Cloud Well Architected Frameworks

Well-Architected is a term trending in information technology these days, especially regarding cloud architecture. Google Cloud Platform, Microsoft Azure, and Amazon Web Services have all published their well-architected guidelines.  If your work in a cloud or architecture support role, you probably hear your peers or management mention it at least several times a day. Solutions providers and consultant inject it into their presentation.  So, what is the well-architected framework and why is it so important?

Well Architected Framework

In summation, and regardless of cloud provider, well-architected framework provides a series of controls and best practices that can be used to assess a cloud workload. The framework is a subset of the cloud adoption framework (CAF) which is designed to assist organizations on their cloud journey.  The CAF is geared toward building the proper cloud estate whereas Well-Architected can be leveraged assess an existing, or newly built workload, against a set of guiding principles that are categorized into pillars of excellence: Security, Reliability, Performance Efficiency, Operational Excellence, Cost Optimization and Sustainability.

Pillars of excellence

The pillars of excellence are foundational areas that comprehensively detail guidelines, standards and processes any workload should be assessed against.  In fact, you will find that these assessments go well beyond the technologies themselves and delve into potential standards and practices organization need to adhere to. 

Reliability

Reliability speaks to the resilience and availability of the workload.  It assessed the workload’s ability to recover from failures.  Failures can range from:

• Failures within the application’s code or services
• Server Rack failures (Fault Domains)
• Data Center failures (Zonal)
• Regional Failures

Additionally, this section includes controls that discuss the overall architecture of the workload such as data externalization, resource SKUs and external connectivity.  Finally, this section delves into an organization’s existing Disaster Recovery, Backup and solution provisioning processes. 

Security

Security speaks to the protective measures leveraged to protect the workload and is one of the most important pillars within the framework.  It assesses the solution’s and organization’s ability to:

• identify security solutions leveraged to protect workloads from external threats
• Identity security solutions leveraged to protect workloads from internal exploits
• Processes and Technologies leverage for Data Governance
• Compliance Management and Monitoring
• Assess the Confidentiality and Integrity of the solution

Operational Excellence

Operational Excellence more on how the resources are deployed and managed rather than the resources themselves.  Many of the controls within operational excellence overlap with controls in the other pillars.  This section assesses the solution’s and organization’s:

• Understanding of the application’s architecture
• Resource Deployment process
• Automation and self-healing capabilities of operational tasks
• Monitoring and Alerting Capabilities
• Understanding of SLO and SLA of current resources

When assessing an application or solutions against the WAF, remediations identified in this section should be remediated last.  In my experience, many of remediations identified in other pillars will remediate many items in this section. 

Cost Optimization

As its name implies, this pillar focuses on how cloud related costs are managed within the organization.  As with Operational excellence, many of the controls identified in this section overlap with controls in Operational Excellence, Reliability and Performance Efficiency.    It assesses the solution’s and organization’s:

• Cost and Capacity Modeling Process
• Alerts and Cost Monitoring
• Sku, Resource and environment right sizing
• DevOps and Automation processes

Performance Efficiency

Performance focuses on the resources within the workload responds as demand is placed on it. The following design principles are considered:

• Considerations for Efficiency
• Scale Operations configuration and management
• Responsiveness to daily operations
• Network Performance
• Workload benchmarking

GCP System Design

Google sixth peer focuses on the design and build phase of the workload, and is considered the foundational pillar within their framework.  System Design will assist an organization with:

• Applying core principles of system design
• Select the appropriate geographic regions
• Manage cloud resources
• Database Optimization
• Storage Strategy
• Design cloud workloads for sustainability
• Machine learning implementation
• Data analysis

System Design takes foundational principles from each pillar to create a sort of quick start guide to cloud workload implementation.  Additionally, this area covers workload sustainability.  This section takes the time to discuss how a given solution impacts the environment.  Sustainability topics include:

• Understanding a workloads carbon footprint
• Reducing emissions for batch workloads
• Minimizing idle cloud resources.

Sustainability AWS

Where sustainability within the GCP WAF is a subsection of System Design, AWS creates an entire pillar dedicated to sustainability.  Similar to GCP, is focuses on reducing the environmental impact of a given workload.  This pillar discusses:

• The shared responsibility model
• Sustainability of the cloud
• Sustainability in the cloud

Where to start?

Each cloud provider provides mechanisms or tools that can be leveraged to assess an environment. 

AWS Well-Architected Tool

AWS provides a well architected tool that is available to all AWS tenants at no additional cost.  The tool allows you to define a workload based on an existing architecture and provide guidance related to the well-architected framework. 

Azure Well-Architected Review Site

Microsoft provides a web assessment.  The assessment allows you to pick the pillars of interest and guides the user through a series of questions.  Once completed, Microsoft provides a list of recommendations along with related links for additional detail.

GCP’s well architected Guidance site

I was unable to locate a tool that could be leveraged to design a customized well-architected plan.  However, they do provide an extensive document that covers each pillar and it related controls and best practices. 

Pillar Specific

It’s important to understand the primary goal of conducting the assessment.  Then align those goes with associated pillars. For example, if cost and budgeting are the primary concern then you can simply focus on cost optimization.

Full Assessment

There are many controls, best practices and process that are contained within the best practice.  In my experience, and if you intend on assessing a workload across all pillars, then Reliability or Security should be the starting point.  Both pillars will contain the most controls and many of them address controls in other pillars, which could speed up the assessment process along the way. 

Organizational Alignment

Regardless of the strategy, it’s important that the organization is supportive of an assessment.  Questions regarding process and governance will require the potential cooperation of several teams including information security, compliance, human resources and operational support.  Identifying key functions and individuals prior to beginning the assessment will makes things easier in the long run.

Conclusion

The well-architected framework should be leveraged to implement and assess workloads in the cloud.  It positions an organization or user for success during the deployment phase.  I’ll be diving deeper into the well-architected framework in future blogs.