By: Vasanth Natarajan, Senior Principal – Consulting

Cloud Transformation

Cloud transformation is simply the process of moving your work to the cloud, including the migration of applications, software programs, desktops, data, or an entire infrastructure in alignment with the business objectives of the organization.

Benefits of Cloud Transformation

• Increases the efficiency of sharing and saving data.
• Accelerated time-to-market.
• Enhanced organizational flexibility and scalability.
• Centralize their network security.

Three important factors to be considered before embarking on a cloud transformation journey:

• When dealing with aggressive timelines, the best choice is to perform ‘lift and shift’.

What is lift and shift?

In essence, it is the process of migrating to the cloud without redesigning the architecture or optimizing it for hosting in the cloud environment. Often, the goal is to move quickly to meet a timeline or datacentre shutdown plan, while optimization is left for later.

• When dealing with constrained time and skills, the choice is to select ‘lift and optimize’.

What is lift and optimize?

This refers to migrating workloads at their optimized size, due to which, companies can quickly adapt to the elasticity and scalability of the cloud without risking application performance. Maintaining a competitive advantage by adopting new technologies of cloud allows companies to deliver a delightful end-user experience and stay ahead of their competition.

• When dealing with immediate leverage of the cloud benefits (e.g. elasticity, scalability, resiliency, managed services), the efficient way is to modernize more aggressively by adopting a container approach along with migration. ‘Rearchitecting’ is the best choice in this category. However, it will take a bit longer to execute this strategy due to changes required in the current apps to make them container-friendly and/or serverless.

What is Rearchitecting?

Rearchitecting for migration focuses on modifying and extending application functionality and the code base to optimize the application architecture for cloud scalability. For instance, you could break down a monolithic application into a group of microservices that work together and scale easily.

According to IDC Worldwide Digital Transformation Predictions, “By 2022, 90 percent of all new apps will feature microservices architectures that improve the ability to design, debug, update, and leverage third-party code.”

Three common use cases that can fall into the Cloud Transformation Journey

Use case 1: Hybrid Cloud Burst

Hybrid Cloud bursting is an application deployment technique in which an application runs either in a private cloud or data center and bursts into a public cloud when the demand for computing capacity spikes. This deployment model gives an organization access to more computing resources when needed.

High-level activities involved:

• Set up the connectivity between on-premises and cloud
• Create a cloud landing zone, which includes creating the environment and the resources such as virtual networking, compute engines, monitoring tools, and Kubernetes clusters.
• Then lift and shift or lift and optimize from on-premises to cloud in the appropriate resource.

Use case 2: Land, Expand, and Retire

Land and Expand, in a nutshell, means to first start small, get your footing, and then expand into other areas once you know that your ‘landing’ is successful. When applying the land and expand approach to a cloud transformation, you need to select the systems to work on first and then iterate from there. The Retire strategy means that an application is explicitly phased out. You should take the cloud transformation project as a welcome opportunity to screen your application portfolio and reduce obsolete applications on the go. Sometimes, it makes sense to ‘turn off’ legacy apps that no one in the company is using.

High-level activities involved:

• Set up the connectivity between on-premises and cloud
• Create a cloud landing zone, which includes creating the environment and the resources such as virtual networking, compute engines, monitoring tools, and Kubernetes clusters.
• Then, migrate all workloads from the data center.
• Finally, retire the data center once complete. Iterate through hardware retirement as needed.

Use case 3: DR Site promotion

In case of disaster, critical workloads can be failed over to a Disaster Recovery (DR) site to resume business operations. As soon as your production data center gets restored, you can fail back from the cloud and restore your infrastructure and its components to their original state. As a result, business downtime is reduced, and service disruption is minimized.

High-level activities involved:

• Set up the connectivity between on-premises and cloud
• Create a cloud landing zone, which includes creating the environment and the resources such as virtual networking, compute engines, monitoring tools, and Kubernetes clusters.
• You are then ready to duplicate all workloads in cloud.
• Then, swap user connectivity to cloud as PRIMARY.
• Finally, retire the data center all at once.

What is a Cloud Landing Zone?

A cloud landing zone is an environment configured for desired standards and best practices that provides foundational capabilities for workloads that are deployed in the cloud.

The cloud landing zone plays an important role in every cloud transformation journey and eases the process of creating environments with the best practices and standards.

Think of any application deployment platform and identify the below functionalities:

• Provision for identity and access management
• Reliable connectivity and adequate network topology
• Desired security and operational instrumentation
• Automation of operations for productivity

A landing zone implementation will address all these functionalities to create a secure, scalable, and operationally efficient environment in cloud, where workloads can be deployed and managed.

Why a Landing Zone?

