Becoming Cloud First, A South Lakes Housing Journey

The moment an organisation takes a deep breath and decides to become a cloud first organisation is a dizzy mixture of excitement, unsettlement and anticipation laced with the scent of opportunities to leverage an almost countless array of new features. South Lakes Housing (SLH) took a measured risk and committed feet first to the cloud migration journey with included both workload 'lift and shift' and transformation.

Below is a case study describing the SLH journey including successes and lessons learned.

SLH needed to quickly and safely migrate their services from an on-premise environment that was leaving its supportable lifespan, however as part of that journey would also start to leverage and benefit from a suite of powerful services available in Azure (more on that later).

Discover & Understand

The 'fail to prepare, prepare to fail' is often true, in the case of a cloud migration this situation would result in potentially spectacular problems, hence this kind of project starts with comprehensive discovery of the client's environment, only with such details is it possible to manage risk and cater for unexpected issues.

In true A4S fashion the team embarked on a detailed infrastructure technical discovery which included:

  • Authentication, Azure AD, Azure AD Connect and ADFS, Sites & Services, Replication.

  • AD Schema and OS review.

  • Privileged access review.

As a result of discovery is became clear some issues in relation to Active Directory needed remediation, these were quickly described within a project exception report and the client's project lead wasted no time in reviewing and agreeing the recommendations. Had the issues been left then the client could have experienced significant authentication and name resolution issues which may have impacted the project during the migratory phase with outages and confidence loss.

With on-premise issues resolved, the team set its sight on Azure migration and Landing Zone requirements which would define the target cloud environment configuration.

In order to understand appropriate workload sizings the Azure Migrate Assessment tool was implemented, this would give the team a clearer view on target Azure VM, network, storage and performance needs, it would also provide a clear indication of running costs.

As well as understanding Azure VM specific needs, the Azure discovery included:

  • Local and internet based connectivity.

  • Governance arrangements.

  • Security.

  • Monitoring & alerting.

  • Backup and disaster recovery.

  • Identity.

At this stage; the team now is forming a clear picture of the necessary cloud underpinnings which would be designed to maintain performant and secure hosting of the clients services, strong foundations mean the client can provide services to end users and partners with confidence knowing sizing, security and configuration is appropriate to their needs.

In terms of discovery; the final step is to perform detailed discovery of the clients workloads and applications, this would enable the team to create an effective migration plan and ensure the target cloud environment meets the exact needs of each workload, here we're talking about connectivity (internal and external), interconnectivity and dependencies, backup & recovery and more.

Server workload discovery (and later design and migrate) is broken down into manageable phases of work deemed appropriate from an effort, benefit and risk perspective i.e. a volume of application migrations that can be achieved and result a meaningful achievement such as Active Directory Infrastructure or line of business applications. In the case of South Lakes the tranches were:

  1. Active Directory, ADFS, Certificate Services.

  2. Core applications such as telephony, file & print.

  3. Main line of business applications.

Application migration tranches should factor interconnectivity to ensure the impacts of latency across a VPN are mitigated.

Designing the Target Solution & How To Get There

High level design is undertaken to provide both partner and client with a view of the entire solution for review prior to adding lower level build details. For South Lakes Housing both a technical design and migration plan was provided, each application workloads requires careful consideration and up front planning to ensure migration is as painless as possible.

For each workload at least the following aspects would be considered:

  1. External and internal connectivity.

  2. Performance needs with rightsizing of VM & storage.

  3. Backup & disaster recovery.

  4. Security.

  5. Monitoring and alerting.

Application workloads need a secure cloud environment from which to deliver their mission critical services so the scope also includes solutions such as A4S Monitor & Azure Sentinel.

As they say, every day is a school day and this was the first time A4S had delivered Azure Sentinel as covered here in a recent blog post, as with Log Analytics we found Sentinels native integration into Office 365 and Azure services an immense help in terms of delivering a meaningful service quickly and effectively.

Azure Sentinel's ingests Office 365 data at no cost and includes pre-configured queries to detect potential security events, it became clear the scope to extend Sentinels usefulness is vast with plugins for well known firewalls and many other solutions possible.

The final outputs of design below were carefully tested and scrutinised with the client's IT teams, IT Manager Paul Aitken and Service Desk Support Specialist Debbie Hayes were able to contribute and direct highly effectively and helped ensure the design met their business needed, output were:

  • A high level design.

  • A low level design.

  • A migration methodology and plan.

Prince 2 methodology was also applied to help ensure the necessary levels of project governance were applied at all times.

NOT Foundations of Sand!!

Like a quality builder you can trust, the A4S Team carefully stepped through the design documentation and began to deliver solid foundations that will serve South Lakes Housing well into the future. Microsoft provide partners such as A4S with a framework of configurations known as Landing Zones, a short video below explains more:

Landing Zone elements such as the below were applied:

  • Governance.

  • Tagging.

  • Identity

  • Network topology.

  • Operations baseline.

  • And More.

By the end of foundations activity the client's identity infrastructure was extended across on-premise and cloud, monitoring and alerting was put in place.

Monitoring and alerting using A4S Monitor is seen as a core competence, our teams diligently deliver highly detailed and intuitive realtime visualisations and alerts for any part of our clients infrastructure, two recent case studies are shown below:

The A4S Monitor solution integrates with our clients cloud and on-premise environments including:

  • Sentinel.

  • Log Analytics.

  • Firewalls.

  • VMs, storage, network.

  • Print servers.

  • Line of business applications.

  • VMware.

  • And much more.

A4S Monitor has proven on many occasions how it benefits clients with its ability to deeply inspect a wide range of solutions for problems and trends.

No stone is left unturned allowing our clients to understand how their applications and infrastructure are performing.

Based on the discovery and design process; the target environment storage and networks were implemented. Networking with minimum allowed connectivity was implemented utilising Azure NSG rules, storage was created taking into account the minimum required performance and resilience to ensure minimal costings.

A comprehensive backup and recovery solution was implementing using Azure Recovery Vault across the clients workloads, storage accounts and SQL environment to align with the business data protection needs. Storage frequencies and retention periods were fine tuned to minimise costs where possible.

We found a great new addition to the Azure backup solution in the form of Azure Backup Repor, as a very effective alternative to creating reports in Log Analytics Azure Backup Reports gives business a very good suite of pre configured backup reports, also alerting rules seamlessly integrate to give a very high level of visibility.

'In VM SQL Backup' is an extremely powerful solution and works through installing a backup agent into the VM before integrating directly with the SQL instance....

We did encounter some issues when installing the backup agent and have shown some good troubleshooting links below:

Being experts in the use of Azure Site Recovery; Azure Migrate is also extremely familiar to the A4S Team. The solution is an extremely effective toolset when it comes to firstly replicating and then migrating workloads from hypervisors such as Hype