Blog

Estimated reading time: 5 minutes

In our recent AWS Town Hall (recording), we discussed a challenge that resonates across the higher education landscape: managing multiple AWS accounts with a focus on strengthening security and maintaining compliance.

The session featured insights from AWS's higher education strategy team and technical experts who shared valuable perspectives on landing zones and AWS Control Tower.

Understanding the Challenge

Patrick Frontiera from AWS's higher education strategy team highlighted that higher education institutions face over 200 compliance regimes, with 24 specifically focused on IT. This complexity is further amplified by the decentralized nature of academic institutions, where IT responsibilities often span across departments and research units.

The key challenges institutions face include:

  • Managing numerous evolving compliance requirements
  • Balancing innovation with security in decentralized environments
  • Coordinating hybrid and multi-cloud infrastructures
  • Maintaining consistent security policies across diverse departments

AWS's Approach to Solutions

AWS has developed a comprehensive approach to these challenges, building upon their shared responsibility model. As institutions move towards managed services, AWS takes on more of the security and compliance burden. Some notable solutions include:

  • Support for 143 compliance programs relevant to higher education (including FERPA, HIPAA, and NIST 800-171)
  • AWS Audit Manager for identifying compliance gaps
  • AWS Artifact for generating compliance reports

Landing Zones: A Foundation for Success

Chris Kuehn, AWS Solutions Architect, introduced landing zones as AWS's strategic solution for creating secure, scalable environments. A well-designed landing zone includes:

  • Built-in security guardrails and encryption
  • Integration with university identity systems
  • Unified billing processes
  • Pre-configured networking
  • Customizable development environments

The Evolution of Landing Zones

The journey of AWS landing zones reflects the maturing needs of higher education:

  1. Custom-Built Solutions (Early Days)
  2. AWS Organizations (2017) - Introducing consolidated management
  3. AWS Control Tower (2019) - Automating setup and management
  4. Customizations for Control Tower (2020) - Adding flexibility for specific needs

Implementation Best Practices

AWS recommends a flat organizational unit (OU) structure to maintain simplicity while accommodating diverse needs; a flat structure means no nested OUs. A typical OU structure includes:

  • Management Account (central authority)
  • Core OU (logging and auditing)
  • Shared Services OU (common infrastructure)
  • Central IT OU
  • Sandbox OU (experimentation space)
  • College/Department OUs
  • Compliance-Specific OUs (e.g., HIPAA workloads)

Practical Insights from Q&A

The session concluded with valuable questions from attendees. Key takeaways include:

  • Testing Updates: Maintain a separate development landing zone for testing Control Tower updates
  • Migration Strategy: Use a migration OU with relaxed controls for staging existing accounts
  • Existing Organizations: While greenfield deployments are ideal, Control Tower can integrate existing accounts with proper planning

Looking Ahead

As compliance requirements continue to evolve, the structured approach offered by AWS landing zones becomes increasingly valuable. The key is to create guardrails, not roadblocks – enabling innovation while maintaining security.

For institutions looking to implement or optimize their landing zone strategy, AWS offers several solutions and support mechanisms:

  • Landing Zone Accelerator (open-source solution)
  • AWS Partner Network
  • AWS Professional Services

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Estimated reading time: 4 minutes

 This black-and-white 2D manga-style illustration depicts a simple router, firewall, and university building. The router is drawn with rounded edges, while the firewall is a minimal brick wall with small flame accents. The university building has clean, traditional lines, and the overall image has light shading, creating a clear and uncluttered design.

The October GCP NET+ Tech Share covered compliance challenges in GCP, SSL certificate renewal periods, and networking security issues in higher education. Here's a summary of the key discussions:

Recent Events Recap

Two significant events preceded this Tech Share:

  1. The Google Rapid Innovation Team (RIT) Project Pitch Session showcased several innovative projects.
  2. The NET+ GCP SAB meeting in NYC featured these RIT project pitches and a presentation from Washington University on GCP Support Plan challenges.

Upcoming Events

Several important events are on the horizon:

Compliance in GCP

Vanderbilt University raised concerns about compliance in GCP, particularly in light of new CMMC changes. Key points of discussion included:

  • Challenges of self-auditing vs. external audits for Controlled Unclassified Information (CUI)
  • Difficulties in maintaining compliance in distributed environments
  • The need for tooling or partnerships to create compliant accounts that can't be undone
  • Interest in publicly available Terraform scripts (or other infrastructure as code) for setting security baselines

Jeff from Google mentioned a dedicated team that supports compliance audits and shared resources:

Jeff will look internally to see if there is a team working on IaC for automated compliance checks.

