Blog

March 2025 NET+ AWS Tech Jam: Reinventing Cloud Provisioning for Higher Education
Tim Manik posted on Mar 19, 2025

Estimated reading time: 4 minutes

If you missed our March NET+ AWS Tech Jam, you missed a thought-provoking conversation about how leading institutions are completely rethinking their approach to cloud provisioning. Penn State University's journey from manual processes to cloud automation sparked insights that could reshape how your institution empowers researchers and students while maintaining financial control.

Beyond the "Build It and They Will Come" Fallacy

The discussion quickly moved past outdated cloud provisioning philosophies to reveal a fundamental truth: successful cloud environments start with understanding what users actually need, not what IT thinks they might want.

Shane Heivly from Penn State University described their eye-opening shift from what he called "2018-style manual provisioning" to a more sophisticated user-centric approach. This isn't just about technical workflows—it's about transforming how institutions conceptualize their relationship with cloud resources.

"The backwards approach is critical," noted one participant. "When you understand what researchers and graduate students truly need to accomplish, you design systems that actually get used rather than bypassed."

Solving the Higher Ed "Snowflake" Challenge

What makes the academic environment so challenging for cloud administrators is the extraordinary diversity of use cases. From high-performance computing clusters processing climate models to AI workloads analyzing literary texts, every research group presents unique requirements.

Rather than attempting to build one-size-fits-none solutions, forward-thinking institutions are creating flexible provisioning frameworks that:

  • Recognize different levels of cloud maturity among users
  • Provide appropriate guardrails without stifling innovation
  • Integrate with familiar campus systems like ServiceNow
  • Scale to accommodate growing demands

The Financial Control Breakthrough

Perhaps the most compelling part of the discussion centered on how automated provisioning is revolutionizing financial control—without creating administrative bottlenecks.

Early adopters have implemented sophisticated tagging strategies that enable granular cost attribution while empowering users with real-time visibility into their spending. Rather than discovering runaway costs at month's end, institutions now deploy automated monitoring tools that can alert users or even shut down idle resources based on predefined policies.

One participant described how their institution reduced unexpected cloud expenses by 73% in just four months using this approach—while actually increasing cloud adoption rates.

From Theoretical to Practical: Implementation Insights

What separated this Tech Jam from typical cloud discussions was the practical implementation roadmap that emerged. Participants shared specific tactics for overcoming common obstacles:

The "vending machine" concept emerged as a particularly compelling model, where users can self-service their cloud needs within appropriate boundaries. Rather than attempting to build comprehensive solutions immediately, participants advocated for starting with minimal viable products focused on common use cases, then expanding based on actual usage patterns.

Identity and access management strategies proved to be a critical foundation, balancing user autonomy with institutional security requirements through thoughtfully designed permission structures.

Building the Community Knowledge Base

The most valuable aspect of the Tech Jam was the rich exchange of real-world experiences that transcended vendor talking points. Participants shared struggles, successes, and everything in between—creating a knowledge base far more valuable than any white paper.

Multiple institutions shared how they've adapted their existing IT service management platforms to support cloud provisioning, allowing them to leverage familiar workflows rather than creating entirely new processes.

Making It Real on Your Campus

Ready to transform your cloud provisioning? The community highlighted several practical next steps:

  • Arrange a consultation with your AWS Solutions Architect to evaluate your current provisioning approach
  • Join the upcoming hands-on workshop series focused specifically on implementation strategies
  • Connect with peer institutions through the Internet2 NET+ AWS community forums
  • Access the shared resource repository containing sample workflows, policies, and lessons learned

The March Tech Jam reinforced that cloud provisioning isn't just a technical challenge—it's fundamentally about enabling research and education while maintaining appropriate controls. By focusing on user needs first and building iteratively, institutions are creating cloud environments that truly meet the unique demands of higher education. Here is the recording for you to view on-demand (unfortunately, due to user error, the recording started half way through).

Don't miss next month's NET+ AWS event. Take a look at our calendar for upcoming events that you might be interested in. These monthly sessions continue to bring together innovative thinkers in higher education cloud computing to solve real-world challenges.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

February 2025 NET+ AWS Tech Share: Research Innovation Through Cloud Evolution
Tim Manik posted on Feb 28, 2025

Estimated reading time: 4 minutes

If you missed our February NET+ AWS Tech Share, you missed a fascinating look at how institutions are reimagining their cloud strategies in response to shifting research demands and budget realities. From Penn State's innovative platform approach to UMBC's compliance-focused landing zone implementation, the discussion revealed practical solutions that could transform how your institution delivers cloud services.

Beyond Account Provisioning: The Platform Evolution

The conversation quickly turned to a compelling vision shared by Penn State in response to their campus consolidation initiative. Rather than continuing with traditional account brokerage, they're developing a comprehensive platform-as-a-service (PaaS) approach specifically designed for research workloads.

"What does the cloud team become?" emerged as a central question as Penn State outlined their strategy to provide pre-configured environments with standardized guardrails that researchers can use immediately—without needing cloud expertise. Their approach includes:

  • Developing Terraform scripts that create account foundations with pre-configured endpoints
  • Focusing on specific high-value services like EC2, EMR for data processing, and AI services like Bedrock and SageMaker
  • Moving from account administrators to platform architects and research enablers

This evolution represents a significant shift in how central IT delivers value to researchers. By handling infrastructure complexity behind the scenes, Penn State is creating an environment where researchers can focus on their work rather than cloud management.

Balancing Compliance and Innovation in Healthcare Research

UMBC shared their journey implementing the AWS Landing Zone Accelerator (LZA) specifically for HIPAA compliance, with HITRUST certification on the horizon. Their architecture offers valuable insights for institutions balancing strict compliance requirements with research agility:

  • Using a separate Master Payer account dedicated to healthcare workloads
  • Designing environments specifically for lift-and-shift migrations
  • Exploring Kion integration for enhanced governance

The discussion highlighted how the monthly LZA Community of Practice calls have become an essential resource for institutions navigating similar compliance challenges. These sessions bring together practitioners solving real-world problems with AWS architects offering implementation guidance.

Student Empowerment: Cloud Access in the Classroom

Two contrasting approaches to student cloud access emerged during the discussion. UVA's data science school is pioneering a service catalog approach that provides students with controlled yet powerful AWS environments, including access to TRN1.2xlarge instances for AI model training.

This contrasts with William & Mary's Kubernetes-based JupyterHub implementation, which offers simplified access for anyone with a W&M email address without requiring individual AWS accounts. Both examples demonstrate how institutions are creating purpose-built educational environments that balance security with accessibility.

What made these examples particularly valuable was hearing the practical implementation details directly from the teams involved—insights you can only get from peer institutions tackling similar challenges.

Practical Root Access Management Strategies

The session revealed diverse approaches to a critical operational challenge: managing root access to AWS accounts. From Penn State's targeted use cases to UVA's Control Tower implementation that eliminates password-based root access entirely, the community shared battle-tested strategies for balancing security with operational needs.

