Estimated reading time: 6 minutes
The December 4th AWS NET+ Tech Share brought together members from various institutions to discuss recent AWS re:Invent announcements, upcoming events, and shared challenges in managing AI resources in higher education. Here's what you need to know from our last meeting of 2024.
Upcoming Events
Mark your calendars for these important dates:
- December 18th: NET+ AWS Tech Jam featuring Miracle Murakoshi's re:Markable re:Invent re:Cap (11am PST/2pm EST) (register)
- December 20th: Deadline for Cloud Forum 2025 Call for Proposals (both Cloud & Research proposals). I encourage you all to consider sharing your projects, the challenges you’re tackling, or the valuable lessons you’ve learned with your fellow cloud professionals.
- January 23, 2025: Save the date for the R&E FinOps Virtual Conference (10am-2pm PST/1-5pm EST). More information is soon to come.
An image generated by Amazon Titan Image Generation 1 model.
AWS re:Invent Updates and New Features
Several exciting announcements from re:Invent were discussed:
Amazon S3 Tables: AWS has introduced Amazon S3 Tables, providing fully managed Apache Iceberg tables optimized for analytics workloads. This service offers up to 3x faster query throughput and up to 10x higher transactions per second compared to self-managed tables. It integrates with AWS Glue Data Catalog, allowing seamless streaming, querying, and visualization of data using services like Amazon Kinesis Data Firehose, Athena, Redshift, EMR, and QuickSight.
Centrally Managing Root Access: AWS Identity and Access Management (IAM) now offers a capability that allows security teams to centrally manage root access for member accounts in AWS Organizations. This feature simplifies the management of root credentials and the execution of highly privileged actions across multiple accounts. Many members on the call were very interested in implementing this feature as it will improve operations and security through decreasing management efforts and reducing attack surface.
Declarative Policies: AWS has introduced declarative policies, enabling organizations to define and enforce desired configurations for AWS services at scale. For instance, you can enforce a "block public access" setting for VPCs across all accounts in your organization, ensuring consistent security postures.
Resource Control Policies (RCPs): AWS Organizations now support Resource Control Policies, a new type of authorization policy that sets the maximum available permissions on resources within your entire organization. RCPs help establish a data perimeter in your AWS environment and restrict external access to resources at scale.
Invoice Configuration: In addition to the central root access management feature, the new invoice configuration features were an eye catcher for many members on the call. AWS has launched Invoice Configuration, allowing you to customize your invoices to fit your business needs. This feature enables you to receive separate AWS invoices for member accounts belonging to different business entities within the same AWS Organization, streamlining financial management and compliance.
Amazon Nova Models: Amazon has unveiled Amazon Nova, a new generation of foundation models capable of processing text, image, and video inputs. These models, available through Amazon Bedrock, offer state-of-the-art capabilities for generative AI applications, including text generation, image creation, and video production. The most attractive feature of these models is that it is relatively inexpensive compared to other state of the art models from Anthropic and OpenAI. Simon Willison, a well known open-source programmer, created a cost comparison table amongst the models mentioned above. Below is a table from his blog. I highly recommend reading this article for a deeper dive.
Provider | Model | Cents per million input | Cents per million output |
---|---|---|---|
OpenAI | GPT-4o Mini | 15 | 60 |
Anthropic | Claude 3 Haiku | 25 | 125 |
Anthropic | Claude 3.5 Haiku | 80 | 400 |
Gemini 1.5 Flash-8B | 3.75 | 15 | |
Gemini 1.5 Flash | 7.5 | 30 | |
Amazon | Nova Micro | 3.5 | 14 |
Amazon | Nova Lite | 6 | 24 |
If you’re scratching your head about how some of these new features work or if you would like to hear more about them, swing by our upcoming AWS Tech Jam where our (and AWS’) very own Kevin Murakoshi will recap all of the relevant re:Invent announcements. Link to the registration can be found here.
Further Discussion of re:Invent Updates
Several technical announcements were discussed:
- The announcement of the ability to remove root account credentials completely and replace them with temporary ones started a discussion about handling special cases like Amazon Mechanical Turk (MTurk). Many members on the call manage end users that access Amazon MTurk. They brought up how certain MTurk cases require root account privileges. It seems like the new central management feature for root credentials will work for scenarios that exclude use cases around Amazon Mechanical Turk. Further investigation and testing will need to be done to confirm this definitively.
- A note about upcoming changes to CloudTrail events for AWS IAM Identity Center logs.
