HEINEKEN PowerPoint template/resources/heineken/... · Heineken® brand defines and unites us while...
63
BEER TECH & Journey of cloud Bojan Pavicic, product architect
Transcript of HEINEKEN PowerPoint template/resources/heineken/... · Heineken® brand defines and unites us while...
BEERTECH&
Journey of cloudBojan Pavicic, product architect
WE ARE
HEINEKEN
We are proud of our family history and Dutch heritage and derive from them our entrepreneurial spirit that takes us to every corner of the world.
People are at the heart of our company. We see our strength in trust, diversity and progress.
We stand by our values: passion for quality, enjoyment of life, respect for people and for the planet.
We always advocate for responsible consumption. We are committed to our communities and strive to consistently improve the impact we make on the planet.
We are brand builders. The Heineken® brand defines and unites us while our many local, regional and global brands make our portfolio diverse and unique.
We build true human connections and break down barriers, because we believe great moments of shared experiences are the best in life.
We are inspired by consumers to brew the best beers and extend that same passion to all of our brands, products and activities.
We work with our customers and partners to grow together and seek to win with integrity and fairness.
And we are convinced that by staying true to these commitments, we create value for our shareholders.
Journey Of Cloud
Pre 2013
2013 - 2015
2015-2016
2017-2019
2019
Azure – campaignsWebcentre
James Bond, UEFA
Azure v1AGWaaSCRaaS
Azure v2A4M
Multi Cloud Strategy
Cloud and HostingAgile
Customer Value
IndustrializationHybrid Datacentres
ASTROAWS
Pre 2013 – Azure campaigns
Webcentre
- Digital people sitting close to commerce
- Agile group practicing devops
- Part of GIS but dedicated to help business
Pre 2013 – Azure campaigns
UEFA Champions League Road to the Final campaign 2012/2013
- Play pinball with whole world
- Geo redundancy - 4 data centres
- Storage – 10.000 partitions
- 2 million gameplay per hour
- Low latency
Pre 2013 – Azure campaigns
James Bond 2012 and 2015
- Skyfall - Global presence – usage of Azure websites
- Crack the case
- Locale deployments of digital campaign
- Spectre – selfie from space
- Global game with digital extras
- Launched in China also
2013-2015 – Azure v1
AGWaaS and CRaaS
- Leverage a micro-service approach
- Central control and management
- Global presence
- Scale up
- 1,000,000,0000 codes
2013-2015 – Azure v1
Azure classic
- Azure classic services deployment model
- Lack of Enterprise elements
- RBAC, Subscription, Resources, tag..Governance and compliancy
- No PII data in clouds
- Rather simple structure
- Cost management and view - basic
2015-2016 – Azure v2
Multi-Multi-Multi
- POD principle
- MSP
- ARM
Governance lessons
- Decentralized = cloud sprawl
- Azure maturity affects our governance
- Simple structure not enough for cost distribution
2015-2016 – Azure v2
A4M – Automation experiments
- Self provisioning of PaaS services
- ServiceNow as ordering tool
- Devil is in the details!!
Multicloud strategy
- Decision framework for deployment
- Based on information and risk
- Discussion and conversation piece
2017-2019 - Industrialization
Its not a joke but its first of April 2017!!!!!!!!
- Heicloud and AFRA
- Azure Hybrid datacenter
- vCloud datacenter
- Express route
- AWS and B1
2017-2019 - Industrialization
Multi cloud in practice
- ASTRO
- Minimizing the on-prem footprint
- Infrastructure as code
- IoT experiments
2019 - … - Cloud and Hosting product team
CAH - AGILE
- Focus on customer value
- Partners in the team
- Refine, refine, refine
- Cross time-zones
2019 - … - Cloud and Hosting product team
Where we want to go!
