In this post we offer some background on VVL and its partnership with the USDA, and we detail some of the key strategies that helped make this cloud migration such a success.
Introduction: VVL Supports Cloud Migration at the USDA
VVL Systems is an IT outsourcing and managed services provider with a 16-year track record of working with Fortune 500 enterprises and government agencies. The company offers a breadth of solutions that help customers realize maximum value and success with their IT infrastructures and investments. VVL has been a partner of BMC for more than 10 years, and today the organization is focused on cloud, automation, and optimization.
Vinnie Lima is the Managing Director of VVL. Over the years, Lima and his team have led a number of successful cloud migration initiatives—and in the process, they’ve established several key strategies that have helped maximize the success of these endeavors.
Recently, Lima and his team worked with the USDA, a government agency that has nearly 100,000 employees and 29 agencies and offices. In recent years, the USDA embarked on a modernization initiative, which included the adoption of hybrid and multi-cloud strategies. VVL was tasked with helping support these initiatives. Ultimately, these efforts led to the development of AgCloud, the USDA’s multi-cloud management solution. (Note, we also recently had the chance to interview an executive at the USDA, who offered a lot of key insights into their objectives and approaches in moving to the public cloud. Be sure to read this post to learn more about the USDA and its cloud initiatives.
Pursuing this type of effort within a large government agency like the USDA, Lima and his team had to work across a lot of operational and organizational layers. VVL’s engagement began with a pilot project that had to demonstrate the viability and value of hybrid and multi-cloud approaches. The key focus was on demonstrating that a hybrid, multi-cloud strategy could be functionally manageable and sustainable within a federal agency.
Applying an agile-based approach, VVL focused on delivering fundamental capabilities, including establishing connectivity, architecture, and security. They had to successfully address specific operational efforts, such as incident and change management, monitoring, and patching. This pilot project was critical: the approach needed to be proven before any workloads went to the cloud.
Compliance represented another key aspect. As a federal government agency, the USDA needs to comply with the Federal Information Security Management Act of 2002, known as FISMA. FISMA accreditation is based on three primary security objectives: the confidentiality, integrity, and availability of systems and data. FISMA has various levels of accreditation, with “High” representing those assets and services that are of critical importance to an agency. The team at the USDA was ultimately looking to move FISMA High workloads into the cloud, so a lot of stringent requirements needed to be addressed.
Guiding Principles: Cloud Smart versus Cloud First
In 2010, the federal government issued a Cloud First initiative intended to accelerate the adoption of cloud computing. While the policy helped spur pressure to make a move to the cloud, it also introduced a lot of uncertainty.
“The Cloud First strategy had people feeling they had to go to the cloud quickly, no matter what,” Lima explained. “The reality is that this rush to the cloud can be risky. The challenge is determining whether the organization is really ready to make the move, and how to make the move when the time is right. To be successful, organizations have to establish the processes, tooling, culture, training, and skillsets that are aligned with the cloud.”
If these aspects aren’t aligned with cloud environments, it can introduce significant risk to the organization. For example, moving to the cloud can introduce significant security risk if organizations don’t take the time up front to establish the proper controls. Similarly, when organizations migrate to the cloud without the required cost management capabilities, executives are often shocked by the bills that come in.
“The cloud is a force multiplier,” Lima revealed. “The cloud can accentuate an organization’s benefits when the workflows, strategies, and controls are well conceived. However, the cloud can also magnify the negative consequences when the key requirements and considerations aren’t addressed up front.”
In 2018, a new Cloud Smart initiative was unveiled within the federal government. Along with other agencies, the team at the USDA began to focus on taking a cloud smart approach. At a high level, this approach is characterized by looking holistically at all key considerations—including processes, tools, culture, training, and so on—and making the move in calculated, considered way.
Key Strategies and Considerations
Establish effective plans
A successful cloud migration starts with an effective plan, one that strikes a balance between the near term and the long term.
