Announcement: Broadcasting from Fairfax, Virginia. You are now tuned in to The Highlight Cast with your hosts Adam McNair and Kevin Long.
Adam McNair: Hello everybody, welcome to another episode of The Highlight Cast I’m Adam McNair. Thanks for joining again. Joined today as always by Kevin Long. Hey, Kevin. Hey, Adam. How’s it going? Good. Good. Doing fine. Also joined by Roman Jelinka. Roman, how are you? I’m doing alright. Thanks for asking. Good. So, Adam. What we wanted to talk about today was one of our vendor partnerships. Now, at Highlight, DevSecOps and software factories and digital government is a core part of who we are as a company. It’s a major service line for us. And when we talk about technology, that’s really what we are focused on. We work with vendors. The real thought process behind any vendor partnership is that the person that makes the product knows it better than you would. And there are a lot of different partnership vendor angles that all of the programs work a little bit differently. You get some different benefits from them. But today we wanted to talk about our partnership with AWS, which is Amazon Web Services. And Amazon Web Services is one of the Predominant cloud platforms in the industry, certainly in federal government. I mean, the primary ones that we see Amazon fits a tremendous number of agency requirements. I think you see that it pretty much every agency that we work in. So somewhere between the cloud infrastructure. The application hosting, it’s really kind of become an industry standard. And so I think what we wanted to start off with, Robin, I know you work a lot with AWS on some of our programs. What do you see as the kind of major features of AWS? If a person wasn’t all that familiar with, you know, maybe the differences between AWS and some other platforms, or just hadn’t used AWS in the past, what would you say are kind of the major features?
Roman Zhelenko: So right now, my primary client would be USCIS, and I guess our favorite feature there would be AWS S3, which is their simple storage service overall for an environment that deals with a ton of data. Having something that’s low cost and efficient for storage is crucial for us. It was an easy sell. It’s incredibly easy to use, and I mean, we’re dealing with terabytes of data that are incredibly sensitive. So having AWS always focus on security makes our lives a lot easier.
Adam McNair: And from a cost standpoint, one of the things that I have seen that seems to work very well with AWS and with customers that I’ve talked to is you can always pause an instance. So you’re really paying by what you actively use so you can have an environment and pause it essentially. Now, when we’ve used AWS, we’ve used it at CIS, we’ve used it at other customers. But are there specific lessons learned in using AWS or tips that you have
Roman Zhelenko: for somebody, Roman? Sure. I think so. So we’ve actually had a recent lesson learned. I mean, I guess, as we’re exploring different tools within AWS, it’s not always designed for our environment. So one recent implementation where we’re using AppStream. AppStream is AWS’s VDI replacement. So our team is working alongside the AWS team, and they’re trying to Integrate AppStream with the PIV authentication system. That hasn’t necessarily been flushed out yet from the AWS side. So we’re consistently working with them, getting custom packages. And ultimately we need to show them that, Hey, you guys need to mimic our environment to make sure that your test cases match what we’re looking for. They tested it with PIV cards, just not our.
