Your address will show here +12 34 56 78
2020 Blog, Blog, Featured

Relevance Lab in partnership with ServiceNow and AWS has launched a new solution (ServiceNow scoped application) to consume Intelligent Automation BOTs from within ServiceNow self-service Portal with 1-Click automation of assets and service requests using the Information Technology Service Management (ITSM) governance framework. This RLCatalyst BOTs Service Management (RLCatalyst BSM) connector is available for private preview and will very soon be also available on ServiceNow Marketplace. It integrates with ServiceNow self-service Portal and Service Catalog to dynamically publish an enterprise library of BOTs for achieving end to end automation across infrastructure, applications, service delivery and Workflows. This solution builds on the concept of “Automation Service Bus” architecture explained in a blog earlier.

The biggest benefit of this solution is a transition to a “touchless” model for automation within ServiceNow Self Service Portal with a dynamic sync of enterprise automation libraries. It provides an ability to add new automation without a need to build custom forms or workflows inside ServiceNow. This makes creation, publishing and lifecycle management of BOTs automation within the existing governance models of ITSM and Cloud frictionless leading to faster rollout and ROI. Customers adopting this solution can optimize ServiceNow and Cloud operations costs significantly with self-service models. A typical large enterprise Service Desk team gets a huge volume of inbound tickets on a daily basis and more than 50% of these can be re-routed to self-service requests with a proper design of service catalog, automation and user training. With every ticket fulfilment cost (normally US $5-7) now handled by BOTs there is a significant and measurable ROI along with faster fulfilment, better user experience and system based compliance that helps in audits.

Following are the key highlights of this solution

  • Rendering of RLCatalyst BOTs under ServiceNow Service Catalog for 1-Click order and automation with built in workflow approval models.
  • Ability of ServiceNow Self Service users to order any Automated Service Request from this standard catalog covering common workflows like.
    • Password Reset Requests.
    • User Onboarding.
    • User Offboarding.
    • AD/SSO/IDAM integration.
    • Access and Control for apps, tools, and data.
    • G-Suite/O365/Exchange Workflows.
    • Installation of new software.
    • Any standard service request made available by enterprise IT in a standard catalog.
  • Security and approvals integrated with existing ServiceNow and AD user profiles.
  • Ability to involve any BOT from the RLCatalyst BOTs server that provides integration to agent base, agent-less, Lambda function, scripts, API based, UI based automation functionality.
  • A pre-built library of 100+ BOTs provided as out-of-the-box solution.

As a complementary solution to AWS Service Management connector customers can achieve complete automation for their Asset and Service Requests with Secure Governance. For assets being consumed on non AWS footprints like VMWare, Azure, On-prem systems, the solution supports automation with Terraform templates to address hybrid-cloud platforms.

What are BOTs?
Any Automation functionality dealing with common DevOps, TechOps, ServiceOps, SecurityOps and BusinessOps. BOTs follow an Intelligent Automation maturity model as explained in this blog earlier.

  • BOTs Intelligent Maturity Model
    • Task Automation.
    • Process Automation.
    • Decisioning Driven Automation.
    • AI/ML Based Automation.

BOTs vs Traditional Automation

  • BOTs are reusable – separation of Data and Logic.
  • BOTs support multiple models – AWS Lambda Functions, Scripts, Agent/Agentless, UIBOTs etc with better coverage.
  • BOTs are managed in a Code repository with Config Management (Git Repo) – this allows the changes to be “Managed” vs “Unmanaged scripts”.
  • BOTs are wrapped in YAML Definitions and exposed as Service APIs – this allows BOTs to be involved from Third-Party Apps (like ServiceNow).
  • BOTs are “Managed & Supervised Runs” – BOT Orchestrator manages the lifecycle to bring in Security, Compliance, Error Handling and Insights.
  • BOTs have a Lifecycle for Intelligent Maturity.
  • Open Source Platform that can be extended and integrated with existing tools on a journey to achieve AIOps Maturity.
  • Very deeply embedded with ServiceNow and leverages data and transaction integration in a bi-directional way.

The following image explains the RLCatalyst BOTs Service Management Architecture.

How does RLCatalyst BOTs Service Management work?
Integrating your ServiceNow instance with RLCatalyst BOTs Server helps you to publish self-service driven automation to your ServiceNow Service Portal without the need for custom coding or form design. Your users can order items from the Service Catalog which are then fulfilled by BOTs while maintaining record of the transactions in ServiceNow via Service Requests.