SSL Certificate Renewal and Network Security

The discussion shifted to SSL certificate management and network security:

  • Apple is lowering their SSL cert renewal period to 45 days, while Google is shortening theirs to 90 days
  • Tailscale was suggested as a potential solution for servers with limited network access to renew SSL certs
  • Penn State University expressed interest in moving towards hierarchical firewall rules to simplify complex routing and peering for compliance requirements

Northwestern University shared their experience with Next-Generation Firewall (NGFW) in their Secure Enclave setup, noting challenges with licensing and idle resources.

Future Discussions

The challenges around SSL certificate renewals on network-restricted machines naturally circled back to the conversation about compliance. This prompted planning a networking session with GCP Networking SMEs to address secure access for regulated workloads that remains user-friendly and manageable for IT administrators.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Estimated reading time: 4 minutes

A fun and zen-inspired 3D cartoon showing a calm floating island with soft, rounded hills, bouncing coins, and cloud-like data charts. A winding path leads into the distance, symbolizing progress and growth. The scene is colorful with soft pastel tones, evoking a peaceful and playful atmosphere, representing financial challenges and innovation in a serene and engaging way.

The October AWS NET+ Tech Share covered FinOps challenges, account provisioning strategies, and an upcoming AI chatbot workshop. Here's a summary of the key discussions:

Recent Community Updates

The Landing Zone Accelerator (LZA) Community of Practice continues to meet regularly. For those interested in catching up, recent blog posts are available, including a recap of the NET+ AWS Private Marketplace series and the September Tech Share summary.

Key Events

FinOps Challenges and Solutions

A significant portion of the discussion centered around FinOps challenges and potential solutions:

Account Provisioning Strategies

  • Implementing Service Control Policies (SCPs) to require tagging.
  • Using AWS Control Tower for budget alarms and sandbox account provisioning.
  • Setting up cost anomaly detection in new accounts.

Tagging Practices

  • Tagging per grant or payment source can be useful, especially in research contexts.
  • Dividing resources based on logical isolation (grant, lab, project).

Cost Control Measures

Northwestern University recommended setting up cost anomaly detection in new accounts to help manage expenses proactively.

University of Wisconsin-Madison's Approach

The University of Wisconsin-Madison shared their strategies for managing cloud resources:

  • Using separate accounts for different projects, sometimes multiple accounts per researcher.
  • Employing Terraform to standardize cost alerts.
  • Utilizing account boundaries as the primary method for cost tracking.
  • Offering weekly office hours to assist researchers.

AI Chatbot Workshop Announcement

An exciting announcement was made regarding an upcoming "barn raising" hands on session to build an AI chatbot using Vanderbilt's GenAI Platform with guidance from developers and architects. Institutions are encouraged to identify appropriate team members to participate in this hands-on workshop, which is estimated to take about 4 hours with proper preparation. For those that need additional guidance, Bob is creating a document to assist institutions in choosing appropriate participants.

Conclusion

This Tech Share provided valuable insights into FinOps challenges and solutions, highlighting the importance of proper account management and cost control in academic cloud environments. The upcoming AI chatbot workshop presents an exciting opportunity for institutions to dive into practical AI application development.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Estimated reading time: 4 minutes

The October 2nd AWS NET+ Tech Share covered collaborative projects, disaster recovery solutions, and cloud migration experiences. Here's a summary of the key discussions.

Recent Highlights and Upcoming Events

Collaborative "Barn Raisings"

The group continued to discuss the proposed "barn raisings" – collaborative sessions where community members get together with AWS experts to build out a solution in their environment. Here are some potential sessions that interest the community:

  1. Indiana University's Audio Transcription Service: A tool that could benefit many institutions dealing with audio content.
  2. Secure research environments: A crucial need for institutions handling sensitive data.
  3. Arizona State University's PDF accessibility project: Addressing the important issue of document accessibility in higher education.

Disaster Recovery and Migration Insights

James from Old Dominion University sparked a discussion on AWS Elastic Disaster Recovery (DRS) experiences. Tommy from AWS explained that DRS, formerly CloudEndure, offers block-level replication from source to target, with both migration and DR options.

Rob from Loyola Marymount University shared valuable insights on using AWS Application Migration Service (MGN): While generally effective, MGN presented challenges with edge cases.

Gerard from Boston University (BU) added historical context, noting past issues with VMware agents and instance sizing during migration. These experiences highlight the ongoing challenges in cloud migration and the importance of careful planning.

SAP HANA in the Cloud: Balancing Performance and Cost

Gerard from BU raised a question about running SAP HANA in AWS. Currently using an on-premises solution across two data centers, they're exploring AWS as part of a tech refresh. Some participants with past SAP HANA experience shared how this is a big undertaking and would be interested to hear the outcome of it. Solutions Architects on the call recommended Gerard to talk to his dedicated AWS SA to loop in an SAP HANA specialist from AWS to discuss potential migration plans and their forecasted cost.

