Build target foundation
The target foundation should be a configured secure enterprise environment based on best practices, foundation for the enterprise migration journey and an environment that allows for iteration and extension over time. The target foundation comprises of a landing zone.
What is a landing zone?
According to AWS, it will be an environment that meets the global security and auditing requirements, is ready to support highly scalable workloads, and can be tailored to support the continuously evolving business needs. A landing zone is a pre-configured environment with a standardized set of secure cloud infrastructure best practices, guidelines, policies, and centrally managed services. A landing zone would be the initial destination area on the cloud, where the first applications will operate from after they have been migrated successfully.
Creating a strong foundation through the landing zones is crucial for a scalable and sustainable enterprise cloud model. As cloud computing becomes the paradigm for delivering business, technology operating models need to evolve and add more cloud-centric capabilities. The cloud operating model is the framework for putting the core elements together in a more agile, productive, and valuable way.
A landing zone is the one-stop address for all business considerations by having a baseline cloud infrastructure. It is also the starting point for new developments and experimentations. Getting it right ensures all critical services are present and properly configured before any deployment of workloads.
Enable the setup of landing zones includes user accounts, virtual private cloud (VPC) environments, setup of network connectivity, document identity access management (IAM) roles, policies, deployed workflow, shared services and cloud monitoring tools. User accounts and the VPC structure needs to be designed based on cost allocation, resource management, resource ownership, and security and compliance.
People, processes, and technology are the core elements of the cloud operating model. In the cloud operating model, key processes are rolled out and teams are mapped to the new cloud-centric roles. These should evolve to achieve the cloud operating model goals, thereby increasing the value for the business and operations. People skills and experience are geared towards becoming more cross-functional, spanning a wider range of service components and use cases.
This is followed by rolling out of subsequent processes leveraging the key learnings from the existing implementations. This ensures seamless integrations with current systems through the installation of selected tools. The processes can be realigned around services instead of technologies. Keep in mind that tools and technologies will be selected for effective implementation and automation of the processes.
It is a best practice to design an entire cloud architecture before starting the migration and map the resources to their respective areas or subnets. The cloud provides the capability to create a virtual private cloud or network and allows it to create subnets with the required IP blocks. Define the IP addresses for the resources, and establish the routing between them. For the continuity of the functionality, the legacy application components should have the same IP address as the components depend on the IP address for the connectivity.
For seamless migration and switchover, the resources are mapped to the same domain name and precise communication is sent to all the stakeholders to avoid any confusion.
Considerations for building the target foundation include the following:
- Ensure sufficient capacity for current and projected requirements with some amount of extra capacity for unforeseen growth.
- Leverage the strengths and benefits of cloud computing to include high availability, reliability, and resiliency of services.
- Setup with agility in the foundation (the ability to quickly respond to future growth, reductions, other requirement changes, or new technologies).
- Able of scalability and elasticity (the ability to adapt to growth or reduction in needed services).
- Security build-in to include data in transport and data at rest.
- Confirm target foundation of the cloud provider.
- Investigate service limits of the cloud provider.
- Confirm external connectivity requirements.
- Clear insight on the on-premises limitations.
- Design and create a user account structure.
- Create separate user accounts (management, logging, super user, application, etc.)
- Design and configure the networking connecting to the cloud and on-premises environment.
- Setup a broad IP addressing scheme (rather /16 than /24).
- Selection of the migration tools.
- Federating the Microsoft Active Directory (AD) with role-based access will simplify the management of the user permissions.
- Use IAM roles to grant permissions to virtual images instances.
- Build the tooling that will be used to provision and automate the management of the cloud platform.
- Setup of the Continuous Integration / Continuous Delivery (CI/CD) pipeline will help to automate the build, test and deployment process of the new releases as soon as the code is committed in the repositories.
- Integrate configuration management tooling for the provision of VM’s and OS.
- If the cloud tooling is new, deploy and run it in Docker containers to benefit from the get-go from great scalability and cost-effective compute.
- Identify the desired IT service management (ITSM) state and support model.
- Review current operational practices (tools, people, processes) on-premises and in the cloud.
- Identify potential vulnerabilities around scaling operations.
- Review business continuity planning, and create a plan to address any potential impact on operations.
- Identify how the execution of the migration factory will impact normal operations.
- Identify operational support organizations and partners that will interact with the cloud environments.
- Predefined identity and billing frameworks.
- Predefined user selectable packages.
Hints and tips
- A prime driver for the adoption of a landing zone in any cloud environment is that it will enable to save time by automating the setup of an environment to run secure and scalable workloads.
- Regardless of the method used to create the landing zone, it is important to exercise best practices. These should include security controls of multi-account structures, self-servicing with guard-rails, foundations for scalability, and all being combined with automation.
- Look for automating as much as possible. Automation not only helps in improving productivity but also eliminates possible human error.
- Typically monitored KPIs include the pace of innovation, self-service sufficiency, the agility of workload migrations, and levels of security.
- Verify security implementation in the application. Consider using security keys issued by a different source than the one using for deployment.
- Do not utilize the cloud vendor services that leads to lock-in with the vendor. Need to weigh the pros and cons of which services to use and to what extent.
- Migration of VM’s is a quick and easy migration to the cloud as no changes to the application will be required. Suitable for legacy applications.
- Plan for proper archival and backup strategy for data. As a best practice, keep the dynamic data close to compute and static data close to the user. This can be done by leveraging traditional caching technique.
- Respective to integration, the cloud migrated applications need to communicate over the internet to the applications on-premise. This could lead to performance and bandwidth related issues. Need to develop high performance applications.
- Check for the current set of tools and software using to support the cloud based licensing model. Planning to leverage the elasticity of cloud computing and make sure that licenses are compatible.
- Adapt various migration approaches depending on short term and long term business and technical goals.
- The cloud model best practices recommend to “design for failure” instead of “design not to fail”, which is a totally different (but robust) approach.
- Choose the right cloud provider, each provider has specific strengths and weaknesses. Evaluate them properly for the fitment of the organization needs.
- Usage of right migration tools. No vendor lock-in of the application.
- Private and hybrid clouds are going to replace datacenters.
- Maximize productivity with scalability and high availability.
- Majority of the organizations are looking for the migration of the development and testing environments on to cloud.
- Best practice is to move core functions to private cloud and non-core to public cloud.
- Wherever possible, adopt hybrid model, it is a safe bet.
- Enterprises today are moving beyond traditional roles by offering new digitized products like cloud based storage for customer files.
- Verify the site-to-site or direct on-premise connectivity requirements.
- Design the network topology based on the user utilization.