Migrating Your Data Center To Azure (How to: Lift and Shift)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay I'm good morning afternoon and evening for those who join us from around the world today I like to welcome you to another camp expert webinar series on migrating your data center to measure we are delighted to have as your MVP nicholas bank and his colleague warned the toys here today to present this expert webinar before we get started I'd like to go through a few housekeeping items and today's lytic and recording will be made available to you in the follow-up email after the webinar after the presentation we will set aside some time for a Q&A so please pop any questions you have into the Q&A box on your screen on the left your screen you will see a resources section which includes a link to kemp as your free trial which will allow you to test drive a chemical master and in the other environment plus the results of some other useful resources there finally we have included a short survey on today's webinar and your own cloud journey we would appreciate if you could complete the survey which will help us to better understand you our customers we're excited to have you all with us today and we hope that you find this presentation valuable over to Nick and Warren thank you so much Andrew and welcome everyone to our webcast on migrating your data center to cloud by way of introduction I'm Nicholas Blanc and what I do for a living is I either build clouds in terms of cloud architecture or I migrate people to the cloud so we other use public clouds like asier or we build folks their own cloud be there toast of exchange or an iteration of what can be as your private cloud either by as your web in the the previous version or as your stack and I have the privilege of working with Warren to toy hi everyone what makes it basically do the same thing however my specializations are more in the open-source side of things I'm a Solutions Architect I also both edger infrastructure but also with a bit of a focus on development operations and continuous delivery models working with Microsoft Azure I also focus a lot on the networking side being able to connect on-premises to Asia and focus a lot of my habits as well when we were thinking of the the first of hopefully what will become a series of these presentations we looked at the kind of issues our customers are having and we realized that if you're starting from the ground up and you've never done a migration to cloud before you need to figure out where to start and with that we created an agenda that's going to talk about the elasticity and service level agreements of cloud and that and how that relates to the the promises of cloud there's a lot of promises from various vendors out there be that infrastructures or service or software's or service based clouds and we'll have a look at how service level agreements and elasticity relates to that we will talk about basic cloud-based data center design from the ground up for those of us who've never done infrastructure as a service in terms of a data center replacement most of us aren't born in the cloud which means that when our business starts the cloud journey we need literally a place to start we'll do an introduction to Asha networking architecture including Express route Harvard networking and DMZ designs then we'll move on to how we can translate existing on-premises application requirements such as compliance high availability disaster recovery as well as understand the different migration approaches including lifts and shifts where we will use platform as a service or infrastructure as a service and how we can translate specific services that we use on premises to the ones in the cloud we could then also going to go through on how you can create an application taxonomy which allows you to document your existing applications and services and then create a road map so that you can move those applications and services to the cloud without any hiccups along the way I thought we would start with this this is a fairly old picture and it still has relevance today often customers expect or have cloudy expectations that are entirely mismanaged either they think that a migration to the cloud is something that that happens and there's also a lot of fear uncertainty and doubt or even worse unrealistic migration expectations and chamber of how we get your cloud there's been a lot of promise in the vendor landscape in terms of what cloud can do for us but ultimately we still have to figure out how do we get to cloud and how do we do that in a supportable manner in a way that makes sense to our business that we're working in so with that I want to take a quick detour into the economics behind the promise of cloud as a principal cloud services are meant to be able to deliver more than their on-premises equivalents can and can grow to accommodate further load so if I'm consuming a mail service for example and my on-premises Mail service aspects to receive a million items that I'm sending and receiving a day I would expect that the mail service that I'm consuming that's cloud-based can can consume multiples more of what I'm able to do on-premises that will take into account loads and bursting workloads that I no longer have to accommodate when that's part of the promises of cloud clouds tend to be on-demand both economically as well as in term of delivery capability which is what the elastic pins means if a cloud offering comes to market it should be able to handle many times more load than the on-premises equivalent service or be able to expand on demand very much like the male example that I've just used that allows us to overflow all kinds of services but typically as Islands or services for example and if I use a virtual machine that's hosted in the cloud that I have uploaded that presents an island of a service that's not necessarily connected to anything else of course one of the many benefits of cloud is that we're able to offload our internal SLA s that we have with the business to the cloud vendor if I have a back-to-back SLA from the cloud window to my business for ninety nine point nine or three nines availability and the cloud vendor gives me a punitive SLA for 99.95 availability then that counts