Several participants highlighted AWS's new capability to close accounts centrally without root credentials—a significant operational improvement that many weren't aware of before the discussion. These practical insights show how the community develops governance frameworks that balance security with operational efficiency.

What's Next: Learning Opportunities and Events

The AWS community calendar is packed with opportunities to continue these conversations:

For those looking to build cloud skills, the CICP CLASS Voucher Program offers specialized training including AWS Security in the Cloud, Solutions Architect Associate Certification, and Container Orchestration for Research Workflows.

March is Tech Jam month—a perfect opportunity to bring your specific cloud challenges and work through them with peers and AWS experts. These collaborative working sessions provide immediate, hands-on help with your most pressing implementation questions.

Join the Conversation

As higher education continues to face budget constraints while research demands grow more complex, these community conversations become increasingly valuable. The practical insights shared during this session—from platform architecture to compliance strategies—represent knowledge that would take months to develop independently.

NET+ AWS Tech Shares take place every other week. The next Tech Share promises to continue exploring these themes with practical demonstrations and real-world examples. Will your institution be represented in the discussion, or at least be there to listen in?

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

February 2025 NET+ AWS Strategic Call: Optimizing AWS Networking for Research
Tim Manik posted on Feb 25, 2025

Estimated reading time: 4 minutes


If you missed our February NET+ AWS Strategic Call, you missed a lively discussion on one of the most pressing challenges facing research institutions today: how to design networking infrastructure that can handle massive data transfers without breaking the bank. AWS Solutions Architects Kevin Murakoshi and Nick Kniveton shared strategies that could save institutions thousands in unnecessary costs.

The Hidden Costs of Moving Research Data

The conversation quickly revealed how easily networking costs can get out of hand when supporting data-intensive research workloads. While compute often gets the spotlight in discussions about cloud costs, it's the data movement that can unexpectedly dominate budgets in research environments.

Research computing presents unique challenges: massive datasets transferred between compute resources, sporadic high-intensity processing periods, and collaborations that span multiple accounts, projects, and regions. Each of these characteristics creates potential cost traps.

Kevin walked through a compelling real-world example showing how research projects can unknowingly spend thousands of dollars monthly just on cross-availability zone data transfers—a sobering reminder that even small per-gigabyte costs add up quickly at research scale if you do not architect your workloads thoughtfully.


Strategic Options for Multi-VPC Research Environments

The AWS team examined three strategies with remarkably different cost implications:

VPC peering works beautifully for straightforward connections between two research environments, remaining the most cost-effective option with free data transfer within the same availability zone.

Transit Gateway shines as networking needs grow more complex. This hub-and-spoke model simplifies management, though it introduces data processing fees of $0.02/GB.

VPC Sharing emerged as particularly well-suited to the ephemeral, high-burst nature of research computing. This approach allows multiple AWS accounts to share a single VPC infrastructure.

VPC Sharing: A Game-Changer for Research Computing

Nick explained how VPC sharing aligns perfectly with the realities of research computing, generating significant interest during the session.

The separation of duties concept clearly resonated—network engineers maintain central control while researchers maintain autonomy over their workloads. This approach has the potential to transform current architectures at many institutions.

By sharing NAT gateways and other networking resources across multiple research projects, institutions can dramatically reduce duplicative costs. Early adopters have seen significant networking cost reductions while improving performance for their researchers.

Real-World Implementation Challenges

The discussion dug into practical implementation concerns including limitations (keep participant accounts under 100 per VPC), billing mechanics (VPC owners pay for infrastructure while participants pay for resource usage), and migration strategies.

The AWS team also addressed current limitations in tracking detailed data transfer costs. While AWS has received feature requests for improved cost attribution capabilities, they outlined practical workarounds for the present.

Community Knowledge Sharing

What made this call especially valuable was the rich exchange of real-world experiences from the community. The session highlighted examples of custom infrastructure-as-code tools that have streamlined VPC sharing implementation, and practical applications supporting multi-institution research collaborations.

Getting Support for Your Implementation

Need a strategic architecture review? Your AWS Solutions Architect can provide personalized guidance tailored to your specific research environment needs.

Ready for hands-on implementation help? The team offers "tech jams"—collaborative working sessions with AWS experts where you can tackle specific networking challenges together.

Looking for peer advice? The Internet2 NET+ AWS community provides ongoing forums where you can connect with colleagues who have already implemented these approaches.

Join Us Next Time

If this recap has you wishing you'd been part of the conversation, make sure you don't miss our next NET+ AWS Strategic Call in March. These monthly sessions bring together bright minds in higher education cloud computing to tackle common challenges and share innovative solutions.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.


January 2025 AWS NET+ Tech Share Recap: From Migration Stories to Training Initiatives
Tim Manik posted on Feb 21, 2025

Estimated reading time: 4 minutes

The January AWS NET+ Tech Share meetings brought together members from across the research and education community to discuss cloud migration strategies, training initiatives, and innovative approaches to managing AWS resources. Here's what you need to know from our first meetings of 2025.

Community Updates and Events

Several significant events marked the beginning of the year:

Institutional Highlights

Loyola Marymount University's Migration Journey

LMU shared their ambitious migration plans, including:

  • A large-scale migration involving 100 servers, split between general infrastructure and Banner system
  • Partnership with AWS, including direct support from the AWS team and the Migration Acceleration Program
  • Strategies for managing the migration with a lean team

University of Virginia's Service Catalog Initiative

UVA is developing a Service Catalog for AWS resources, specifically designed to help students familiarize themselves with AWS services. While Research and Engineering Studio (RES) implementation is currently on hold due to cost considerations, the team continues to explore alternative approaches for providing AWS learning environments.

Northwestern University's Infrastructure Improvements

Northwestern implemented a slick solution using SNS and Lambda to clean up feeds from logs, along with deploying a new Terraform project. They've also enhanced their security monitoring by implementing CloudTrail log integration with Splunk.

