The FT goes 'cloud-only', using AWS and GCP
Greg Cope, technical director for enterprise services, and interim CTO Mark Ridley discuss the successes and pitfalls along the way, as the organisation managed to ditch all of its data centres during the global pandemic
Launched in January 1888, the Financial Times celebrates its 132nd birthday this month. Its long history has seen it adopt and exploit hundreds of technologies across its years, with its focus more recently turning to cloud.
It has been using cloud technologies since 2013, quickly adopting the ‘cloud-first' approach. That changed in 2017, when its strategy became ‘cloud-only'.
"The over-arching idea was to save money and close our data centres," says Greg Cope, technical director for enterprise services and security at the organisation. "That meant dealing with some of the last remaining products which hadn't migrated to cloud."
In 2019 the FT decided that it would close its remaining data centres in 2020, launching a project called ‘Cloud 2020'. It was a large operation, with lots of supplier contracts designed to end at the same time, meaning that there was little margin for error.
And all this whilst Covid-19, which Cope describes as "a curve ball", ravaged the world.
Taking Print into 2020 and beyond
"We had to migrate our newspaper CMS [Content Management System], and our digital print systems, amongst others," adds Cope.
This latter system takes the newspaper each day from the editor's desk to appear at the FT's print sites around the world.
"We used to have 17 print sites based around the world, and occasionally we've move them depending on demand and local printing costs. Sometimes that would mean physically moving the servers."
This was expensive both in terms of hardware, but also maintenance and people costs. By putting it all in the cloud, print technology costs are lower.
"Currently we're targeting three or four global locations to run these print systems from, down from one in every print site," adds Cope.
Mark Ridley has taken the role of interim CTO of the FT, and part of his role was to facilitate Cope's work.
"It was already a very evolved process by the time I arrived in 2020," says Ridley. "I just needed to clear the way for Greg and his team, and give them the right objectives.
"Now the work has happened to close the data centres, we're moving to cloud optimisation. To get to where we wanted to be we worked with a number of suppliers to provide cloud versions of their services. In the past that might have been something we bought and ran ourselves on our own kit.
"Where that change is end-user facing, there has been lots of effort from Greg's team to do the training and comms. A large part of that was trying to get people to move off the old VPN. That communications work is something which many people don't think is the responsibility of the tech team."
Cope added that the organisation has also moved to adopt a cloud filesharing system.
"We had at least 62 terabytes of fileshares, all of which we migrated this year. Most of the business was still using traditional fileshare on the VPN, which we moved to Google Drive. Now people can access their files from anywhere over their iPads for example, which has been a real boon under Covid. Also some of the workflow fileshares have been moved to AWS."
Cope has heard little back from users over the move, which he admits is a good thing.
"There haven't been any issues for the users. This sort of project is always the sort of thing you don't hear much about unless it goes wrong!"
Coming back to the CMS, part of the Cloud 2020 project involved making it available over the internet in a secure way, using encryption and Multi-Factor Authentication (MFA).
"So now our editorial colleagues can work from anywhere, which is a big win for them, and really helped us as we went into lockdown in March last year," says Cope.
The FT goes 'cloud-only', using AWS and GCP
Greg Cope, technical director for enterprise services, and interim CTO Mark Ridley discuss the successes and pitfalls along the way, as the organisation managed to ditch all of its data centres during the global pandemic
Shift to remote working
This move to enable web publishing coincided conveniently with the start of the first lockdown in March 2020.
"We accelerated the project as it was easier to use and reduced pressure on the VPN, which had never been scaled to enable everyone to work from home simultaneously.
"The idea is to enable staff to work securely from anywhere."
Ridley adds that the FT experimented with allowing staff into the office for a week before full lockdown in March 2020.
"We tried a week when we kept the offices open. We had a case [of COVID-19], so had to clear the floor and deep clean it. We realised that would just keep happening, and by that time we had the capability to work from home, so we pivoted to home working in just two days. It was a stressful experience for Greg's team supporting that for about six weeks, then it was completely sorted."
"Our comms went out saying please take your laptop home, then afterwards advising people not to come back in," adds Cope. "The challenge then was getting screens and keyboards out to people, which is preferable to the challenge of ‘can we even do this?'"
The shift to remote working was further facilitated by the rollout of a softphone solution from Ring Central, replacing an earlier fixed phone system from Cisco.
"We knew the existing Cisco solution needed replacing, so we had a trial of various systems and Ring Central came out on top," says Cope.
The FT also uses Google Hangouts and Slack for other communication methods.
"Google and Slack are the heart of the collaboration tools we use at the FT," adds Ridley. "Where we needed to provide an old-fashioned phone number we'd go through Ring Central.
Decommissioning data centres
Arguably the riskiest part of the entire project was the data centre decommissioning.
"You can mitigate the risk in the cloud by deploying in an architecturally redundant way," explains Cope. "It's rare for multiple regions to go down at once. AWS and the other providers do have occasional outages, but I can't recall one with either them of GCP [Google Cloud Platform] which affected multiple regions simultaneously.
