Optimizing Organizational Performance with Cloud Architecture and the Blue / Green Application Deployment Concept

It is important for cloud architects to plan for worst case IT scenarios due to the business impact it can have on the enterprise. Amazon Web Services has created an “AWS Well-Architected” framework for building applications in the cloud that are secure, high-performing, resilient, and efficient. The five pillars of the “AWS Well-Architected” framework are operational excellence, security, reliability, performance efficiency, and cost optimization. (https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/) As part of the “operational excellence” pillar Amazon specifically encourages architects to have a “plan for failure” mindset. Cloud computing makes this easier than ever before both in terms of cost and IT architecture. As a cloud architect who has experience both “lifting” platforms from on-prem and designing architectures for new software applications – one aspect that frequently is overlooked is redundancy throughout the IT infrastructure – both compute and additional components. In general, I think it is better to plan for the worse and be prepared rather than hope for the best and come up short. When working with consumer facing applications, especially in the health or payment sectors, even the smallest downtime downtime can mean thousands of dollars in lost revenue, loss of goodwill among customers, breaking of contractual obligations, and can even irreparably hurt the organization’s reputation. 

“Blue/Green” deployment is a concept from the software engineering field of continuous integration (CI). Applied to cloud computing it means that there should be at least two separate but identical infrastructures which allows the tech team to seamlessly switch environments in case anything goes wrong. Having at least two production-ready identical infrastructures allows the tech team (or ideally a branch of logic in the software program) to cut over immediately minimizing disruptions to customers. All types of events can cause a service disruption to an application such as: misconfigurations, code updates, patches, power or network failures, security breaches, and an almost endless number of additional problems or combinations of problems. The way cloud architects successfully design and engineer these blue/green deployment infrastructures can be incredibly detailed and complex taking into account hundreds of aspects such as database consistency for OLTP transactions, Recovery Point Objective requirements, network performance in terms of user latency etc. These technical details, while critical, are outside the scope this article and could literally be books unto themselves.

From a higher-level perspective, cloud computing providers make it easier than ever to have a blue/green environment which can be more effective and less expensive than on-prem. Traditionally companies would need to have at least two fully provisioned (think twice the cost) IT environments. With cloud architecture, standby deployment does not need to be fully provisioned. Although one could argue that not having a fully-provisioned standby environment is not a traditional blue/green architecture – the initial concept of blue/green predates the current generation and widespread adoption of cloud computing services. With well-designed applications and cloud architectures (think modular and decoupled) companies can keep their costs minimal while having the same benefit of a traditional fully provisioned on-prem environment. With features such as auto-scaling and metrics alerts, infrastructure can be spun up in real-time to respond to any event programmatically (eliminating human error and delays). Rather than having two infrastructures geographically close together which apart from exceptionally large enterprises, is usually the case, the second infrastructure can be anywhere in the world reducing risk from large scale events impacting large geographic regions (although from a compliance perspective be sure to check contractual requirements before moving data across national borders). Features such as geoproximity routing and edge locations (AWS CloudFront particularly stands out as one of the leaders in this space) ensures that users and customers experience the same high performing application even after a cut over between environments. There are many operational decisions (which will be impacted both by finance and code) that go into exactly how a blue/green deployment should operate such as whether to fully provision two environments, have a smaller stand-by environment that can be spun up quickly, divide traffic between environments, etc. and each organization will be different. Effectively designed cloud infrastructure which adheres to blue/green continuous integration principles allows organizations to cost-effectively provide a best-in-class experiences to their users while simultaneously reducing IT spend and minimizing their reputational risk.  

---

About Steve

Hello! I am a cloud architect and cybersecurity engineer with both hands-on engineering and management experience in application development, cybersecurity engineering, cloud architecture, devops, and information technology. In addition to my engineering experience I recently served as the Information Security Officer and Head of Cybersecurity for a private equity backed company that developed its own banking software, processed 9 billion USD annually, and held the financial and medical information of 30 million consumers. In this capacity I used my engineering skills as the company cybersecurity subject matter expert daily along with my managerial duties of running the Information Security Department (SOC 1, SOC 2, PCI, HIPAA compliance, budgets, vendors, cybersecurity engineers and analysts). Working with a great team we successfully defended the company against all internal and external threats for three years which led to a successful company acquisition.

I combine technical engineering expertise and communication skills with strategy to optimize organizational effectiveness and am a practitioner of data-based decision making and analysis for maximum positive organizational impact and competitiveness. My professional interests include working on challenging and innovative engineering projects and solving technical issues in the areas of cybersecurity, cloud architecture, application development, and devops.

I enjoy connecting with new people as well as sharing technical expertise and experience with both engineers and non-engineers alike so feel free to connect with me on LinkedIn and send a message!