Compilation based on Global Projects by Lingaro
Currently, all growing businesses are dealing with transitions from on-premises infrastructures to multi-cloud, hybrid cloud, or both. From a strategic perspective, the decisions made referring to this significant technology shift will impact your company for the next decade.
Whether you are looking to move one workload or shutdown an entire data center, the
transformation is complex and brings in many difficult decisions that influence key company processes. Successful cloud migration must rely on an in-depth analysis and high-level expertise.
In this review we answer some of the most important questions that our clients have asked during their cloud journey.
Cloud
Transformation
Insights
Cloud computing services are currently gaining more attention from a wide range of audiences from different business sectors. How should we envision cloud services? Let’s think of them as if we are turning the lights on or off at home. When we turn the lights on, we only focus on them to work.
Of course, we know that to do so we need electricity, that can be produced from different sources. But we do not think about how the current is transported, from where, and what kind of nodes are involved in this whole process. Once we turn the lights on with a switch, the electrical power becomes the tool that gives us many benefits. When it comes to handling payments, we are charged only for the amount of electricity that we have used. We do not pay the provider for the electrical power upfront. We do not have to care about the power plants’ upgrades or any other technical issues that might happen during the use of the energy in our homes. We do not have to think about how the energy provider will scale the electricity supply with demand. We are sure that we will have electricity ready to be used and to power the lightbulb anytime we want. And this is exactly how we should understand providing cloud services.
Cloud computing services eliminate the problems of computing, storage, and network bandwidth that every person or company will encounter during everyday life and growth. Over time, using more and more digital services
makes them a necessary element of everyday tasks.become necessary for their everyday tasks.
Benefits, Challenges, and Decisions
As with any transformation there are multiple decisions that one must make.
Cloud services come with the promise of speed, flexibility, scalability, and cost optimization; but there are several aspects involved, and so it is essential to understand them. Different cloud vendors offer opaque products, that are offered, priced, and sized differently. Often small changes boost the prices with unexpected rates for specific services. This all adds up to the fact that Cloud Transformations need to be managed properly. In this article we shall explain the key elements involved.
Cloud Transformation Introduction
Basic Understanding of Cloud Transformation
According to Gartner:
• By 2021, over 75% of midsize and large organizations will have adopted a multicloud and/or hybrid IT strategy.
• By 2022, public cloud services will be essential for 90% of business innovation.
Moving to the cloud makes it initially difficult to choose from available services and technologies. The first question to be asked should be: How on-premise software would be reflected in the cloud?
Approaches to migration
There are three main approaches to cloud migration projects:
1. Lift and shift
Migrating raw VMs from the customer’s site to a cloud data center.
2. Replatform
Migration that involves moving to a managed/improved, but generally compatible cloud service. Typically, this approach involves slight adjustments, such as a software upgrades. In this case it is possible to benefit from some of the cloud capabilities, such as autoscaling or maintenance work reduction.
3. Refactor
A complete overhaul, that potentially requires splitting a monolithic application to separate software components. This migration requires additional development work, but rewritten applications can fully benefit
from the advantages of cloud computing and what PaaS or SaaS offers.
Containerization
Refactoring opens the possibility to redesign the system using a modern architectural approach, e.g. Service-Oriented Architecture or Microservices.
When discussing such changes it’s worth mentioning one of the hottest topics nowadays - containerization. This type of architecture addresses many issues which an organization might come across while developing, maintaining, and publishing a service.
Currently, each major cloud provider offers a managed Kubernetes service which helps to simplify the containers’ infrastructure management like network, environment separation, security, configuration mappings, security keys, and many more.
Managed service means that on Kubernetes each of the cloud gives infrastructure an SLA. Depending on the cloud, it is typically 99.95%. This managed service is easy to scale out if an organization needs more computing power or more services to run on Kubernetes.
Choosing the Correct Cloud Operating Model
Cloud Operating Model
Using containers in cloud transformation has many advantages:
• There is no need to spend time on the deployment of on-premise software to be used compatibly with the managed services.
