AWS Partner Network (APN) Blog

Simplify, Optimize, and Automate Cloud Operations with Kyndryl Cloud Native Services for AWS

By Venkat Reddy, Lead Architect, KCNS – Kyndryl
By Theivayanai Kumar, AWS Offering Lead – Kyndryl
By Mayank Singh, Sr. Partner Solutions Architect – AWS

Kyndryl-AWS-Partners-2023
Kyndryl
Connect with Kyndryl-1

With cloud-native application architectures and development models becoming more pervasive, customers are facing skill gaps to integrate security, compliance, observability, and automation functionalities in order to leverage the power of cloud-native transformation.

Kyndryl is an AWS Premier Tier Services Partner and global IT infrastructure services provider that’s relentlessly innovating to help customers with cloud-native transformation and make the journey seamless.

Kyndryl Cloud Native Services for AWS (KCNS) is designed to accelerate and automate managed services for workloads leveraging AWS-native services. KCNS provides a web interface, called Control Plane, for users to perform various operations, including CloudOps, SecOps, and FinOps.

KCNS Control Plane (KCNS CP) acts as an invocation, visibility, and governance platform and deploys the solution in the customer’s AWS accounts. Control Plane also provides a rich set of reports around resources on the AWS accounts, and it’s a multi-tenant solution capable of onboarding and managing multiple AWS accounts in each tenant. The solution uses Kyndryl’s instance of ServiceNow as the Information Technology Service Management (ITSM) tool.

Customers can also audit and govern the AWS environment through KCNS, as it provides integration with AWS CloudTrail and AWS Audit Manager. Customer can improve security posture as KCNS provides integration with Amazon Inspector for vulnerability assessment and with AWS Security Hub. Onboarding of new customers and related resources to KCNS is automated and can be completed within few hours.

This post explains how to simply, optimize, and automate cloud operations with Kyndryl Cloud Native Services for AWS and is targeted at pre-sales and delivery architects set out to design cloud-native solutions for customers.

Kyndryl Cloud Native Services Architecture

This section details the architecture of the solution as described below.

Kyndryl-Cloud-Native-Services-1

Figure 1 – KCNS architecture.

Following is a brief description of the numbered flow in the architecture:

  1. User gets authenticated with Kyndryl OneID to log in to KCNS CP.
  2. Customer AWS accounts are onboarded to KCNS CP, and KCNS Framework is invoked to configure various AWS services like AWS Backup and AWS System Manager Patch Manager. KCNS CP collects inventory details of resources from customer AWS accounts, and updates to Control Plane inventory database occurs through AWS CloudTrail activity logs. To monitor KPIs, a monitoring template is created in KCNS CP and applied to customer AWS accounts to create Amazon CloudWatch alarms.
  3. From KCNS CP, users can provision AWS resources using Terraform automation templates hosted in Kyndryl GitHub repos. Post-provisioning, AWS Systems Manager documents are executed to automate onboarding/offboarding of infrastructure as service (IaaS) and platform as services (PaaS) resources.
  4. AWS Service Management Connector for ServiceNow (SMC) synchronizes, and configuration item (CI) details into a configuration management database (CMDB) of the Kyndryl-managed ServiceNow instance.
  5. Configuration item details of onboarded resources get updated into the Kyndryl-managed ServiceNow CMDB.
  6. For any threshold breaches in CloudWatch, AWS-native incident manager incidents are created and synced as ServiceNow incidents using SMC.

Key Features

KCNS Control Plane provides centralized observability with underlying data fetched from various AWS services.

Key features of the solution include:

  • SecOps posture with threats detected by Amazon GuardDuty and Center of Internet Security (CIS) violations as detected by Amazon Inspector.
  • Policy engine evaluates against best practices like CIS and executes the policy engine policies against inventory/resources fetched from numerous AWS accounts.
  • Provides FinOps posture and anomaly/recommendations. Account and region-wise reports are available for monitoring, security, backup, cost, compliance, and inventory.
  • Offers centralized reporting using the underlying AWS services. For example, backup reports are fetched from the AWS Backup service, and monitoring reports are fetched from Amazon CloudWatch.
  • Provides a multi-tenant software as a service (SaaS) solution where each tenant is dedicated to a customer. Within a customer tenant, the related AWS and on-premise resources can be onboarded and managed centrally.
  • Consolidates metrics across numerous AWS accounts within an AWS Organization. Account and tenant-level view filters are available in Control Plane.
  • Provides a centralized automation platform, with the ability to execute Terraform automation, AWS CloudFormation templates, and AWS System Manager automation hosted on AWS.

Benefits of the Solution

KCNS empowers continuous modernization and is designed for developer productivity. Its services help clients realize:

  • Multi-tenant solution: Control Plane is a multi-tenant solution with a tenant per customer. Multiple AWS accounts can be onboarded into a customer tenant.
  • Centralized login and authorization: Users are authenticated against a central identity provider like Kyndryl OneID. Groups, roles, and permissions can be assigned to users to access appropriate functionality within Control Plane.
  • Seamless experience: AWS-native services, Kyndryl IP, and best practices are packaged to offer value to customers.
  • Faster time to revenue: Automation-first approach reduces time on workload provisioning, onboarding, and operations, thereby enabling rapid application deployments and maintenance.
  • Single pane of glass: Control Plane acts as a centralized operations console and cloud management platform providing a single pane of glass view across multiple AWS accounts.
  • Failure handling and notifications: Customers get notified of failures that occur in the configured services.
  • Remove barriers to accelerated innovation: Simplifies integrations with pre-built assets and framework that rely on AWS-native services.
  • Application Programming Interfaces (APIs): Control Plane can be invoked via API and can integrate with upstream applications.
  • Rich reporting: Within Control Plane, numerous reports are available out of the box, and custom reports can be easily developed to meet customer needs.

Conclusion

By deploying the Kyndryl Cloud Native Services for AWS (KCNS) solution, customers can solve the problem of skill gaps and get a unified tool for provisioning and operations. KCNS has an easy-to-use user interface and consolidated view for operations management while leveraging the AWS-native services.

KCNS leverages an automation-first approach using code assets incorporating infrastructure as code (IaC) and DevOps practices. The solution accelerates cloud-based innovations to achieve transformational business outcomes for end customers.

Various use cases have been included in the solution, covering inventory management, automation, security, compliance, backup, and patching.

Kyndryl has expertise in cloud-native services for AWS and can help customers effectively build and manage AWS environments. Refer to these AWS blog posts to learn more about Kyndryl managed services:

.
Kyndryl-APN-Blog-Connect-2023
.

Kyndryl – AWS Partner Spotlight

Kyndryl is an AWS Premier Tier Services Partner and IT infrastructure services provider that designs, builds, manages, and modernizes the complex, mission-critical information systems the world depends on every day.

Contact Kyndryl | Partner Overview | AWS Marketplace