The moment an organisation takes a deep breath and decides to become a cloud first organisation is a dizzy mixture of excitement, unsettlement and anticipation laced with the scent of opportunities to leverage an almost countless array of new features. South Lakes Housing (SLH) took a measured risk and committed feet first to the cloud migration journey with included both workload 'lift and shift' and transformation.
Below is a case study describing the SLH journey including successes and lessons learned.
SLH needed to quickly and safely migrate their services from an on-premise environment that was leaving its supportable lifespan, however as part of that journey would also start to leverage and benefit from a suite of powerful services available in Azure (more on that later).
Discover & Understand
The 'fail to prepare, prepare to fail' is often true, in the case of a cloud migration this situation would result in potentially spectacular problems, hence this kind of project starts with comprehensive discovery of the client's environment, only with such details is it possible to manage risk and cater for unexpected issues.
In true A4S fashion the team embarked on a detailed infrastructure technical discovery which included:
Authentication, Azure AD, Azure AD Connect and ADFS, Sites & Services, Replication.
AD Schema and OS review.
Privileged access review.
As a result of discovery is became clear some issues in relation to Active Directory needed remediation, these were quickly described within a project exception report and the client's project lead wasted no time in reviewing and agreeing the recommendations. Had the issues been left then the client could have experienced significant authentication and name resolution issues which may have impacted the project during the migratory phase with outages and confidence loss.
With on-premise issues resolved, the team set its sight on Azure migration and Landing Zone requirements which would define the target cloud environment configuration.
In order to understand appropriate workload sizings the Azure Migrate Assessment tool was implemented, this would give the team a clearer view on target Azure VM, network, storage and performance needs, it would also provide a clear indication of running costs.
As well as understanding Azure VM specific needs, the Azure discovery included:
Local and internet based connectivity.
Monitoring & alerting.
Backup and disaster recovery.
At this stage; the team now is forming a clear picture of the necessary cloud underpinnings which would be designed to maintain performant and secure hosting of the clients services, strong foundations mean the client can provide services to end users and partners with confidence knowing sizing, security and configuration is appropriate to their needs.
In terms of discovery; the final step is to perform detailed discovery of the clients workloads and applications, this would enable the team to create an effective migration plan and ensure the target cloud environment meets the exact needs of each workload, here we're talking about connectivity (internal and external), interconnectivity and dependencies, backup & recovery and more.
Server workload discovery (and later design and migrate) is broken down into manageable phases of work deemed appropriate from an effort, benefit and risk perspective i.e. a volume of application migrations that can be achieved and result a meaningful achievement such as Active Directory Infrastructure or line of business applications. In the case of South Lakes the tranches were:
Active Directory, ADFS, Certificate Services.
Core applications such as telephony, file & print.
Main line of business applications.
Application migration tranches should factor interconnectivity to ensure the impacts of latency across a VPN are mitigated.
Designing the Target Solution & How To Get There
High level design is undertaken to provide both partner and client with a view of the entire solution for review prior to adding lower level build details. For South Lakes Housing both a technical design and migration plan was provided, each application workloads requires careful consideration and up front planning to ensure migration is as painless as possible.
For each workload at least the following aspects would be considered:
External and internal connectivity.
Performance needs with rightsizing of VM & storage.
Backup & disaster recovery.
Monitoring and alerting.
Application workloads need a secure cloud environment from which to deliver their mission critical services so the scope also includes solutions such as A4S Monitor & Azure Sentinel.
As they say, every day is a school day and this was the first time A4S had delivered Azure Sentinel as covered here in a recent blog post, as with Log Analytics we found Sentinels native integration into Office 365 and Azure services an immense help in terms of delivering a meaningful service quickly and effectively.
Azure Sentinel's ingests Office 365 data at no cost and includes pre-configured queries to detect potential security events, it became clear the scope to extend Sentinels usefulness is vast with plugins for well known firewalls and many other solutions possible.
The final outputs of design below were carefully tested and scrutinised with the client's IT teams, IT Manager Paul Aitken and Service Desk Support Specialist Debbie Hayes were able to contribute and direct highly effectively and helped ensure the design met their business needed, output were:
A high level design.
A low level design.
A migration methodology and plan.
Prince 2 methodology was also applied to help ensure the necessary levels of project governance were applied at all times.
NOT Foundations of Sand!!
Like a quality builder you can trust, the A4S Team carefully stepped through the design documentation and began to deliver solid foundations that will serve South Lakes Housing well into the future. Microsoft provide partners such as A4S with a framework of configurations known as Landing Zones, a short video below explains more:
Landing Zone elements such as the below were applied:
By the end of foundations activity the client's identity infrastructure was extended across on-premise and cloud, monitoring and alerting was put in place.