- Effective January 13, 2025, AWS IAM Identity Center will modify CloudTrail event data by replacing the
userName
andprincipalId
fields withuserId
andidentityStoreArn
, providing unique and immutable user identifiers. TheuserIdentity
type will change from Unknown toIdentityCenterUser
for authenticated users, enhancing clarity in user identification. Additionally, groupdisplayName
values in administrative events will be replaced withHIDDEN_DUE_TO_SECURITY_REASONS
; to access group attributes, use the Identity StoreDescribeGroup
API operation.
Discussion of AI in Higher Education
The discussion touched on several AI-related topics:
- The University of Delaware shared an innovative use case where they processed thousands of hours of lecture videos to create personalized learning experiences, including a student aid chatbot capable of creating custom flashcards
- The University of Wisconsin-Madison raised important points about managing AI resource access and spending in academic settings, particularly for business school AI courses
- The community discussed challenges in balancing professor requests for comprehensive AI tool access (including OpenAI and Amazon Bedrock) with institutional controls
Looking Forward
The Amplify GenAI Barn-raising event that took place in November was a great success. I will be doing a write up of it so be on the look out for that. The overwhelmingly positive reception of the session generated interest in additional Barn-raising events. Several members of the group expressed interest in implementing Indiana University’s automated transcription service hosted on AWS. The upcoming barn-raising session is planned to take place in spring 2025. Members interested in participating in future barn-raising events are encouraged to reach out with their ideas and use cases.
That’s it for this AWS tech share write up! Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 4 minutes
The November AWS NET+ Tech Share brought together participants from various institutions for discussions ranging from digital preservation strategies to artificial intelligence collaboration initiatives. Here's a summary of the key discussions:
Community Updates and Upcoming Events
Several important deadlines and events are approaching for the research and education community:
- The NERCOMP Annual Meeting (March 31 - April 2, 2025, in Providence, RI) call for proposals closes November 18. AWS's Jan Day is available to assist with submission preparation.
- Got a cloud deployment project that you’ve been working on this past year? Eager to share this story with your peers? Lucky for you, the Cloud Forum 2025 is accepting proposals for both Cloud and Research tracks until December 20.
- Mark your calendars for the R&E FinOps Virtual Conference on January 23, 2025 (10am-2pm PST/ 1-5pm EST).
Institutional Highlights
Carnegie Mellon University's Billing Evolution
Carnegie Mellon University shared their transition to a centralized billing model. They're implementing a single purchase order system to address billing discrepancies, though this approach requires swift monthly processing of all charges.
Getty's Digital Preservation Journey
The Getty Trust provided fascinating insights into their digital preservation efforts. With a mandate to "digitize everything," approximately 95% of their digital assets are stored in AWS. Their team has developed innovative solutions for media migration and will be presenting their approaches at the upcoming TechEx conference.
Data Management Insights
Several institutions shared their experiences with data management:
- Carnegie Mellon discussed their solution to data archival challenges, noting that investing in more robust resources has helped ensure long-term data integrity.
- Multiple institutions highlighted their approaches to supporting library use cases, with dedicated teams handling long-term storage for public resources and specialized scanning equipment for book digitization.
Technical Updates
The discussion touched on several technical developments:
- Amazon's transition from Apache Spark to Ray was noted, though the consensus was that this change primarily impacts large-scale operations.
- The University of California system's research data protection project was highlighted, with their tool available on GitHub at rcs3.
- Participants discussed various disaster recovery approaches, including VM archival strategies and challenges with specific storage solutions.
AI Initiatives and Working Groups
The AI landscape continues to evolve in higher education, with several upcoming events and initiatives:
- Purdue and Notre Dame are hosting AI forums in the coming weeks.
- The Internet2 AI Working Group is accepting new participants (contact tfrank[at]internet2[dot]edu for more information).
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 4 minutes
The October AWS NET+ Tech Share covered infrastructure migration strategies, innovative AI implementations, and upcoming community events. Here's a summary of the key discussions:
Key Events
- Webinar on NET+ AWS, NET+ GCP, NET+ Kion and CICP (slides and recording)
- NET+ AWS Barn Raising: Amplify AI Build Out (no recording, but blog will be coming soon)
- Upcoming re:Invent Keynote Watch Parties featuring main keynote, Werner's infrastructure presentation, and Peter Desantis's Monday night session
- Are you working on a project on AWS that you’ve been heads down on for the past few months? If so, you should consider submitting a proposal for the 2025 Cloud Forum.