Data Lake and Account Management: A Holistic Approach

Max from Wayne State University (WSU) shared insights on their ongoing Data Lake project and AWS migration. His and his team’s work are mainly greenfield efforts, e.g. creating a new AWS Organization, setting up Control Tower, designing VPCs, and even building an integration for account provisioning with Grouper and EntraID.

For many folks on the call, this was a trip down memory lane, reminiscent of when they had to migrate their first set of workloads into AWS. We hope that the collective wisdom and experience of this group can help teams like Max’s navigate their AWS migration more smoothly and avoid common pitfalls

Control Tower in Academic Settings

Ethan from Carnegie Mellon University (CMU) inquired about experiences with decommissioning AWS Control Tower. Someone from a quantum computing course in CMU had set up Control Tower in their AWS environment. While no direct experiences were shared, the discussion pointed to AWS documentation and highlighted the growing use of AWS in course settings.

While initially talking about Control Tower, this conversation highlighted similar adoption of an uncommonly used AWS service: AWS Braket. Both CMU and BU have a quantum computing course which uses AWS Braket. BU claims that the course was well received.

Conclusion

The October AWS NET+ Tech Share demonstrated the higher education community's commitment to collaborative problem-solving and knowledge sharing. From exploring joint projects to discussing the intricacies of cloud migration and specialized use cases like SAP HANA, the discussions reflected the complex and evolving nature of cloud adoption in academic institutions.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Take your AWS Private Marketplace knowledge from theory to practice in this engaging 90-minute hands-on build lab. Designed as a follow-up to our August introduction to Private Marketplace, this session provides cloud and procurement teams from NET+ AWS institutions the opportunity to set up their own Private Marketplace with expert guidance from AWS specialists.

You'll work through a step-by-step process to configure your marketplace, applying the concepts and best practices discussed in the previous session. Our AWS experts will be on hand to provide real-time assistance, ensuring you leave with a functional Private Marketplace tailored to your institution's needs.

This practical session is your chance to implement powerful controls, streamline procurement processes, and optimize cloud resource management for your organization. Don't miss this opportunity to transform your cloud procurement strategy with AWS Private Marketplace.

CICP Subscribers can find slides, recordings, and any other assets here after the meeting. There's even a blog post of it!

The NET+ GCP community reconvenes for an exciting project pitch session, taking over the usual Tech Jam slot. This event marks the culmination of efforts sparked by the August Strat Call, where participants learned about the Rapid Innovation Team (RIT) initiative and began formulating their project ideas (recording).

During this session, members of the NET+ GCP community will have the opportunity to present their project proposals to the NET+ GCP Service Advisory Board (SAB) and Chris Daugherty from Google. Each pitch will showcase innovative ideas that leverage GCP to address critical needs within higher education institutions and potentially benefit the broader academic community.

Presenters will outline their project's objectives, potential impact, and how it aligns with RIT's goal of creating impactful prototypes for the research and education sector. The audience can expect to hear a diverse range of concepts, from AI-driven solutions to data management tools to advising systems and beyond.

After this session, the SAB and Chris will vote to select the top three projects. These finalists' ideas will be presented to the RIT at the face-to-face SAB meeting at Google's NYC offices on October 10.

This pitch session represents a pivotal moment for participants to transform their innovative concepts into tangible plans with the potential for realization through RIT's collaborative engagement. It's an unparalleled chance for higher education institutions to drive technological advancements in their field with the support of Google's expertise and resources.


CICP subscribers can find the slides, recordings, and other meeting assets here.

Higher education is a uniquely complex industry, with many independent groups building unique solutions that are all expected to comply with university policies and applicable regulatory frameworks. Working in AWS introduces a number of new tools: Organizations, Landing Zones, and Control Tower. We’ll discuss the roles of each of these and how you can build a secure and predictable environment for your customers across campus.

AWS Solution Architect for EDU, Chris Kuehn takes us through this month's topic on Wednesday, October 16 at 11am PT/2pm ET.

CICP Subscribers can find slides, recordings, and any other assets here after the meeting.

Estimated reading time: 5 minutes

On September 24, 2024, the Google Rapid Innovation Team (RIT) hosted a Project Pitch Session, bringing together innovative minds from various institutions within the Internet2 NET+ GCP community. This session, which replaced the usual Tech Jam, was a follow-up to the initiative introduced during the GCP Strat Call on August 20 by Google's Chris Daugherty. The goal was to present ideas for prototype game-changing solutions addressing real-world challenges in the research and education community.

The RIT Opportunity

The RIT offers a unique chance to work in 6-week sprints with teams from subscribing institutions to build functional prototypes of software applications. These applications aim to enhance research capabilities, improve student engagement, or streamline administrative processes in higher education.