Training and Development Initiatives

The community identified several key areas for future training:

  • Cloud infrastructure for networking and security teams
  • Data lake implementation and management
  • FinOps training for both IT business office staff and developers
  • Container migration strategies for VM teams
  • SkyPilot framework implementation

Of particular interest is SkyPilot, an open-source framework from UC Berkeley's Sky Computing Lab that enables cost-effective multi-cloud management for machine learning and data science workloads. The Internet2 CLASS program is collecting these ideas and others. If you have more or if you’d like to maybe write and teach one of these topics, reach out to class[dot]internet2.edu

Managing "Free Range" AWS Accounts

Several institutions shared successful strategies for bringing independently managed AWS accounts under central IT governance:

  • Boston University implemented a service catalog approach with a 98% success rate in centralizing AWS accounts
  • Texas A&M University developed an email filter system to monitor new AWS account creation
  • Baylor College of Medicine established a procurement system flag to notify the cloud team of cloud-related purchases

Research Computing Solutions

The community discussed various approaches to supporting research computing needs:

  • Three common researcher profiles were identified:
    1. Basic compute and storage needs (suitable for LightSail)
    2. HPC requirements
    3. Advanced data processing needs requiring native AWS services
  • Several institutions are exploring sandbox environments and credit systems to support rapid prototyping while maintaining oversight
  • The community showed interest in exploring Vocareum's AWS account deployment feature as a potential solution for sandbox environments

Looking Ahead

The community continues to evolve its approach to cloud computing, with a focus on:

  • Developing more comprehensive training programs
  • Improving account management strategies
  • Enhancing support for research computing
  • Implementing cost-effective solutions for educational environments

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

January 2025 NET+ AWS Town Hall: Racing Against the Clock for NIH Genomic Data Compliance
Tim Manik posted on Jan 15, 2025

Estimated reading time: 4 minutes

The clock is ticking. With the NIH's updated genomic data sharing policy taking effect on January 25th, our latest NET+ AWS Town Hall brought together a community of researchers and IT professionals seeking clarity on these critical requirements. The energy in the virtual room was palpable – institutions across the research community are navigating complex security measures while trying to ensure their vital genomic research won't face interruption.

The Compliance Gap Affecting Research Nationwide

"Are we ready?" That question hung over the session as polling revealed a stark reality – only 6% of participating institutions felt confident their research infrastructure meets the updated NIH requirements, while the majority weren't sure where they stood. You could almost feel the collective intake of breath as these numbers appeared. This shared uncertainty created an immediate sense of community – we're all tackling this challenge together.

What transformed this from just another technical walkthrough into something special was Nick Weber from NIH's STRIDES initiative joining the conversation. Nick didn't just deliver official guidance – he engaged directly with the community's concerns, creating a rare direct dialogue between NIH and the institutions racing to implement changes. When he offered dedicated consultation services through strides@nih.gov, you could sense the relief spreading through the virtual room – here was a genuine pathway to solutions.

Consequences of Non-Compliance: More Than Just Lost Data Access

The atmosphere shifted noticeably when Alexandria Burke, a CMMC Assessor and senior Security Assurance consultant, shared real-world cautionary tales. The room grew quiet as she revealed the Department of Justice is pursuing action against two universities for NIST 800-171 violations, with one facing a $2.5 million fine. Suddenly, this wasn't abstract policy – these were peer institutions facing serious consequences.

Alexandria's breakdown of the NIST 800-171 requirements sparked a collective "aha" moment across screens. While most institutions focus on technical controls, she revealed that 54% of compliance work involves documentation, administrative, and procedural controls – precisely the areas where many institutions feel least prepared. You could almost see lightbulbs turning on as participants realized why they've been struggling despite their technical sophistication.

The chat erupted during Q&A as participants discovered critical nuances that immediately changed their compliance approach:

  • NIH will accept NIST 800-171 Revision 2 while institutions transition toward Revision 3
  • Virtual Desktop Infrastructure (VDI) potentially simplifies compliance for end-user devices
  • The rules apply specifically to 20 controlled-access data repositories identified by NIH

These weren't just dry facts but vital insights being shared among colleagues who understand each other's challenges.

AWS's Secure Research Environment: A Ready-Made Solution Path

You could feel the mood lift when Venkat Chandrababu took the floor to showcase AWS's Secure Research Environment. As he demonstrated how pre-configured security controls aligned with all 110 NIST 800-171 requirements, the chat lit up with questions and comments. It wasn't just about technical specifications – it was about seeing a viable path forward when many felt overwhelmed by compliance requirements.

"This could save us months of work," one participant commented as Venkat explained how AWS's approach leverages existing compliance frameworks to "raise the bar" on the shared responsibility model. The relief was tangible – here was a solution that didn't require building specialized compliance expertise across multiple domains.

A follow-up poll revealed something fascinating about our community – 45% already have secure research environments in the cloud, while 34% now recognize the urgent need to establish one. This sparked spontaneous networking in the chat, with experienced institutions offering to share insights with newcomers – exactly the kind of community-building that makes these sessions invaluable.

Implementation Options for Every Timeline and Resource Level

The tension in the virtual room was palpable when discussion turned to the rapidly approaching January 25th deadline. Karthik Narasimhan sensed this anxiety and pivoted to a practical approach that visibly calmed participants. Rather than one-size-fits-all guidance, he presented tailored implementation paths:

  1. In-house implementation with AWS guidance – bringing immediate relief to institutions with robust IT teams
  2. Partner-assisted deployment – offering hope to those with limited internal bandwidth
  3. Genomic ISP partners – providing a lifeline for institutions with just a few projects requiring compliance

The chat exploded with questions about real-world experiences, and Donny Wilson stepped in with exactly what everyone needed – a candid case study about a peer institution. As he described their journey from finding it "nearly impossible" to retrofit existing environments to dramatically reducing implementation time with cloud-based approaches, you could almost hear the collective sigh of relief. This wasn't theoretical – it was a roadmap from someone who'd navigated the same challenges.

Immediate Action Steps

As the session neared its end, the AWS team moved beyond presentations to tangible support. Rather than simply directing participants to documentation, they shared direct contact information for their security specialists and encouraged everyone to reach out for personalized guidance. "We're in this together," was the unspoken message, reinforced by offers of one-on-one consultations for institutions feeling the pressure of the approaching deadline.

The chat continued buzzing even after the formal Q&A concluded – a testament to the community connections being formed. When one attendee wryly commented, "Those who are already compliant were obviously over-engineering their existing solutions," it sparked a wave of solidarity reactions and follow-up discussions. This wasn't just information sharing – it was community building among professionals facing a common challenge.

For those who couldn't attend, here are the slides and recording for you to view on-demand. Take a look at our calendar for upcoming events that you might be interested in.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

December 2024 NET+ AWS Tech Jam: Kevin's re:Invent Highlights You Missed
Tim Manik posted on Dec 18, 2024

Estimated reading time: 4 minutes


If you weren't at the December NET+ AWS Tech Jam, you missed the electric atmosphere as Kevin Murakoshi, fresh from his first-ever in-person re:Invent experience, delivered a no-breathtaking tour through AWS's latest innovations. No slide deck can capture the enthusiasm that filled the virtual room as Kevin, working "literally until 9 o'clock this morning" to finalize his presentation, fired off announcement after announcement without missing a beat. This wasn't just information sharing – it was a masterclass in cloud excitement from someone who had witnessed the future firsthand.

New Foundation Models That Won't Break Your Budget

"We have to start here. We always start here," Kevin declared as he dove into what might be the most significant announcement for higher education: Amazon's new Nova family of foundation models. You could feel the collective energy shift as participants realized these models deliver performance comparable to leading commercial offerings but at dramatically lower costs – the kind of game-changer that budget-conscious institutions have been desperately waiting for.