Monitoring and alerting using A4S Monitor is seen as a core competence, our teams diligently deliver highly detailed and intuitive realtime visualisations and alerts for any part of our clients infrastructure, two recent case studies are shown below:
The A4S Monitor solution integrates with our clients cloud and on-premise environments including:
VMs, storage, network.
Line of business applications.
And much more.
A4S Monitor has proven on many occasions how it benefits clients with its ability to deeply inspect a wide range of solutions for problems and trends.
No stone is left unturned allowing our clients to understand how their applications and infrastructure are performing.
Based on the discovery and design process; the target environment storage and networks were implemented. Networking with minimum allowed connectivity was implemented utilising Azure NSG rules, storage was created taking into account the minimum required performance and resilience to ensure minimal costings.
A comprehensive backup and recovery solution was implementing using Azure Recovery Vault across the clients workloads, storage accounts and SQL environment to align with the business data protection needs. Storage frequencies and retention periods were fine tuned to minimise costs where possible.
We found a great new addition to the Azure backup solution in the form of Azure Backup Reporhttps://docs.microsoft.com/en-us/azure/backup/configure-reportsts, as a very effective alternative to creating reports in Log Analytics Azure Backup Reports gives business a very good suite of pre configured backup reports, also alerting rules seamlessly integrate to give a very high level of visibility.
We did encounter some issues when installing the backup agent and have shown some good troubleshooting links below:
Being experts in the use of Azure Site Recovery; Azure Migrate is also extremely familiar to the A4S Team. The solution is an extremely effective toolset when it comes to firstly replicating and then migrating workloads from hypervisors such as Hyper-V and VSphere into Azure. Azure Migrate allows migration teams to specify destination workload configuration such networking and storage accounts.
Windows Virtual Desktop is proving an extremely useful solution with multiple clients for remote application delivery of non-browser based applications where workloads are hosted in Azure. For SLH; a new instance of Open Accounts was also delivered during this stage of the project as referenced here in a recent case study.
We found the maturity of the Windows Virtual Desktop solution has improved greatly however still encountered issues in relation to licensing services and ending of inactive Remote App sessions, if you need help in this area then get in touch with our Service Desk Team.
How Do We Know It Works?
Wouldn't you want to know your car is safe before driving it? Cloud migration projects are no different, so detailed testing was pre-agreed with the SLH IT Team in the form of online test scripts covering each element of the delivery. Sharing test scripts as early as possible is important as the client has the opportunity to review and add in additional testing for assurance purposes if needed.
The scope if testing was broad and ranged from testing the delivered solutions are inline with designs, to proving alerting and also undertaking test migrations.
Can We Get On With Migrations Now?
YES! Well sort of...... moving workloads from an on-premise environment and into the cloud is a risk, in order to manage risk we perform test migrations first and prove each application to gain assurance and ensure production migrations are fully assured.
With replication in place we now use Azure Migration to perform test migrations into isolated network environments where client teams can remotely access applications to perform tests.
Each migration tranche was fully tested with end to end migrations taking place into a sandbox environment where each application was tested, note all applications cannot be fully tested as we need to avoid sending data from sandbox migrated workloads into actual production systems and pre-agreed risk mitigation tests are performed instead.
Production migrations were carried out extremely efficiently and according to plan, this is testament to the quality of planning undertaken between the A4S and SLH project teams and also is down to the test migrations performed as described earlier.
Any Exciting Workloads Migrated?
Define exciting!..... The client had recently invested in a new Avaya IPT solution that was delivered and supported by Atrium Telecoms, we always find IPT interesting due to the need of real time network connectivity and sometimes high demand on process and memory, as a result we worked closely with the Team at Atrium Telecoms and in particular Martin Lowry who worked extremely professionally and supportively at all times, thank you!!
Civica's housing management system migrated into Azure with no issues, performance, connectivity and integration needs were carefully examined during discovery.
Surely Something Went Wrong During Migration!?
In actual fact, very few issues occured, we were either extremely luck or planned very well (we're going with the latter!), those that did occur are listed below:
Several migrated VMs had more NICs assigned than needed due to their on-premise configuration, this impacted the VM sizes selected however was quickly remediated.
Windows Virtual Desktop encountered a licensing activation error that was quickly resolved.
Post migration; the new remote access solution needed further small changes to ensure the clients suppliers could access everything they needed.
Routing via the clients firewall and VPN needed updating as new networks were added in Azure.
Windows Virtual Desktop would not release inactive sessions hence began to experience pressure on allocated memory.
Some support was provided to assist the clients software vendors resolving some connectivity issues between Azure and on-premise systems, any issues were quickly resolved.
So no major fires, just small issues that were resolved quickly!
Co-Working & Client Partners
The A4S Teams worked closely with teams from Atrium Telecoms and MRI Software during this migration, both of which were extremely supportive and professional.