Infrastructure Strategy Insights
Penn State University's Approach
Penn State University shared their comprehensive strategy for infrastructure transformation:
- Operating within a three-year VMware transition timeline
- Focusing on IT department centralization
- Implementing Kubernetes environment in AWS
- Maintaining flexibility between cloud and physical servers
- Taking an "if you build it, they will come" approach to cloud adoption
Cloud Migration Experiences
The UC Office of the President shared their experience migrating on-premises VMs to the cloud:
- Successfully addressing around 92,000 security findings during migration
- Rebuilding applications with new operating systems
- Implementing vulnerability mitigation strategies
Innovation Highlights
AWS shared notable implementations from recent tech conferences:
- UCLA Anderson School of Business: Developed GenAI-powered custom email templates for alumni donation campaigns, featuring adversarial model validation
- UC Irvine: Created an open-source alternative to paid backup services for AWS to S3 data backup
Hybrid Infrastructure Discussion
Several institutions explored hybrid cloud possibilities:
- Interest in AWS Outposts and Azure Stack HCI implementations
- Discussion of EKS and ECS anywhere deployments
- Questions about EKS anywhere on AWS outposts for on-premises Kubernetes management
Conclusion
This Tech Share highlighted the diverse approaches institutions are taking to infrastructure modernization, from full cloud migrations to hybrid solutions. The discussions emphasized the importance of careful planning and consideration of various deployment options to meet specific institutional needs.
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 4 minutes
The November AWS Landing Zone Accelerator (LZA) Community of Practice meeting brought together institutions to discuss feature requests, recent updates, and share implementation experiences. Here's a summary of the key discussions:
Feature Request Process
The meeting kicked off with a discussion about streamlining features and documentation requests. Community members raised several important questions about the process:
- File upload capabilities for request submissions
- Integration with support ticket systems
- Visibility of community-submitted requests
Internet2 is working with AWS to create the intake form and process for feature requests. More information is soon to come.
LZA 1.10 Release and Updates
A significant portion of the meeting focused on the recent release of AWS LZA 1.10. According to the AWS LZA Github release page, key new features include
“...the opportunity for new installations to leverage AWS CodeConnections to use GitHub, GitLab, or Bitbucket for storing the LZA configuration files. This supplements existing options including AWS CodeCommit and Amazon S3 to provide even more flexibility when integrating LZA operations into existing workflows.”
For those interested in staying updated with LZA releases, community members shared two helpful approaches:
- Following releases directly on GitHub using custom "watch" settings
- Subscribing to the releases RSS feed at: https://github.com/awslabs/landing-zone-accelerator-on-aws/releases.atom
Community Implementation Insights
Several institutions shared their experiences and current projects:
Network Configuration Approaches
A poll during the meeting revealed diverse approaches to core networking:
- Several institutions, including Tufts University and University of Colorado Boulder, implement networking through LZA
- Others opt for Terraform-based solutions
- One participant noted that LZA effectively handles their entire network configuration, including network firewalls in ingress and inspection VPCs
Security and Compliance
The University of Colorado Boulder shared their work on tuning Security Hub rules, particularly focusing on NIST 800-171 compliance.
Hybrid Approaches
Multiple institutions reported using a mix of LZA and Terraform, choosing the best tool for specific needs:
- Tufts University recently upgraded to v1.9 and is training team members on the platform
- Some institutions use LZA for core infrastructure while managing other components through Terraform
Cost Optimization
An important discussion emerged around optimizing costs for sample configurations:
- Community members shared experiences running test environments for approximately $100/month
- There was interest in developing a minimum configuration template
- AWS expressed willingness to work on more cost-effective sample configurations
Conclusion
The November AWS LZA Community of Practice meeting highlighted significant developments, particularly the release of LZA 1.10 with its enhanced repository integration options through AWS CodeConnections which allows integration into third party repositories like Github and Gitlab. Community members shared valuable insights on diverse implementation approaches, from Tufts University's successful v1.9 upgrade to University of Colorado Boulder's work on Security Hub rules for NIST 800-171 compliance, demonstrating the platform's flexibility across various hybrid implementations.
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 5 minutes
In our recent AWS Town Hall (recording), we discussed a challenge that resonates across the higher education landscape: managing multiple AWS accounts with a focus on strengthening security and maintaining compliance.
The session featured insights from AWS's higher education strategy team and technical experts who shared valuable perspectives on landing zones and AWS Control Tower.
