Migrating to Microsoft Azure A Bulletproof ebook - 2017
What is Microsoft Azure Microsoft Azure is a Cloud platform that s been a relative newcomer to the marketplace in Australia. While launching locally in October 2014, Azure has been available in other regions dating back to February 2010. This means that Azure arrived in Australia as a mature offering, but it also has come on the scene at an interesting point in the overall evolution of Cloud. When Microsoft launched Azure, their focus on PaaS (Platform as a service) rather than IaaS (Infrastructure as a service), they were possibly a little too ahead of the marketplace. This allowed other Cloud providers leading with a IaaS focus to gain a solid foothold and achieve growth. However, that market evolution sees that increasingly there is a demand for PaaS services from organisations. Over time, businesses and the marketplace generally have been going through an evolution: moving from physical architectures through virtual, IaaS to PaaS and serverless architectures. Where we are today PaaS, microservices and serverless architectures are gaining popularity and for good reason. Using these technologies allow you to free yourselves from worrying about the infrastructure components and plumbing and concentrate on the business problem you are trying to solve. The hard work of architecting the platform for performance, high availability and extensibility has already been done by leveraging Microsoft s experience in building operating systems, databases, desktop and enterprise applications, developer tools and SaaS (Software-as-a-Service) applications. This means Azure is well-placed to inherit this vast knowledge. In our Migrating to Microsoft Azure ebook, we will run through the four phases organisations should go through when migrating to Azure, as well as highlighting some key takeaways and relevant services at different stages of this migration journey. 2
Phase 1: Review & Assess
Phase 1: Review & Assess Three key items make up this phase of the journey. Authentication and Security You should take the time to understand the Azure subscription model, billing arrangements and account requirements before you begin implementing significant and certainly production environments. As part of this, think and plan your authentication, Single-Sign-On (SSO) and Active Directory federation requirements. Your Azure migration is an ideal opportunity to provide SSO and Multi-Factor Authentication capabilities if they aren t already in place. Dependency Maps BCDR Requirements HA Requirements Data Soveregnty System Inventory Systems Databases Storage Networking Conducting a system inventory is highly recommended. 4
Conducting a System Inventory Migrating to Microsoft Azure It s highly recommended to conduct an inventory of your existing systems and not just a hardware list of CPU, memory and disk for example. Much of the value of Azure is in the ability to utilise PaaS services - so as part of the inventory, gather middleware, database and application information. You also want to create any dependency maps and of course High Availability (HA) and Disaster Recovery (DR) requirements, for example Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Compliance requirements like data sovereignty, encryption and retention requirements that may be required by regulatory bodies like APRA should also be included. Classify the workloads Finally, classify the workloads collected in the inventory mentioned above based on cloud service model. What can be SaaS, what can be PaaS and what needs to be IaaS? What can t move for example non-x86 UNIX systems. Even systems that can t be migrated may have components that can, for example the presentation layer of a Line of Business Application. Key Takeaways: Understand Azure subscriptions and accounts Create a comprehensive system inventory Classify systems from the inventory based on cloud service models 5
Phase 2: Planning & Designing
Phase 2: Planning & Designing In Phase 2, we can again break that down into three key considerations for organisations. Building on the thorough assessment completed in Phase 1, now is the time to design your Azure environment for success. Applying DevOps approaches The DevOps movement has established a solid foothold in many IT operations especially those practicing Agile methodologies to software development. PaaS services in Azure like Web Apps and Function Apps are all about letting developers actually develop - leveraging the underlying infrastructure of Azure and building innovative applications quickly and easily. Think about how DevOps can assist your deployment scenarios. Azure has DevOps as a core philosophy and to really get the most business value out of an Azure migration - you should try and apply its principles wherever possible. This doesn t mean using DevOps everywhere. However, DevOps should definitely be front of mind if you have web applications and in particular web apps where you have internal developers or partners building the software. Defining your Infrastructure as Code and using Automation The second item to consider in this phase is