- Everything is code
- Full multi-cloud
- Full automation and pipelines
- Self provisioning
Deployment pipeline
- Cloud native
- Serverless
- Containerization
© 2019 FrieslandCampina
Delete the stampsyou don’t use and align the correct one on top
FrieslandCampina Cloud journeyFrederike Fetter | Manager cloud & web services
Agenda
17
1
FrieslandCampina
• Company overview
• IT context
5 mins
2
Our Cloud journey
• Operating model
• Security & cost control
• Learnings
15 mins
3
Using Cloud as business enabler
• Case 1: Docker webservices
• Case 2: Smart packaging
5 mins
Founding of Arnhemse Melk-inrichting
Founding of CCF in Leeuwarden
Friesche Vlag,Dutch Baby and Bonnet Rouge are registered for international markets
Founding ofCoberco inZutphen
Merger of Coberco, Friesland Dairy Foods, De Zuid-Oost-Hoek andTwee Provinciën
Acquisition of Nutricia Dairy & Drinks Group
Friesland Foods receives Royal designation on its 125th
anniversary
Founding of the first dairy co-operatives
Founding of the De Meijerij Veghel / De Melkindustrie Veghel
Campina brand introduced
Founding of Campina Melkunie
Acquisition of Südmilch(Heilbronn)
International launch of formation of international Campina brand and co-operative
Acquisition ofAlaska Milk
Corporation in the Philippines
Acquisition ofZijerveld and
Veldhuyzen and
G. den HollanderHolding
18
79
19
13
19
19
19
65
19
97
20
01
20
04
20
13
20
12
20
08
20
01
19
93
19
89
19
47
19
26
18
80
20
15
Acquisition of Olam Ivory Coast and DEK in Italy
Nine farmers take over acheese factory in the Dutch Wieringerwaard
20
14
Founding of joint venture
Friesland Huishan Dairy
in China
Acquisition of mozzarella
producer Fabrelac in
Belgium
Acquisition of the activities
of Anika Groupin Russia
Acquisition of IDB Belgium
18
71
Acquisition of majority stake
(51%) Engro Foods in Pakistan
20
16
Merger of Friesland Foods and Campina
We have a long history…
20
18
Acquisition of
Friesland
Huishan Dairy
in China
FrieslandCampina at a glance
19
12.1 billioneuros revenue
100 Export to over
countries
34Facilities in
countries employees
23,675member dairy
farmers
18,645
millionsof consumers
Every day
Figures 2017
Our brands
20
1. DMV Excellion
(caseinate)
2. Kievit Vana Blanca
(creamers)
3. Domo Vivinal GOS
(galacto-oligosacharide)
4. DFE Pharmatose
(pharmaceutical lactose)
5. Kievit Vana Grasa
(fat powders)
Top 10 consumer brandsin revenue in euros
Top 5 industrial productsin revenue in euros
1. Friso
2. Frisian Flag
3. Dutch Lady
4. Campina
5. Peak
6. Debic
7. Alaska
8. Frico
9. Foremost
10. Rainbow
Based on figures 2017
Consumer Foodservice Ingredients
Customer and consumer trends are shaping our business
21
Consumption moves out-of-home and on-
the-go
Sustainability and animal welfare are
key qualifiers
Sales and marketing shift to new digital
channels
Consumers demand nutritious and healthy food
Agenda
22
1
FrieslandCampina
• Company overview
• IT context
5 mins
2
Our Cloud journey
• Operating model
• Security & cost control
• Learnings
15 mins
3
Using Cloud as business enabler
• Case 1: Docker webservices
• Case 2: Smart packaging
5 mins
Cloud technology: enabling our organization
23
Cost
flexibility
Quality &
speed
Entirely new
possibilities
When & where we need:
• temporarily boost IOPS for Nigeria Summit migration > Reducing catalog transfer execution time from 19 to 4 hours;
• change server sizes overnight.
Standardization & automation:
• launch new servers in seconds, policy & life cycle compliance
by design > AMI factory;
• alert critical events, security issues > Compliance automation.
Smart hosting, digital & big data:
• massive data processing, data driven decisioning;
• ready-to-use IoT framework > Sharing vending machine data
and optimize supply chain.
Our footprint in the cloud
24
Compute & storage
• Partial SAP systems, Dev/Test and Local• Legacy ERP mothballing service• Business applications and other ERPs (distributor mgmt.)
Native AWS services
• BI & Analytics – Redshift data warehouses & marts, ..• Data Lake / data platform – EMR, Lambda, IOT, ..• Infrastructure & security services – Inspector, Systems
manager
Marketplace 3rd
party offerings
• Websites & e-shops – WordPress, Magento, ..• DevOps & Infra – TrendMicro, Cisco Firewall Console, ..• Tools – Logic Monitor (E2E monitoring)
Opting for standard
services
picture
• ‘Mastery’ of ONE cloud service (ours is AWS)
• Our ‘inflight’ applications and technologies are operated by a small central team of (internal & external-) senior cloud professionals
• We use standard services & standard deployment methodologies
• We automate all of the expected actions & limit the amount of manual work
• We also have 3rd party solution vendors delivering fully automated deployments on high availability self-healing autoscaling architectures (Docker, Elastic Beanstalk.)