Understanding the Challenge
Patrick Frontiera from AWS's higher education strategy team highlighted that higher education institutions face over 200 compliance regimes, with 24 specifically focused on IT. This complexity is further amplified by the decentralized nature of academic institutions, where IT responsibilities often span across departments and research units.
The key challenges institutions face include:
- Managing numerous evolving compliance requirements
- Balancing innovation with security in decentralized environments
- Coordinating hybrid and multi-cloud infrastructures
- Maintaining consistent security policies across diverse departments
AWS's Approach to Solutions
AWS has developed a comprehensive approach to these challenges, building upon their shared responsibility model. As institutions move towards managed services, AWS takes on more of the security and compliance burden. Some notable solutions include:
- Support for 143 compliance programs relevant to higher education (including FERPA, HIPAA, and NIST 800-171)
- AWS Audit Manager for identifying compliance gaps
- AWS Artifact for generating compliance reports
Landing Zones: A Foundation for Success
Chris Kuehn, AWS Solutions Architect, introduced landing zones as AWS's strategic solution for creating secure, scalable environments. A well-designed landing zone includes:
- Built-in security guardrails and encryption
- Integration with university identity systems
- Unified billing processes
- Pre-configured networking
- Customizable development environments
The Evolution of Landing Zones
The journey of AWS landing zones reflects the maturing needs of higher education:
- Custom-Built Solutions (Early Days)
- AWS Organizations (2017) - Introducing consolidated management
- AWS Control Tower (2019) - Automating setup and management
- Customizations for Control Tower (2020) - Adding flexibility for specific needs
Implementation Best Practices
AWS recommends a flat organizational unit (OU) structure to maintain simplicity while accommodating diverse needs; a flat structure means no nested OUs. A typical OU structure includes:
- Management Account (central authority)
- Core OU (logging and auditing)
- Shared Services OU (common infrastructure)
- Central IT OU
- Sandbox OU (experimentation space)
- College/Department OUs
- Compliance-Specific OUs (e.g., HIPAA workloads)
Practical Insights from Q&A
The session concluded with valuable questions from attendees. Key takeaways include:
- Testing Updates: Maintain a separate development landing zone for testing Control Tower updates
- Migration Strategy: Use a migration OU with relaxed controls for staging existing accounts
- Existing Organizations: While greenfield deployments are ideal, Control Tower can integrate existing accounts with proper planning
Looking Ahead
As compliance requirements continue to evolve, the structured approach offered by AWS landing zones becomes increasingly valuable. The key is to create guardrails, not roadblocks – enabling innovation while maintaining security.
For institutions looking to implement or optimize their landing zone strategy, AWS offers several solutions and support mechanisms:
- Landing Zone Accelerator (open-source solution)
- AWS Partner Network
- AWS Professional Services
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 4 minutes
The October GCP NET+ Tech Share covered compliance challenges in GCP, SSL certificate renewal periods, and networking security issues in higher education. Here's a summary of the key discussions:
Recent Events Recap
Two significant events preceded this Tech Share:
- The Google Rapid Innovation Team (RIT) Project Pitch Session showcased several innovative projects.
- The NET+ GCP SAB meeting in NYC featured these RIT project pitches and a presentation from Washington University on GCP Support Plan challenges.
Upcoming Events
Several important events are on the horizon:
- Are you leveraging GCP to power your research or innovate cloud strategies on campus? Share your insights! Submit your Cloud Forum proposal by December 20th
- Webinar on NET+ AWS, NET+ GCP, NET+ Kion, and CICP (October 31, 11am PT/2pm ET)
- R&E FinOps Virtual Conference - January 23, 2025 10am-2pm PST/ 1-5pm EST (tentative)
Compliance in GCP
Vanderbilt University raised concerns about compliance in GCP, particularly in light of new CMMC changes. Key points of discussion included:
- Challenges of self-auditing vs. external audits for Controlled Unclassified Information (CUI)
- Difficulties in maintaining compliance in distributed environments
- The need for tooling or partnerships to create compliant accounts that can't be undone
- Interest in publicly available Terraform scripts (or other infrastructure as code) for setting security baselines
Jeff from Google mentioned a dedicated team that supports compliance audits and shared resources:
Jeff will look internally to see if there is a team working on IaC for automated compliance checks.