Presented Ideas

Unlocking Historical Insights with AI and Big Data

Sheila Marie Zellner - Jenkins from the University of Maryland, College Park presented "Applying DocumentAI and BigQuery to diplomatic correspondence from the Allied Occupation of Japan." This project aims to:

  • Use DocumentAI for OCR conversion of multilingual documents
  • Ingest data into BigQuery for advanced SQL querying
  • Employ Looker for data visualization and analysis

The project demonstrates the potential of AI tools in converting archival materials, regardless of language, into accessible digital databases, potentially revolutionizing approaches in various academic fields.

Cloud Migration Coach: Simplifying the Path to GCP

Bob Flynn from Internet2 proposed a "Cloud Migration Coach," addressing the challenge of getting started with Google Cloud. This tool aims to:

  • Analyze on-prem architecture diagrams and workflows
  • Provide customized migration plans and cost calculator input recommendations
  • Pull in targeted learning resources from Google Cloud Skills Boost

Modernizing Applications with AI-Driven Analysis

Gabe Geise from Penn State University proposed an AI application to streamline application modernization efforts that builds on the Cloud Migration Coach idea. It does this by:

  • Analyzing GitHub repositories to suggest containerization strategies
  • Recommending relevant GCP services for deployment
  • Providing documentation and training resources for implementation

This tool could assist in modernizing applications, identifying technical debt, and improving long-term code maintenance.

Pacer: Personalizing Student Time Management

Building on an idea initially mentioned during the August Strat Call, Bob presented "Pacer," a tool designed to help students manage their time more effectively. This concept aims to:

  • Create personalized work plans based on students' curricula and commitments
  • Ingest syllabi and class calendars to develop day-to-day personal work plans
  • Integrate with Google Calendar and learning management systems
  • Adapt to individual productivity patterns and preferences

Pacer represents a practical application of technology to address the common challenge of time management faced by students juggling multiple responsibilities. By providing personalized scheduling assistance, it has the potential to significantly improve students' academic performance and overall college experience.

The discussion around Pacer highlighted the importance of user privacy and the potential for the system to learn and improve its recommendations based on user behavior over time.

Next Steps

Following this pitch session, the Service Advisory Board (SAB) and Chris Daugherty will discuss the submissions, maybe add some of their own, and ultimately vote to select the top projects. These projects will be presented to the RIT leadership at a face-to-face SAB meeting on October 10 at Google's NYC offices.

Conclusion

The Google Rapid Innovation Team Project Pitch series of meetings highlights how the NET+ GCP community facilitates collective community conversations and innovative projects leveraging Google Cloud technologies in higher education. As the selection process moves forward, these projects have the potential to contribute to how universities address challenges in research, teaching, administration, and student success, furthering the superpower of collaboration for shared benefit within the higher education community.

You can always find details and recordings of the NET+ GCP quarterly calls on the Cloud Infrastructure Community Program (CICP) calendar. Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

The NET+ AWS program recently concluded a comprehensive two-part series on AWS Private Marketplace, offering valuable insights for the research and education community. The series, which included a strategic call, office hours, and a hands-on Tech Jam, illuminated the potential of this innovative tool to streamline procurement processes in higher education institutions.

Key takeaways from the series include:

  • Private Marketplace enables institutions to curate catalogs of approved contracts, ensuring compliance with procurement policies.
  • Institutions can create customized marketplaces for different schools or departments, offering flexibility in implementation.
  • The tool supports private offerings with custom-negotiated terms, enhancing procurement options.

During office hours, the AWS Marketplace team addressed questions about the differences between Private and Public Marketplace, providing clarity on how to engage procurement and finance teams effectively. The Tech Jam session offered a practical demonstration of setting up private offers and configuring Private Marketplace within AWS organizations, complete with access control strategies.

Participants praised the clarity of the presentations and the relevance of the service to their institutions' needs. Many expressed enthusiasm about implementing Private Marketplace in their own environments, recognizing its potential to enhance procurement efficiency and policy compliance.

As institutions continue to navigate the complexities of cloud procurement, AWS Private Marketplace emerges as a powerful tool for ensuring compliance, streamlining processes, and maximizing the value of AWS services in higher education settings

Resources:

Estimated reading time: 4 minutes

The September 18th NET+ AWS Tech Share dug into issues that keep the research and education cloud professionals up at night: measuring cloud maturity, justifying costs, and simplifying storage decisions. Here's what you need to know:

Cloud Elevation Index (CEI): Penn State's Approach to Benchmarking Cloud Journey

In the meeting, we briefly talked about Penn State University’s innovative internal project: the Cloud Elevation Index (CEI). For those of you that missed their presentation this year at Cloud Forum here are the slides and recording. In a nutshell, this new metric could potentially offer research and education institutions a standardized way to quantify cloud maturity progress.