Adam McNair: And Kevin, now when we look at the customers that we’ve supported or that we do support, how, how frequently are we recommending AWS as opposed to it’s already in place? I mean, it seems like it is very, very common at this point. It’s the
Kevin Long: big boy in the market these days. I mean, there are a couple of others. I mean, if you’re running a lot of, um, Office or SharePoint. I mean, Azure through Microsoft is a very good choice, and it is as secure as Amazon’s and things like that, but it is targeted at Microsoft’s, you know, platforms. And then you have Google Cloud that is, you know, coming up, but largely we’re finding most of our customers are already either on AWS, or on AWS. Or want to migrate to a W. S. Um, with a nod to making sure that we have cloud agnostic things that we’re putting in there so that you’re not necessarily tidying entirely in a W. S. or Azure or Google cloud or one of the other ones. But you know what you find also, and I know on. Roman’s program with USCIS part of what we’ve been doing there is, is using some of the Amazon specific tools and what you find when you go deeper into a stack like Amazon, you can use things like their EKS, their elastic Kubernetes service, as opposed to something like, like, uh, OpenShift or Tanzu or insert any number of the other, uh, Kubernetes platforms out there, uh, With that it and it is you get like the deep integration, you know, the behind the scenes wires that they’re all wiring together for for that. Now, it does tie you to a vendor, but you get the benefits of being able to integrate all of those things together. And the nice thing about, especially with the chaos is that. Kubernetes there’s, you know, CNCF based. It’s got standardized stuff, so you can extract that and move them other places if you need to do that. But we find that most people want AWS and are probably already there at least a little bit with either their EC2 instances for compute or S3 for storage or whatever. Yeah, I mean, it just makes disaster recovery so much easier, right? It’s GovCloud. You can put it in multiple zones. You don’t have to maintain your data center anymore, and you only have to pay for what you need. I mean, it’s all of those good things, and everybody wants AWS. For the most part, these days,
Adam McNair: it tie in just from a security angle as well. I mean, something that you mentioned the gov cloud instances through multiple levels of data sensitivity, A. W. S. Has figured that out. And I know there have been a lot of conversations about how do I secure my data in the cloud? And is this going to be sufficient? Not only have they figured that out and do they have the right, you know, not just the technology pieces, but you know, like you’re talking about making sure that it’s not replicated into servers that are sitting in some other country or all of those kinds of cloud things, but also. As we’ve talked about in previous episodes about continuous ATO, when you’re operating off of a common platform, there’s been a lot of documentation and so forth around some of these templates, so Oh, absolutely. It, I’m sure, must dramatically facilitate CATO.
Kevin Long: Yes, and even if you’re not doing CATO, it dramatically improves just getting your straight ATO. AWS has folks that literally their job is to help people understand the security and security paperwork to get ATO for government systems. Like that’s what they do. And at AWS reInvent last year where we went, they literally had this whole talk like, Hey, in case you didn’t know, here’s this group. We want you to use our systems. So we’re going to help you make sure that you understand everything that’s here. And get your authority to operate put in place. Amazon has gone all in on GovCloud and making sure that they’re operating from dirty internet all the way up to the highest levels of classification, right? And they have done all of the work to ensure that we can.
Adam McNair: Now something that you alluded to there, you know, our interaction with teams like that and calling up AWS and getting One of their security folks on the phone, for example, to help complete an ATO process. One of the things that we have noticed about the different vendors that we work with, is everybody’s vendor program is a little bit different. Sometimes we get discounted training, sometimes we end up with access to information, or inside sales, or sales engineering, or even solution engineering, that is Just a typical calling off the street type company would not have access to Roman as you Work with with aws and as we have become an official partner of of aws What are the benefits our customers receive from our formal partnership with with aws?
Roman Zhelenko: So, I guess one of the best partnerships is being able to focus a lot of your training and a lot of your effort on learning the new tools within AWS. I mean, the first step was just setting up the environment. The next step is seeing what else it can do. I know we deal with a lot of data, I’ve mentioned that, but one of the new tools that we really want to explore is the AWS Macie tool. It’s a machine learning security scanning tool that will scan through your environment looking for anything that might be sensitive, which again, would be amazing in places that we’re dealing with. constant, uh, different levels of security data, really figuring out where it is. And, you know, I think AWS would be perfect implementation of that, but having AWS tech support and having their architects on call is incredibly helpful. Instead of our people going through the code, figuring out our adheres our issue, we can call them up and see, all right. Whereas the issue, we really want to implement this for the customer as quickly as possible. So that has been incredibly helpful.
Adam McNair: Gotcha. So that also brings up the point, if an agency is looking at AWS, you know, we talked about security a little bit as a benefit. We talked about cost as a benefit. If, if somebody was going to ask you that they have mission applications currently, they are sitting in, I think there’s probably different categories. If they have on prem hosting, if they are currently, if they have their own data center lit up right now, not just cost, but trying to run your own data center is an entire line of business, an entire competency that adds complexity and distraction. I was involved in a FedRAMP data center program, you know, at one point and the amount of, the amount of conversations we had to have about things like making sure that the diesel tanks in the data center were, were full so that you could run periodic, you know, cut over tests. Now, maybe somebody has co located and they don’t have to worry about that level of involvement, but still your Managing an infrastructure team and, you know, potentially hardware and everything else that you’re not, it’s not part of your core mission, but assuming somebody is looking at different cloud solutions, are there other specific benefits outside of cost or security that you think looking at AWS can provide?