SSL Certificate Renewal and Network Security
The discussion shifted to SSL certificate management and network security:
- Apple is lowering their SSL cert renewal period to 45 days, while Google is shortening theirs to 90 days
- Tailscale was suggested as a potential solution for servers with limited network access to renew SSL certs
- Penn State University expressed interest in moving towards hierarchical firewall rules to simplify complex routing and peering for compliance requirements
Northwestern University shared their experience with Next-Generation Firewall (NGFW) in their Secure Enclave setup, noting challenges with licensing and idle resources.
Future Discussions
The challenges around SSL certificate renewals on network-restricted machines naturally circled back to the conversation about compliance. This prompted planning a networking session with GCP Networking SMEs to address secure access for regulated workloads that remains user-friendly and manageable for IT administrators.
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 4 minutes
The October AWS NET+ Tech Share covered FinOps challenges, account provisioning strategies, and an upcoming AI chatbot workshop. Here's a summary of the key discussions:
Recent Community Updates
The Landing Zone Accelerator (LZA) Community of Practice continues to meet regularly. For those interested in catching up, recent blog posts are available, including a recap of the NET+ AWS Private Marketplace series and the September Tech Share summary.
Key Events
- NET+ AWS Town Hall (October 16): Focusing on multi-account governance in AWS (slides and recording)
- Are you leading a cloud-powered research project or tackling strategic cloud challenges on campus? Share your expertise! Submit your Cloud Forum proposal by December 20th
- Webinar on NET+ AWS, NET+ GCP, NET+ Kion, and CICP (October 31, 11am PT/2pm ET)
- R&E FinOps Virtual Conference - January 23, 2025 10am-2pm PST/ 1-5pm EST (tentative)
FinOps Challenges and Solutions
A significant portion of the discussion centered around FinOps challenges and potential solutions:
Account Provisioning Strategies
- Implementing Service Control Policies (SCPs) to require tagging.
- Using AWS Control Tower for budget alarms and sandbox account provisioning.
- Setting up cost anomaly detection in new accounts.
Tagging Practices
- Tagging per grant or payment source can be useful, especially in research contexts.
- Dividing resources based on logical isolation (grant, lab, project).
Cost Control Measures
Northwestern University recommended setting up cost anomaly detection in new accounts to help manage expenses proactively.
University of Wisconsin-Madison's Approach
The University of Wisconsin-Madison shared their strategies for managing cloud resources:
- Using separate accounts for different projects, sometimes multiple accounts per researcher.
- Employing Terraform to standardize cost alerts.
- Utilizing account boundaries as the primary method for cost tracking.
- Offering weekly office hours to assist researchers.
AI Chatbot Workshop Announcement
An exciting announcement was made regarding an upcoming "barn raising" hands on session to build an AI chatbot using Vanderbilt's GenAI Platform with guidance from developers and architects. Institutions are encouraged to identify appropriate team members to participate in this hands-on workshop, which is estimated to take about 4 hours with proper preparation. For those that need additional guidance, Bob is creating a document to assist institutions in choosing appropriate participants.
Conclusion
This Tech Share provided valuable insights into FinOps challenges and solutions, highlighting the importance of proper account management and cost control in academic cloud environments. The upcoming AI chatbot workshop presents an exciting opportunity for institutions to dive into practical AI application development.
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Estimated reading time: 4 minutes
The October 2nd AWS NET+ Tech Share covered collaborative projects, disaster recovery solutions, and cloud migration experiences. Here's a summary of the key discussions.
Recent Highlights and Upcoming Events
- NET+ AWS Tech Jam on AWS Marketplace (recording available)
- Ongoing Landing Zone Accelerator (LZA) Community of Practice meetings
- NET+ AWS Town Hall on October 16 at 11am PT/2pm ET: CCoE and AWS Organizations Best Practices
Collaborative "Barn Raisings"
The group continued to discuss the proposed "barn raisings" – collaborative sessions where community members get together with AWS experts to build out a solution in their environment. Here are some potential sessions that interest the community:
- Indiana University's Audio Transcription Service: A tool that could benefit many institutions dealing with audio content.
- Secure research environments: A crucial need for institutions handling sensitive data.
- Arizona State University's PDF accessibility project: Addressing the important issue of document accessibility in higher education.
Disaster Recovery and Migration Insights
James from Old Dominion University sparked a discussion on AWS Elastic Disaster Recovery (DRS) experiences. Tommy from AWS explained that DRS, formerly CloudEndure, offers block-level replication from source to target, with both migration and DR options.
Rob from Loyola Marymount University shared valuable insights on using AWS Application Migration Service (MGN): While generally effective, MGN presented challenges with edge cases.