in my favor we know cloud vendors that offer 100% peanuts of SLS but of course that depends on the type of service on offer and the fine print is how the SLA is managed normally that SLA starts and ends at the vendors edge and not on your network edge this is where the fear of losing a job becomes entirely real where software as a service or another type can in fact replace a person or a group of people if an on-premises exchange server is replaced entirely by a service based equivalent then some of the team or even the administrator may lose their positions or do something else since there is no need to monitor patch or backup exchange servers anymore obviously infrastructure of a service can be entirely different and this is where we look at our various tiers of services quite differently from one tier to the other chair we on from what Nick said they're the cloud-based services the three tiers that we have it is very important to understand the differences between the tiers and which one is used for what that is one of the mistakes that we see quite often so software as a service is exactly that software like SharePoint exchange CRM and it is generally available remotely typically via the public internet so HTTP so when it comes to those sort of on-demand applications that are hosted by the service providers they're typically paid for in a subscription basis or per user model and you get a specific group of services tied in with each other you then move on to platform as a service and platform as a service because two platforms which could be software or services however it allows you to integrate your development of these particular applications and services so for instance if you have an application that relies heavily on Microsoft sequel you could use Microsoft sequel on a platform basis which gives you many advantages over running the sequel servers yourself Ashur provides a lot of platform as a service offerings you can get SAP you can get SharePoint and there's a whole bunch of other guys that have gone and put these platform as a service offerings inside the marketplace that you can just spin up the third tier here would be infrastructure as a service infrastructure as a service is basically the equivalent of what you would have on premises in a way there are some caveats however your networking your security your legacies your legacy operations can all be moved into an infrastructure service however this complicates your life since you then do have to worry about patching and you do have to worry about how your network design is slowed down from the start and you do need to worry about scaling of the infrastructure hybrid cloud the definition now we put those two pictures in the operculum and your neighbor unfortunately when it comes to a hybrid cloud you do always have a dependency on your on-premises environment when we talk about hybrid cloud we need to have the on-premises and clouds talk to each other seamlessly this is key when we implement hyper cloud we enable the new and advanced features available in the cloud while keeping this stability in the status quo of the on-premises environment it also gives an implementation extension when it comes to time frames and allows us the ability to move backwards and forwards between the card and on-premises environments in case we hit any speed bumps along the way so you can always migrate something to the cloud but then rely on your on-premises stability to keep it in tune so looking again at the promise of cloud at this time the hybrid cloud economics it's a similar model to cloud only based services but with a big difference we still have a capex vs. optics model we can rent instead of by we can buy services on demand which we can use to burst or overflow our requirements this can still include virtualization or compute capacity storage overflow databases file or unstructured data or even extensions of services like service queuing or workflow scenarios to make a practical in a traditional compute cloud I would create and consume a virtual machine in a hybrid cloud I realize that I'm running out of steam on-premises and I'll migrate the virtual machine on to the cloud platform I scale it to the size I want and run it from there I may keep it they all migrated back to on-premises when I'm done one of the big differences to Asus admins is that sis admins now extend the infrastructure into the cloud on-demand as they need it as opposed to replacing or upgrading our infrastructure one of the big deals in terms of hybrid cloud is that we are no longer replacing pieces of our business wholesale every three years with the cloud-based equivalent we are enhancing or augmenting it with cloud services the last point is transparency the users of the system should not be burdened with the mechanics of this and this is where Warren spoke about the transparency of the hybrid cloud services users store their files on something that something uses a cloud-based mechanism to extend its own storage and retrieves the files the users need on demand the users don't know about the mechanism or are impacted by the way that it works infrastructure as a service can be a complete data center replacement or it can be a massive improvement on everything in your existing data center we need to bear in mind that you need to start with the equivalent of an empty rack basically nothing inside the rack inside the data center you need to start building everything up everything needs to be planned for from naming conventions to access rights to what IP addresses are to be used you need to plan the integration and the connectivity aspects of this quite carefully including the physical or the logical network connectivity it's a very common mistake that we see when it comes to networking one of the biggest mistakes we see is that people just jump in to jump in with our planning and they end up with 45 virtual networks inside Asia and they don't have any way to remove the route to the on-premises environment also from a cost factor gateways as your gateways which allow the virtual networks to talk to one another can become a very costly exercise since you will be paying for the data that is between the two when considering your connectivity to Microsoft Azure express routes as