+40 256 706 057 [email protected]
Cloud Strategy for Your Organization: Peace of Mind (as a Service)

Cloud Strategy for Your Organization: Peace of Mind (as a Service)

Mihai Tataran
General Manager & Partner, Avalego
Microsoft Regional Director & Azure MVP

Before we begin

This article comes as a continuation of the previous ones in the series called
Cloud Strategy for Your Organization

and focuses on the last of the steps we usually take with our customers who migrate to the Cloud.

Click on the image to enlarge

Now we will focus more on getting the peace of mind while the workloads are running on Azure.

We will discuss what Managed Services on Azure and Microsoft 365 technically mean, what are the things a managed services provider or an internal IT operations (DevOps, IT) team should do proactively, focusing on aspects like:

  • Azure governance,
  • cost control,
  • security,
  • efficiency.

Why Peace of Mind?

The real question is:

While your solutions are running in Azure, is there anything you should be doing for your peace of mind?

One could think – “Isn’t the Cloud supposed to (maybe magically) take care of my software solution out of the box?”

The simple answer is while the Cloud offers us a lot of technology which makes IT operations much easier, especially under the Platform as a Service (PaaS) and Serverless offerings, it doesn’t mean that we don’t have to do anything anymore.

During our interactions with large organizations that we’ve helped in the past years to migrate to the Microsoft Cloud (Azure and Microsoft 365), we have discovered the best practices needed for good maintenance.

We have built those best practices in a set of services that we call “Peace of Mind (as a Service)” that include proactive and reactive measures. And in this article, I will discuss the proactive actions we usually take. The reactive actions I am referring to are the usual SLA-based support activities any managed services provider, or IT team already knows about.

Those proactive best practices and actions are grouped into 5 different categories:

  • Access and Users Experience
  • Analytics and Monitoring
  • Governance and Security
  • Performance and Cost Optimizations
  • Feature Usage and Roadmap

Further on, we will explore a few of them.

Access and Users Experience

There isn’t much to say here since the title is quite self-explanatory. What is worth mentioning is that there are specific techniques and tools related to authentication and authorization in Azure and Microsoft 365, which should be used properly to get the maximum benefits in a lot of areas, not only security but also cost control and monitoring for example.

This category of actions deals with:

  • Role Based Access Control
    This is how authorization on Azure resources, Resource Groups and Subscriptions should be done. One should make sure the right people or groups (from Azure Active Directory) have the right access to the right grouping of resources. This can have a tremendous impact not only on security, but also on resources’ organization (avoiding chaos, like a person without the right access being able to delete a resource), and cost control (restricting people which should not be able to create resources in a certain Subscription).
  • Multi-Factor Authentication
  • Policies
    Enforce some conditional access policies, e.g. enforce MFA for some users.
  • etc.

And this list is not an exhaustive one, but more like just a glimpse.

Governance and Cost optimizations

In general, governance can mean a lot of things, but we are thinking mainly of:

  • Resources organization
  • Resources security
  • Auditing
  • Cost control and optimization

For resources organization, we have to start from understanding the relationships between Tenants, Subscriptions and Resources:

A customer with an Office 365 tenant (domain) will have an associated Azure Active Directory, and an associated Azure tenant. The directory in Azure is the same as the directory in Office 365: Azure AD. All the other Office 365 services (Exchange Online, SharePoint Online, etc.) are using Azure AD for authentication and authorization.

An Azure Subscription is usually a cost center or part of a cost center (in a larger grouping of Subscriptions). There is also a way to group more Subscriptions in a Management Group, for even better organization.

Why is this grouping of resources relevant? Because you can apply your governance conditions, for example using Azure Policies, at the scope that you choose: at a Management Group, or Subscription, or Resource Group. An example would be to limit the types of VMs that can be created in a Management Group (a collection of Subscriptions). Or to limit the VMs in a Subscription to a specific Azure region.

Another advantage of sound grouping of resources is managing cost. First, you will be able to know your costs grouped by:

  • Cost centers (e.g. Subscriptions or Management Groups)
  • Usually, a Resource Group contains the resources with together make up a solution (with the exception of course when a solution uses resources that might be shared with other resources).
  • Type of resources, for example, resources used for testing, or by a certain user.

So cost control is crucial, especially in a pay-as-you-go type of Azure consumption. And it starts with proper allocation and grouping of resources.

Another thing is cost optimization. It can be done through a combination of, at least:

  • Policies
  • Alerts
  • Specific features like Azure Automation, DevTest Labs
  • Autoscaling

Policies

Setting up Policies like allowed VM types or resource types in general. They can be applied per Resource Group, Subscription, or Management Group.