Operating clouds is the work of experienced professionals
25
Global cloud governance
Specialist teams have access roles matching their needs, e.g.
• Reduced admin roles for local deployments by local China AWS partner
• Global data team having control over the use of big data platform
Global cloud policies
Automated security compliancy verification
FC Enterprise account
Business apps SAP apps Web hosting Other
China global China local
China reseller
Enterprise Cloud competence center to manage
the operating framework
• Finance - AWS consolidated billing, controlling
costs and allocation of spend
• Security, Compliance, Identity & Access
Management, incl. standard roles
• Tagging framework (- critical for automation,
compliance & cost control)
• Operations - monitoring, backups, antivirus
Driving quality improvements:
• Security & compliance automation;
• Innovations : Outposts, Security Hub, WorkSpaces;
• Monitoring capabilities for top priority apps / sites;
• Collaboration with OT & business (IoT in Supply chain);
• Remove technical debt (W2003 & 2008 / network
incompliance / application rationalization).
Roadmap activities on cloud (2018 – 2020)
27
Driving migrations to cloud:
• Consolidate DCs with a positive business case;
• Migrate EOL hosting platforms;
• Link & Consolidate local AWS accounts.560
525
358
596
343
572
ON PREMISE OT TRADITIONAL DC AWS
‘6 months rule’ – watch AWS product pipeline
Our partner reported:
Last night AWS has ..
Killed at least 40-50 start-ups in the data space :D
Made some of our work a bit obsolete from Data Lake point of view. A lot of things what we have
in place for the Data Lakes are now encapsulated in this new service.
28
Compliance automation – security by design
29
CIS controls for AWS architecture:
• Baseline best practices for Infrastructures and
specifically for AWS. E.g. use MFA, password length,
password policy, limited use of root account, etc.
• Alerts implemented with Config, now implementing
additional selection criteria for logs. Alert on what is
needed!
Use of AWS native tools where possible:
• Patch Manager, automation of security patches
based on tags.
• Tagging as basis for ………… everything!
AMI factory:
• Hardened and secured AWS AMI’s for common
machine types (W2012, W2016, Linux);
• AMI update process fully automated.
All resources are tagged
30
at deployment
Cost insight through automated reporting
31
Daily AWS Billing Data
S3
1.Billing Data Exported Daily To S3
2. S3 Put Triggers Automated Lambda Functions
3. Calling AWS Data Pipeline to Load Data To Redshift
4. End Users View Enhanced Billing Reports via MicroStrategy
Report created byFrieslandCampina
Daily Load created &managed by TerraAlto
Controlling cloud spend > key levers
32
Reserve
Driving down compute costs from 25-75% for
upfront purchase, dep. the model. Scheduled
reserved instances or spot.
Runtime
Every hour systems are turned off leads to 4%
cost reduction, an entire weekend (48 hours)
equals -/- 28%..
Right size
Perform a right sizing analysis based on actual
usage patterns, e.g. increasing compute capacity
for weekly planning runs.
Automate
Limit manual work. Automate ALL of the
expected actions, e.g. start / stop, cost
allocation, deployments, policy by design, ..
Discounts
Central volume discounts, project credits, third
party discounts – for linked accounts.
Recommendations [& learnings]
If you haven't started already, stop analyzing and start doing – Like all major changes, we began by testing the
water, “dipping our toes”, and gradually work on the case for change
Don’t treat this as “cheaper hosting” – we’re in 2019 and this is fundamental going forwards
Own it yourself – work towards a secure, multi-account environment that can scale
Awareness training to staff – a must for those deciding (architects, CISO, security, ops, network,.)
Consider standard services unless – as all of the common activities are automated by design
Tagging is critical for automation – no tagging is no control (it is impossible to group things) e.g. compliance
automation (enforce encryption), cost control, ..
Ensure that Intellectual Property of ALL (automation) scripts is clear – own all of the code, incl. version control
Actively manage costs – there are many ways to make the next months invoice lower (as it should..)