Life and Shift Versus transformation
Due to the extreme pressure of on-premise IT infrastructure end of life occuring (SAN, Hypervisor) the project was mainly lift and shift however we worked closely with the client to deliver the following cloud specific elements into the solution:
File services now utilise AD integrated file shares.
MRI provided open accounts utilises Azure SQL Managed Instances databases.
Windows Virtual Desktop is used to deliver non web based client applications.
Azure backup is used to backup workloads and SQL DBs.
Secure Remote Access For Partners
Previously the client had relied on a small remote desktop solution to provide remote access to their application vendors and support partners into their environment, this solution was replaced by an Azure based remote access solution that provided in depth security and enables the client to control and report on partner access.
Effective Service Transition
We take knowledge transfer and service transition very seriously, part of our standard delivery procedures include the below:
A final walkthrough of design documentation accompanied by screen sharing and reviewing the related solutions delivered.
Practical demonstrations of delivered solutions with partner and client carrying out routine activities.
Operational process handover, a suite of nine (9) processes covering key topics such as:
Backup and recovery.
Azure cost management.
Monitoring and alerting.
Windows updates and more.
Project closedown includes important activities such as lessons learned reviews (output located here and accessible to our clients), handing over logon accounts and agreeing a case study (this document).
We feel it's essential to take away lessons learned and build them into subsequent projects, we maintain a central record of lessons and allow all of our clients access and review them, all details are anonymised to protect the innocent.
Open & Online Project Management
All A4S projects are undertaken within our online project management environment that contains a project schedule with all actions, owners and budget. Each action is assigned to an owner and is discussed within the environment, all content is available to our clients for download at any time.
Strangely; our client asked the question about downloading on several occasions, hopefully he was simply keeping the team on their toes!?
Azure VM Reserved Instances & Ongoing Support
Did you know you can save huge amounts of cost in relation to your Azure VMs in a very flexible manner with options to fix your costs over 1 or 3 years, and also with different payment terms of 'up front' or pay monthly.
Savings over around 50% can be achieved on certain VMs.
The client is provided a real time a real time Azure consumption and costings reporting platform, it provides in depth usage and costings information against all Azure assets and will be used to maintain cost control moving forwards
The client now utilises the A4S Service Operations Team to provide ad-hoc support as and when needed via our Service Desk environment.
The South Lakes Housing IT Manager Paul Aitken was in particular greatly impressed by the thoroughness and smoothness of the migration project!
We were impressed by the A4S Cloud Solutions response to our tendered requirements and as a result were very optimistic about the outcomes of this project. A4S clearly understood our needs in relation to moving our business applications into the cloud in a safe manner and despite the very high pressure timelines they did not fluster.
Detailed planning and testing, backed up by the implementation of highly detailed monitoring & alerting, with security solutions to give us massive visibility and the careful rehearsal of migrations gave us such a high level of confidence. We expected some issues, however the level of quality delivered by the A4S team was quite astounding, there were no serious issues and migrations were far smoother than we dared imagine.
A4S stepped in every time our existing software vendors needed assistance to better understand Azure or tailor their solutions to our new cloud based environment.
Finally service transition was excellent, knowledge transfer was highly effective, we now have highly detailed and real time into our Azure costs with optimisation recommendations, and the A4S Monitor solution has given an incredible level of visibility into our applications and environment.
We look forward to working further with A4S Cloud Solutions and further optimising our cloud environment, we highly recommend the services of the A4S Cloud Solutions team!
This extremely urgent delivery was undertaken in the knowledge that our client South Lakes Housing was under pressure to move their services into the cloud quickly. Even when a project is under extreme pressure; we know that effective planning and risk management is the quickest method, if those qualities are lost then operational issues and risks can occur that creates unacceptable delays.
Both South Lakes Housing and A4S Teams works together brilliantly, whilst Azure is a new solution to our client and their exposure (currently) is low they were never frighted to contribute effectively and in a very timely manner, at no time were we delayed by the SLH Team, knowing their demand this is even more impressive.
The migration itself had some risks in relation to high demand services such as IP telephony so we made sure we had a great relationship with the clients application providers and managed to work together in a highly productive manner, other application vendors such as MRI are well known to the A4S team and we were able to work effectively with them as normal.
The project did allow use of Azure solutions meaning in the end whilst most elements were a tactical lift we did manage to include Windows Virtual Desktop, Windows Defender for EndPoint and AD integrated file storage, these will be the first steps of a longer journey where the client will move far more to as-a-service platforms which will be bring greater flexibility and cost reduction.
We always greatly enjoy working with the SLH team and look forward to further opportunities to assist in the future!
The A4S Team
If you would like to learn more about this project or would like to find out more about A4S Cloud Solutions and our approaches to cloud application migrations then you can get in touch via email or Teams on firstname.lastname@example.org, ring me on 07415 897953 or check out this link: Work With The Experts!