“It’s critical to establish reachable goals and set the stage for near-term wins,” Lima stated. “Be realistic about what can be accomplished. However, it is also vital to have visionary ideas and road maps.”
From the outset, the teams at VVL and the USDA leveraged agile, fail-fast approaches. They collaborated to set up an effective road map that included quick wins that would contribute to progress toward longer-term goals. They also made it a focus to communicate regularly with senior leadership, articulating not only near-term results but the long-term vision and value proposition.
“Any large-scale initiative will encounter pressure,” Lima said. “To sustain efforts and support and deliver against long-term goals, you need to be able to point to wins, monitor and demonstrate progress, and articulate a clear value proposition.”
In pursuing a long-term, large-scale initiative, it is difficult, but critical, to keep focused on core objectives. This applies to higher level course corrections and the tactical requests and changes that can take place on a daily basis. Ultimately, teams need to contend with adaptation, while remaining focused on core objectives.
In encountering these requests and changes, Lima and his team would continually focus on answering these key questions:
- Why would we do this?
- Is it important to the mission?
- If it is built, will anybody use it?
Account for culture
When it comes to an effort like cloud migration, cultural change represents a critical consideration. In fact, cultural barriers are often more significant than technological barriers in determining whether these types of efforts succeed.
“In managing a cloud migration, you need to take a 360-degree view of the organization’s culture,” Lima explained. “Look at staff members’ skill sets, habits, and approaches; how the various teams operate; how they deliver services to customers; and so on.”
One important theme that Lima sees is the prevalence of silos within many businesses and government agencies. It is very common to see highly siloed organizations, workflows, and expertise. Many IT organizations have traditionally managed operations with separate teams, for example, with groups of Windows administrators, open system administrators, application administrators, and so on. This has obvious organizational implications, but it also has fundamental implications in terms of how people think about such processes as provisioning and lifecycle management.
These various teams have often been using their own sets of tools and techniques, quite commonly for a long time. It is important to recognize how these backgrounds came into play, and how individual behaviors and habits have to be changed. Ultimately, new approaches and cultures need to be established that enable the organization to tackle the next generations of challenges and objectives.
In this effort, staff skills can be a key challenge.
“While cloud vendors may say it’s easy, the reality is cloud migrations and operations are hard,” Lima revealed. “Moving to multi-cloud approaches can be even more challenging, given the differences among services. To do it right, you need to have the right people, with the right training and skillsets.”
Automation is another important area to factor into plans and efforts around culture. The very topic of automation can be an area of significant concern within operations and engineering teams. Often, team members’ first reactions is to be afraid that their jobs may be at risk or altered in a negative way. To ensure widespread support and participation, it is important to establish a forum for communication that addresses these inherent concerns. In these communications, it is also helpful to focus on the positives.
“The reality is that no one really likes to do tedious, manual work over and over,” Lima claimed. “On a practical level, automation removes a lot of the mundane and tedious tasks that teams have to do. Further, automation and cloud migrations can enable organizations to deliver services faster, better, more consistently, and more cost effectively. Ultimately, these services enable the workforce to focus on the important efforts that matter most to the organization’s mission.”
Promote staff knowledge and skills
For the individuals in IT teams moving to pursue automation and cloud migrations, it is important to embrace these initiatives. Team members should capitalize on any opportunities to tap into training and certifications that are available. Especially given the speed of innovation in the cloud, it is important to stay current. Establish a routine of allocating time to follow what’s happening in the industry. This offers staff the opportunity to be more innovative, deliver more value to their organizations, and be more successful in their careers.
In his experience, one of the biggest challenges Lima has seen teams confront is understanding how current processes will translate to the cloud. Often, it’s not necessarily about replacing processes, but in advancing and modernizing them so they provide the higher levels of scalability and agility that are needed.
Increasingly, teams are pursuing a lot of DevOps and agile efforts, establishing continuous improvement/continuous delivery (CI/CD) pipelines, and so on. Ultimately, teams are introducing more and more, faster and faster. This shift has fundamental implications.
