Starting your digital transformation journey takes careful thought and planning. In the second of our three-part video series, our Azure Architect Jeremy Brewer will walk you through all the essential pieces of your cloud migration plan and prepare you for what happens during the implementation phase.
To continue the series, Jeremy walks you through how our team approaches your cloud migration project plan and what to expect at each step of the process.
In part one of this series, we discussed your business justifications and why we’re doing a cloud migration in the first place. Now, we’re going to be discussing how we do this and what to expect during this process.
1. Create Azure landing zones
The first place that we start during your cloud migration is an Azure landing zone. An Azure landing zone is an environment that’s hosting your workloads. It doesn’t distinguish between infrastructure as a service or platform as a service. It’s a place that we define our security governance, network, identity, and other items.
2. Identify disaster recovery regions
Next, we will discuss where our primary disaster recovery region is going to be, such as production. Then, we will discuss where our secondary disaster recovery region is, which is primarily for disaster recovery. Some clients have multiple regions that could be primary regions because they are maybe globally dispersed. And through that process, we do need to determine where the disaster recovery regions are going to be for all those primary regions.
It makes a lot of sense to pick paired regions with the Azure data centers. So, for example, if we choose to have our primary region in North Central US, then the paired region that Microsoft sets up is going to be in South Central US. Now we don’t have to choose South Central as our DR region. If you have maybe another office location that makes more sense, we can choose an Azure region near there, but typically it makes a lot of sense to use the paired region.
3. Decide on Azure naming conventions
The next task is naming conventions. A lot of the Microsoft Azure assets, such as storage and networking, have unique naming conventions that need to be adhered to. For example, with storage, we can’t use capital letters. So, when you are viewing the assets in the portal, you need to remember that some things cannot be named the same way. If you don’t have an idea of what you want to use, or you don’t have something on-premise right now that you use, I’d recommend taking a look at the documentation from Microsoft. They have great suggestions on how to name your assets to make sure that it spans over the lifetime of your deployment. on how to name your assets to make sure that it spans over the lifetime of your deployment.
4. Extending your Active Directory to the cloud
When working with clients, I like to extend their active directory domain out to the cloud. This might mean putting a small domain controller that’s replicating out to this region. We do this for a couple of reasons. First, it increases resilience for your on-premise domain with a paired domain controller receiving a replication of your identities. Second, it’s helpful for the testing of assets in the cloud.
5. Understanding your network infrastructure
Another item that we’ll discuss during the landing zone preparation and deployment is networking. We’re going to be talking about IP space. What network or networks are going to be present in Azure? One thing to keep in mind is that Microsoft Azure does not support overlapping networks. So, if you have defined a large network on your on-premise or have the potential of connecting up to multiple different networks through site-to-site VPN or express route, the address space in Azure needs to be unique to connect and be routable.
6. Addressing DMZs
A DMZ (Demilitarized Zone) is a network that typically has internet-facing servers, such as web servers. These systems reside on a network that has either little or no access to internal resources. In some cases, they are deployed in a Zero Trust model to access needed resources, such as SQL Server.
Do you need to have a DMZ in your Azure environment? Do you have any internet-exposed applications that need extra protection? Putting a DMZ into Azure can be done in a few different ways. The primary recommended is the use of an NVA (Network Virtual Appliance). Companies such as Palo Alto and Meraki have virtual appliances designed for Azure deployment where we would then route all network traffic into the appliance as you would on-premise.
7. Starting your migration with the power of 10
We start your cloud migration with an assessment phase, a migration phase, an optimization phase, and end with a secure and manage phase. Starting with a process called the power of 10, we will take your 10 top applications that are ready for migration and prioritize them. Here’s what happens when we evaluate your first application in this process:
- Digital estate and eligibility review. This is done with either first-party or third-party tools. I typically use the Azure migration tools built into the Azure portal. That report will help us determine what the actual size of the machine should be in Azure. We find a lot of times that deployed assets in your data centers are typically larger than they need to be due to the ability and ubiquity of extra resources.
- Cost analysis of workloads. Understanding which skews are going to be used, how much storage, what performance is storage, and how much network is going to be consumed on each asset allows us to better estimate what the total cost is going to be.
- Determine the process for each migration. When reviewing the environment, every application and asset is going to go through a process of invest, maintain, or retire.
We need to label each one of these applications and asset pieces to determine if the application will be invested in and it provides us a lot of value. An ERP system or a web service may be invaluable to the organization, and therefore, it will be migrated. Other applications may be in a maintenance mode where it’s still core to your production, but you don’t plan to actually optimize, enhance, or continue to invest in the service, at least for some period of time. And then lastly, an application that might be getting retired. So something that used to be an archive or legacy system that has no value to being migrated will have a different path in this journey.
With those steps, we’ve prioritized our first 10 applications and we’re ready to begin our first workload migration.
This workload for example, is going to be low impact. The application owner is going to be supportive of the project. We already have our Landing Zone ready. The application is well-maintained. It has limited complexity, limited dependencies and limited exposure. After the migration is complete, we’re going to do a post-mortem of the migration project.
The process that we just went through was purely academic. We wanted to test our process. We wanted to learn as a group, so both the staff and the partner. And then we’re going to take these learnings and enhance our process. We’re expecting that there’s going to be problems, which is why we keep a tight feedback loop. With feedback from the end users, from all of the application owners and the partner altogether, quickly we’ll build to fix any of the issues that we’ve run into for future projects.
From there, that’s when we get into the next nine applications. These next nine applications will have increased complexity, and dependencies and exposure. We’re going to be testing out various different parts of this process. So for example, if the first application didn’t experience any network changes, we may choose an application that has low complexity and low exposure, but maybe complex networking requirements, in order to make sure that our process is still sound. By doing this, we cover a vast majority of complex projects allowing us to have more successful deployments as everything gets either larger or more complex.
Thanks for watching the video. We hope you found it insightful as you prepare for your digital transformation journey. Be sure to subscribe to our YouTube channel for more videos like this one and contact us today to get started on your cloud migration strategy!
To enable comments sign up for a Disqus account and enter your Disqus shortname in the Articulate node settings.