well meet great great offering unfortunately it does again need to be planned very carefully based on that it uses private period private peering means that you need infrastructure that supports BGP so in order for you to route the information up edging up to Azure via Express route in a secure manner your routine need to support BGP and be able to advertise in the sea routes fantasise tunneling should also be considered when Express route is obviously not an option alternatively if you want it as a backup to your Express route if you're only using satellite tunneling then generally you should have two IPSec tunnels via different internet breakouts for redundancy and then when it comes to storage you must remember that as your service as your services for storage do have certain limitations if you'd like to manage your storage if you want to develop the file your own land sizes you need to manage the amount of i/o for specific VMs so you can make sure that you understand what it is that you would like to do with the storage otherwise it may end up costing you a ton of money along with the the storage accounts limitations and these limitations are documented quite clearly in the service descriptions that we have available for Asia we need to take into account the virtual core limits that apply to a particular subscription when you start at so every subscription is limited to protect the administrator and to protect the wallet of whoever's paying for that subscription so that when you start out in Asia you don't go in provision 2000 cause as various virtual machines and bankrupt your organization or kill a credit card in the first day let alone the first week or month we need to take that into account in terms of our planning so as we are aware of the service descriptions we know how many virtual machines we can place interest to account we also know how many virtual CPUs we're able to provision based on a particular class of a machine now these limits exist but are all soft limits these limits can be extended very simply by raising a support call and the azure support engineers will gladly extend those to a reasonable limit but don't expect the edge of support engineer to give you fifty thousand cores on a particular machine tap unless you are able to substantiate that and of course pay for it with paying we also take into account the kind of licensing that's available so in Asia previously we had metered licensing and so in other words I would spin up a machine of the type of that I would run a either a plain vanilla Windows server or a sequel 2014 server or a sequel 2016 server and the license of sequel would be metered so the meter would run on the Virtual Machine and I would pay for for that machine peruse lately in Azure Microsoft has allowed us to bring your own licensing as well so we're not necessarily limited to the kind of licensing that's available in Azure we need to think of our virtual machine placements as well here in terms of the data center locations for businesses that use a DC 1 DC to top deployment or in other words a primary secondary a live or dr top of data center location we need to consider physics and latency that means we probably are not going to run up first data center in the south of London and our secondary data center in Singapore we would however consider having Hong Kong as primary and Singapore as secondary or two european data centers paid as primary and secondary the Microsoft core Sdn network or the software-defined network won't be a problem the problem that we're going to have is getting to those locations from the outside bearing in mind the physics taken into account of getting to those various locations with that we need to think about what about IPSec so such a site tunneling expressroute or even external publishing to those locations and of course if we're doing DC 1 DC 2 type of planning how will applications replicate and in what type of timeframe bearing in mind if we want to use these as a D or even a H a type of scenario in this slide we wanted to list some of the areas that you would consider when moving applications and virtual machines into the cloud when the standards are busy slide and we want to remember that effectively we're talking about a data center Ryoka tech chure or your on-premises environment is a mess the possibility of doing it right with that we're not going to go through every single word on the slide bear in mind that this slide is a take away and this is also our criteria for most of what you should be thinking about when doing a data center replacement into Azure with that let's start with point number one when it comes to point number one we don't want to sound like stuck records yet but your netid planning needs to include the entire network you should apply many of the same principles and edges you would on premises you would start with the internal connectivity IP subnets gateways a cloud equivalent for B lens and then route to the external side of the network which includes your security your demilitarized zones your firewall rules your load balancing and obviously your DNS the structure or market segmentation in this case would allow you to also manage security and access to specific resources via the azure resource model or erm it also allows you to segment infrastructure based on department to allocate billing and resource cost of each workload to specific sides of the business so if you need to build a server for HR HR can pay for it because you will be able to determine how much that particular server is costing every month when it comes to workloads and class sizing let's pretend on how much computer processing you would need to allocate to a specific set of tasks how highly available they must be based on your recovery time objectives your RTO or your recovery point subjected to RPO do you need two copies of a workload running this can be separate to your scaling requirements of course Asia allows you to automatically scale workloads based on the trends that you're able to see in other areas and we'll touch on this a little bit later on your encryption in motion and your encryption at rest standards need to be considered if this is a current compliance standard as well as your on-premises certificate authority