• It is an easy way to create as many environments as needed.
• It is easy to scale up using the Kubernetes scaling.
• Each of the container services is well described by the YAML (configuration) file.
• There is an auto restart policy and rollouts of new versions are available.
• Each service can be set for automatic horizontal scaling.
• Deployment tools are available like HELM, Terraform.
Containers have also some downsides:
• They need to write docker files for each service
• They have problems with persistency (databases)
• Being a brand-new technology, it can have some stability issues
• Some of the applications need to be redesigned to work in a containerized environment.
Cloud Operating Model
Important note:
Large migration projects typically involve multiple approaches during the lifecycle due to the complexity of on-premises landscapes and the stakeholders’ goals.
Another aspect which should be considered, is choosing from the three main subtypes of cloud services:
1. Infrastructure as a Service (IaaS)
This solution involves virtual machines or sometimes bare metal machines.
As a result, all administration from the software standpoint is the clients’
responsibility. It creates mutual responsibility, with the cloud provider guaranteeing availability of the resources and their reliable operations;
and the user providing configuration of the services, keeping them updated and available for clients.
Use cases:
• Workload migrations
• Testing and design
• Storage, generating backups, and recovery 2. Platform as a Service (PaaS)
The PaaS service provides an environment for compiling, testing and implementing applications. The goal of PaaS is to facilitate the rapid
development of applications without having to manage the underlying infrastructure. These services are managed by cloud providers from the software administration’s perspective. Items such as OS or databases are automatically patched and maintained. All three major cloud
providers have a wide selection of managed services working as PaaS.
The PaaS service is a complete cloud programming and implementation environment that provides resources that organizations can use
to create and deliver everything - from simple cloud-based applications to advanced cloud-based enterprise applications. The advantage of this solution is that the tools or technology stack can often stay the same and it comes down to data migration into the cloud.
3. Software as a Service (SaaS)
SaaS is centrally hosted and managed software for the end customer.
It is usually based on an architecture in which one version
of the application is used for all clients and licensed as a subscription.
These are fully managed services without any visibility on physical infrastructure. Examples would be AWS Lambda or Azure functions, Office 365. This allows to fully focus on the application development at the expense of limiting the customization options.
Types of Cloud Services
Types of Cloud Services
IasS PaaS SaaS Upfront
costs No upfront costs. Users pay only for the actual services used.
No upfront costs. Users pay only for the actual services used.
No upfront costs, only subscription fees are incurred, usually monthly or annual.
Owned by
the user The user is responsible for the purchase, installation, and configuration of their own software, operating systems, middleware, and applications; as well as for their management.
The user is responsible for creating their own applications. However, he is not responsible for server or infrastructure management. This allows the user to focus on the application or workload which he wants to run.
The user only uses the application;
he is not responsible for software maintenance or
management.
Owned by the cloud service provider
The cloud service provider is responsible for ensuring that the basic cloud infrastructure (virtual machines, mass storage, network, etc.) is available to the user.
The cloud service provider is responsible for managing the operating system, network, and service configuration.
Usually, the cloud service providers are responsible for all elements except for the application launched by the user. They provide a complete managed platform on which the application will run.
The cloud service provider is responsible for provisioning, maintaining, and managing the application.
Asset and Resource Arrangements in Different Cloud Service Models
Currently, there are many building blocks that can make the cloud environment be considered as a LEGO playground. Each technology is designed for a different purpose and it should be chosen correctly to address the problem which occurs in the organization. There is no “silver bullet”. However, minimizing the number of utilized services will help to keep the cloud architecture simplified.
Types of Cloud Services
The next question is: How the organization will “deep dive”
into the cloud vendor technologies.