Stay tuned for updates regarding Penn State's CEI. NET+ subscribers will see CEI for their own accounts in the upcoming release of the Data Benchmarking project. Internet2 is working with Penn State to set up a working group open to the broader research and education community on this initiative.

Cloud Costs Under Scrutiny: CMA Investigation Sparks Debate

Joshua (University of Virginia) shared a recent article about AWS’s responses in the UK Competition and Markets Authority’s (CMA) investigation into anticompetitive behavior by the public cloud providers and the other major cloud providers, igniting a lively discussion:

  • Bob mentioned that The Register has a history of posting anti-public-cloud articles. He also cautioned against viewing the cloud as a universal solution.
  • Kelly (University of Washington-Madison) highlighted often-overlooked cloud benefits, particularly in security.
  • The group explored differences in compliance and security between cloud and on-prem:
    • Cloud platforms handle some compliance aspects at the platform level.
    • On-prem setups vary widely in control and security ("All bets are off for researchers who have a server under their desk").

Key takeaways:

  1. Evaluate cloud benefits holistically, beyond just infrastructure costs.
  2. Consider how the cloud simplifies certain compliance requirements.
  3. Recognize the challenges in making direct cloud vs. on-prem comparisons.
  4. A more balanced analysis, including links to the hearings with each of the three public cloud vendors in the CMA investigation, can be found at How Big Cloud defended itself in the U.K. 

Taming the Wild West of Cloud Procurement

Familiar procurement headaches shared across institutions:

  • Challenge: Corralling departments and researchers under a single contract. Many are either unaware of university contracts or are unwilling to comply with or have their accounts controlled by central IT management.
  • Risk: If controls are too tight or if the value of joining the institutional contract and org are not made clear and compelling, there is a chance that departments and researchers (primarily researchers) will create accounts with non-university credentials, pushing IP and any chance of university support, to personal accounts.

Best practices mentioned: Consider increasing closer collaboration between IT, Procurement, Research to develop streamlined cloud account creation processes that make the value proposition clear and balance flexibility with control.

AWS Storage Simplification

Jan from AWS has an internal project she’s working on to simplify AWS storage selection:

  • Challenge: Researchers and others struggle to choose optimal AWS storage configurations for their use cases.
  • Initiative: Developing user-friendly tools for accurate object storage pricing estimates.
  • Goal: Enable precise cost estimation without requiring deep architectural expertise.

This initiative aligns with recent discussions in the research and education community about research data storage challenges. In fact, this past June, Oren Sreenby of Internet2 wrote an insightful blog on "Top Issues Around Research Data Storage in Higher Ed."

Jan is actively seeking insights from those working with the cloud within the research and education community to create a potential solution. This is your chance to shape tools that could make your storage decisions easier and more cost-effective! Contact Jan at janday[at]amazon[dot]com

Conclusion

From Penn State's Cloud Elevation Index to the ongoing debates about cloud costs and procurement strategies, it's clear that our community is still wrestling with challenges to making the most efficient use of cloud in their institutions. As we navigate these complexities, the collaborative spirit of the NET+ AWS Tech Share community remains a valuable resource. We hope you’ll join us at the next NET+ AWS Tech Share and add your voice to the conversation!

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Estimated reading time: 4 minutes

The September 19th GCP Tech Share explored the highs and lows of Google Cloud adoption in higher education, from billing headaches to cutting-edge AI projects. Here's what you need to know:

GCP Experience: The Good and the Bad

The session kicked off with a discussion led by a business student from Indiana University, part of a project where Bob Flynn from Internet2 is collaborating with IU students to analyze and quantify barriers to adoption for GCP users within the research and education community. This open dialogue revealed both strengths and challenges:

Institutions praised GCP's tech support and documentation, with Pennsylvania State University highlighting positive experiences. However, challenges emerged:

  • Northwestern University reported difficulties with Apigee support post-acquisition. Google seems to take a long time to fully integrate the products they acquire.
  • Washington University in St. Louis cited billing as their "biggest headache," especially with third-party resellers. Better communication about charges for non-GCP Google services is needed..

To mitigate some of these issues, Washington University suggested restricting Google project creation. Google's representative assured the group that teams are working to improve integration of acquired products and enhance user experience.

RIT Pitch and Innovative Ideas

The meeting continued discussions on the Google Public Sector Rapid Innovation Team (RIT) initiative, introduced during the August 20 GCP Strat Call (recording and assets). This program offers institutions the chance to collaborate with Google on innovative prototypes for higher education challenges.

For more details, see the blog post "Google's Rapid Innovation Team Seeks Ideas from Internet2 NET+ GCP Community".

Here are a few of the potential proposals that were discussed during the call:

  1. An AI-powered app for personalized GCP training suggestions (Internet2).
  2. An app recommending GCP solutions for researchers based on current tools (Pennsylvania State University).
  3. A tool for assessing per-user GCP cost estimates (Pennsylvania State University).