The Nova family ranges from the lightweight Nova-Micro to the high-performance Nova Pro, with Kevin noting that Amazon's own benchmarking demonstrated they're "considerably less expensive than previous models at similar performance." As screenshots popped up faster than you could process them, Kevin's enthusiasm was contagious. This wasn't just another incremental AWS update – it was the cost advantage that could finally open doors for institutions to experiment with AI applications that previously seemed financially out of reach.

The .NET Tool Higher Ed Has Been Waiting For

You could practically hear the virtual gasps when Kevin revealed the new Q Developer .NET porting tool. As he raced through slide after slide, this announcement stopped everyone in their tracks. This wasn't just another feature – this was the answer to a universal campus pain point that's been draining budgets for years.

"Everyone has home-built .NET apps running on Windows servers because they were cheap as little as licensing was inexpensive. But you're running Windows and usually SQL running Windows servers just to run a .NET app. And that license gets expensive," Kevin explained, his excitement palpable even through Zoom.

The chat erupted as participants immediately recognized what this meant. This tool can port applications from .NET Windows to .NET Core that runs on Linux containers – potentially eliminating thousands in licensing costs while simplifying infrastructure. You could almost feel the collective wheels turning as everyone mentally inventoried their legacy Windows applications. For institutions with aging Windows applications, this capability alone justifies staying connected to the community for implementation guidance.

Cost Control Solutions That Finance Will Love

The finance-focused announcements revealed AWS has been listening closely to higher education's unique challenges. The introduction of Scale Serverless V2 with scale-to-zero capability means you'll no longer pay for database instances when they're not being used. This addresses a long-standing criticism, with Kevin emphasizing: "People have long criticized AWS for saying, 'Well, serverless is great, but the minimum cost isn't 0.'"

For institutions with cyclical workloads tied to academic calendars, this feature could dramatically reduce costs during low-usage periods. The tradeoff? A 15-second warm-up period that most applications can easily tolerate.

Another finance breakthrough came with the Account Invoice Configuration capability. Finally addressing the perennial challenge of multiple payers across departments, this feature allows specifying different cost centers for separate invoices without requiring multiple AWS Organizations.

Research Computing Enablers

Several announcements directly addressed research computing challenges. The new S3 Tables capability automates the management of tabular data, eliminating the complex data management overhead that research teams face with incremental data loads.

For data-intensive workloads, the SRD protocol enhancements now support GPU Direct and GPU NVMe storage to achieve an astounding 1,200 gigabit speeds between GPUs on different nodes. While Kevin smiled and simply called this "ludicrous connectivity speed," the implications for AI and simulation workloads are profound.

The community reaction to the S3 Browser announcement was immediate and enthusiastic. This capability finally provides a user-friendly interface for researchers to access their data without requiring AWS console access – addressing a long-standing friction point when migrating from traditional file storage systems to S3.

What's Next? You Decide

In a breathless finish that somehow maintained the same high-energy tempo he started with, Kevin concluded with what felt like the 100th announcement of the session. As Bob Flynn opened the exit poll, the chat erupted with questions and excited comments. This wasn't just passive information consumption – it was a community actively digesting ideas together.

If you missed this session, you not only missed the comprehensive, rapid-fire overview of re:Invent's most impactful announcements but also the warmth of a community that celebrates each other's wins. The flurry of links shared in the chat, the spontaneous questions that sparked mini-discussions – these are the moments that transform isolated IT work into a connected community journey.

The good news? You can relive it by watching the recording and there's always next month's Tech Jam to join this vibrant knowledge-sharing community. But as anyone who attended would tell you – being there live as Kevin raced through "one slide for every announcement" without slowing down once is an experience that simply can't be replicated in a blog post.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

December 4th AWS NET+ Tech Share Recap: re:Invent Highlights and Community Updates
Tim Manik posted on Dec 17, 2024

Estimated reading time: 6 minutes

The December 4th AWS NET+ Tech Share brought together members from various institutions to discuss recent AWS re:Invent announcements, upcoming events, and shared challenges in managing AI resources in higher education. Here's what you need to know from our last meeting of 2024.

Upcoming Events

Mark your calendars for these important dates:

  • December 18th: NET+ AWS Tech Jam featuring Miracle Murakoshi's re:Markable re:Invent re:Cap (11am PST/2pm EST) (register)
  • December 20th: Deadline for Cloud Forum 2025 Call for Proposals (both Cloud & Research proposals). I encourage you all to consider sharing your projects, the challenges you’re tackling, or the valuable lessons you’ve learned with your fellow cloud professionals.
  • January 23, 2025: Save the date for the R&E FinOps Virtual Conference (10am-2pm PST/1-5pm EST). More information is soon to come.


An S3 bucket mascot in light green attending an AWS conference

An image generated by Amazon Titan Image Generation 1 model.


AWS re:Invent Updates and New Features

Several exciting announcements from re:Invent were discussed:

Amazon S3 Tables: AWS has introduced Amazon S3 Tables, providing fully managed Apache Iceberg tables optimized for analytics workloads. This service offers up to 3x faster query throughput and up to 10x higher transactions per second compared to self-managed tables. It integrates with AWS Glue Data Catalog, allowing seamless streaming, querying, and visualization of data using services like Amazon Kinesis Data Firehose, Athena, Redshift, EMR, and QuickSight.

Centrally Managing Root Access: AWS Identity and Access Management (IAM) now offers a capability that allows security teams to centrally manage root access for member accounts in AWS Organizations. This feature simplifies the management of root credentials and the execution of highly privileged actions across multiple accounts. Many members on the call were very interested in implementing this feature as it will improve operations and security through decreasing management efforts and reducing attack surface.

Declarative Policies: AWS has introduced declarative policies, enabling organizations to define and enforce desired configurations for AWS services at scale. For instance, you can enforce a "block public access" setting for VPCs across all accounts in your organization, ensuring consistent security postures.

Resource Control Policies (RCPs): AWS Organizations now support Resource Control Policies, a new type of authorization policy that sets the maximum available permissions on resources within your entire organization. RCPs help establish a data perimeter in your AWS environment and restrict external access to resources at scale.

Invoice Configuration: In addition to the central root access management feature, the new invoice configuration features were an eye catcher for many members on the call. AWS has launched Invoice Configuration, allowing you to customize your invoices to fit your business needs. This feature enables you to receive separate AWS invoices for member accounts belonging to different business entities within the same AWS Organization, streamlining financial management and compliance. 

Amazon Nova Models: Amazon has unveiled Amazon Nova, a new generation of foundation models capable of processing text, image, and video inputs. These models, available through Amazon Bedrock, offer state-of-the-art capabilities for generative AI applications, including text generation, image creation, and video production. The most attractive feature of these models is that it is relatively inexpensive compared to other state of the art models from Anthropic and OpenAI. Simon Willison, a well known open-source programmer, created a cost comparison table amongst the models mentioned above. Below is a table from his blog. I highly recommend reading this article for a deeper dive.