Asha supports both encryption in motion and addressed using BitLocker and protected VMs and edges able to manage your encryption keys and you can choose to managers yourself as well when we look at management and reporting in cloud we need to consider what management and reporting means on-premises and these should be standards that we have on-premises and we'll talk about what those standards mean in a later slide as well for now management and reporting add with infrastructure as a service taking into account is the extension of our on-premises data center into cloud with that we need to consider we want to authenticate our infrastructure as a service based services and that would mean extension of Active Directory we may then also consider moving various synchronization points that we have say aad connect or Azure Active Directory connect as a sync appliance which is today running on-premises over to a virtual machine that's running a cloud with that looking at maintenance and operations today on-premises what does it mean in the cloud if I have a virtualized data center I no longer have hosts that I need to maintain however if I'm running infrastructure as a service that means our still gifts that I need to maintain there I need to consider the azure dashboards I've got available and do I use OMS versus my on-premises System Center Operations Manager or equivalent service that I may be running what is the place of monitoring and consider that Asia patches are hosts but not our guests so with that we still need to plan an effective Windows UNIX and Linux patching strategy depending of course on the workloads that we're running once a workload becomes redundant or in need of decommissioning the unborn and off-boarding or succession processes become very simple we can turn these workloads off we can save them for later we can roll them back or we can just retire them completely and you would start saving immediately based on the fact that ashor workloads are charged from compute tonnes so onboarding workloads can be done just as easily with all the migration options for Asia and then when I come up to the development of operations life cycle tying in with what Nick said for point number six if then correctly as you can make your life very easy using Bolton functionality in operations management suite OMS an automation tools such as chefs and puppets can play a key role in allowing you to deploy and manage workloads in Asia quickly and easy development operations becomes the standard for operations and continuous delivery models allow your applications and services to change and update as a pace to support feature updates and bug fixes in all of your work life in your own premises world you'll have a lot of content and you possibly have a data management classification and protection rules around that now consider if you're moving from a Windows file server and windows allows automatic classification of data based on file type and content with that sometimes encryptions of those files what does that mean when we move from our file server to file services in this case for example in Asia file share which is accessible by several virtual machines that are running as infrastructure-as-a-service we need to think about what happens to the automatic file classification that we used to have in Windows file servers and no longer applies necessarily against what happens in that file shape with that we have a compliance burden on premises that we need to take into account on premises if I have a scene that seemed today is part of my compliance mechanism that seemed will consume logs and aggregate those logs alert against those logs depending what that seam does and we need to take into account that the various services we have within Asia can also generate logs these can be consumed by Aseem services but normally those logs need to be collected via a storage account and we may have extra logic that's required to push that to our current theme be that an on-premise Aseem which we may need to think about how to remove that your cloud or it could be an outsourced team that you are taking from a third party security provider we also need to consider the role based access control model that we use or in other words the least privileged model that we want to consider for our administrators in this slide we don't want to provide solutions for all of these we want to highlight that these need to be thought about extensively since you'll have on-premises equivalents of these you need to think about what these mean and the cloud world to minimize your risk to ease the transition to the new cloud-based equivalent of what you are able to do on-premises in this slide we're defining several infrastructure as a service and platform as a service type of firewalls including our file will tap mechanism that isn't a physical firewall but acts like one for the sake of definition we're going to define a owl as something that can restrict traffic based on either a layer 3 or layer 7 rule set and create a log that details our traffic flow and of course captures our firewall logs with that I'll ask Warren to unpack the three types of firewalls we have here so we start off with network security groups all in is geez Ennis cheese and NSG is the main tool you would need to enforce and control network traffic rules of the networking level in Asia you can control access by permitting or denying communication between the workloads within a virtual network from systems on the customers network via cross premises connectivity or directs internet communication but it's virtual networking salvina and network security groups recite resolved in a specific layer in the azure or overall security stack network security groups and network virtual appliances can be used to create security boundaries to protect the application deployments in the protected network the next you would have next-gen or codes firewall appliances that can be deployed and Azure in this instance we find that customers choose a firewall brand or model based on the needs that they have already worked at there's no reason for you to do this again if you interest checkpoint or 14x for specific reasons this could be lets say feature related or cost related you have the ability