AWS Cloud Operations & Migrations Blog
AWS Managed Services Accelerate Operations Launch
AWS Managed Services (AMS) Accelerate is a new cloud operations offer that helps customers achieve operational excellence regardless of where they are in their cloud journey. Accelerate can operate all types of workloads running in AWS while giving customers complete freedom to use all AWS services. Accelerate uses AWS services for operations and security, such as AWS Systems Manager, Amazon CloudWatch, Amazon GuardDuty, and AWS Config. These services are cost-effective compared to other commercial alternatives, and they can integrate with existing enterprise processes. This lets customers be production-ready in days. Customers can get 24/7 operations to support using a team of cloud experts that brings AWS best practices, experience, and operational processes at scale. Accelerate scales with workload growth, delivers the operational capabilities that customers want, and offers different Service-Level Agreements (SLAs). Therefore, customers only pay to fill their critical operational and technical gaps without overlapping capabilities.
As customers increase their AWS Cloud use, they must invest in cloud operations, hiring cloud-skilled engineers, procuring cloud-operational tools, and rewriting operational processes. As a result, customers must focus on developing capabilities for completing day-to-day operational tasks instead of building capabilities that provide business advantages. Despite the investment, developing strong competencies in cloud operations takes time, during which business operations, application availability, data security, and – in extreme cases – market reputation are at risk.
Customers using Accelerate go through an account discovery and onboarding process during which the customer integrates their operational processes with AMS. As soon as customers start with Accelerate, they gain access to a team of operations engineers that provide 24/7 support to reduce downtime and security risk.
Risks in the cloud can vary from availability risks due to poor architecture, data breaches from misconfigured cloud resources, business risks from poor time-to-market, and security risks from using vulnerable and unsupported technologies. Many customers face mounting security, compliance, scalability, and reliability concerns, and so they need 24/7 coverage.
Accelerate maintains a library of AWS Config Rules and remediation actions to ensure that all of your accounts comply with industry standards for security and operational integrity. AWS Config Rules test every configuration change among all of your resources. AWS Config Rules deployed by AMS align with compliance with standards set by the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), Cloud Security Framework (CSF), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry (PCI) Data Security Standard (DSS).
Accelerate prescriptive guardrails deploy Amazon Virtual Private Cloud (VPC) Flow Logs and GuardDuty, and ensure that the SSM Agent is consistently deployed on managed Amazon Elastic Compute Cloud (EC2) instances. Prepare for disaster or ransomware recovery with a comprehensive backup strategy. These are critical controls included in most compliance and regulatory standards. AMS will implement AWS Backup and work with you to ensure that your backups are sufficient for the task and even help you practice or test your ability to recover with disaster recovery game days.
Use the Accelerate patching system to patch instances and meet compliance/security requirements. Schedule patching and which patches are applied through the AWS Systems Manager (SSM) maintenance window. Accelerate proactively monitors patching and sends automated failure alerts to the AMS Operations team for remediation. To assist with patch compliance, a self-service reporting capability is provided that details:
- Patch configuration items, including maintenance window schedules, patch status, and OS information.
- Missing patch reports identify instances with missing patches and details regarding missing patches (severity/release date/days unpatched).
Monitoring, backup, and event management
The cloud landscape and best practices frequently change as software becomes obsolete. Therefore, keeping up with new security threats and identifying risks is expensive and time-consuming. Customers need a model that can continually learn, adapt, and improve.
Accelerate deploys with a baseline deployment of CloudWatch Events and alarms that have been optimized to reduce noise and identify a possible upcoming incident. After receiving the alerts, the AMS team uses automated remediations, people, and processes to bring the resources back to a healthy state and engage with your teams. The Accelerate team can provide insights into learnings regarding the behavior and how to prevent it. If remediation fails, then AMS starts the incident management process.
Accelerate creates, monitors, and stores snapshots for AWS services supported by AWS Backup. You define the backup schedules, frequency, and retention period by creating AWS Backup plans while onboarding accounts and applications. You associate the plans with resources. AMS tracks all backup jobs and alerts our team to run remediations when a backup job fails. If needed, AMS leverages your snapshots to conduct restoration actions during incidents. Furthermore, AMS provides you with a backup coverage report and a backup status report.
