PON IT: How DevOps allowed an IT provider to deliver cloud based services for a multi-billion dollar company.
PON IT is a shared service IT provider for the operating companies of PON. PON IT was founded in 2014 to innovate and concentrate the varied IT demands from all 80 operating companies. PON itself is an international trading and service organization for many A-brands, including Volkswagen, Gazelle and Continental, with an estimated revenue of €6,5 Billion/Year. PON employs over 13.000 people in 32 different countries.
To deliver IT services and products with the agility, scalability and flexibility that a group spanning 9 different industries needs, PON IT knew that a cloud based operations had to be established. Although the PON Operating Companies agreed to the proposed IT strategy, they questioned PON IT’s ability to execute it in a public cloud environment.
PON IT then hired a third party consultancy to run a Cloud Readiness Assessment in 2016. The overall verdict was that PON IT was not ready to complete their necessary journey to public cloud on its own, and that associating with an external company would be the best way to guarantee the success in provisioning any new services and products. But who would possibly be ready to understand and translate the massive business requirements in feasible IT Solutions? How to choose someone to trust and share the responsibility and load of such a step? That would be us.
Oblivion Cloud Control helped PON IT to raise itself to a new level of knowledge about AWS and its offerings. Together, we designed an IT service model based on internal guide lines, on top of several AWS services. We used AWS Identity and Access Management (IAM) and AWS Security Token Service (STS) for cross-account access. Amazon EC2, Auto Scaling, Launch Configurations, Elastic Load Balancing for deploying. Amazon CloudWatch to collect, store and archive logs, and monitor AWS resources in real time. AWS CodeCommit, AWS CodeBuild, AWS CodePipeline with Hashicorp Packer for pre-building hardened ami’s and AWS CloudTrail for complete event state monitoring of all PON AWS accounts, just to name a few.
To ensure the design was compliant with AWS best practices, all User Stories were collected and matched with the AWS Well Architected Framework.
The ‘AWS Landing Zone’, as it is internally called, can handle all customer workloads in a secure, agile, scalable, and transparent way. It supports automated deployments of complete customer environments. The environments contain every necessary component, from virtual private cloud infrastructure to customized system images. Furthermore, all data in transit and at rest is encrypted, adhering to both internal and external security guidelines. Every aspect of provisioning, logging, monitoring and compliancy is coded (Hashicorp Terraform and AWS CloudFormation), which allows the use of DevOps best practices like redeployment.
The AWS Landing Zone allows PON operating companies to leverage all the benefits of the public cloud without compromising on security, compliance and operational excellence. For the service relies not only on AWS robust infrastructure, but also on the expertise of PON IT, a company that intimately knows their business and always has their best interests in mind.
Now engineers from both PON companies and PON IT can migrate and/or deploy new workloads in a scripted, secure and monitored way, using the newest and most productive technologies, being able to meet business demands within less than a day.