ProviderModelCents per million inputCents per million output
OpenAIGPT-4o Mini1560
AnthropicClaude 3 Haiku25125
AnthropicClaude 3.5 Haiku80400
GoogleGemini 1.5 Flash-8B3.75

15

GoogleGemini 1.5 Flash7.530
AmazonNova Micro3.5

14

AmazonNova Lite624


If you’re scratching your head about how some of these new features work or if you would like to hear more about them, swing by our upcoming AWS Tech Jam where our (and AWS’) very own Kevin Murakoshi will recap all of the relevant re:Invent announcements. Link to the registration can be found here.

Further Discussion of re:Invent Updates

Several technical announcements were discussed:

  • The announcement of the ability to remove root account credentials completely and replace them with temporary ones started a discussion about handling special cases like Amazon Mechanical Turk (MTurk). Many members on the call manage end users that access Amazon MTurk. They brought up how certain MTurk cases require root account privileges. It seems like the new central management feature for root credentials will work for scenarios that exclude use cases around Amazon Mechanical Turk. Further investigation and testing will need to be done to confirm this definitively.
  • A note about upcoming changes to CloudTrail events for AWS IAM Identity Center logs.
    • Effective January 13, 2025, AWS IAM Identity Center will modify CloudTrail event data by replacing the userName and principalId fields with userId and identityStoreArn, providing unique and immutable user identifiers. The userIdentity type will change from Unknown to IdentityCenterUser for authenticated users, enhancing clarity in user identification. Additionally, group displayName values in administrative events will be replaced with HIDDEN_DUE_TO_SECURITY_REASONS; to access group attributes, use the Identity Store DescribeGroup API operation.

Discussion of AI in Higher Education

The discussion touched on several AI-related topics:

  • The University of Delaware shared an innovative use case where they processed thousands of hours of lecture videos to create personalized learning experiences, including a student aid chatbot capable of creating custom flashcards
  • The University of Wisconsin-Madison raised important points about managing AI resource access and spending in academic settings, particularly for business school AI courses
  • The community discussed challenges in balancing professor requests for comprehensive AI tool access (including OpenAI and Amazon Bedrock) with institutional controls

Looking Forward

The Amplify GenAI Barn-raising event that took place in November was a great success. I will be doing a write up of it so be on the look out for that. The overwhelmingly positive reception of the session generated interest in additional Barn-raising events. Several members of the group expressed interest in implementing Indiana University’s automated transcription service hosted on AWS. The upcoming barn-raising session is planned to take place in spring 2025. Members interested in participating in future barn-raising events are encouraged to reach out with their ideas and use cases.

That’s it for this AWS tech share write up! Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

NET+ Canvas: Dec 2024 Newsletter ❄️
Lauren Hanks posted on Dec 02, 2024

Greetings Everyone!

As you’re wrapping up final to-dos for the end of the semester, here’s your final NET+ Canvas program newsletter of the year:

Instructure Acquisition Complete

As of November 13, Instructure announced the close of its acquisition by investment funds managed by KKR, a leading global investment firm, and Dragoneer, a growth-oriented investor, for $23.60 per share in an all-cash transaction valued at an enterprise value of approximately $4.8 billion. You can read more about this news in Instructure’s Press Release. As a reminder to all NET+ Canvas subscribing institutions, we can confidently say that we expect no changes to the NET+ Canvas program or to the agreements in place with participating institutions as a result of this acquisition.

"We could not be more excited to begin the next phase of our journey as the mission-critical educational operating system that schools, institutions and companies rely on to improve outcomes for lifelong learners. Having KKR's support will help us double down on core markets, scale our global reach at a faster pace and unlock new opportunities as we continue to innovate and enhance Canvas and the Instructure Learning Ecosystem." –Steve Daly, CEO of Instructure

Key Takeaways for NET+ Canvas Program:

  • The current Internet2/Instructure Business Agreement is in effect until 2033, providing predictability on terms and pricing for all existing services.
  • In the case where Instructure is acquired, any assignee is bound by the terms of the Business Agreement between Instructure and Internet2. (BA 9.9(b))
  • In short, what Instructure could do before, it can do after – nothing more or less.

For any further questions or concerns, please contact netplus@internet2.edu or consider filling out the Service Advisory Board contact form.

Community News - Dec 2024

In case you missed it, the NET+ team has been hard at work these last few months to deliver a collection of webinar events called Discovering the Power of NET+ Services. This nine-part series guided participants through the NET+ Programs, introducing them to Program Managers, showcasing community activities, highlighting special contract terms and higher education-focused pricing, and demonstrating how to maximize program benefits.

I dove into all-things NET+ Canvas, NET+ Panopto, and NET+ LabArchives in my session on October 17, and the recording can be found here. If you’re interested in navigating through resources shared during the session, feel free to download the webinar slides here.

UP NEXT: We’re hosting a special webinar tomorrow, 12/03, for our NET+ Canvas subscribing institutions on AI Literacy in Higher Education. Event details can be found below: 

Webinar: AI Literacy in Higher Education

Date & Time: Wednesday, December 03 @ 2pm ET

Description: Join Ryan Lufkin, Instructure's VP of Global Academic Strategy for a conversation about artificial intelligence literacy in Higher Education. Educators are cautiously optimistic about the impact of generative AI on education, however they are hungry for insights into how to navigate the world of AI. We will discuss strategies Institutions can adopt to ensure the implementation of AI is safe, ethical, accessible, equitable, and impactful for teaching and learning.

Joining Info: This event is available for NET+ Canvas subscribers. Please email lhanks@internet2.edu if you have not yet received a link register.

We look forward to seeing you there!

Program Resources:

NET+ Canvas Wiki PageData Governance Wiki PageCanvas LMS Cloud Scorecard

Advisory Board Updates - Dec 2024

The NET+ Canvas Service Advisory Board had an eventful last few months, focusing on strategic initiatives, product updates, and maintaining its role as a trusted advisor for Instructure during a period of change. Highlights included a detailed "State of Instructure" briefing in August, where Chris Ball, President & COO, addressed the company's acquisition by KKR and its implications for international growth, product development, and the NET+ community. In September, the board began planning a Q4 town hall to support AI literacy among program subscribers and reviewed updates to the SAB Action Plan. October welcomed Matt Mooney from the University of Utah as a new board member and featured discussions on the Headlamp product with Trey Bean. Looking into the last few weeks of the year, our SAB will be reflecting on 2024 goals and plans for 2025. 