These ideas will be presented at the September 24 pitch session, with selected projects working with Google's RIT in 6-week sprints.

Cutting-Edge Projects and AI Advancements

The discussion then shifted to showcase the innovative work being done across institutions, highlighting the practical applications of GCP and AI in academic settings. Below are some of the GCP and AI projects shared by participants on the call:

  • Washington University in St. Louis (WashU): Testing LLM deployment across cloud providers and developing a medical voice-to-text app.
  • An AI tool for predicting cancer therapy responses was highlighted by Steven from WashU.
  • Tim from Internet2 talked about his testing of Google's speech generation tools:
  • Jeff from Google highlighted the AlphaProteo project, which generates novel proteins for biological research.

Conclusion

The September GCP Tech Share revealed both the value and challenges we all face with GCP in higher education. While administrative issues, billing and integration can hamper adoptions, innovative projects and AI advancements demonstrate GCP's potential in advancing research and education. As the academic community leverages these tools, we anticipate groundbreaking applications in cloud computing and AI. We invite you to join us at next month’s NET+ GCP Tech Share on October 17.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Estimated reading time: 4 minutes

The September 4th AWS NET+ Tech Share covered a wide range of topics including the Landing Zone Accelerator (LZA), campus-wide help desk unification, cloud engineering recruitment, and the state of DevOps education in universities. Here are the key points from the discussion:

Recent and Upcoming Events

LZA Community of Practice: Purpose and Potential Spin Off

The discussion on LZA began with a question from Loyola Marymount University (LMU) about where institutions can discuss maintaining customized landing zone deployments, and whether the LZA Community of Practice was the right place for such discussions.

In response, AWS clarified the dual purpose of the LZA Community of Practice:

  1. To gather feedback from institutions currently using LZA
  2. To provide a platform for those seeking to learn more about LZA

An important point raised was the need for a dedicated space where institutions can discuss maintaining customized lower-case lz/landing zone deployments. This is different than LZA. See the blog I wrote for September’s AWS LZA Community of Practice meeting for more explanation.

To address these growing needs, a suggestion was made to dedicate a quarterly call to Cloud Center of Excellence (CCoE) and/or custom landing zone deployment. It's worth noting that this was just an initial idea proposed during the discussion, and the most suitable platform for such conversations is yet to be determined.

Help Desk Unification: Seeking Success Stories

Jan from AWS raised an interesting question about unifying multiple independent help desks across a campus with a central service desk. If any institutions have experience with such a project, AWS is keen to facilitate connections and share learnings. Contact Jan at janday@amazon.com

Hands-on "Barn-raising" Topics

The community expressed interest in hands-on sessions to collectively build out modular projects together. A couple of suggestions to start with are:

  1. Vanderbilt University's Amplify AI Platform
  2. Indiana University's Automated Transcription Service 

These practical sessions would guide institutions through the steps of deployng them in their own environments. If you have ideas for similar done-in-a-day-or-less projects with broad appeal, contact Bob Flynn bflynn@internet2.edu

Cloud Engineering Recruitment and Cloud Computing Courses 

The University of Wisconsin-Madison shared their experience in hiring for a new Cloud Engineer position. The role requires multi-cloud experience (AWS, Azure, GCP) and proficiency in Infrastructure as Code (IaC). 

They are seeing lots of resumes for the position. More than a few cover letters and even some resumes look AI generated. The discussion turned from the challenge many organizations are facing finding experienced candidates to cloud computing and DevOps courses offered at universities and technical institutes. Kelly Rivera shared her insights into the training offered at a local Wisconsin technical college:

  • They offer courses on Terraform, cloud platforms, and CI/CD pipelines.
  • While the program provides a solid foundation, graduates lacked the stresses of managing production environments and the benefits of working in a team. AWS GameDays were suggested as a way to help bridge those gaps. .
  • The University of Wisconsin-Madison has considered sourcing interns from this program.

Another institution mentioned that they offer a few Master's level courses in the Business School using cloud services for data analytics and machine learning. These courses use AWS Cloud Academy, but most computer science and MIS coursework remains theoretical rather than applied. This discussion highlights the growing need for practical, hands-on cloud and DevOps education in academic settings to prepare students for the evolving job market.

The AWS NET+ Tech Share continues to be a valuable venue for knowledge sharing, community building, and addressing the evolving needs of research and education institutions in their cloud journey.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Estimated reading time: 5 minutes

On September 3, 2024, the AWS Landing Zone Accelerator (LZA) Community of Practice gathered for its monthly meeting, bringing together representatives from various institutions and AWS experts. The session focused on providing a comprehensive introduction to LZA, its architecture, and best practices for implementation.