There are two possible approaches here:
1. Treat the cloud as infrastructure only
This means that all components which will be used in the cloud can be easily moved between different cloud vendors. For example, in this case we would not use Azure data lake analytics, as it is only present in the Azure cloud. The advantage of this scenario is that it avoids
“vendor lock-in”. The organization is platform independent and in case future migrations between different clouds are needed, they are simplified. The con is that many of these services are actively developed by the cloud provider and you may not be able to fully utilize their performance potential and cost effectiveness.
2. Use built-in specific cloud components
This is opposite to the point above. The organization is tied up to a specific cloud vendor. This can lead to increased complexity and higher costs when making a potential switch to a different cloud vendor. However, this option allows for full leverage.
Hybrid approach
One of the key questions concerning cloud transformation which needs to be addressed is if an organization should move all its infrastructure and services to the cloud or should it retain some applications on premise.
This has a major impact on the architecture and on the potential costs.
When designing a hybrid solution some additional points need to be considered, such as:
• Connection/networking – an organization needs to setup a secure connection between on premise infrastructure and the cloud provider
• Mission critical data – should it be stored on premise or migrated to the cloud
• Mission critical workloads – should they be done in the cloud or still on premise
• Services – high availability setup and costs of movement
The hybrid approach is the recommended path for most companies Moving all the services to the cloud is usually not feasible or is a long-term endeavor due to the complexity of such migrations, especially in large organizations.
Cloud Vendor Technologies
Cloud Vendor Technologies
Cloud Agnostic and Multicloud Strategies
An important decision to be made is whether the system should be designed in a way allowing it to be moved between cloud environments - to be Cloud Agnostic. This is typically achieved by not using vendor-specific components, but may result in a suboptimal solution by utilizing the “lowest common denominator” of all clouds. In some cases, it will be infrastructure and in some cases storage.
In the majority of the cases choosing a single cloud service and utilizing its offering to the maximum is the right choice. However, some specific requirements may dictate the need to design the system to be easily migratable between cloud vendors. This is typically needed for regulatory requirements or safety concerns.
Having easily migratable components in a system, hence avoiding vendor lock- in, may also help to protect from price changes or increase the negotiating power with cloud vendors.
Another important consideration is whether it would be beneficial to build one system using more than one cloud - a Multicloud system. This is typically done by either utilizing vendor-specific components from multiple vendors or by mixing the usage of common components (e.g. storage, container services) from multiple vendors.
As for Cloud Agnosticism, usually staying with one cloud vendor is enough, but this time there are some serious advantages on the table. Using multiple clouds at once opens the possibility of overcoming the shortcomings of one cloud vendor services. Using the best cloud vendor service solution for a given task may result in better cost-effectiveness or adherence to local policies, regarding physical data location. This brings even more flexibility in terms of regional availability (e.g. for reducing latency). In some rare cases it may be the only option.
Given all the above, it is worth to mention that designing systems to be truly cloud agnostic, or to effectively use many cloud components from different vendors; can be very demanding in terms of technical expertise and organizational considerations.
These use cases are rare and such solutions may become very sophisticated.
Proper analysis of business needs, foreseeing pros and cons, benefits and costs of each of the possible scenarios and proposing architectures that suit them; all require exceptional cloud competencies and experience.
Cloud Vendor Technologies
When moving the services and infrastructure to the cloud and while choosing the right components, an organization can encounter the problem of processes adoption and people adoption.
Each process which should be moved to the cloud must be adjusted. This takes time and can have potential limitations. As an example, there may be sensitive or personal data in the company which has regulatory and compliance requirements regarding which region the given data center dataset can be stored in. This must be addressed at the architectural level. How many regions do we plan to work in and how the data will be exchanged or replicated?
Another possible solution would be to implement additional processes which would tokenize data on premise and send anonymized data to the cloud for computational purposes.
The next step would be for people to adopt the solution. Infrastructure maintenance would not be an issue anymore, as it will be done by the cloud vendors. However, people should gain knowledge on how to use the cloud and how to create and maintain the services. It is important to create standards and automate the cloud resources creation, networking setup, and security. There are also additional roles required in the organization, such as data and metadata stewardship, resource utilization, and monitoring scaling policies.