to stick with that brand and Azure well for most of them anyway making it easier for you to duplicate your compliance policies easily inside of Asia then you would get the azure application gateway the azure application gateway is basically a dedicated virtual appliance providing an application delivery controller or a GC as a service it offers various layer 7 load balancing capabilities for your application and it has multiple worker instances scalability and high availability it allows customers to optimize web form productivity by offloading CPU intensive spur SSL termination to the application Gabriel it also provides other layer seven routine tape abilities including round-robin distribution of incoming traffic cookie based session affinity URL path based routing and the ability to hold this hosts multiple websites behind a single application gateway then something I'm just going to add in here would be that you get an azure ad proxy as well this is currently in preview in the portal in the portal version but it's still quite available in the classic model of Asia as well and they basically they help you support remote workers or remote users by allowing you to publish applications over the Internet the cool thing about this is that you can publish applications that are running on your local network so your on-premises installation and provide secure remote access outside the network allowing you to push the on-premise applications through Azure to the outside world and you can essentially then block off your on-premises installations from the outside world in this model we effectively are presenting the traditional equivalent to an on-premises land with an on-premises a DMZ and we give several different ways in terms of how that DMZ can be reached and you'll notice that we are able to integrate infrastructure as a service as well as platform as a service type models and offer security as they are public published irrespective of which kind of service that were using however what if we need more and by the more I'm going to use a traditional DMZ type scenario where I'm accepting a basic credential that's originating from a user over the Internet and that needs to be validated against an Active Directory credential in this case I'm using a Kemp load balancer as my validation mechanism and as my reverse publishing mechanism I'm able to use Kerberos constrained delegation to integrate this device natively interactive directory so with that I'm able to consume a basic credential and I'm starting at the firewall able to hand that credential off to my application delivery controller and then therefore validate that credential against Active Directory this means I'm sitting with a very much loved equivalent of what I have on premises I have a single source of truth of authentication I have a highly restrictive highly controlled firewall model which incorporates a traditional domain a Demilitarized Zone or DMZ now with that I have an additional factor of authentication I'm able to validate a device based certificates from machines accessing my services that I'm publishing by infrastructure as a service through the internet against my on-premises certificate of authority and therefore offer again another factor of authentication so I'm consuming my on-premises credentials and I'm able to validate access versus my on-premises certificate authority now as your offers load balancing the most load balancers are great and they've got a bunch of features and they're great until that don't do what we need them to do anymore now with that we have to look at what is available natively and what is available via a Kemp virtual machine so here I've taken a view of when do I need a virtual machine that does load balancing versus when do I need the azure load balancing mechanism so in my mind if I'm talking to an enterprise customer we're doing Enterprise publishing and we're doing the type of things that we normally do in terms of certificate validation as example you'll notice that natively that's not available however using a camp virtual load master I'm able to provide that type of functionality and therefore move my customer to cloud especially if that an existing on-premises camp customer I can move them to cloud without sacrificing anything in terms of service delivery or expectation there is a Microsoft reference architecture for a tier 3 application it's a really pretty diagram even though I never drew this one how do we translate existing on-premises application requirements such as compliance high availability and disaster recovery to cloud-based equivalents we can have the same tiers we currently have on-premises but with more flexibility flexibility we have resilience enables native and third party and we can determine our RTO and RPO and we can then have high availability within one Asia region or we can have disaster recovery between different regions using replication methods failover depending on the workload and if we look at this we can either have this entirely as a platform as a service or we can integrate it with infrastructure as a service so in this scenario you could have geo redundant equal but have that in platform as a service early and then you can integrate with always-on which will be on-premises and extend the database you can also have different application tiers as well so you could have your your business tiers and your web tiers separate so that you can keep the two divided do network security groups as well we can also that we are making this available across two data centers so we have a DC 1 DC 2 or 11 and 8 so love and di top of model but in this case we can actually run these two data centers active active and we can see that we've got replication between the various chairs or equivalents between the various chairs so that whatever is happening in the application layer on one data center is also happening in the application layer and the other data center consider the average company that's never migrated before and they want the information or the intellectual property of how to move to the cloud or how the applications will be clarified to sit entirely or they don't want that the knowledge to sit entirely with an external vendor and here I've taken example from Microsoft