The ServiceNow administrator first downloads the scoped application and installs it in her ServiceNow instance. The application can be deployed from the Github repository provided by Relevance Lab. In the near future, this application will also be available from the ServiceNow Application Store.

Once installed, the application is configured by the ServiceNow Administrator. The person will fill the “BOTs Server Configuration” form. The required parameters are BOTs Server URL, Server Name, Is Default, Username and Password. This information is stored in the ServiceNow instance and is then used to discover and publish BOTs from the RLCatalyst BOTs Server.

The application administrator clicks on the Discover BOTs screen to retrieve the list of latest BOTs available on the BOTs Server. Once this list is displayed, the administrator can choose the BOTs person wants to publish and select the kind of workflow person wants to associate with that BOT (none, single or multi-level approvals). Then person clicks on the Publish button on doing which the BOTs are published to the Service Portal along with all the Forms associated with the BOT for input.

End-users can then use the self-service Catalog items to request fulfilment by BOTs.

What is the standard library of RLCatalyst BOTs available with this solution?
RLCatalyst provides a library of 100+ BOTs for common Service Management tickets and can help achieve up to 30-50% automation with out-of-the-box functionality across multiple functionalities as explained in diagram below.

  • User Onboarding and Offboarding.
  • Cloud Management.
  • DevOps.
  • Notification Services.
  • Asset Management.
  • Software and Applications Access Management.
  • Monitoring and Remediation.
  • Infrastructure Provisioning with integration to AWS Service Catalog.

Summary of Solution benefits
The RLCatalyst BOTs Service Management connector is providing an enterprise wide automation solution integrating ServiceNow to Hybrid Cloud assets with an ability to have self-service models. The automation of Asset and Service requests provides significant productivity gains for enterprises and in our own experience has resulted in achieving 10 FTE productivity, 70% automation of inbound requests and more than US $500K of annual savings on operations costs (including reduced headcount), ITSM license costs, Cloud assets optimized usage with compliance and 50% efficiency gains on internal IT Workflows.

Following are some key blogs with details of solutions addressed with this RLCatalyst BSM connector.


For more details, please feel free to reach out to marketing@relevancelab.com



0

2020 Blog, Blog, Featured

Relevance Lab in partnership with AWS has launched a new solution to help self-service collaboration for Scientific Computing using AWS Cloud resources. Scientific Research is enabling new innovations and discoveries in multiple fields to make human life better. There are the large and complex programs funded by governments, public sector and private organizations. Every higher education institution and universities globally have specialized focus on Research Programs.

Some research institutions already use an existing ITSM Portal for self-service and our previous blog explains the solution integrated with such popular ITSM tools like ServiceNow – AWS Research Workbench. In this blog we cover the common scenario of research institutions for an open source based custom self-service platform that is needed to integrate a community within the institution and also with outside organizations in a federated manner.

Why do we need an RLCatalyst Research Gateway cloud solution?
Research is a specialized field with the community focussing on using “Science” to find common solutions to human problems in areas of Health and Medicine, Space, Earth etc. The need to drive frictionless research across geographies requires ability to focus on “Science” while addressing the specific needs of People-Programs-Resources interactions. The “RLCatalyst Research Gateway” acts as a bridge provisioning seamless and secure interactions, access to programs and budgets with ability to consume and manage lifecycle of research related computational and data resources.


PEOPLE Specialized group of Researchers collaborating across organizations, disciplines and countries with open collaboration needs.
PROGRAMS Specialized research programs, funding, grants, governance, reporting, publishing outcomes etc.
RESOURCES High Performance Computing resources, large data for studies, analytics models, data security and privacy considerations, sharing and collaboration, Common Federated Identity and Access Management etc.

The key requirements for Cloud based RLCatalyst Research Gateway are following.

  • Standard Research Needs
    • Roles, Workflows, Research Tools, Governance, Access and Security, Integration.
    • People-Programs-Resources Interactions.
    • Intramural and Extramural Research.
    • Infrastructure, Applications, Data, and Analytics.
  • Built on Cloud
    • Easy to deploy, consume, manage and extend – should align with existing infrastructure, applications, and cloud governance.
    • Leverage AWS Research products.
  • Leverage Open-Source with an enterprise support model
    • Supports both Self-hosting and Managed Hosting options.
    • Cost effective – pre-built IP and packaged service offerings.