LZA 101: Understanding the Foundations

The meeting began with an informative LZA 101 presentation by Brian from the AWS LZA team. He introduced attendees to landing zones and their role in cloud adoption. Key takeaways include:

  1. Landing Zone Defined: A critical cloud foundation component that provides a framework for account provisioning and management, establishing a secure and compliant multi-account AWS environment.
  2. Cloud Foundation Alignment: The importance of aligning with the AWS Cloud Adoption Framework's Platform, Operations, and Security pillars.
  3. Historical Context: The evolution from customer-built systems to AWS-managed services like Control Tower.
  4. Differentiating landing zone and LZA: While a landing zone is the overall environment and structure for AWS account management, LZA is a specific tool for implementing and managing that environment.
  5. LZA Overview: An open-source solution accelerating the implementation of security controls and infrastructure foundation on AWS.
  6. Key Benefits: Well-Architected framework alignment, compliance documentation, and ability to programmatically implement and track AWS Organization-wide configuration changes.
  7. Architecture: Utilizes AWS CloudFormation, CodePipeline, and Cloud Development Kit (CDK) for deployment.

Q&A Insights: Real-world Implementation Concerns

The Q&A session provided valuable insights into the practical aspects of implementing LZA:

  • Configuration Management: The University of Idaho raised questions about best practices for editing YAML files, particularly for CMMC compliance. AWS experts recommended establishing a RACI matrix for effective people and processes management.
  • Change Management: Internet2 inquired about config management locations, to which AWS said one way is to use internal code repositories (like GitHub) with actions to trigger the LZA deployment pipeline.
  • Testing Strategies: The importance of having separate test and production organizations for making changes was emphasized, with AWS experts noting that account boundaries alone are insufficient for containing organization-wide changes.
  • Third-party Integrations: While specific third-party tools weren't recalled, AWS highlighted the LZA account creation workflow available on GitHub as a valuable resource.

Looking Ahead: Roadmap and Community Engagement

The meeting concluded with important announcements and future plans:

  1. TechEx Check-in: Internet2 and Amazon have a session at  TechEx conference to talk about the effectiveness of these community gatherings. They are looking for members of the CoP who are attending the event to join the discussion.
  2. Next Meeting Preview: The October meeting will feature a roadmap discussion, requiring an NDA with AWS for participation. This session promises to provide exclusive insights into the future direction of LZA. If you wish to attend, please email bflynn@internet2.edu with confirmation that your institution has an NDA.

The September AWS LZA Community of Practice meeting successfully demystified Landing Zone Accelerator, providing attendees with a solid foundation for understanding the benefits of implementing this powerful tool. As institutions continue to navigate their cloud adoption journeys, the insights shared in this session will undoubtedly prove invaluable.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

Greetings all!

Hoping everyone had a wonderful summer. It has been a busy last few months for the NET+ Canvas program so let’s dig in:

Instructure Acquisition

On July 25 it was announced that Instructure is to be acquired by KKR, and as you might expect, we received a few questions from our members on what this might mean for institutions, for the NET+ program, and for the future of Instructure. Shortly after the announcement was made, Internet2 met with the Canvas Service Advisory Board (SAB) to gather more information that might be relevant for our program subscribers and put together a set of questions to pose to Instructure leadership. After learning more about the details of the transaction, consulting Internet2 legal counsel, and speaking with Instructure leadership, we can confidently say that we expect no changes to the NET+ Canvas program or to the agreements in place with subscribing institutions. Instructure has been acquired multiple times since partnering with Internet2 in 2013, and NET+ terms are meant to withstand transitions such as this.

Key Takeaways:

  • The current Internet2/Instructure Business Agreement is in effect until 2033, providing predictability on terms and pricing for all existing services.
  • In the case where Instructure is acquired, any assignee is bound by the terms of the Business Agreement between Instructure and Internet2. (BA 9.9(b))
  • In short, what Instructure could do before, it can do after – nothing more or less.

To share more on the acquisition for NET+ members, please read the following note from Instructure’s Chief Academic Officer, Melissa Loble:

KKR believes in Instructure and the work that we do. KKR is getting a world-class company and product with world-class customers. For us at Instructure, nothing changes! Our mission remains the same to elevate student success, amplify the power of teaching and inspire everyone to learn together. KKR believes in our Mission and is simply investing to support the path that has already been laid out for our customers. At InstructureCon, we shared our exciting strategy and roadmap of innovation that we will continue to focus on – all with the intent of providing a better experience to you, our customers. 

-Melissa Loble, Chief Academic Officer

For any further questions or concerns, please contact netplus@internet2.edu or consider filling out the Service Advisory Board contact form.

Community News - Fall 2024

A special thank you to everyone that was able to complete the NET+ Canvas wellness check survey back in June. Your feedback and recommendations for program improvements have been noted and will certainly help shape future activities and program workflows. 