Gerard from Boston University (BU) added historical context, noting past issues with VMware agents and instance sizing during migration. These experiences highlight the ongoing challenges in cloud migration and the importance of careful planning.
SAP HANA in the Cloud: Balancing Performance and Cost
Gerard from BU raised a question about running SAP HANA in AWS. Currently using an on-premises solution across two data centers, they're exploring AWS as part of a tech refresh. Some participants with past SAP HANA experience shared how this is a big undertaking and would be interested to hear the outcome of it. Solutions Architects on the call recommended Gerard to talk to his dedicated AWS SA to loop in an SAP HANA specialist from AWS to discuss potential migration plans and their forecasted cost.
Data Lake and Account Management: A Holistic Approach
Max from Wayne State University (WSU) shared insights on their ongoing Data Lake project and AWS migration. His and his team’s work are mainly greenfield efforts, e.g. creating a new AWS Organization, setting up Control Tower, designing VPCs, and even building an integration for account provisioning with Grouper and EntraID.
For many folks on the call, this was a trip down memory lane, reminiscent of when they had to migrate their first set of workloads into AWS. We hope that the collective wisdom and experience of this group can help teams like Max’s navigate their AWS migration more smoothly and avoid common pitfalls
Control Tower in Academic Settings
Ethan from Carnegie Mellon University (CMU) inquired about experiences with decommissioning AWS Control Tower. Someone from a quantum computing course in CMU had set up Control Tower in their AWS environment. While no direct experiences were shared, the discussion pointed to AWS documentation and highlighted the growing use of AWS in course settings.
While initially talking about Control Tower, this conversation highlighted similar adoption of an uncommonly used AWS service: AWS Braket. Both CMU and BU have a quantum computing course which uses AWS Braket. BU claims that the course was well received.
Conclusion
The October AWS NET+ Tech Share demonstrated the higher education community's commitment to collaborative problem-solving and knowledge sharing. From exploring joint projects to discussing the intricacies of cloud migration and specialized use cases like SAP HANA, the discussions reflected the complex and evolving nature of cloud adoption in academic institutions.
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
Take your AWS Private Marketplace knowledge from theory to practice in this engaging 90-minute hands-on build lab. Designed as a follow-up to our August introduction to Private Marketplace, this session provides cloud and procurement teams from NET+ AWS institutions the opportunity to set up their own Private Marketplace with expert guidance from AWS specialists.
You'll work through a step-by-step process to configure your marketplace, applying the concepts and best practices discussed in the previous session. Our AWS experts will be on hand to provide real-time assistance, ensuring you leave with a functional Private Marketplace tailored to your institution's needs.
This practical session is your chance to implement powerful controls, streamline procurement processes, and optimize cloud resource management for your organization. Don't miss this opportunity to transform your cloud procurement strategy with AWS Private Marketplace.
CICP Subscribers can find slides, recordings, and any other assets here after the meeting. There's even a blog post of it!
The NET+ GCP community reconvenes for an exciting project pitch session, taking over the usual Tech Jam slot. This event marks the culmination of efforts sparked by the August Strat Call, where participants learned about the Rapid Innovation Team (RIT) initiative and began formulating their project ideas (recording).
During this session, members of the NET+ GCP community will have the opportunity to present their project proposals to the NET+ GCP Service Advisory Board (SAB) and Chris Daugherty from Google. Each pitch will showcase innovative ideas that leverage GCP to address critical needs within higher education institutions and potentially benefit the broader academic community.
Presenters will outline their project's objectives, potential impact, and how it aligns with RIT's goal of creating impactful prototypes for the research and education sector. The audience can expect to hear a diverse range of concepts, from AI-driven solutions to data management tools to advising systems and beyond.
After this session, the SAB and Chris will vote to select the top three projects. These finalists' ideas will be presented to the RIT at the face-to-face SAB meeting at Google's NYC offices on October 10.
This pitch session represents a pivotal moment for participants to transform their innovative concepts into tangible plans with the potential for realization through RIT's collaborative engagement. It's an unparalleled chance for higher education institutions to drive technological advancements in their field with the support of Google's expertise and resources.
CICP subscribers can find the slides, recordings, and other meeting assets here.
Higher education is a uniquely complex industry, with many independent groups building unique solutions that are all expected to comply with university policies and applicable regulatory frameworks. Working in AWS introduces a number of new tools: Organizations, Landing Zones, and Control Tower. We’ll discuss the roles of each of these and how you can build a secure and predictable environment for your customers across campus.