The diagram below explains the RLCatalyst Research Gateway cloud solution. The solution provides researchers with one-click access to collaborative computing environments operating across teams, research institutions, and datasets while enabling internal IT stakeholders to provide standard computing resources based on a Service Catalog, manage, monitor, and control spending, apply security best practices, and comply with corporate governance.

Using the RLCatalyst Research Gateway cloud solution
The basic setup models a research institution or university with need to have support for different research departments, principal investigators, researchers, project catalogs and budgets. The diagram below explains a typical setup of the key stakeholders and different entities inside the RLCatalyst Research Gateway.

  • Research Organization/Institution.
  • Research Departments.
  • Principal Investigators.
  • Researchers.
  • Site Administrator.
  • Project Catalog of Cloud Products.
  • Budget for Project and Researcher.

RLCatalyst Research Gateway solution map
There are three key role based functionality built into the RLCatalyst Research Gateway solution related to following.

  • Researcher Workflows.
  • Principal Investigator Workflows.
  • Site Administrator Workflows.

The RLCatalyst Research Gateway solution components
A number of AWS components have been used to build the RLCatalyst Research Gateway solution to make it easier for the research community to focus on science and not the headaches of managing cloud infrastructure. At the same time existing investments of Research Institutions on AWS are leveraged and best practices integrated without need for custom or proprietary solutions. Following is a sample list of AWS products used in RLCatalyst Research Gateway and more products can be easily integrated.

  • AWS Service Catalog – Core products available for Research Consumption.
    • AWS SageMaker Notebook.
    • AWS EC2 Instances.
    • AWS S3 Buckets.
    • AWS Workspaces.
    • AWS RDS Data Store.
    • AWS HPC high performance computing.
    • AWS EMR.
  • AWS Cognito for Access and Control.
  • AWS Control Tower for Account management and governance.
  • AWS Cost Explorer and Billing for Project and Researcher budget tracking.
  • AWS SNS and AWS Eventbridge for Notification Services.
  • AWS Cloudformation for template designs.
  • AWS Lambda for Serverless computing.

The RLCatalyst Research Gateway solution created in partnership with AWS is available in an Open source model with Enterprise Support options. The solution can be deployed in Self-hosted Cloud or used in a Managed Hosting model with customizations options available as needed.

For a demo video please click here

For more details, please feel free to reach out to marketing@relevancelab.com



0

2020 Blog, AWS Governance, Blog, Featured

Based on AWS recommended best practices, this blog articulates governance and management at scale for customers on cloud security implementation covering the following themes

  • Designing Governance at Scale
  • Governance Automation
  • Preventive Controls
  • Detective Controls
  • Bringing it all together

Need for a matured and effective Cloud Security Governance
To achieve agility, compliance and security customers cannot rely on the manual processes and hence automation plays a key role. This mandates the need for an integrated model called “Governance at Scale” which focuses on Account Management, Security, Compliance Automation, Budget and Cost Management. This model help customers to be on fast track, while ensuring the workloads meet security and compliance requirements. Governance at Scale is an orchestration framework which includes enablement, provisioning and operations.


  • Account Management: Governance at Scale processes streamline account management across multiple AWS accounts and workloads in an organization through centralization, standardization and automation of account maintenance. This can be achieved through policy automation, identity federation and account automation.

  • Security and Compliance Automation: Governance at Scale practices consists of three main goals
    • Identity and Access Automation: Customers can access their workloads based on their roles privileges, as defined by the organizations policies. Access to new services can be added to an OU level and the changes will apply across all cloud accounts on that level.
    • Security Automation: To maintain a secure position at scale, security tasks and compliance assessments also require automation. Automation helps in reduced implementation efforts, as templates ensure that services and projects are secure and compliant by default. Customers can also be more responsive when a policy violation occurs.
    • Policy Enforcement: AWS guidance to achieve Governance at Scale helps you to achieve policy enforcement on AWS Regions, AWS services and resource configurations. Policies enforcement happens at different levels like Region, services and resource configurations and also at an organizational level or the resource level. Enforcement is based on roles, responsibilities and compliance regulations (such as HIPAA, FedRAMP and PCI/DSS).

  • Budget and Cost Management: This framework helps Organizations to proactively make decisions on budget controls and allocation across their organizations and primarily consists of budget planning and enforcement.
    • Budget Planning: This allows allocation and subdivide the available budget from a given funding source appropriately across the company by the financial owners. Financial dashboards provide real-time insights to the decision makers over the lifetime of the funding source.
    • Budget Enforcement: Budget enforcement can happen at each layer, department or project in an organization as these can have different budgetary needs and limits. The governance framework allows the organization for budget assignment and defines the threshold, while monitoring spending in real time and can proactively notify the relevant stakeholders and trigger enforcement actions.