IT how did Microsoft IT start from an on-premises landscape bear in mind they're an IT department internal to Microsoft and move their various applications to the cloud they created a cloud panel and here the cloud panel takes input from Enterprise Architecture or whatever that looks like inside your own company where you've got an element of architecture takes input from the capabilities of third-party cloud providers and feeds that back into the business in terms of a capability model they should understand their own particular business needs things like governance requirements support requirements risk strategy and so on and very through a process of iteration produce their own first and best practices this cloud panel should be a representation of both business and technical people and we want to create a two-way stream of information that creates a card landscape as that evolves in the business so we would start in the Microsoft model with an experimental stage let's move our first application to the cloud and this should be a low-priority application what does that look like what are the type of learnings that we've gleaned from that move what worked what failed what was disastrous what was a success and then we move to the migration phase and of course the operational phase for that particular application and again as we iterate through those process we have experimental migration and operation phase for each application as that moves from on-premises to cloud now we don't have to be beholden to the way that Microsoft move to cloud there are other frameworks to move to cloud and we need to consider that if we are an on-premises enterprise customer we probably have an enterprise architecture framework that we subscribe to in this case I've modeled the open center data Alliance framework and taken our example from that now there's other frameworks like God however obviously I can't display something from Gardner as a proprietary business in an open slide without taking it into account the copyright that goes with that slide so I'll stick with the the open data Center Alliance as an example now irrespective of the model that we use irrespective of the framework we have an origin in this case in the open Center data Alliance framework we look at starting an extreme left which is legacy so we start everything is on-premises and we want to add Ely move to the right now bear in mind this could be a representation of the entire cloud landscape in our business or it could be individual applications so with that we could have an application for example sit in the optimized column on the far right end that means it is a federated application its interoperable across the various clouds or it could consume services from multiple cloud vendors where we no longer care who the vendor is we effectively consume services very much like electricity and we run very open in terms of consumption of cloud services however will find that the business as a whole if we're doing really well will hopefully get you at least a cloud maturity model column to where we are repeatable and opportunistic in terms of cloud adoption hopefully most of our applications will end up in three or four we find that very few times a business is able to move entirely over to the fifth column where everything is optimized because not every application lends itself to massive levels of optimization so when we talk about optimization of applications that move to the cloud we need to talk about how do we make this decision of what type of service to use and here we would we like to apply a little bit of a guideline software as a service before platform as a service before infrastructure as a service and I'll explain why when it comes to future investment the more we move down the line the less automated we get the more work and planning we need to do when it comes to application migration service adoption certainly exceptions apply yes understandable but we can work out a base principle we can say is there a software-as-a-service solution available for what we're trying to do can we migrate whatever application we're using on-premises to the cloud and we can use it that way so take exchange for instance yes hundred percent there is a software as a service available so we move that way however if there isn't then we look at platform as a service platform as a service so we can use sequel we can use web services app services set we can take a whole bunch of these things and we can move them into that format so why would we do this we would do this because all the patch management or the scaling all the hardware resources we don't have to touch it's not our problem anymore so we can then move that way and it will be much less of an investment to keep maintaining all the hardware that the stuff used to run on then lastly if platform-as-a-service doesn't meet our needs and it's a bad fit we can then build on infrastructure as a service now we can build on infrastructure as a service to obviously support our lift and shift if we don't have any service translations over there so if you have to take take for an example as your file services so as your file services will be a platform as a service service and if it's a certain limitations applying file sizes and storage limitations we can then say ok well instead of us using Azure file services what we'll do is we'll use infrastructure as a service and we will build a file service cluster inside an inside the usual virtual machine to amplify this point I've built a slide on application migration friction as it sits in my own mind so on the far right hand side I can see an on-premises application that I'm deploying from net new so I've got nothing I've got nothing on premises that this application can deploy on now I'm not talking to highly mature customer with lots of existing virtualization that they're able to spin up something really quickly because that's very close to infrastructure as a service I'm creating a model that compares I have nothing and I have a new application so my new accounting application or my new application that needs to be deployed so with that we look at the risk versus time to deploy for given your application which requires new services to be provisioned we can see on the