Experiment, innovate & celebrate – explore new possibilities at a low cost of failure 33
Agenda
34
1
FrieslandCampina
• Company overview
• IT context
5 mins
2
Our Cloud journey
• Operating model
• Security & cost control
• Learnings
15 mins
3
Using Cloud as business enabler
• Case 1: Docker webservices
• Case 2: Smart packaging
5 mins
Website foundational servicesfully automated deployments, multiple CMS
35
Brief agency
’Website development process’
step 2
guidelinesBriefing
instructions
step 1 step 4
Decide on
solution and
Agency
Quality gate
Automated
and
validated
New
Vendor ?
intake
Build Build-upload code and
DB
step 3
Business owner Agency Business owner
GIT
step 5 step 6 step 7
Automated deployment
container on testAfter approval
automated roll-out to
UAT
Quality
validation
Business
and
automated
scanning
Central team
After approval
automated roll-
out to PROD
Build/uploadCreateAssignDecision Test Docker UAT Docker Docker Prod.
Docker allows to package an application with all its dependencies into a standardized unit for
software development
Smart packaging / QR codes “Grass to Glass”
36
Source Make Ship Distribute Sell Consume
Every package or tin of Friso has its own digital identity.
Consumers can verify instantly to make sure their product
is genuine and review the full tracking & tracing. It will
also be a new key touchpoint for one-to-one interactions
© 2018 FrieslandCampina
Delete the stampsyou don’t use and align the correct one on top
Questions?
IoT in the FMCG sector
Cloud Acceleration for modern Decision Making
Andras GombosiLead Engineer @ TerraAlto
[ DATA | DATABASES | IOT ]
Company background
History
Based in Dublin, Ireland
Cloud native and AWS only.
Working with AWS since 2011
Clients
In Ireland, UK and mainland Europe.
From Global Enterprise to startups.
Across multiple industries including manufacturing, financial services and logistics
Credentials
AWS Certified Managed Service Provider
AWS DevOPs Competency
AWS Well Architected Program
AWS Advanced Consulting Partner
Experienced technical team with Financial Services, Hi-Tech and Manufacturing experience.
IoT Terminology Refresher
AWS Cloud
Device gateway
Device with Private Key
Thing Shadow
IoTcertificate
IoTpolicy
THINGIoT MQTTprotocolFirmware
Over-the-air update
IoT Job
MESSAGE BROKER
IoT rule IoT action
Channel IoT topic
Thing Groups
The Connected Vending Machine
CONSUMPTION METRICS
HARDWARE IS FINE BEER IS NOT STALE MASS REMOTE DEVICE MANAGEMENT
CRM INTEGRATION
I n v o l v e d P a r t i e s
IoT Rules
COLLECT STORE DELIVER ANALYZESUBSCRIBEDISCOVER
IoT RulesService APIs
I n f r a – B i r d s E y e V i e w
I n f r a – F i r m w a r e C I / C D
I n f r a – 3 r d p a r t y a c c e s s
I n f r a – I o T R u l e S e t
I n f r a – E x t e r n a l A p p l i c a t i o n I n t e g r a t i o n
I n f r a – M o n i t o r i n g a n d A l e r t i n g
5831 L ines of YAML (CFN)
Deployment Pipeline Stack
IAM / Security Stack Non-IoT Infra Stack IoT stack
19 AWS Services
1 8 1 2 L i n es o f Py th on ( L am b d as )
50k machines USD per device per month USD Entire Fleet per month USD Entire Fleet YearlyAWS IoT Core 0.0161 805 9660
AWS IoT Device Defender 0.0029 145 1740
AWS Lambda 0.0001 5 60
AWS SQS 0.0001 5 60
AWS S3 0.0001 5 60
API GateWay 0.0001 5 60
CodeCommit 0 0 0
CodePipeline 0 0 0
CloudWatch 0.0001 5 60
DynamoDB 0.0001 5 60
Secrets Manager 0.0001 5 60
Route53 0.0001 5 60
AWS WAF 0.0003 15 180
Totals: $0.02 $1005 $12060
IoT Terminology Bootcamp
AWS Cloud
Device gateway
Device with Private Key
Thing Shadow
IoTcertificate
IoTpolicy
THINGIoT MQTTprotocolFirmware
Over-the-air update
IoT Job
MESSAGE BROKER
IoT rule IoT action
Channel IoT topic
Thing Groups
OF THINGS
INT NETERRA
Connected Factory
AWS Cloud
Device gateway
Corporate / Factory Network
AWS IoT Greengrass
Things BrokerSensors and
devices
Greengrass HUB
Broker
Compute
Machine Learning
Lambda function
Amazon SageMaker ML Model
VPN
AWS IoT Greengrass
AWS IoT SiteWise
AWS IoT Things Graph
Security Reliability
Well Architected Framework
PerformanceEfficiency
CostOptimisation
OperationalExcellence
AUTOMATION