AWS Solution Architect for EDU, Chris Kuehn takes us through this month's topic on Wednesday, October 16 at 11am PT/2pm ET.
CICP Subscribers can find slides, recordings, and any other assets here after the meeting.
Estimated reading time: 5 minutes
On September 24, 2024, the Google Rapid Innovation Team (RIT) hosted a Project Pitch Session, bringing together innovative minds from various institutions within the Internet2 NET+ GCP community. This session, which replaced the usual Tech Jam, was a follow-up to the initiative introduced during the GCP Strat Call on August 20 by Google's Chris Daugherty. The goal was to present ideas for prototype game-changing solutions addressing real-world challenges in the research and education community.
The RIT Opportunity
The RIT offers a unique chance to work in 6-week sprints with teams from subscribing institutions to build functional prototypes of software applications. These applications aim to enhance research capabilities, improve student engagement, or streamline administrative processes in higher education.
Presented Ideas
Unlocking Historical Insights with AI and Big Data
Sheila Marie Zellner - Jenkins from the University of Maryland, College Park presented "Applying DocumentAI and BigQuery to diplomatic correspondence from the Allied Occupation of Japan." This project aims to:
- Use DocumentAI for OCR conversion of multilingual documents
- Ingest data into BigQuery for advanced SQL querying
- Employ Looker for data visualization and analysis
The project demonstrates the potential of AI tools in converting archival materials, regardless of language, into accessible digital databases, potentially revolutionizing approaches in various academic fields.
Cloud Migration Coach: Simplifying the Path to GCP
Bob Flynn from Internet2 proposed a "Cloud Migration Coach," addressing the challenge of getting started with Google Cloud. This tool aims to:
- Analyze on-prem architecture diagrams and workflows
- Provide customized migration plans and cost calculator input recommendations
- Pull in targeted learning resources from Google Cloud Skills Boost
Modernizing Applications with AI-Driven Analysis
Gabe Geise from Penn State University proposed an AI application to streamline application modernization efforts that builds on the Cloud Migration Coach idea. It does this by:
- Analyzing GitHub repositories to suggest containerization strategies
- Recommending relevant GCP services for deployment
- Providing documentation and training resources for implementation
This tool could assist in modernizing applications, identifying technical debt, and improving long-term code maintenance.
Pacer: Personalizing Student Time Management
Building on an idea initially mentioned during the August Strat Call, Bob presented "Pacer," a tool designed to help students manage their time more effectively. This concept aims to:
- Create personalized work plans based on students' curricula and commitments
- Ingest syllabi and class calendars to develop day-to-day personal work plans
- Integrate with Google Calendar and learning management systems
- Adapt to individual productivity patterns and preferences
Pacer represents a practical application of technology to address the common challenge of time management faced by students juggling multiple responsibilities. By providing personalized scheduling assistance, it has the potential to significantly improve students' academic performance and overall college experience.
The discussion around Pacer highlighted the importance of user privacy and the potential for the system to learn and improve its recommendations based on user behavior over time.
Next Steps
Following this pitch session, the Service Advisory Board (SAB) and Chris Daugherty will discuss the submissions, maybe add some of their own, and ultimately vote to select the top projects. These projects will be presented to the RIT leadership at a face-to-face SAB meeting on October 10 at Google's NYC offices.
Conclusion
The Google Rapid Innovation Team Project Pitch series of meetings highlights how the NET+ GCP community facilitates collective community conversations and innovative projects leveraging Google Cloud technologies in higher education. As the selection process moves forward, these projects have the potential to contribute to how universities address challenges in research, teaching, administration, and student success, furthering the superpower of collaboration for shared benefit within the higher education community.
You can always find details and recordings of the NET+ GCP quarterly calls on the Cloud Infrastructure Community Program (CICP) calendar. Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.
The NET+ AWS program recently concluded a comprehensive two-part series on AWS Private Marketplace, offering valuable insights for the research and education community. The series, which included a strategic call, office hours, and a hands-on Tech Jam, illuminated the potential of this innovative tool to streamline procurement processes in higher education institutions.
Key takeaways from the series include:
- Private Marketplace enables institutions to curate catalogs of approved contracts, ensuring compliance with procurement policies.
- Institutions can create customized marketplaces for different schools or departments, offering flexibility in implementation.
- The tool supports private offerings with custom-negotiated terms, enhancing procurement options.