defining your Infrastructure as Code and using Automation where possible. Azure supports declarative approaches to infrastructure as code using industry standard JSON templates, as well as API and procedural approaches using popular languages including PowerShell, C#, JavaScript, Ruby and Python. Defining your infrastructure as code allows you to store it in a source code repository and track version changes. It also makes it easier to detect and control configuration drift, perform repeatable, consistent deployments for DR or load testing, and allows you to automate the deployment process using tools Azure provides or third party automation and orchestration tools. Re-use Automation Versioned Manage Drift ARM Templates PowerShell Scripts.NET Node, Python, Ruby, PHP Infrastructure as Code and Automation 7
Automation lightens the operational load, and reduces the chances of human mistakes. It can also leave behind an audit trail for troubleshooting or auditing purposes. Automatic software deployments via Continuous Integration/Continuous Deployment (CI/CD) pipelines are an integral part of DevOps practices. Networking Your bandwidth and HA requirements will largely dictate which Azure networking components you will utilise. For dedicated high speed connections to your datacentre you should strongly consider ExpressRoute which does not route over the public internet. For more modest requirements there s VPN Gateway that provides secure communications over the public internet in both site-2- site and point-2-site configurations. There s also Azure DNS, which can manage you re DNS zones with industrial-strength scale and resiliency, Traffic Manager which can provide load balancing at the regional level, and a Content Delivery Network (CDN) which can speed up content delivery from web applications for geographically distributed users. Key Takeaways: Use DevOps principles wherever they make sense Develop your infrastructure using code rather than building from the GUI Use Automation wherever possible using your infrastructure code Evaluate your networking requirements not just from a bandwidth point of view but also from a HA and security perspective 8
Phase 3: Implement & Trial
Phase 3: Implement & Trial This is the exciting stuff. Getting your hands dirty and making Azure work for your organisation. We ve done our review and analysis up front, we ve planned and designed our Azure environment to meet our business and technological requirements. Now let s get started. Sandpit Environments It s highly recommended that you Set Up a Sandpit Subscription for Azure or utilise any existing offers that may come with other Microsoft subscriptions and services you may already have. For instance, if you have an MSDN subscription - it comes with $200AUD monthly credits. This is perfect for organisations in this phase because you want to experiment with the platform and become familiar with the interface. You can also start to explore the services available, their features and deployment methods open to them. Administrators with PowerShell skills are particularly valuable - given that everything in Azure can be done with PowerShell and there are actually some things that can only be performed with PowerShell (for now). A recent addition to the Azure service portfolio is Azure DevTest Labs. This service provides a framework that facilitates fast, easy and lean dev-test environments. DevTest Labs allows you to manage costs with policies dictating what can be deployed; Schedule start-up and shutdown times to keep a lid on usage; and use custom images and templates so that you can reproduce complex systems consistently and predictably. Beachhead Deployments Now, let s talk about beachhead deployments as a best practice approach to an Azure migration. As mentioned earlier, you should take the time to become comfortable with the Azure platform. Once ready, move some of your workloads to Azure and get them stable and optimised. The workloads might be Development environments or Greenfield environments - the goal is to get a representative sample of workloads from your inventory running effectively and reliably. From here, you can roll out the remainder of your Azure bound workloads in a phased approach. 10
Development Environments New Environments POC Environments Sandpit Environments Beachhead deployments is a best practice approach for your Microsoft Azure migration Also, keep in mind that there are different methods for migrating workloads to Azure. For instance, if you work with VM or IaaS workloads, Microsoft has Azure Site Recovery (ASR). This is a DR tool that really simplifies the process of architecting DR solutions for applications running on-premises. ASR can also be used to migrate machines (both Physical and Virtual) to Azure with near-zero downtime using disk based replication. Key Takeaways: Utilise any existing subscriptions or commercial arrangements with Microsoft that may include Azure credits to start getting familiar with Azure via sandpit environments DevTest Labs provides a framework that allows you to experiment and test in Azure while managing costs When ready, establish some beachhead deployments in Azure to start getting runs on the board and demonstrate success. 11