Many AWS services exist to help customers operate on AWS. However, Accelerate specializes in providing an end-to-end operational solution and deep operational expertise that arms you with comprehensive incident management and iterative improvement of content, processes, and people to apply operational excellence patterns and approaches that enable faster outcomes. A continuous learning mechanism lets AMS iterate and improves its incident response and detection by adding and improving on automation, adding additional monitors as needed, and changing App Changes.
Accelerate lets you request help with operational issues and requests through the AWS Support Center in the AWS Management Console. AMS Accelerate operations engineers can respond to your incidents and service requests 24/7, with Service-Level Agreements (SLAs) and Service-Level Objectives (SLOs), depending on your selected account Service Tier (Plus, Premium). Accelerate operations engineers proactively notify you of important alerts and questions using the same mechanisms.
Customers struggle to hire, train, and retain cloud talent. Cloud talent is scarce, and organizations must strategically utilize their AWS resources to manage both applications and infrastructure to meet security and compliance requirements. Customers’ teams can quickly become overloaded with undifferentiated infrastructure operations work. This isn’t their primary skillset or interest for many developers, and it can distract from application innovation. There is a need to augment their teams to free up internal resources to focus on apps and higher-value activities, and increase the efficiency of time-consuming low-value activities.
AMS provides customers with a 24/7/365 global operations team staffed by AWS employees who are AWS services experts. The global operations team includes security engineers who investigate and mitigate security incidents. In addition, security engineers partner with customers to evaluate the impact of security-related configurations and changes.
Accelerate designates a Cloud Service Delivery Manager (CSDM) and a Cloud Architect (CA) to partner with your organization and drive operational and security excellence. Your CSDM and CA provide you with guidance during and after configuration and onboarding, deliver a monthly report of your operational metrics, and help you identify potential cost savings using tools such as AWS Cost Explorer, AWS Cost and Usage Report, and AWS Trusted Advisor.
Leverage existing technologies and tools
Customers have invested in technologies, such as Amazon Elastic Kubernetes Service (EKS), AWS CloudFormation, SAP, and ServiceNow to support their workloads in AWS. With Accelerate, you have the freedom to use, configure, and deploy all AWS services natively or with your preferred tools. You can continue using your existing access and change mechanisms while AMS consistently applies proven practices that help scale your team, optimize costs, increase security and efficiency, and improve resiliency.
In addition, AMS is launching an Operations on Demand (OOD) offering. This feature extends the standard scope of Accelerate by providing operational services that aren’t currently offered natively by AMS. Once selected, the catalog offering is delivered via automation and highly-skilled AMS engineers. There are no long-term commitments or additional contracts, which lets you extend your existing AMS and AWS operations and capabilities as needed.
Select from the catalog of standardized offerings, including OOD offerings that assist with:
- Maintenance of Amazon EKS
- Operations of AWS Control Tower
- Curated change execution
- Legacy Operating System upgrades
- SAP Cluster Assist
New catalog offerings are added regularly based on customer feedback and the operational use cases that we often see.
Things to know
Partners – AWS Partners build integrations with AWS Managed Services to operate AWS on behalf of customers. The partner and AMS provide a proven enterprise operating model, day-to-day infrastructure management, security control, compliance control, and cost optimization.
Automation – AMS Accelerate provides an automated instance configuration service. This service ensures that an instance emits the correct logs and metrics for AMS to manage the instance properly. AMS also combines automated remediations, cloud experts, and processes to bring resources back to a healthy state and engages with your teams to convert insights into learnings on preventing this behavior in the future.
AMS Advanced – AMS Advanced is an additional operations plan offered by AMS that includes a full-service change and access management system that protects your workloads by preventing unauthorized access or implementing risky changes to your AWS infrastructure. You create a Request for Change (RFC) using our Change Management system to implement most changes in your AMS Advanced accounts.
To get started, visit AWS Managed Services at https://aws.amazon.com/managed-services