During office hours, the AWS Marketplace team addressed questions about the differences between Private and Public Marketplace, providing clarity on how to engage procurement and finance teams effectively. The Tech Jam session offered a practical demonstration of setting up private offers and configuring Private Marketplace within AWS organizations, complete with access control strategies.
Participants praised the clarity of the presentations and the relevance of the service to their institutions' needs. Many expressed enthusiasm about implementing Private Marketplace in their own environments, recognizing its potential to enhance procurement efficiency and policy compliance.
As institutions continue to navigate the complexities of cloud procurement, AWS Private Marketplace emerges as a powerful tool for ensuring compliance, streamlining processes, and maximizing the value of AWS services in higher education settings
Resources:
Estimated reading time: 4 minutes
The September 18th NET+ AWS Tech Share dug into issues that keep the research and education cloud professionals up at night: measuring cloud maturity, justifying costs, and simplifying storage decisions. Here's what you need to know:
Cloud Elevation Index (CEI): Penn State's Approach to Benchmarking Cloud Journey
In the meeting, we briefly talked about Penn State University’s innovative internal project: the Cloud Elevation Index (CEI). For those of you that missed their presentation this year at Cloud Forum here are the slides and recording. In a nutshell, this new metric could potentially offer research and education institutions a standardized way to quantify cloud maturity progress.
Stay tuned for updates regarding Penn State's CEI. NET+ subscribers will see CEI for their own accounts in the upcoming release of the Data Benchmarking project. Internet2 is working with Penn State to set up a working group open to the broader research and education community on this initiative.
Cloud Costs Under Scrutiny: CMA Investigation Sparks Debate
Joshua (University of Virginia) shared a recent article about AWS’s responses in the UK Competition and Markets Authority’s (CMA) investigation into anticompetitive behavior by the public cloud providers and the other major cloud providers, igniting a lively discussion:
- Bob mentioned that The Register has a history of posting anti-public-cloud articles. He also cautioned against viewing the cloud as a universal solution.
- Kelly (University of Washington-Madison) highlighted often-overlooked cloud benefits, particularly in security.
- The group explored differences in compliance and security between cloud and on-prem:
- Cloud platforms handle some compliance aspects at the platform level.
- On-prem setups vary widely in control and security ("All bets are off for researchers who have a server under their desk").
Key takeaways:
- Evaluate cloud benefits holistically, beyond just infrastructure costs.
- Consider how the cloud simplifies certain compliance requirements.
- Recognize the challenges in making direct cloud vs. on-prem comparisons.
- A more balanced analysis, including links to the hearings with each of the three public cloud vendors in the CMA investigation, can be found at How Big Cloud defended itself in the U.K.
Taming the Wild West of Cloud Procurement
Familiar procurement headaches shared across institutions:
- Challenge: Corralling departments and researchers under a single contract. Many are either unaware of university contracts or are unwilling to comply with or have their accounts controlled by central IT management.
- Risk: If controls are too tight or if the value of joining the institutional contract and org are not made clear and compelling, there is a chance that departments and researchers (primarily researchers) will create accounts with non-university credentials, pushing IP and any chance of university support, to personal accounts.
Best practices mentioned: Consider increasing closer collaboration between IT, Procurement, Research to develop streamlined cloud account creation processes that make the value proposition clear and balance flexibility with control.
AWS Storage Simplification
Jan from AWS has an internal project she’s working on to simplify AWS storage selection:
- Challenge: Researchers and others struggle to choose optimal AWS storage configurations for their use cases.
- Initiative: Developing user-friendly tools for accurate object storage pricing estimates.
- Goal: Enable precise cost estimation without requiring deep architectural expertise.
This initiative aligns with recent discussions in the research and education community about research data storage challenges. In fact, this past June, Oren Sreenby of Internet2 wrote an insightful blog on "Top Issues Around Research Data Storage in Higher Ed."
Jan is actively seeking insights from those working with the cloud within the research and education community to create a potential solution. This is your chance to shape tools that could make your storage decisions easier and more cost-effective! Contact Jan at janday[at]amazon[dot]com.
Conclusion
From Penn State's Cloud Elevation Index to the ongoing debates about cloud costs and procurement strategies, it's clear that our community is still wrestling with challenges to making the most efficient use of cloud in their institutions. As we navigate these complexities, the collaborative spirit of the NET+ AWS Tech Share community remains a valuable resource. We hope you’ll join us at the next NET+ AWS Tech Share and add your voice to the conversation!
Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.