I'm quite proud of our team. 2 years ago we set out on a mission to help our clients include public cloud in their IT strategy for many business, security and economically fueled reasons. We have many success stories now of companies and institutions that have partnered with us and successfully taken a step towards public cloud. In many of these situations a "lift and shift" migration was not on the cards. A better fit was a hybrid approach with cloud ready workloads moved to Azure, legacy applications stay on-premise and orchestration is put in place to provide cloud based Disaster Recovery and Backup. In hybrid setups, everyone is happy and we get the best of both worlds while we phase out dependencies on the local area network.
Make no mistake, the solutions we can provide in a cloud or hybrid environment are game changing.
Data protection, geographically redundant systems, scaling resources and performance as needed are all tough challenges to piece together with a build-your-own-datacenter approach, never mind the security and compliance considerations that need to be tackled. With Azure, we inherit state of the art security that is continuously evolved by Microsoft's security teams [Red and Blue], which by the way dwarfs that employed by most national governments around the world. It also leverages the Intelligent Security Graph, a global data and telemetry powered security framework.
Read more here on the competing security teams at Microsoft…
And on the Intelligent Security Graph…
So what then, are the 5 major checklist items when considering an Azure migration?
- Migrate IT?
The first decision is whether or not a VM, or data set is a good candidate for migration. Often, applications and servers have other dependencies that need to be considered. This lends itself to ensuring there is a good understanding of topology and interplay. When we build our Azure Assessments and design documents, we use network analysis to detect traffic in and out of systems. This data provides a predictable bandwidth requirement for workloads moving to the cloud. Often, the decision point comes down to a discussion on bandwidth requirement and latency.
Chances are, you will already have some licensing with Microsoft before you ever set foot in Azure. The good news is that in many cases, the licensing can be re-used because bring-your-own-licensing [BYOL] is supported. We always make sure to help our customers assess their licensing position, and to improve and optimize it if possible to save costs. I encourage this as a checklist item because it is overlooked in a surprising number of situations we have seen in the field.
- Security and Compliance
One of the main objections we used to hear from CTO's, CEO's, CSO's and CIO's when public cloud was in its infancy was that adopting Azure would lead to a decrease in overall security. This notion couldn’t be further away from the truth in most cases. An Azure Pilot Lighting project with Akins IT gets you the connectivity to Azure over an encrypted VPN and a Virtual Machine running to provide a starting point. The fun goes on from there. Data moved to cloud can be protected with Azure Information Protection, encryption at rest and let's not forget that we can leverage Azure Active Directory and Enterprise Mobility + Security [EMS] as well. The migration checklist should include an Identity management strategy check and a review of the required compliance around migrated data and applications.
The Trust Center is a very good starting point for documentation, link below. There is full rhetoric here to support all compliance conversations:
- Monitoring and Alerting
How do we monitor our new Infrastructure?
Often, in Hybrid solutions, the existing monitoring software can do a great job here, since Azure subnets are just extensions of what is visible inside the private corporate network. Solutions like SolarWinds, Level Platforms and many others can all be simply reconfigured to provide feedback on Azure resources. However, Azure SDK comes with a diagnostic API that can provide additional insight with event logs, dumps and traces. The API can be used to setup automated alerts when various events are triggered. This is useful and should be explored in good design sessions.
- Disaster Recovery
Part of the cloud migration plan needs to include provisions to continue the protection of the workload, with backup and recovery solutions. Azure itself is a great home for replicated data, but can also protect production instances running natively with geo-redundant Recovery services.
If the high level concepts described above are honored during the analysis and design phase, we can achieve a well postured migration to Azure.