Alerts

You can configure Azure alerts (from the Azure portal) like:

  • When a costly (you define what costly means for you) resource is created.
  • Showing orphaned resources – in combination with some custom code done with Azure Functions or Azure Automation. This is a very typical cost drain: expensive resources which are not being used anymore.
  • etc.

Or you can define cost/budget related alerts, such as when you’ve reached a spending limit, per resource group or per resource type.

Autoscaling

You can easily define autoscaling rules, so the infrastructure needed by your solution scales up or down, exactly as needed. Autoscaling can be applied easily (from the Portal or through scripting) for many compute resources (VM Scale Sets, Web Apps, etc.), or with some custom work, you can do it for other resource types like SQL Database or CosmosDB.

Conclusion

Managing workloads in Microsoft Cloud is done differently than on-premises.

There are proven ways and best practices for Managed Services on top of the Microsoft Cloud, and while developing our Peace-of-Mind service offerings we made sure we incorporate pretty much all of them. For more information about our services around these technologies, browse our website.

For more in-person, in-depth information about this particular topic, you can register for free at for the next edition of our annual Cloud Conference.

If you are interested to explore more on this topic, Mihai talks about how should companies approach Cloud and the best way to migrate the workloads to PaaS in a video series available here.

Mihai_Tataran

Mihai TATARAN is the General Manager of Avaelgo and CEO of InterKnowlogy. He is also Microsoft Regional Director, Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers. Mihai has very good experience with large audiences at international conferences: DevReach in Bulgaria, Codecamp Macedonia; TechEd North America 2011, 2012 and 2013 – speaker and Technical Learning Center (Ask the Experts), Windows AzureConf. He is also the co-organizer for the ITCamp conference in Romania.

Cloud Strategy for Your Organization: Things You Need to Consider First

Cloud Strategy for Your Organization: Things You Need to Consider First

Mihai Tataran General Manager & Partner | Microsoft Regional Director, Azure MVP

Before we begin

Last year I wrote a series of articles focused on migrating to the Cloud, with examples on Microsoft Azure: on how to start and lift and shift 101. In this article, we are going to discuss how to start your strategy to migrate to the Cloud, based on the experienced we’ve got in the meantime, with enterprise customers, working on Microsoft Azure but also on Office 365 and Microsoft 365 migration projects. You may consider the road to the Cloud as a pipeline of steps, a minimalistic set of them being the ones presented in this diagram:

Click on the image to enlarge

We are going to focus on the very first step, just before actually moving to the Cloud.

Migrating to the Cloud: Options and scenarios

We usually have two types of customers or two types of migration projects:

  • Custom / Bespoke: complex organizations, complex projects;
  • Standard: most of the small and medium organizations can be approached in a standardized way.

Standard

While nothing is really standard in the IT Services world, we have some common methodologies created for similar projects. One example would be migrating to Office 365. There are differences from customer to the customer: they might currently use Exchange Server on premises (maybe 2010 or maybe 2006), they might use a Zimbra email server, they might have the server on-premises or hosted at a co-location provider, etc. But there are some common steps and a common methodology to migrate that customer to Office 365: email server, documents and much more. The same can be applied to projects involving migration to Microsoft Azure, and in the end, our customers benefit from the “Peace Of Mind” standard services suite that we are offering.

Custom

The rest of this article is focused on complex projects or organizations, where we typically don’t only talk about migrating a solution, but a suite of solutions with interdependencies and sometimes the whole IT of that organization.

Watch a video (in Romanian) where Mihai talks about the cloud strategy and how to start approaching the migration into the Cloud, as a follow-up to this article.

Drivers for Cloud migration

There can be many drivers toward such a move and here is a short list.

Efficiency

There are many scenarios where the customer sees huge cost savings. If you consider one of the key attributes of the Cloud, which is that you pay for what you use, the monthly cost of some complex workloads in IT can be much smaller that on premises. Among such scenarios I would enumerate:

  • DevTest: machines for testing, staging, etc. – which don’t need to run 24/7 but a mere few hours per day.
  • On/Off operations, e.g.: salary calculation, 3D rendering, etc. – operations which require computational power a few days per month or a few hours per day.
  • Disaster Recovery

This is another reason for the Cloud, and here is an article on this very subject.

Access to technology

Technologies like: Big Data, Machine Learning, Artificial Intelligence, etc. – are very expensive or simply cannot be installed and managed on-premises because of the complexity they imply. The Cloud is great also because it gives access to such amazing technologies to everyone, in a pay-per-use cost model.

