In this presentation, I review key considerations for migrating workloads to Microsoft Azure and ensuring that those workloads are secure. An real-life use-case is used as an example.
Migrating Workloads to Azure and Securing Your Investment
1. Migrating Workloads to Microsoft
Azure the Right Way and Securing
Your Investment
Dwayne R. Monroe, (Microsoft Cloud Solutions
Architect, McGraw Hill Education)
cloudacademy.com
2. Introductions
D. R. Monroe – Cloud Technologist and Evangelist,
Microsoft Cloud Solutions Architect, AWS EC2/S3 and
Azure Adept McGraw Hill Education
Twitter: @cloudquistador
LinkedIn: https://www.linkedin.com/in/cloudquistador/
4. Microsoft describes Azure this way:
“Microsoft Azure is a growing collection of integrated cloud
services that developers and IT professionals use to build,
deploy, and manage applications through our global network of
datacenters.”
Full at: http://bit.ly/1IGHEIj
cloudacademy.com
5. I describe Azure this way:
Azure is Microsoft’s public cloud offering. It empowers
enterprise IT to modernize, simplify and cloud-enable its deep
investment in Microsoft-based infrastructure using familiar, yet
fundamentally new, technologies.
cloudacademy.com
6. In other words, less effort spent treating this
like a collection of beloved pets..
Pets vs. Cattle
http://bit.ly/2mLbJWE
cloudacademy.com
7. And more time to create solutions that
use computing power as a utility.
cloudacademy.com
9. Reasons for moving workloads to the
cloud:
● Addressing hardware obsolescence
● Addressing the capacity planning challenge
● Increasing IT speed
● Getting out of the data center business
● Disaster recovery
● Taking advantage of new opportunities made possible by cloud
technologies
cloudacademy.com
10. Migration Considerations:
● Review Azure subscription & service limitations
● Verify workload compatibility with Azure services
● Right-sized provisioning
● Find the right solution to meet challenges
cloudacademy.com
11. Standard Migration Options
IaaS
● Reinstalling the workload onto IaaS servers.
● Performing a lift and shift, by copying VM disks into Azure storage
and creating VMs from them.
● Using tools like Azure Site Recovery to synchronize VM disk copies
into Azure, then failing over workloads as a method of migration.
PaaS
● Establishing a new target for continuous deployment tools and
processes
● Creating ‘net new’ solutions employing Azure technologies
cloudacademy.com
13. The Production
Team’s
Challenge
multiple data sources with
no robust analysis platform -
a traditional ETL using
SharePoint as a type of
EDW and ad-hoc analytics
tool
cloudacademy.com
14. The existing
infrastructure and
workflow is manual with
too many moving parts
and siloed data
platforms - analytics is
cumbersome and error-
prone.
cloudacademy.com
15. A project was started to
relocate this workload to
Azure, but in what form and
using what service or
services?
cloudacademy.com
16. The Project Plan:
1. Identify the need (regular meetings with the
owners and users of the existing platform to
record pain points)
2. Appoint a ‘champion’
3. Refine understanding by listening
4. Partner with deeply skilled people (we
partnered with Microsoft Azure TSPs)
5. Create a POC environment within Azure
6. Evolve an approach that meets the need
7. Baby steps!
cloudacademy.com
17. Patience, careful planning, a focus on solutions
instead of tech for tech’s sake and avoiding the
quest for a ‘quick win’ are keys to success.
Did I mention patience? You’ll need lots of it to
deal with tech and org challenges.
cloudacademy.com
18. After a series of meetings
and refinements, and
working with our Azure
TSP, the following design
was proposed to address
the need..
cloudacademy.com
19. Takeaways:
● The solution acknowledges by-design that on-
premises data sources will persist for an extended
time
● It creates a hybrid architecture that addresses the
critical need: analytics
● It also creates a method and infrastructure for fully
migrating the database workloads to the cloud in
the future
cloudacademy.com
20. “Strategy, not technology, drives digital
transformation.”
MIT Sloan Management Review article, July, 2015
cloudacademy.com
23. Azure Security Center capabilities are
divided into tiers:
● “The Free tier is automatically enabled on all Azure
subscriptions. The Free tier provides visibility into
the security state of your Azure resources, basic
security policy, security recommendations, and
integration with security products and services from
partners.”
● “The Standard tier adds advanced threat detection
capabilities, including threat intelligence, behavioral
analysis, anomaly detection, security incidents, and
threat assessment reports. The Standard tier is
offered free for the first 60 days.”
cloudacademy.com
24. To put it simply:
● The Free tier discovers and reports on the
system and platform vulnerabilities
(encryption, patching, etc.) IT has
traditionally addressed.
● The Standard tier leverages new
developments in machine learning and
analytics to protect your Azure cloud assets
in a broader, more ‘intelligent’ way.
cloudacademy.com
25. The standard tier is free for
60 days and is well worth
investigating.
To learn more, go to:
http://bit.ly/2q2o4aP
cloudacademy.com
26. To hear an excellent review of the
Azure Security team’s “assumed
breach” approach and other cloud
security topics, listen to this
“Doppler” podcast with Tom Shinder,
( @tshinder ) Microsoft’s Program
Manager for Azure Security
Engineering (Azure Sec Ctr
discussed at 23:46):
http://bit.ly/2r86suA
cloudacademy.com
27. Tom has also written an illuminating
review of the cloud security steps
Microsoft took in its own migration to
Azure in a white paper named “The
Cloud Security Mindset” -
http://bit.ly/2qjAKZS
cloudacademy.com
28. cloudacademy.com
You can explore this
and more for free with a
trial Azure subscription.
Go to:
https://azure.microsoft.
com/en-us/free/