On July 26, we hosted a Data Governance Town Hall to discuss Instructure’s current and upcoming initiatives in data hygiene. The agenda included an exploration of new concepts and solutions for data retention, as well as an open Q&A session with community participants that gave feedback on product strategy and future plans. Key topics included course archiving features, configuration of data governance policies, and the implementation of hard deleting mechanisms. This event recording is available to all NET+ Canvas subscribers. Please reach out if you need access.

On August 07, community members met with Instructure’s Chief Product Officer, Shiren Vijiasingam, to explore the latest product updates that were announced during InstructureCon 2024. The Product Roadmap webinar summarized how new access to insights and generative AI will help drive student engagement and support evidence-based decision-making. Shiren also shared how Instructure products are adapting to evolving learner needs over the course of their lifelong learning journey. Watch the recording here. Password: cvXR4+11

Program Resources:

NET+ Canvas Wiki PageData Governance Wiki PageCanvas LMS Cloud Scorecard

Advisory Board Updates - Fall 2024

The SAB convened in person at InstructureCon in July. Board members expressed interest in learning more about Instructure’s new product releases that were announced during the conference, and also reiterated the importance of placing continued focus on core platform improvements. SAB meeting agendas over the coming months will prioritize conversations around product and partner strategy, as well as new NET+ program events that focus on feedback from June’s wellness check survey to NET+ Canvas Subscribers.

SAB Resources:

Wiki Home PageMeeting AgendasCharter2024 GoalsContact Form

Instructure Announcements - Fall 2024

There were quite few exciting announcements that Instructure published this summer! From New LearnPlatform reports to product updates and announcements shared at InstructureCon, be sure to check it all out at instructure.com/news.

Around Internet2 & Beyond - Fall 2024

As you gear up for the Fall 2024 semester, we invite you to join us for our next webinar series: Discovering the Power of NET+ Services. With over 1,300 contract agreements provisioned across the NET+ Community, we’re adding new NET+ services, hosting new events, and even adding new Program Managers to make it all happen. A lot of community care and effort goes into making NET+ a shared voice for research and higher education institutions like yours, and we plan to highlight those efforts over the coming weeks. The nine-part webinar series will kick off on September 19 and run through December 5, each session beginning at 2:00pm ET. Check out the blog post for more info and register for the series to reserve your spot. 

Lastly, we’re elated to share that Echo Labs will be joining Internet2 as our newest NET+ Program. Read the announcement for more information on how to get involved. 


Wishing everyone a successful start to the new semester! Please connect with me at lhanks@internet2.edu if you have questions or ideas about the NET+ Canvas program. If you have concerns related to pricing, order forms, agreement terms, etc. please reach out to netplus@internet2.edu.

This blog post content was originally sent to mailing list for NET+ Canvas subscribers. To receive future emails, please contact netplus@internet2.edu. 

Table of Contents

Estimated reading time: 3 minutes

This week, the NET+ AWS program kicked off a two-part series introducing the AWS Private Marketplace to the research and education community. This innovative AWS service promises to be a useful tool for institutions’ contract procurement process.

The first session, attended primarily by university cloud enablement teams, provided a comprehensive overview of the AWS Private Marketplace. Here are the key takeaways:

  • Approved contracts only: Private Marketplace allows your institution to curate catalogs of approved contracts from AWS Marketplace.
  • Procurement compliance ensured: Private Marketplace ensures AWS users at your institution only purchase from contracts that comply with your procurement policies, including private offerings with custom terms you’ve negotiated.
  • Customize Private Marketplace for departments or schools: Your institution can create individual private marketplaces for different schools or departments within their organization.
  • Flexibility: Configure your Private Marketplace now and decide when to expose it and to whom, allowing for thorough preparation before full implementation.

Following this introductory session, attendees are encouraged to engage with their procurement colleagues to identify contracts for inclusion in their Private Marketplace. This collaborative approach ensures that the tool is tailored to each institution's specific needs and policies.

The series will culminate in a hands-on lab session, guiding cloud teams through the process of building their private marketplaces. To bridge the gap between the introduction and the practical session, an open office hour has been scheduled for participants to address any questions or concerns.

Next Steps

Whether you attended the initial session or not, NET+ AWS subscribers can access the recording, slides, and other resources at this Google Drive folder.

  1. Review the checklist in meeting folder
  2. Discuss with your procurement team
  3. Bring questions to Office Hours: September 11 at 2pm EDT - Zoom Link
  4. Get accounts and IAM roles in place ready for your build
  5. Join Tech Jam to build your Private Marketplace on September 18 at 2pm EDT - Registration Link

The AWS Private Marketplace presents an exciting opportunity for higher education institutions to streamline their procurement processes and ensure compliance. We encourage all NET+ AWS subscribers to take advantage of this series and explore how Private Marketplace can benefit your institution.