Some of this Intelligent Automation includes

  • Restricting the use of AWS resources to those that cost less than a specified price.
  • Throttle new resource provisioning.
  • Shut down, end or deprovision AWS resources after archiving configurations and data for future use.

Implementing Governance at Scale with Ideal Landing Zone architecture


Key Process and Services to implement Governance at Scale Framework

AWS Control Tower: It is a native service used for setup and governing a secure, compliant, multi-account AWS environment, automated using AWS best practices blueprints. It’s multi-account structure enables aggregated centralised logging, monitoring and operations.

  • Establish and Enable Guardrails: AWS Control Tower includes guardrails, which are high-level policies that provide constant governance. It allows you to adopt original best practices on security across the AWS environment managed by Control Tower.
  • Automate Compliant Account Provisioning: Automate account provision workflow using Account Factory.
  • Centralize Identity and Access: By using AWS SSO, the service can centralize access and identity management which follows the standard best practices.
  • Log Archive Account: The log archive centralizes logs and provides a single source of truth for all the account activities. The account works as a repository for API activity logs and resource configurations from all accounts in the landing zone. It contains the centralized logging for AWS CloudTrail and AWS Config.
  • Audit Account: The audit account is a restricted account. It is designed to provide security and compliance teams read and write access to all accounts in your landing zone. It can be a main account for security services such as Amazon GuardDuty and AWS Security Hub.

Governance Lifecycle with Services: An integrated model covering AWS Config, AWS Systems Manager, Amazon GuardDuty and AWS Security Hub.

These services work together and play a crucial role in the Governance at Scale framework. Together, they allow your customers to

  • Define security rules and compliance requirements.
  • Monitor infrastructure against the rules and requirements.
  • Detect violations.
  • Get notifications in real time.
  • Take action in an effective and rapid manner.

AWS Config: This enables customers to assess, audit and evaluate their AWS configurations in real-time. It also monitors and records AWS resource configurations. It also automates the evaluation of recorded configurations against desired configurations.

AWS Systems Manager: This gives customers visibility with a unified user interface and allows them to control their infrastructure on AWS by automating operational tasks. With AWS Systems Manager, customers can

  • Group resources by application.
  • View operational data for monitoring and troubleshooting and take action on groups of resources.
  • Streamlines resource and application management.
  • Shortens the time to detect and resolve operational issues.
  • Simplifies operations and management of the infrastructure – securely at scale.

Amazon GuardDuty: It protects AWS accounts, workloads and data with intelligent-threat detection, monitoring of malicious activity, unauthorized behavior to protect AWS accounts and the workloads. It uses machine learning, anomaly detection and integrated threat intelligence to identify and prioritize potential threats.
Customers enable GuardDuty from the AWS Management Console, where it analyzes billions of events across multiple AWS data sources, such as AWS CloudTrail Event logs, Amazon VPC flow log and DNS logs. By integrating with Amazon CloudWatch Events, GuardDuty alerts are actionable.

AWS Security Hub: This is the compliance and security center for AWS customers. Security Hub allows customers to centrally view and manage security alerts and automate security checks.
Security Hub automatically runs the account-level configuration and security checks based on AWS best practices and open standards. It consolidates the security findings across accounts and provider products and displays results on the Security Hub console. It also supports integration with Amazon CloudWatch Events. To automate remediation of specific findings, customers can define custom actions to take when a finding is received.


AWS Products Used


With AWS management and governance services, customers can improve their governance control and fast track their business objectives. However, solving these challenges are not straight and simple as many of the customers rely on a traditional IT management process which is manual and not scalable. Also, with lack of clarity on account management without clearly defined processes, they end up with multiple accounts provisioning and tracking becomes inefficient. This can also increase their security and financial risks. In some cases, due to these challenges, customers rely on third party tools or solutions which can further complicate and increase operational challenges.

Relevance Lab can help organizations to build or migrate existing accounts to a secured, compliant, multi account AWS environment enabled with automation to increase both operational and cost efficiency. The transition to this matured Governance at Scale framework can be implemented in four weeks using our specialised competencies, RLCatalyst automation framework and the Governance at Scale handbook.

For more details, please feel free to reach out to marketing@relevancelab.com



0