Multi-Cloud Strategy for Cloud Architects: Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps, 2nd Edition

Cover
Copyright
Contributors
Table of Contents
Preface
Chapter 1: Introduction to Multi-Cloud
	Understanding multi-cloud concepts
	Multi-cloud—more than just public and private
	Introducing the main players in the field
		Public clouds
		Private clouds
			VMware
			OpenStack
			AWS Outposts
			Google Anthos
			Azure Stack
			Azure Arc
		Emerging players
	Evaluating cloud service models
		IaaS
		PaaS
		SaaS
		FaaS
		CaaS
		XaaS
	Setting out a real strategy for multi-cloud
	Gathering requirements for multi-cloud
		Using TOGAF for requirements management
		Listening to the Voice of the Customer
		Defining architecture using QFD and the HOQ
	Understanding the business challenges of multi-cloud
		Setting the scene for cloud transformation
		Addressing organizational challenges
		Organizing the skills of the architect
	Summary
	Questions
	Further reading
Chapter 2: Collecting Business Requirements
	Analyzing the enterprise strategy for the cloud
		Shifting to a subscription-based economy
	Considering cloud adoption from enterprise architecture
		Long-term planning
		Financial structure
	Fitting cloud technology to business requirements
		Business planning
		Financial planning
		Understanding the cost of delay
		Moving to the benefit of opportunity
		Technical planning
	Applying the value streams of IT4IT
	Keeping track of cloud developments—focusing on the business strategy
	Creating a comprehensive business roadmap
	Mapping the business roadmap to a cloud-fit strategy
	Summary
	Questions
	Further reading
Chapter 3: Starting the Multi-Cloud Journey
	Understanding cloud vocabulary
	Planning assessments
	Executing technology mapping and governance
		Keeping track of innovation
			Adopting innovations
			Defining roadmaps and business alignment
	Planning transition and transformation
		Starting the build
			Setting up simple connectivity
			Setting up landing zones
	Exploring options for transformation
		From monolith to microservices
		From machines to serverless
		Containers and multi-cloud container orchestration
		Keeping the infrastructure consistent
	Summary
	Questions
Chapter 4: Service Designs for Multi-Cloud
	Introducing the scaffold for multi-cloud environments
	Working with Well-Architected Frameworks
		Identity and Access Management (IAM)
		Security
		Cost management
		Monitoring
		Automation
	Understanding cloud adoption
		Stage 1—Defining a business strategy and business case
		Stage 2—Creating your team
		Stage 3—Assessment
		Stage 4—Defining the architecture
		Stage 5—Engaging with cloud providers; getting financial controls in place
		Stage 6—Building and configuring the landing zone
		Stage 7—Migrating and transforming
	Translating business KPIs into cloud SLAs
		Defining availability
		Comparing service levels between providers
	Using cloud adoption frameworks to align between cloud providers
	Understanding identities and roles in the cloud
	Creating the service design and governance model
		Requirements
		RAID
		Service decomposition
		Roles and responsibilities
			Governance model
			Support model
		Processes
	Summary
	Questions
	Further reading
Chapter 5: Managing the Enterprise Cloud Architecture
	Defining architecture principles for multi-cloud
	Using quality attributes in architecture
	Defining principles from use cases
		Business principles
		Principles for security and compliance
		Data principles
		Application principles
		Infrastructure and technology principles
		Principles for processes
	Creating the architecture artifacts
		Creating a business vision
		Enterprise architecture
		Principles catalog
		Requirements catalog
		High-level design
		Low-level design
		Planning transition and transformation
	Change management and validation as the cornerstone
	Validating the architecture
	Summary
	Questions
	Further reading
Chapter 6: Controlling the Foundation Using Well-Architected Frameworks
	Understanding BaseOps and the foundational concepts
		Defining and implementing the base infrastructure—the landing zone
		Defining standards and guardrails for the base infrastructure
		Building the landing zone with Well-Architected and Cloud Adoption principles
			Enterprise-scale in Azure
		BaseOps architecture patterns
	Managing the base infrastructure
		Implementing and managing connectivity
			Implementing Azure ExpressRoute
			Implementing AWS Direct Connect
			Implementing Google Dedicated Interconnect
			Implementing Alibaba Express Connect
			Implementing direct connectivity in OCI
			Accessing environments in public clouds
		Defining and managing infrastructure automation tools and processes
		Defining and implementing monitoring and management tools
		Supporting operations
	Managing the landing zones using policies
		Managing basic operations in Azure
		Managing basic operations in AWS
		Managing basic operations in GCP
		Managing basic operations in Alibaba Cloud
		Managing basic operations in OCI
	Understanding the need for demarcation
	Summary
	Questions
	Further reading
Chapter 7: Designing Applications for Multi-Cloud
	Architecting for resilience and performance
	Starting with business requirements
		Understanding data risks
		Understanding application risks
		Understanding technological risks
	Using the principles of the 12-factor app
	Accelerating application design with PaaS
	Designing SaaS solutions
	Performance KPIs in a public cloud—what’s in it for you?
