In light of this, the IT managers have agreed on a multi/hybrid cloud strategy as a basis for the upcoming digitalization. The company aims to become cloud-native within the next decade. Agile methods such as DevOps, for example, are already established in the company. The multi-vendor cloud strategy allows business unit representatives with dedicated accounts to draw on a wide range of different cloud providers for their development projects. Central IT creates the governance framework conditions for this; one key tool for this is an internal ordering and management portal for the units.
The new AWS background automations and seamless integration with the customer’s ordering portal deliver an excellent user experience and facilitate the use of AWS resources in the company. This is relevant in that AWS faces strong competition from other cloud providers due to the customer’s multi-vendor strategy. The customer has the ideal basis for their multi-cloud strategy via the central ordering and administration portal. They can automate the implementation of key security rules and governance principles and thus continue to pursue their cloud strategy.
This paves the way for digitalization of their IT landscape without their being dependent on a single cloud provider. The use of agile methods (scrum with short sprint cycles) made it possible to implement the project quickly – even in the face of changing conditions – and provided the customer with full transparency regarding the status of the project at all times. This enabled any roadblocks to be identified and eliminated at an early stage.
Working in an agile partnership not only enabled us to make swift progress on the project, but also gave us a level of transparency at every stage of the project that we had never experienced before.
Project manager on customer side
The chemical group’s central ordering portal for cloud services uses APIs (application programming interfaces) to access the administration tools of the various public cloud providers such as AWS. In the case of AWS, the central IT department set up a “landing zone” through which the company’s accounts are managed. The central ordering portal uses AWS services via APIs to create accounts.
The landing zone and the services it uses were set up a long time ago. However, it became apparent in 2020 that it was not up to the standards of user experience that the chemical group had set for itself. Many tasks had to be carried out manually. There was only rudimentary integration into the internal ordering portal. The landing zone was not state of the art. AWS technology has evolved, but its potential has not been realized. This combination provides a poor basis for ease of use of AWS resources and internal cloud governance. The chemical group was looking for a partner with AWS expertise and the ability to integrate new AWS services with existing services.
T-Systems supported the chemical company’s central IT with updating the AWS Landing Zone between October 2020 and March 2021. Scrum was used for the development as an agile process model. “Working in an agile partnership not only enabled us to make swift progress on the project, but also gave us a level of transparency at every stage of the project that we had never experienced before,” summarizes a representative of the customer. The tool support for the DevOps project came from AWS.
The agile approach was no coincidence: essential interfaces to AWS services were not fully developed and deployed by AWS until later in the project. AWS Cloud Trail, AWS Config, GuardDuty, and Security Hub had to be integrated “on the fly”. To ensure the requisite coordination and corresponding status checks on the AWS side, T-Systems was in continuous exchange with the partner solutions architect (PSA) from AWS.
As part of the landing zone relaunch, the project partners also implemented a connection to the customer’s internal Azure Active Directory (AD). That means that if an employee of the chemical company orders AWS resources via the ordering portal, the employee will be identified directly via the AD. The resources are then allocated directly to their cost center and they can enjoy single sign-on through synchronization with the AWS SSO.