If you have any ideas for 2025, questions for the SAB, or overall program feedback, please reach out to the Board by filling out this form

SAB Resources:

Wiki Home PageMeeting AgendasCharter2024 GoalsContact Form

Instructure Announcements - Dec 2024

  • Instructure Unveils Comprehensive Lifelong Learning Report: Trends & Insights from K-12 to Career → Read More
  • Half of Higher Ed Institutions Now Use AI for Outcomes Tracking, But Most Lag in Implementing Comprehensive Learner Records → Read More
  • Instructure Integrates Microsoft Reflect with Canvas LMS, Expands Mental Wellness Resources Ahead of World Mental Health Day → Read More
  • Instructure Launches First-of-its-Kind Education Policy Atlas to Aid in Identifying Funding Requirements for Every State → Read More

Around Internet2 & Beyond - Dec 2024

The NET+ team is launching a Net Promoter Score (NPS) survey to gather feedback from program participants. The survey will be distributed to different cohorts over the coming months, so please keep an eye out for an email invitation. Your participation is highly encouraged, as your feedback will help us understand how we can better meet your needs and improve NET+ programs.

We’re also very excited to share that Pathify has joined Internet2 as our newest NET+ Program. Read the announcement for more information on how to get involved. For more NET+ news, check out our latest quarterly newsletter, Catching Up on the Cloud


Wishing you a peaceful end to the semester! For questions or ideas about the NET+ Canvas program, contact me at lhanks@internet2.edu. For concerns related to pricing, order forms, agreement terms, etc. please reach out to netplus@internet2.edu

(P.s. Do you have colleagues that might benefit from receiving this newsletter? Please let me know so we can add them to the mailing list!)

This blog post content was originally sent to mailing list for NET+ Canvas subscribers. To receive future emails, please contact netplus@internet2.edu. 

Table of Contents

November 13th AWS NET+ Tech Share Recap: Digital Preservation, AI Initiatives, and Community Updates
Tim Manik posted on Nov 26, 2024

Estimated reading time: 4 minutes

The November AWS NET+ Tech Share brought together participants from various institutions for discussions ranging from digital preservation strategies to artificial intelligence collaboration initiatives. Here's a summary of the key discussions:

Community Updates and Upcoming Events

Several important deadlines and events are approaching for the research and education community:

  • The NERCOMP Annual Meeting (March 31 - April 2, 2025, in Providence, RI) call for proposals closes November 18. AWS's Jan Day is available to assist with submission preparation.
  • Got a cloud deployment project that you’ve been working on this past year? Eager to share this story with your peers? Lucky for you, the Cloud Forum 2025 is accepting proposals for both Cloud and Research tracks until December 20.
  • Mark your calendars for the R&E FinOps Virtual Conference on January 23, 2025 (10am-2pm PST/ 1-5pm EST).

Institutional Highlights

Carnegie Mellon University's Billing Evolution

Carnegie Mellon University shared their transition to a centralized billing model. They're implementing a single purchase order system to address billing discrepancies, though this approach requires swift monthly processing of all charges.

Getty's Digital Preservation Journey

The Getty Trust provided fascinating insights into their digital preservation efforts. With a mandate to "digitize everything," approximately 95% of their digital assets are stored in AWS. Their team has developed innovative solutions for media migration and will be presenting their approaches at the upcoming TechEx conference.

Data Management Insights

Several institutions shared their experiences with data management:

  • Carnegie Mellon discussed their solution to data archival challenges, noting that investing in more robust resources has helped ensure long-term data integrity.
  • Multiple institutions highlighted their approaches to supporting library use cases, with dedicated teams handling long-term storage for public resources and specialized scanning equipment for book digitization.

Technical Updates

The discussion touched on several technical developments:

  • Amazon's transition from Apache Spark to Ray was noted, though the consensus was that this change primarily impacts large-scale operations.
  • The University of California system's research data protection project was highlighted, with their tool available on GitHub at rcs3.
  • Participants discussed various disaster recovery approaches, including VM archival strategies and challenges with specific storage solutions.

AI Initiatives and Working Groups

The AI landscape continues to evolve in higher education, with several upcoming events and initiatives:

  • Purdue and Notre Dame are hosting AI forums in the coming weeks.
  • The Internet2 AI Working Group is accepting new participants (contact tfrank[at]internet2[dot]edu for more information).

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

November AWS LZA Community of Practice Meeting Recap: Feature Requests, LZA 1.10, and Network Configurations
Tim Manik posted on Nov 25, 2024

Estimated reading time: 4 minutes

The November AWS Landing Zone Accelerator (LZA) Community of Practice meeting brought together institutions to discuss feature requests, recent updates, and share implementation experiences. Here's a summary of the key discussions:

Feature Request Process

The meeting kicked off with a discussion about streamlining features and documentation requests. Community members raised several important questions about the process:

  • File upload capabilities for request submissions
  • Integration with support ticket systems
  • Visibility of community-submitted requests

Internet2 is working with AWS to create the intake form and process for feature requests. More information is soon to come.

LZA 1.10 Release and Updates

A significant portion of the meeting focused on the recent release of AWS LZA 1.10. According to the AWS LZA Github release page, key new features include

“...the opportunity for new installations to leverage AWS CodeConnections to use GitHub, GitLab, or Bitbucket for storing the LZA configuration files. This supplements existing options including AWS CodeCommit and Amazon S3 to provide even more flexibility when integrating LZA operations into existing workflows.”

For those interested in staying updated with LZA releases, community members shared two helpful approaches:

  1. Following releases directly on GitHub using custom "watch" settings
  2. Subscribing to the releases RSS feed at: https://github.com/awslabs/landing-zone-accelerator-on-aws/releases.atom

Community Implementation Insights

Several institutions shared their experiences and current projects:

Network Configuration Approaches

A poll during the meeting revealed diverse approaches to core networking:

  • Several institutions, including Tufts University and University of Colorado Boulder, implement networking through LZA
  • Others opt for Terraform-based solutions
  • One participant noted that LZA effectively handles their entire network configuration, including network firewalls in ingress and inspection VPCs

Security and Compliance

The University of Colorado Boulder shared their work on tuning Security Hub rules, particularly focusing on NIST 800-171 compliance.

Hybrid Approaches

Multiple institutions reported using a mix of LZA and Terraform, choosing the best tool for specific needs:

  • Tufts University recently upgraded to v1.9 and is training team members on the platform
  • Some institutions use LZA for core infrastructure while managing other components through Terraform

Cost Optimization

An important discussion emerged around optimizing costs for sample configurations:

  • Community members shared experiences running test environments for approximately $100/month
  • There was interest in developing a minimum configuration template
  • AWS expressed willingness to work on more cost-effective sample configurations

Conclusion

The November AWS LZA Community of Practice meeting highlighted significant developments, particularly the release of LZA 1.10 with its enhanced repository integration options through AWS CodeConnections which allows integration into third party repositories like Github and Gitlab. Community members shared valuable insights on diverse implementation approaches, from Tufts University's successful v1.9 upgrade to University of Colorado Boulder's work on Security Hub rules for NIST 800-171 compliance, demonstrating the platform's flexibility across various hybrid implementations.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

October 30th NET+ AWS Tech Share: Hybrid Infrastructure Strategies and Cloud Innovation
Tim Manik posted on Oct 30, 2024

Estimated reading time: 4 minutes

The October AWS NET+ Tech Share covered infrastructure migration strategies, innovative AI implementations, and upcoming community events. Here's a summary of the key discussions:

Key Events

  • Webinar on NET+ AWS, NET+ GCP, NET+ Kion and CICP (slides and recording)
  • NET+ AWS Barn Raising: Amplify AI Build Out (no recording, but blog will be coming soon)
  • Upcoming re:Invent Keynote Watch Parties featuring main keynote, Werner's infrastructure presentation, and Peter Desantis's Monday night session
  • Are you working on a project on AWS that you’ve been heads down on for the past few months? If so, you should consider submitting a proposal for the 2025 Cloud Forum.