	Optimizing your multi-cloud environment
		Optimizing environments using Azure Advisor
		Using Trusted Advisor for optimization in AWS
		Optimizing GCP with Cloud Trace and Cloud Debugger
	Optimizing in OCI
	Use case: creating solutions for business continuity and disaster recovery
		Creating backups in the Azure cloud with Azure Backup and Site Recovery
			Backing up non-Azure systems
			Understanding Azure Site Recovery
		Working with AWS backup and disaster recovery
			Creating policy-based backup plans
			Creating tag-based backup plans
			Hybrid backup in AWS
			AWS disaster recovery and cross-region backup
		Creating backup plans in GCP
			Disaster recovery planning
			Creating backups in OCI
	Summary
	Questions
	Further reading
Chapter 8: Creating a Foundation for Data Platforms
	Choosing the right platform for data
		Azure Data Lake and Data Factory
		AWS Data Lake and Redshift
		Google’s data lake and BigLake
		Alibaba Cloud Lakehouse
		Oracle Big Data Service
	Building and sizing a data platform
	Designing for interoperability and portability
	Overcoming the challenges of data gravity
		Introducing the principles of data mesh
	Managing the foundation for data lakes
	Summary
	Questions
	Further reading
Chapter 9: Creating a Foundation for IoT
	Choosing the right platform for IoT
		Azure IoT Hub
		AWS IoT Core, Edge Manager, and IoT Greengrass
		Google Cloud IoT Core
		Alibaba IoT Platform
	Monitoring IoT ecosystems
	Designing for connectivity to the cloud
	Connecting IoT with IPv6, LoRa, and 5G
	Summary
	Questions
	Further reading
Chapter 10: Managing Costs with FinOps
	Understanding the principles of FinOps
	Define guidelines for the provisioning of cloud resources
		Deploying resources in Azure using ARM
		Deploying resources in AWS using CloudFormation and OpsWorks
		Deploying resources in GCP using Deployment Manager
		Deploying to Alibaba using Terraform
		Deploying resources to Oracle Cloud
	Define cost policies for provisioning
		Using the Azure pricing calculator
		Using the AWS calculator
		Using the GCP instance pricing calculator
		Understanding pricing in Alibaba Cloud
		Using the cost estimator in Oracle Cloud Infrastructure
	Understanding account hierarchy
		Enterprise enrolment in Azure
		Organizations in AWS
		Organizations in GCP
		Account hierarchy in other clouds
	Understanding license agreements
	Define tagging standards
	Validate and manage billing
		Using cost management and billing in Azure
		Using AWS Cost Management for billing
		Using billing options in GCP
	Validating invoices
	Summary
	Questions
	Further reading
Chapter 11: Maturing FinOps
	Setting up a FinOps team
	Using maturity models for FinOps
	Introducing cost-aware design
	Transformation to managed FinOps in multi-cloud
	Avoiding pitfalls in FinOps transformation
	Summary
	Questions
	Further reading
Chapter 12: Cost Modeling in the Cloud
	Evaluating the types of cloud costs
		Cost coverage
		Cloud rates
		Amortized and fully loaded costs
	Building a cost model
	Working principles of showback and chargeback
	Summary
	Questions
	Further reading
Chapter 13: Implementing DevSecOps
	Understanding the need for DevSecOps
	Starting with implementing a DevSecOps culture
	Setting up CI/CD
	Working with CI/CD in multi-cloud
	Exploring tools for CI/CD
		Azure DevOps
		AWS CodePipeline
		Google Cloud Build
		CI/CD in Alibaba Cloud
		CI/CD in OCI
		Tools for multi-cloud container orchestration and application development
	Following the principles of Security by Design
	Securing development and operations using automation
	Summary
	Questions
	Further Reading
Chapter 14: Defining Security Policies
	Understanding security policies
		Understanding security frameworks
	Understanding the dynamics of security and compliance
	Defining the baseline for security policies
	Implementing security policies
		Implementing security policies in Microsoft Defender for Cloud
		Implementing security policies in AWS Security Hub
		Implementing security policies in GCP Security Command Center
		Implementing security policies in Alibaba Cloud
		Implementing security policies in OCI
	Managing security policies
	Manage risks with Cloud Security Posture Management
	Summary
	Questions
	Further reading
Chapter 15: Implementing Identity and Access Management
	Understanding identity and access management
	Using a central identity store with Active Directory
	Designing access management across multi-cloud
	Working with least-privilege access
	Exploring Privileged Access Management (PAM)
		PAM on cloud platforms
	Enabling account federation in multi-cloud
	Summary
	Questions
	Further reading
Chapter 16: Defining Security Policies for Data
	Storing data in multi-cloud concepts
		Exploring storage technologies
		Understanding data protection in the cloud
	Understanding data encryption
	Securing access, encryption, and storage keys
		Using encryption and keys in Azure
		Using encryption and keys in AWS
		Using encryption and keys in GCP
		Implementing encryption in OCI and Alibaba Cloud
	Securing raw data for big data modeling 
	Summary
	Questions
	Further reading
Chapter 17: Implementing and Integrating Security Monitoring
	Understanding SIEM and SOAR
		Differentiating SIEM and SOAR
		Initiating a Security Operations Center
	Setting up the requirements for integrated security
		Implementing the security model
	Exploring multi-cloud monitoring suites
	Summary
	Questions
	Further reading
Chapter 18: Developing for Multi-Cloud with DevOps and DevSecOps
	Introducing DevOps and CI/CD
		Getting started with CI/CD
		Working under version control
	Using push and pull principles in CI
		Pushing the code directly to the main branch
		Pushing code to forks of the main
		Best practices for working with CI/CD
	Using the DevSecOps Maturity Model
	Manage traceability and auditability 
	Automating security best practices using frameworks
	Summary
	Questions
	Further reading
Chapter 19: Introducing AIOps and GreenOps in Multi-Cloud
	Understanding the concept of AIOps
	Optimizing cloud environments using AIOps
	Exploring AIOps tools for multi-cloud
	Introducing GreenOps
	Summary
	Questions
	Further reading
Chapter 20: Conclusion: The Future of Multi-Cloud
	The growth and adoption of multi-cloud
	Understanding the concept of SRE
	Working with risk analysis in SRE
	Applying monitoring principles in SRE
	Applying principles of SRE to multi-cloud—building and operating distributed systems
	Summary
	Questions
	Further reading
Other Books You May Enjoy
Index