Phase 4: Analyse & Measure
Phase 4: Analyse & Measure The final part of the journey is migration validation and monitoring. Analysing and measuring how your workloads are performing should be ongoing and continuous. Monitoring Monitoring is key here and Azure provides a rich set of tools and services to assist. Remember that just because you have moved to cloud, that doesn t absolve you from the responsibility to monitor and manage your systems. Cloud computing with Azure certainly makes it easier and allows for much deeper analysis. It also gives you the ability to remediate problems automatically or take evasive action like killing misbehaving systems and seamlessly deploying healthy replacements. Some tools worth mentioning include Kudu, which provides deep instrumentation and analysis of running processes in Web Apps; Operational Insights which is a monitoring and log analysis tool similar to SCOM; and Application Insights that can stream telemetry from a running application to Azure for comprehensive analysis in Visual Studio or the provided portal. Using Power BI Microsoft also provides Power BI. This is an excellent Business Intelligence tool that can mine your Azure resources and deliver powerful trend analysis and forecasting. This can be really helpful to both maximise your investment and use of Azure, as well as providing insight that can unlock business value as well. Third-party APM Tools 13
So there you have it: Four phases to an Azure migration. In many ways it s like any significant strategic business project. You do thorough research about the system you are looking to implement; Analyse your current resources; Identify ways you can make your implementation seamless; You get stuck in and get your hands dirty by playing around, while laying contingencies in case anything goes awry; Finally, you consistently measure success. The good news is that Azure can add real business and technological value to your organisation. It is of course a major strategic project, but value add of Azure can include driving productivity, innovative development, act as a perfect partner to drive your DevOps culture and realising cost savings as well. The key as always is to do your homework, plan, research and review. With all that in mind, why not get started today! 14
Reference Links (correct as of November 2016) Overview of Single Sign-On: https://azure.microsoft.com/en-us/resources/videos/overview-ofsingle-sign-on/ Azure Active Directory: https://azure.microsoft.com/en-us/services/active-directory/ Infrastructure as Code with Microsoft Azure: https://blogs.technet.microsoft.com/ devops/2016/01/27/vorlonjs-a-journey-to-devops-infrastructure-as-code-with-microsoft-azureand-resource-manager/ ExpressRoute: https://azure.microsoft.com/en-us/services/expressroute/ VPN Gateway: https://azure.microsoft.com/en-us/services/vpn-gateway/ Azure DNS: https://azure.microsoft.com/en-us/services/dns/ Traffic Manager: https://azure.microsoft.com/en-us/services/traffic-manager/ Content Delivery Network (CDN): https://azure.microsoft.com/en-us/services/cdn/ PowerShell: https://msdn.microsoft.com/en-us/powershell/mt173057.aspx Azure DevTest Labs: https://azure.microsoft.com/en-us/services/devtest-lab/ Site Recovery: https://azure.microsoft.com/en-us/services/site-recovery/ Kudu: http://kudu.apache.org/ Azure Operational Insights: https://azure.microsoft.com/en-us/resources/videos/azure-operational-insights-overview/ Application Insights: https://azure.microsoft.com/en-us/services/application-insights/ Visual Studio: https://azure.microsoft.com/en-us/services/visual-studio-team-services/ Power BI: https://powerbi.microsoft.com/en-us/ 15
Bulletproof Cloud Services for Microsoft Azure Get the most out of your Microsoft Azure investment with Bulletproof, your trusted end-to-end Cloud Services partner. Bulletproof is A/NZ s leading end-to-end Cloud Services partner. Our certified experts have the experience to enable and support you at every stage of your Cloud and Multi-Cloud journey. We provide a full end-to-end service on Microsoft Azure, from Consulting, Delivery to on-going Support. Bulletproof Support Support Security Data Protection Cost Management DevOps Consulting Cloud Adoption Cloud Health Check Cloud Migration Plan DevOps & Agile Enablement Sitecore Health Check Delivery Cloud Migration into Microsoft Azure Solution Architecture Design DevOps Refine Continuous Integration DevOps Embed Continuous Deployment About Bulletproof Bulletproof (ASX:BPF) is the leading cloud services provider in Australia/New Zealand and trusted partner to over 750 organisations. Bulletproof simplifies complex technology and enables rapid transformation for businesses of all sizes. Our certified and experienced Cloud experts advise and support organisations at every step in their cloud journey, by providing market-leading expertise and mission-critical support across multiple platforms and technologies. T: AUS 1300 663 903 NZ 0800 258 773 E: contactus@bulletproof.net W: www.bulletproof.net.au