Startup

If you are a greenfield investment or a startup your entire IT infrastructure can be operational in a matter of days. Your email, documents sharing, collaboration tools, your invoicing application, your CRM, your ERP, etc. – all of them can be provisioned easily and fast in the Cloud, without the need to acquire any IT equipment except for employees’ laptops, tablets, and smartphones.

We should not see the Cloud as just another location for some servers. If we only see it like that, we fail to optimize the Cloud usage.

Initial things to consider

It is an IT project, but before starting any actual IT work we should consider a few aspects.

Complexity

Migrating an organization or a set of solutions to the Cloud is not a simple, risk-free project. It takes time, usually months or years, and it impacts many more departments than IT.

Current IT state

From the migration perspective, there is the need to analyze the initial state of the IT infrastructure. Questions like these need to be asked in the beginning:

  • Is there a consolidated infrastructure?
  • Is there a common identity mechanism for all users? Are there multiple identities, Single-Sign-On, Federation mechanisms in place?
  • Are current workloads virtualized, or are they running directly on physical machines? Which virtualization technology is being used?
  • Is the customer already using the Cloud? From which providers? If using Azure, which kind of contract (pay as you go / Enterprise Agreement / CSP)?

Vision

The current state analysis needs to be augmented with envisioning what IT could do for the business if it had the tools. Another key attribute of the Cloud is that it delivers technology which does not exist or is very expensive to have on premises. Aspects like: Big Data, Machine Learning, Artificial Intelligence are such examples, and in this phase, we should discuss with the customer what could be done for the business. Or even simpler than that: you might need a machine with huge computational power or a new piece of software that the company just bought. In the Cloud, provisioning such machines with tens of cores and hundreds of GB of RAM (or even TB of RAM) takes minutes.

Financial

What is the preferred payment strategy? Does the client need a pay-per-use type of contract or a capital multi-year investment? Both are possible, with advantages on each side, and the decision to choose one over the other depends very much on the specifics of every customer.

HR

Some roles within the IT department will need to change. There will be new technologies, new mechanisms to be operated and supported, so a skill upgrade needs to be done. Before that, there is also a paradigm shift: we should not see the Cloud as just another location for some servers. If we only see it like that, we fail to optimize the Cloud usage. In that respect, the IT personnel from the customer needs to go through a mindset transformation before acquiring the specific technical skills needed for the Cloud.

Roles

Roles within the project team must be clearly identified: the customer must understand what their role is, and what is expected from his team before, during and after the migration project.

Buy-in

Especially from top management, but also from all department/business unit leaders who are using the IT systems which will move to the Cloud. A strategy is needed for how the users will be impacted by this change, and what we need to do to help them. The easiest way to get the client’s organization buy-in we found is to start with a pilot or a simple and quick project which delivers immediate benefits, within the first months of the whole program.

Conclusion

This article described just the first step of a Cloud migration program for an organization. There are multiple steps, that will cover in the upcoming weeks. While others are optional, many of them are essential. In the next article, you’ll find out what you need to know about migrating workloads to PaaS.

If you are interested to explore more on this topic, Mihai talks about the cloud strategy and the things you need to consider before actually starting the migration into the Cloud in a video available here.

Mihai_Tataran

Mihai TATARAN, Microsoft Azure MVP, is the General Manager of Avaelgo, and Microsoft Regional Director, Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers. Mihai has very good experience with large audiences at international conferences: DevReach in Bulgaria, Codecamp Macedonia; TechEd North America 2011, 2012 and 2013 – speaker and Technical Learning Center (Ask the Experts), Windows AzureConf. He is also the co-organizer for the ITCamp conference in Romania.

Migrating To The Cloud: How To Start

Migrating To The Cloud: How To Start

Mihai Tataran
General Manager & Partner | Azure MVP

The Cloud is not just a buzzword. It is one of the most innovative technologies we are living, and it is part of a profound transformation trend together with things like Virtual Reality, Machine Learning, Artificial Intelligence, just to name a few.

I write this article because:

So I will describe the common fallacies we have encountered during the talks with potential customers, and how we mitigate them.