Infrastructure Strategy Insights

Penn State University's Approach

Penn State University shared their comprehensive strategy for infrastructure transformation:

  • Operating within a three-year VMware transition timeline
  • Focusing on IT department centralization
  • Implementing Kubernetes environment in AWS
  • Maintaining flexibility between cloud and physical servers
  • Taking an "if you build it, they will come" approach to cloud adoption

Cloud Migration Experiences

The UC Office of the President shared their experience migrating on-premises VMs to the cloud:

  • Successfully addressing around 92,000 security findings during migration
  • Rebuilding applications with new operating systems
  • Implementing vulnerability mitigation strategies

Innovation Highlights

AWS shared notable implementations from recent tech conferences:

  • UCLA Anderson School of Business: Developed GenAI-powered custom email templates for alumni donation campaigns, featuring adversarial model validation
  • UC Irvine: Created an open-source alternative to paid backup services for AWS to S3 data backup

Hybrid Infrastructure Discussion

Several institutions explored hybrid cloud possibilities:

  • Interest in AWS Outposts and Azure Stack HCI implementations
  • Discussion of EKS and ECS anywhere deployments
  • Questions about EKS anywhere on AWS outposts for on-premises Kubernetes management

Conclusion

This Tech Share highlighted the diverse approaches institutions are taking to infrastructure modernization, from full cloud migrations to hybrid solutions. The discussions emphasized the importance of careful planning and consideration of various deployment options to meet specific institutional needs.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

October NET+ AWS Town Hall Recap: Mastering Multi-Account Governance in Higher Education
Tim Manik posted on Oct 24, 2024

Estimated reading time: 5 minutes

In our recent AWS Town Hall (recording), we discussed a challenge that resonates across the higher education landscape: managing multiple AWS accounts with a focus on strengthening security and maintaining compliance.

The session featured insights from AWS's higher education strategy team and technical experts who shared valuable perspectives on landing zones and AWS Control Tower.

Understanding the Challenge

Patrick Frontiera from AWS's higher education strategy team highlighted that higher education institutions face over 200 compliance regimes, with 24 specifically focused on IT. This complexity is further amplified by the decentralized nature of academic institutions, where IT responsibilities often span across departments and research units.

The key challenges institutions face include:

  • Managing numerous evolving compliance requirements
  • Balancing innovation with security in decentralized environments
  • Coordinating hybrid and multi-cloud infrastructures
  • Maintaining consistent security policies across diverse departments

AWS's Approach to Solutions

AWS has developed a comprehensive approach to these challenges, building upon their shared responsibility model. As institutions move towards managed services, AWS takes on more of the security and compliance burden. Some notable solutions include:

  • Support for 143 compliance programs relevant to higher education (including FERPA, HIPAA, and NIST 800-171)
  • AWS Audit Manager for identifying compliance gaps
  • AWS Artifact for generating compliance reports

Landing Zones: A Foundation for Success

Chris Kuehn, AWS Solutions Architect, introduced landing zones as AWS's strategic solution for creating secure, scalable environments. A well-designed landing zone includes:

  • Built-in security guardrails and encryption
  • Integration with university identity systems
  • Unified billing processes
  • Pre-configured networking
  • Customizable development environments

The Evolution of Landing Zones

The journey of AWS landing zones reflects the maturing needs of higher education:

  1. Custom-Built Solutions (Early Days)
  2. AWS Organizations (2017) - Introducing consolidated management
  3. AWS Control Tower (2019) - Automating setup and management
  4. Customizations for Control Tower (2020) - Adding flexibility for specific needs

Implementation Best Practices

AWS recommends a flat organizational unit (OU) structure to maintain simplicity while accommodating diverse needs; a flat structure means no nested OUs. A typical OU structure includes:

  • Management Account (central authority)
  • Core OU (logging and auditing)
  • Shared Services OU (common infrastructure)
  • Central IT OU
  • Sandbox OU (experimentation space)
  • College/Department OUs
  • Compliance-Specific OUs (e.g., HIPAA workloads)

Practical Insights from Q&A

The session concluded with valuable questions from attendees. Key takeaways include:

  • Testing Updates: Maintain a separate development landing zone for testing Control Tower updates
  • Migration Strategy: Use a migration OU with relaxed controls for staging existing accounts
  • Existing Organizations: While greenfield deployments are ideal, Control Tower can integrate existing accounts with proper planning

Looking Ahead

As compliance requirements continue to evolve, the structured approach offered by AWS landing zones becomes increasingly valuable. The key is to create guardrails, not roadblocks – enabling innovation while maintaining security.

For institutions looking to implement or optimize their landing zone strategy, AWS offers several solutions and support mechanisms:

  • Landing Zone Accelerator (open-source solution)
  • AWS Partner Network
  • AWS Professional Services

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

October 17th NET+ GCP Tech Share: Compliance, Security, and Networking in Higher Education
Tim Manik posted on Oct 24, 2024

Estimated reading time: 4 minutes

This black-and-white 2D manga-style illustration depicts a simple router, firewall, and university building. The router is drawn with rounded edges, while the firewall is a minimal brick wall with small flame accents. The university building has clean, traditional lines, and the overall image has light shading, creating a clear and uncluttered design.

The October GCP NET+ Tech Share covered compliance challenges in GCP, SSL certificate renewal periods, and networking security issues in higher education. Here's a summary of the key discussions:

Recent Events Recap

Two significant events preceded this Tech Share:

  1. The Google Rapid Innovation Team (RIT) Project Pitch Session showcased several innovative projects.
  2. The NET+ GCP SAB meeting in NYC featured these RIT project pitches and a presentation from Washington University on GCP Support Plan challenges.

Upcoming Events

Several important events are on the horizon:

Compliance in GCP

Vanderbilt University raised concerns about compliance in GCP, particularly in light of new CMMC changes. Key points of discussion included:

  • Challenges of self-auditing vs. external audits for Controlled Unclassified Information (CUI)
  • Difficulties in maintaining compliance in distributed environments
  • The need for tooling or partnerships to create compliant accounts that can't be undone
  • Interest in publicly available Terraform scripts (or other infrastructure as code) for setting security baselines

Jeff from Google mentioned a dedicated team that supports compliance audits and shared resources:

Jeff will look internally to see if there is a team working on IaC for automated compliance checks.