far right if we have to deploy an application to on premises and we have nothing to start with the time to deploy and the operational risk can be very high compared to simply consuming an equivalent software as a service when we take this into account as well when considering multiple parts of multi-tier applications that can be split and we take sequel as a service and a web worker all into account as an example where we can very quickly deploy to platform Azure services type services and deploy an application in hours or days versus having to buy the hardware for sequel provision our virtual machines and license equal which can be risky if I have to take into account the supply chain that that is required for ordering your hardware and it demonstrates nicely while we have our founding principles of when we move in cloud we consider SAS before pass before is with the friction of migration taking into account we look at evaluating the various aspects of our application including the workload that it represents the architecture to build that application the finances risks operations and security parameters for an individual application and evaluate that against our base principle obsess or for pass before is and if there is no fit we consider either a hybrid cloud service if that's an option or if we need to shut our data center down and that's not an option we may need to consider replacing or killing the application once we have this information we can map that against the degree of benefits matrix on the right hand side there creates a very interesting world view on our applications now that world view decides how quickly we can migrate something that evaluation of our application feeds into an application taxonomy now every customer have spoken to tells me that I'd have an application taxonomy and that application taxonomy really simply is a list of all the applications we have it demonstrates and documents the dependencies we have on on-premises infrastructure be it physical or virtual and other applications that we may depend on and here we have a very nice example in terms of a web and sequel servers and Active Directory if we are fen Takei ting is Active Directory that gives us a really nice matrix of classification including on the right-hand side start here in quick wins so start to other applications that should move to the cloud first and very often these are the with the quick wins software is a service and platform as a service equivalent applications these applications move to the cloud quickly and give great benefit in the short term with very little friction other applications are grouped into long-term bets and pursue later which are relatively self-explanatory but obviously would include a large amount of refactoring of the application to even allow the application to move to cloud we may consider some of our long term bits for example applications that are currently hosted under the Emery or hyper-v that are still running on a server 2003 guest and that guest has no equivalent in Azure infrastructure as a service so we can't even apply a lift and shift type of mentality against it because the base operating system that application runs on isn't supported when it comes to application migration we can take a little bit of a detour here it's a platform as a service and software as a service don't even apply you guys just want to go to Asia you want to replace that big clunky data center and you want to get rid of all of those costs there are many left and shift examples up there and engine makes it very very easy for us to do this so you could use this to VHD which is an old-school application from Microsoft which it uses volume Shadow Copy and allows you to just convert straight into a VHD unfortunately Microsoft upset us when they remove the conversion functionality out of System Center Virtual Machine Manager 2012 r2 however they did replace it with nvm C so Microsoft virtual machine converts version 3 and that does the job just fine or a more automated way of doing things you can use ASR regicide recovery supports multitude of different operating systems and hypervisors you would create a g-- redundant storage account registered on-premises server protect the machines and send them over once they're over you do a cleanup now you can also be clever here when it comes to cost if you're relatively quick there in the migration using ASR won't necessarily cost you any money because when you're using ASR the first 31 days of any replication is free so you can migrate that machine quite quickly at less cost and we run application migration what about DevOps so when it comes to DevOps DevOps is a cultural and technical movement that focuses on building and operating high velocity organizations DevOps began with web innovators who wanted to take maximum advantage of the cloud which made it possible to allocate resources quickly and inexpensively traditional IT practices were not designed for the X ability and speed above the cloud office your automation underlies all of the patterns and practices the constitute DevOps an automation platform gives you the ability to describe your infrastructure as code so when infrastructure is code you can eliminate error-prone time-consuming manual tasks you can standardize your development test and production environments you can build automated release pipelines improve cooperation between development and operations some of the areas of consideration here would be integrated source control into existing authentication mechanisms so Team Foundation server would be one of those things for visual studio your automated deployment slots and rollback capability in Azure Web Services can also come in over there your or staging environments with back-end scalability on platform as a service integrated API services for internal and external applications including mobile you can have data factory integration which allows you to specific parts of your sequel databases up to Azure so that you can run machine learning on it that also dovetails off another area of Asia but that's a completely different discussion maybe for another webinar you can also standardize development production environments and you can redeploy code whenever needed so with that we looking