Particularly, think about how manual, interactive tasks will work in the context of a cloud setting. What happens when an organization moves to an event-driven, serverless computing platform like AWS Lambda? Quite often, current processes that work acceptably in on-premises contexts will have a hard time scaling to support these dynamic environments.
Establish approaches for managing cost, security, automation
Before moving to the cloud, it’s imperative to establish plans for how cost, security, and automation will be managed. As part of this, it’s important to assess whether current approaches and technologies are viable in the support of cloud and modernization initiatives.
Assess current technologies and investments, and determine where there are gaps that may hinder the organization’s ability to keep pace with cloud evolution. The reality is that some technologies have their origins in a legacy world, where monolithic, static environments were the norm. Often, organizations will need to retool and modernize, establishing more cloud-aware and cloud-native technologies and approaches. Commonly, this will include implementing new capabilities that enable teams to centrally manage multiple OSs and services, and multiple cloud environments.
Capacity, cost management
In federal agencies, budgets and spending have historically been fairly static and monolithic. Many management teams worked with fiscal year budgeting cycles, and zero-cost models, which meant starting from scratch each year in terms of how budgets would be allocated. However, when running in the cloud, teams can’t work in a static or monolithic way. It is vital to understand that cloud consumption generates costs—costs that can fluctuate quickly and dramatically—and teams have to identify and mitigate cloud cost risk in a proactive fashion.
In addition, approaches for capacity optimization have to be well defined in cloud environments.
“In the old days, capacity would be bought at a fixed schedule, and, based on usage, capacity would typically be drawn down gradually until more capacity would be needed,” Lima explained. “In the cloud, this basic premise goes out the window. In the cloud, users can often gain self-service access to whatever capacity they want.”
That’s why it’s imperative to have capabilities for managing the right sizing of resources, and for ensuring users request what they actually need. In particular, autoscaling has to be more dynamic, such as using a technology that can acquire an API and establish a new cloud provider integration. In a multi-cloud scenario, it’s important for teams to have a multi-provider, holistic view so they can make more informed decisions.
When managing a cloud resource that has a very finite, transitional state, how will teams manage security? For example, in a traditional on premises environment, it would be common to leave a server on at all times, even if unused or underutilized, which means it would essentially always be available to be patched. On the other hand, in a cloud environment, a customer may routinely power off instances to reduce costs. What happens when a decommissioned cloud server needs to be patched? The approaches are different.
In addition, in AWS, processes like EBS volume encryption can quickly get out of control. How can teams stay on track of these dynamic services? To sustain the compliance and security of assets, teams need to ensure they can apply controls consistently and efficiently in these dynamic environments, before migrating sensitive data and workloads to the cloud.
Given the highly dynamic nature of cloud environments, employing advanced automation is critical in ensuring cloud implementations remain sustainable. Automation tools have to be aligned with cloud-native technologies and disciplines. For example, beyond EC2 images, platforms need to enable automation through leveraging cloud formation templates, Azure resource management templates, serverless computing approaches, and so on.
If your organization is moving to adopt new cloud or multi-cloud approaches, following some of the proven strategies outlined above can be invaluable. By adhering to best practices, your team can manage cloud migrations with optimal efficiency, and realize maximum benefits from the cloud after migration and over the long term.
In addition, it is important to recognize that your team doesn’t have to go on this journey alone. There are service providers like VVL that are expert in providing the strategic and practical guidance needed to make these transitions successfully. In addition, the team at VVL relied extensively on proven solutions from BMC, including TrueSight Cost Control, TrueSight Cloud Security, and Cloud Lifecycle Management. These solutions were instrumental in helping VVL and the USDA establish the visibility, controls, and automation required.
To learn more about VVL and its successful cloud migration at the USDA, be sure to listen to our in-depth interview with Vinnie Lima.