Fallacy 1: The Cloud is just another word for co-location or hosting

It might seem so if you just scratch the surface, but it is wrong. Here are just a few reasons why I consider the Cloud a huge paradigm shift:

  • Utility costs less even if it costs more or how to pay for what you use. One might compare the cost per unit of time of a Virtual Machine from a hosting provider, with the cost of a VM from a Cloud provider. And the VM in the Cloud might seem to have the same price. Yes, but in the Cloud, you do have great mechanisms which allow you to pay only when you use it, and not pay when you don’t. First, there is the commercial model which counts pricing per minute of usage, which no hosting provider does (at least not that I know of). Second, you have the tools (automation, etc.) which enable such Start/Stop actions very easily.
  • On-demand is better than prediction or how not to lose business. Forecasting the needed IT infrastructure for a solution is estimative. You either end up paying for more IT infrastructure than you need, or your infrastructure is not sufficient at the load peaks and you lose business. Just think about Black Friday, and consider that there are also “mini-black Fridays” every week for some businesses. What if your infrastructure could scale automatically based on some restrictions and configurations that you have done? For example: “if my number of web requests per second exceeds 1000, scale up with 1 machine, etc.” This is what the Cloud is about: elasticity.
  • Real-time computation or how to access tremendous amount of computing power instantly. Very often we see complex solutions which need huge computing resources for a limited amount of time. E.g.: salaries and benefits software, credit risk analysis, etc. The traditional approach is to invest in the IT infrastructure required to run such software even if it sits unused for 90% of the time. With the Cloud, you can activate/provision the required infrastructure within minutes, use it for as much as you like it, and then stop it. The Cloud offers this flexibility and speed for getting huge resources fast, and then dismissing them.
  • Become a data-driven company. Many enterprises sit on enormous amounts of data, which is not stored, categorized, and analyzed properly. Mostly because having Big Data analysis tools on premises is extremely expensive and hard to set up. You know exactly what I am talking about if you ever considered installing a Hadoop Cluster, or even manage a SQL Server Parallel Data Warehouse system. You require diverse skills (IT administrators, DevOps, Database admins, etc.) and it costs a lot. In the Cloud, you have such amazing technologies delivered as a service: first, you do not have the hassle of setting up the infrastructure, and second, you pay per use. You have hundreds of terabytes of data and you need to analyze it? You might want to try Azure HDInsight, or Azure Analysis Services – just to give some examples from Microsoft.

There could be other reasons, but I think they are enough to describe why the Cloud is such different.

Fallacy 2: It is hard to migrate to the Cloud

Yes, moving to the Cloud is not just a walk in the park. Especially if you consider moving the entire infrastructure or core solutions.

That is why we always recommend a step by step approach. While we try to give our customers a longer-term vision, we begin with a simple pilot project which brings immediate results. So, we do talk about cost savings in a 3-5 year period, but we start with a project which is cost effective in a few months, is sustainable from the budget perspective, and does not present enormous risks. Scenarios to start with can be many, but we have seen these most of the time:

  • Dev/Test: create Dev, Test, Staging etc. environments where the software development process becomes much more efficient and you see an immediate cost benefit.
  • Backup and Disaster Recovery: have backups of the most sensitive data in the Cloud, or even create a secondary site (active or not) in the Cloud, which could be turned on in case of a disaster in your primary infrastructure. I encourage you to read my article on Disaster Recovery.
  • Lift and shift: without benefiting from all the possible services in the Cloud, we take a workload from on premises and we move it to the Cloud as close to 1:1 as possible. This is a low risk, fast, sub optimal move to the Cloud.
  • Analytics on existing data: you already have data being collected from different sources, but for some reason (cost, complexity, etc.) you are not performing enough analytics on it.

After the successful project, you get a few benefits: there is an early win, your team gets some Cloud specific know-how, and you can further build on it.

Fallacy 3: The Cloud is not secure

Actually, one might be thinking about two different aspects: Data Privacy and Security.

Most of the relevant Cloud providers are doing a good job aligning to the data protection legislation in EU. Microsoft is the case I know best, and they have become a certification machine. A lot of technical details here. On top of this, Microsoft is the single Cloud provider who offers regions (groups of data-centers) located in EU and which are operated by local companies (more exactly in UK, Germany and France). (I only consider AWS and Google alongside Microsoft as real competitors in the Cloud today – I know I might upset some people, but IBM, Oracle and others are kind of niche players or very small compared to the other 3).

As per security, we must consider the fact that a Cloud provider is facing millions of attacks per day. They are facing them, and are learning from them as well. Think about it this way: any new type of attack is analyzed (using Machine Learning) and all customers of that Cloud providers benefit from these findings. As opposed to you staying on your island where you get no specific protection for sophisticated attacks. This is why the actual way to see things should be: “I need to go to the Cloud because of security”. More information about how Microsoft is acting on security here.

Conclusion

The Cloud is here, and you should think about using it because of the huge benefits it could bring. Yes, it is not an easy path migrating to the Cloud, but it has been done by many, there is a lot of expertise on how to do it, and you can take it step by step.

About the author

Mihai Tataran

Mihai Tătăran is the General Manager of Avaelgo, and a Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers.

Pin It on Pinterest