for a place to land and there's still a whole lot to talk about however in the interest of time we're going to come to the conclusion for this webinar so starting off with application migration we need to have our application taxonomy without an application economy we don't necessarily understand the construction of applications nor can we understand the relative cost of what that application means in terms of on-premises Alpes CPU memory and storage as well as what the cloud-based equivalents of that is we need to understand how those applications interrelated to each other and with that we want to consider finding principle of when we migrate an application to the cloud that we move to software as a service before platform as a service before we consider information as a service when it comes to specific infrastructure as a service principles we've been given gift we've been given the gift of being able to replicate our physical environments in the cloud and as with most most gifts we need to be grateful if we ignore the physics behind the physical environments we can run into problems network latency increased cost wasted storage unusually complicated network designs and an abundance of unnecessary configurations can become a nightmare to clean up we must also understand that you make sure or the difference between Asia and the cloud or on-premises and you're a jacquard equivalent to your physical network service an application gateway and a network security group are two very different things and deploying the wrong service for the wrong reason could result in problems as well as warren said the wrong thing sometimes at the wrong time can also bite you so you'll find when you're deploying to cloud very often you have to provision infrastructure in particular order for that to work so for example if you are making a application highly available using infrastructure as a service if you create your availability group which is a logical grouping of those virtual machines to prevent unnecessary artists during patching or maintenance operations if you create that after the virtual machines already exist then you have to redeploy those virtual machines so we would want to create our application in in line with the physics and the service descriptions which are cloud service allows since this is the first time you're migrating we want to emphasize that you need to test and plan understand the service descriptions understand the limits of the physics that we're dealing with in inverted commas and to the point of having our cloud panel generate knowledge on a really easy application and reiterate on that knowledge as you move more complicated applications to the cloud with that we've got some time for Q&A and Andrew I'm assuming I'm allowed to pick a question and answer it directly or do we take it directly answer the questions via the Q&A panel yeah there's a couple of questions inside the Q&A box there so you just want to pick out maybe two or three and we'll answer them and then the rest we can take offline after the webinar yeah with pleasure okay so I want to pick on John's question what do thoughts on the new managed disc approach versus managing storage so I think manage disk is fantastic because I don't have to think about how many ups I need to provision into a storage account anymore so a lot of that thinking just goes away however the unflexible side of things of course is that I have finite fibers and if a per disk that I've already provisioned so I can migrate a disc from unmanaged to managed that will be rounded up from a costing point of view to the closest point of of costing for that managed or the equivalent managed disk so managed disks speaks to planning it's great if you fit into the managed disc scenario if you don't then you have to readapt as the storage account type planning model and rather provision yone however I think in terms of roadmap I think it's a great addition to storage and I think we're going to be seeing more of this type of managed equivalent manage infrastructure coming out of Microsoft where our administrators have to think less about what they're trying to deploy we're going to look at the question on subnet planning while I'm going to ask you to answer that which is for subnet planning do you have recommended network isolation patterns that you would recommend well there are some principles that we applied in a little slide number 11 we basically you create virtual networks first and determine how you're going to get your data to where you need it to be inside does it need to be in pairs doesn't need to be in is if you need a DMZ and within those virtual networks you can then build network security groups around that and then you could let's say apply a firewall virtual appliance firewall straight out after that so depending and then the nice thing about network security groups is that network security groups can include platform-as-a-service as well so you would be able to include a proper virtual machine a lot with its storage that it's attached to and a web app in a single network security group so you could apply the same sets of security around those and then you could have your application gateways on the outside of everything so you can build a DMZ within a virtual network using a network security group okay guys yeah we have still have a number of questions there but we're out of time now so we'll link up with those people ask questions after the webinar so it's like tankini careworn once again for their great presentation today and I'd like to thank our audience for joining us and just a reminder before we go just to fill out an that short survey that we have there and we look forward to seeing you again and in the coming months for another Aram webinar and so thanks again and see you later all right

Info

Channel: Kemp

Views: 17,639

Rating: undefined out of 5

Keywords: Azure, Cloud Migration, CSP, Cloud Solutions Provider, KEMP360, Cloud first, digital, Cloud Strategy, Elasticity, data center, Migrating, cloud lift and shift, Azure Stack, Azure Cloud, Load Balancer, Application delivery, azure lift and shift, f5, f5 networks, f5 load balancer

Id: -URmaPuQXBs

Channel Id: undefined

Length: 61min 44sec (3704 seconds)

Published: Wed May 03 2017