The other risk was that the project would overrun, which would have necessitated extending various supporting supplier contracts, thus incurring additional cost.
"The scenario was a bit like a taxi clock ticking away," says Cope. "It doesn't go up in a steady manner, it goes up in big jumps. And you can't ask for just a week's extension. We had suppliers delivering storage, renting data centre space, then lots of support contracts for things like networking kit, virtualised infrastructure, data systems, the VPN solutions, all due to end at the same time."
Another big risk was whether all the different tech in use by the FT would actually work in the new cloud environment.
"A minor unknown is that our data centres used to route all traffic across the WAN [Wide Area Network]. We had to engineer the data centres out, which involved new technology from our networking supplier to connect the MPLS [Multi Protocol Label Switching] directly to the cloud, with VPN break-outs. We had to reconnect a lot of supplier VPNs," says Cope.
One way of reducing this risk was by reducing the number of changes being made at once.
"We moved our Active Directory in October from the data centre to AWS. There are lots of ways to do that, we could've adopted Azure AD, but we just fired up some servers in AWS and put it there because that was the smallest, simplest change to make. We'll probably review it next year because it's not the most cloud-friendly approach, but it works," Cope admits.
The FT goes 'cloud-only', using AWS and GCP
Greg Cope, technical director for enterprise services, and interim CTO Mark Ridley discuss the successes and pitfalls along the way, as the organisation managed to ditch all of its data centres during the global pandemic
Why ‘cloud-only'?
However, taking a ‘cloud-only' approach surely increases risk, why did the FT not prefer a more traditional hybrid approach?
The answer, according to Cope, is agility.
"One of the advantages of cloud is the ability to gain huge amounts of agility. With a hybrid approach that ability becomes much smaller. For example, if I want a database, I go to GCP or AWS and I can set it up immediately. If I wanted to develop one in-house it would take longer to create, then I'd need a team to maintain that provisioning system."
Another factor when shifting everything into the cloud is security. Cope says the FT wasn't unduly concerned.
"We sell our content, so that's not our IP," he begins. "It's cheaper for someone to buy a subscription than to steal our content. What we can do in the cloud is increase our security posture drastically. We can have capabilities deployed to their own accounts within their own context rather than merely in one or two data centres. When we deploy to the internet we insist it's deployed securely with encryption and MFA."
Staying secure
Ridley adds that the FT is similarly modern in its approach to engineering its own solutions.
"We've been using containerisation for a long time. We use things like Lambda functions in AWS to go serverless, so we have good maturity in software engineering. And Greg has a very competent cyber security team. Part of their role is to help protect against end user threats. We use a ‘security risk score', driven from inside Greg's team and adopted throughout the product and tech groups. They inherit the score that Greg's team sets, and then we set security objectives to reach a final score at the end of the year, so they're setting their own OKRs [Objectives and Key Results]," says Ridley
Cope continues: "Over the last three years we've architected a way to make ourselves much more secure. Our cloud implementation is much more secure than our legacy data centre implementation. It wasn't especially weak, it was segregated. But the Solar Winds issue recently, with someone breaking in and moving laterally from there, is easy if you have a flattish network, but the cloud is less interconnected than data centres [so lateral movement is far harder]."
The organisation is also using a ‘zero trust' approach.
"We're talking a lot about zero trust. That's why we're doing secure delivery of capabilities over the internet. That means you don't have to trust your client, you make sure your front door is reasonably strong. There's no big castle and moat because things aren't interconnected behind. Most of our products over last five years use lots of APIs over the internet so they don't trust one another.
"The culture has moved on, people understand that's the way you need to work. It's not universal but it's getting there."
Finally, both Cope and Ridley are keen to emphasise that the success of the project is down to a team effort.
"It was a massive team effort amongst the technology teams to move all the different bits that needed to be moved in time to close the data centres," says Cope. "It became obvious that the data centres were expensive and only supporting a few capabilities. Once you socialise that message with stakeholders the business case becomes self-sustaining."
Ridley adds: "It's been an enormous effort for Greg's team who carried greatest burden, but teams across the FT contributed. We started the year with a goal to shut down 1,000 instances and get to zero in our data centres. That's been reflected in our objectives in every quarter. It became a target that everyone in the organisation was aimed at.
"This has been something the CEO has called out in company all-hands meetings. We've had support form the very top. Cait [O'Riordan, the FT's CIO] would regularly talk about how big a deal it was. The exec group for product and tech had it in our objectives from Q1. Part of the reason we got it delivered on time was the focus brought to it through those objectives. When we reviewed those objectives Greg always pointed out where more focus might be needed, so that shepherding is critical, along with exec buy-in."
For more on cloud services, including how hundreds of end users rate the platforms they use every day, check Delta, Computing's award-winning market intelligence service for IT professionals.