SSL Certificate Renewal and Network Security

The discussion shifted to SSL certificate management and network security:

  • Apple is lowering their SSL cert renewal period to 45 days, while Google is shortening theirs to 90 days
  • Tailscale was suggested as a potential solution for servers with limited network access to renew SSL certs
  • Penn State University expressed interest in moving towards hierarchical firewall rules to simplify complex routing and peering for compliance requirements

Northwestern University shared their experience with Next-Generation Firewall (NGFW) in their Secure Enclave setup, noting challenges with licensing and idle resources.

Future Discussions

The challenges around SSL certificate renewals on network-restricted machines naturally circled back to the conversation about compliance. This prompted planning a networking session with GCP Networking SMEs to address secure access for regulated workloads that remains user-friendly and manageable for IT administrators.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

October 16th NET+ AWS Tech Share: Navigating FinOps Challenges and Anticipating AI Workshop
Tim Manik posted on Oct 24, 2024

Estimated reading time: 4 minutes

A fun and zen-inspired 3D cartoon showing a calm floating island with soft, rounded hills, bouncing coins, and cloud-like data charts. A winding path leads into the distance, symbolizing progress and growth. The scene is colorful with soft pastel tones, evoking a peaceful and playful atmosphere, representing financial challenges and innovation in a serene and engaging way.

The October AWS NET+ Tech Share covered FinOps challenges, account provisioning strategies, and an upcoming AI chatbot workshop. Here's a summary of the key discussions:

Recent Community Updates

The Landing Zone Accelerator (LZA) Community of Practice continues to meet regularly. For those interested in catching up, recent blog posts are available, including a recap of the NET+ AWS Private Marketplace series and the September Tech Share summary.

Key Events

FinOps Challenges and Solutions

A significant portion of the discussion centered around FinOps challenges and potential solutions:

Account Provisioning Strategies

  • Implementing Service Control Policies (SCPs) to require tagging.
  • Using AWS Control Tower for budget alarms and sandbox account provisioning.
  • Setting up cost anomaly detection in new accounts.

Tagging Practices

  • Tagging per grant or payment source can be useful, especially in research contexts.
  • Dividing resources based on logical isolation (grant, lab, project).

Cost Control Measures

Northwestern University recommended setting up cost anomaly detection in new accounts to help manage expenses proactively.

University of Wisconsin-Madison's Approach

The University of Wisconsin-Madison shared their strategies for managing cloud resources:

  • Using separate accounts for different projects, sometimes multiple accounts per researcher.
  • Employing Terraform to standardize cost alerts.
  • Utilizing account boundaries as the primary method for cost tracking.
  • Offering weekly office hours to assist researchers.

AI Chatbot Workshop Announcement

An exciting announcement was made regarding an upcoming "barn raising" hands on session to build an AI chatbot using Vanderbilt's GenAI Platform with guidance from developers and architects. Institutions are encouraged to identify appropriate team members to participate in this hands-on workshop, which is estimated to take about 4 hours with proper preparation. For those that need additional guidance, Bob is creating a document to assist institutions in choosing appropriate participants.

Conclusion

This Tech Share provided valuable insights into FinOps challenges and solutions, highlighting the importance of proper account management and cost control in academic cloud environments. The upcoming AI chatbot workshop presents an exciting opportunity for institutions to dive into practical AI application development.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.

October 2nd AWS NET+ Tech Share Recap: Collaboration and Cloud Migration Insights
Tim Manik posted on Oct 18, 2024

Estimated reading time: 4 minutes

The October 2nd AWS NET+ Tech Share covered collaborative projects, disaster recovery solutions, and cloud migration experiences. Here's a summary of the key discussions.

Recent Highlights and Upcoming Events

Collaborative "Barn Raisings"

The group continued to discuss the proposed "barn raisings" – collaborative sessions where community members get together with AWS experts to build out a solution in their environment. Here are some potential sessions that interest the community:

  1. Indiana University's Audio Transcription Service: A tool that could benefit many institutions dealing with audio content.
  2. Secure research environments: A crucial need for institutions handling sensitive data.
  3. Arizona State University's PDF accessibility project: Addressing the important issue of document accessibility in higher education.

Disaster Recovery and Migration Insights

James from Old Dominion University sparked a discussion on AWS Elastic Disaster Recovery (DRS) experiences. Tommy from AWS explained that DRS, formerly CloudEndure, offers block-level replication from source to target, with both migration and DR options.

Rob from Loyola Marymount University shared valuable insights on using AWS Application Migration Service (MGN): While generally effective, MGN presented challenges with edge cases.

Gerard from Boston University (BU) added historical context, noting past issues with VMware agents and instance sizing during migration. These experiences highlight the ongoing challenges in cloud migration and the importance of careful planning.

SAP HANA in the Cloud: Balancing Performance and Cost

Gerard from BU raised a question about running SAP HANA in AWS. Currently using an on-premises solution across two data centers, they're exploring AWS as part of a tech refresh. Some participants with past SAP HANA experience shared how this is a big undertaking and would be interested to hear the outcome of it. Solutions Architects on the call recommended Gerard to talk to his dedicated AWS SA to loop in an SAP HANA specialist from AWS to discuss potential migration plans and their forecasted cost.

Data Lake and Account Management: A Holistic Approach

Max from Wayne State University (WSU) shared insights on their ongoing Data Lake project and AWS migration. His and his team’s work are mainly greenfield efforts, e.g. creating a new AWS Organization, setting up Control Tower, designing VPCs, and even building an integration for account provisioning with Grouper and EntraID.

For many folks on the call, this was a trip down memory lane, reminiscent of when they had to migrate their first set of workloads into AWS. We hope that the collective wisdom and experience of this group can help teams like Max’s navigate their AWS migration more smoothly and avoid common pitfalls

Control Tower in Academic Settings

Ethan from Carnegie Mellon University (CMU) inquired about experiences with decommissioning AWS Control Tower. Someone from a quantum computing course in CMU had set up Control Tower in their AWS environment. While no direct experiences were shared, the discussion pointed to AWS documentation and highlighted the growing use of AWS in course settings.

While initially talking about Control Tower, this conversation highlighted similar adoption of an uncommonly used AWS service: AWS Braket. Both CMU and BU have a quantum computing course which uses AWS Braket. BU claims that the course was well received.

Conclusion

The October AWS NET+ Tech Share demonstrated the higher education community's commitment to collaborative problem-solving and knowledge sharing. From exploring joint projects to discussing the intricacies of cloud migration and specialized use cases like SAP HANA, the discussions reflected the complex and evolving nature of cloud adoption in academic institutions.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.