Roman Zhelenko: So I think the biggest one is again training. I love that they made all their training free. I love that they are allowing people to just get involved quickly, understand what the different offerings are, figure out all right, this is a good solution for us. This might be a little bit better giving you tiered support. So it’s becoming much more common to find people that understand AWS at least at a basic level to start on that implementation
Kevin Long: and the training is good enough that I could take it. And pass a certification exam on it.
Roman Zhelenko: So knock that out in a weekend or like a weekend,
Kevin Long: a weekend. I mean, they’re online training stuff that you get for being in their partner network is. Amazing. Yeah. But if you’re going to go over to AWS or other cloud stuff beyond security and reliability, I think that the biggest thing is your ability to deploy to multiple availability zones, right? That you can be in New York and in Reston and totally separated so that your disaster recovery. Is in a well architected well architected is that their trademark actually in a well architected AWS system. It just you’ll have automatic failover and then in particular. I know I always fall back on thinking about. You know, my days at State Department where you’d have transfer season, right? And there were systems that would have enormous load when all of the Foreign Service folks were applying for different, uh, different postings and trying to move around, right? And then it would be much less. And anytime you have spike availability or spike usage on anything, if you’re running a on prem or your own Data center, you either sacrifice performance or sacrifice the cost for wasted capacity. And when you are working with a cloud provider that has a gajillion CPUs that it, I mean, it doesn’t matter how many you need, you can light it up with with Amazon and you just, you just turn it on and you can even, you know, Make it so that you can give it thresholds based on cost. Say, as people come in, I’m willing to add 15 more vcpus to this and or have it spin up another cluster of stuff and you have elastic load balancing and you have all sorts of things to just sort of like when you’ve architected it correctly. Automatically flex to the throughput that is necessary for your application and the ability to have that done efficiently is amazing and is the biggest benefit. You pay for what you use, right? I mean, you can turn it off when you’re not using it. You can have different types of computational resources available to you when you need it. I mean, they have CPUs that are good for Floating point decimal work or large amounts of in memory processing or just standard web server, you name it. They have the different pieces, parts to be able to architect the most efficient implementation of storage and compute. Out there and you just you just build it and and it goes. It’s great.
Adam McNair: We have certainly gotten very familiar and I would say proficient with AWS in the past several years. I think 1 of the things that I’ve enjoyed is every time you all are headed off to an AWS conference and come back with information on. latest and greatest and newest and so forth is they have a very robust capability or process for keeping their certified partners up to speed on both best ways to use what they currently have and developments that they see around the corner and so forth. I do know that you You all are headed to an AWS conference later this year. So if somebody wanted to bump into us and chat about this, what’s the next AWS event that you guys are all headed to?
Kevin Long: So it’s their big US conference. It’s called AWS Reinvent. It’s in Las Vegas. It is the week after Thanksgiving. So last week of November, first week of December. 2023 and we’ll definitely be there kicking around last year. We got to learn about how you can literally rent satellite time with them because that’s one of their newest things. So hopefully this year we’re going to hear about the next things that they’re working with that there. Yeah, we’ll be there November 28th through December 2nd.
Adam McNair: Well, very cool. And congratulations for getting to go out there during November and December. I think the last time I went out there for something it was in August and it was, it was less than ideal. Well, so for sure, I guess I’d sum up with saying, you know, we’re really happy to be an AWS certified partner. We’ve had very good, uh, experiences implementing, maintaining, improving upon AWS tech stacks. A lot of our customers are currently on AWS or, you know, we were instrumental in moving some Coast Guard systems into AWS. We’ve had a lot of real success from that partnership and look forward to hearing What’s next from AWS? I’m sure when you guys get back from the the November 28th December set to December 2nd conference We’ll get to hear more about that And thanks everybody for listening to the highlight cast today We wanted to take an opportunity to talk about our AWS partnership and explain a little bit about Why we’ve made the investment in both time and people to further that so Kevin. Roman for uh for being part of the podcast today You can keep up to date with Highlight, HighlightTech. com on the web. Also, you can follow us on LinkedIn. Look forward to the next episode where we’re going to continue to talk about some of our vendor partnerships and how we utilize those resources and technology. Thank you very much and talk to you on the next episode.
The views and opinions expressed in this episode are those of the hosts and do not necessarily reflect Highlight Technologies and or any agency of the U. S. government.