Now, you must be thinking, isn’t this clear? These concerns existed prior to the development of cloud, so what changed? Well, the change is the arrival and proliferation of cloud as the new way of running IT. Cloud platforms have made it easy to build, deploy and run apps in virtually no time. Consider that you can:

• Implement the fully functioning virtual network in cloud within few minutes
• Implement the highly available data warehouse in less than 10 minutes
• Scale a single node to 10 nodes cluster in less than half an hour

While these new powers of the cloud are both cost and time-saving, such capabilities need to be dealt with carefully. Best practices lean towards making a mindful effort to create a ‘standardized, secured, and maintainable’ cloud environment.

If different individuals are asked to deploy their workloads independently with their own assumptions and understanding, they can make use of the power of cloud. This, however, will bring in a few challenges, such as:

• Deployment lacking and non-adherence to security standards, thus causing data loss and risking breaches.
• Operational efficiency lacking. Example: each team may use its own blueprint to operate workloads on cloud that are not aligned.
• Cost inefficiencies that can contradict the perceived cost benefits of cloud.
• The efficiency and agility of the underlying cloud infrastructure are constrained by the maturity that a given team brings to deployment activities.

A cloud landing zone addresses all these challenges. It allows an organization to standardize cloud environments, so that teams deploying and managing workloads will experience consistency in areas like operational instrumentation, access control, connectivity, and other key concerns.

Building a landing zone is the starting point for any kind of cloud transformation journey. It efficiently arranges the groundwork and the platform on which cloud workloads are deployed and managed.

Cloud Landing Zone – Life Cycle

Below are the different phases of a landing zone’s lifecycle.

• Design
• Deploy
• Operate

Let’s define some terminology that can be related to the lifecycle phases.

‘Planning/Construction/Maintenance’

These refer to different phases in the life of a software: From Specifications and Design (Planning) to Development and Deployment (Construction) to Operations (Maintenance). For this blog post, we’re going to use this terminology to describe the phases of the landing zone lifecycle.

1. Designing a Landing Zone (Planning)

Regardless of the deployment option, you should carefully consider each design area. Your decisions affect the platform foundation on which each landing zone depends. The below five aspects should be taken into consideration to develop a well-designed landing zone in the cloud:

• Automated environment setup
• Speed, scalability, and governance in a multi-account environment
• Security and compliance
• Flexibility
• Reduced operational costs

2. Deploying a Landing Zone (Construction)

When it comes to customizing and deploying a landing zone during the design phase, the implementation of the landing zone concept can be handled by every cloud service provider differently.

Amazon Web Services: The solution provided by Amazon Web Services (AWS) is called the AWS Landing Zone. This solution helps customers set up a multi-account architecture more quickly, with an initial security baseline, identity and access management, governance, data security, network design, and logging. AWS has three options for creating your landing zone: a service-based landing zone using AWS Control Tower, a Cloud Formation solution, and a customized landing zone that you can build.

The following other AWS services will also be involved in the initial cloud landing zone implementation,

• AWS CloudTrail — Created in each account and configured to send logs to a centrally managed Amazon S3 bucket.
• AWS Config — AWS Config is enabled and account configuration log files are stored in a centrally managed Amazon S3 bucket in the log archive account.
• AWS Identity and Access Management (IAM) — Used to configure an IAM password policy.
• Amazon Virtual Private Cloud (VPC) — An Amazon VPC configures the initial network for an account. This includes deleting the default VPC in all regions, deploying the requested network type, and network peering with the Shared Services VPC, when applicable.
• Amazon GuardDuty — Configured to view and manage GuardDuty findings in the member account.

Microsoft Azure: The solution provided by Azure is called the Cloud Adoption Framework. A major tool is Azure Blueprints, through which, you can choose and configure migration and landing zone blueprints within Azure to set up your cloud environments. As an alternative, you can use third-party services like Terraform.

The following two Azure methodologies offer automation capabilities and use the corresponding services:

• Start small and expand: Azure Resource Manager templates, Azure Policy, and Azure Blueprints. Can create your own CI/CD pipeline.
• Enterprise-scale: Azure Resource Manager templates, Azure Policy, GitHub/Azure DevOps, and CI/CD pipeline options are included in the reference implementation guidance.

Google Cloud Platform: The solution provided by Google Cloud is called Google Deployment Manager. You can use a declarative format utilizing YAML or Python and Jinja2 templates to configure your deployments.

3. Operations (Maintenance):

• Infrastructure-as-a-Code is used to ensure that all the configurations are managed in a repeatable manner, evolving via DevOps disciplines and tooling
• Implementing various backups and patching using Cloud provider services or tools
• Planning and designing disaster recovery plays a very important role to ensure the high availability of the infrastructure

Conclusion

Whether you are starting or in the middle of your cloud transformation journey, this article makes it easy for you to move towards a more flexible and agile infrastructure. I hope that these steps act as a starting point in your journey and make your cloud transformation journey easier.