People and processes
People and processes
One of the biggest challenges is to estimate the costs of working and maintaining cloud infrastructures and services. There are several factors which influence the overall costs of the cloud, including:
• Storage
It’s the first thing which needs to be taken into consideration when estimating the costs. It is relatively easy to calculate, but there are a few things that must be highlighted. Different storage classes are possible. Hot storage and archive are the most popular (naming can vary depending on the cloud vendors). Hot storage is more expensive, but it has performance advantages. Firstly, access to the files is quicker and can be set up for data which is frequently accessed. The archive should be used for storing data which is not used frequently and as a backup storage.
An additional, important factor to consider are the transactional costs.
Every read, write, and metadata operation generates operational charges.
In some cases, such as big data workloads and high-volume analytics, these can be a major cost driving factor. We are familiar with high transactional cost problems and have implemented optimizations and monitoring policies to remedy these situations.
• Networking
There is a potential cost when moving data to the cloud. Both ingress and egress traffic can be billable, depending on the exact scenario (cross-region replication).
• VPN access
In order to connect local infrastructure with the cloud infrastructure in a secure manner, it is required to deploy a VPN endpoint or to establish a private connection for more demanding scenarios. It may be recommended to deploy both, to mitigate the risk of failure of private connectivity.
• Machine types
Each of the cloud vendors provides specific machine types which can be used. These are billed based on the size (RAM, CPU), attached disks (frequently SSD or NVMe disk can significantly impact VM cost), and the amount of time that the VM is running. (Typically, specified timeframes are charged immediately, and then charges per used seconds are applied.) Depending on the requirements, it is advised to check each cloud provider’s
Accurate Cost Estimation
Cloud Transformation Costs
pricing policies to ensure that they are in line with the planned workload resource utilization characteristics.
• Managed services
Cloud vendors provide the ability to perform the deployment of various PaaS services (including databases, computing engines etc.) based on their portfolio. They provide SLA for the infrastructure under which the PaaS is working. However, they charge an additional fee for maintaining it.
There are many more additional fees which you can come across when using cloud computing. Usually, cloud vendors provide an online calculator, but it is intended only for a general overview. Each service, machine and managed service can have additional fees, which may not be obvious at first.
Cost calculation is an important factor when considering whether to use a service or not.
Also, please take into consideration that some of the services are not available 24/7. Elasticity is a key benefit of cloud computing. Significant savings can be achieved by dynamically scaling or provisioning resources when they are needed.
Cloud Transformation Costs
Most consider the cloud to be more secure than corporate datacenters, and this opinion is backed by vast amounts of tools that are provided to enhance the security level. Organizations that have their own datacenters face many challenges with securing them. These include recruiting and retaining security experts, using many security tools and keeping up the pace with the volume and complexity of possible threats.
Cloud services are unique in the security area as they are designed to help organizations to face those challenges. Cloud services protect business assets while reducing security costs and its complexity. Built-in security controls and intelligence help admins to easily identify and respond to threats and security gaps. This allows organizations to rapidly improve their security posture by shifting some of the responsibilities regarding security on to the cloud vendors. Organizations can thus get more security coverage – which enables them to move security resources and budget to other business priorities.
It is very important to note that, while using cloud services the Vendor is not responsible for: protecting the security of the data, identities, on-premises resources and the cloud components that the Vendor is not controlling.
The responsibilities that lay on the Company’s side, regardless of the type of deployment, are:
• Data
• Endpoints
• Account
• Access Management
Security
Cloud Security
While transforming services to the cloud, it is important to understand these Shared Responsibilities to avoid any security gaps.
With cloud migration, one of the main concerns is securing the cloud and data which is stored within the cloud. As this needs to be addressed, some of the on-premise roles will not be applicable anymore and some are very new
First, every major cloud vendor provides support for data encryption.
There are various properties of encrypting the data inside the cloud like:
• In-transit, at-rest;
• Server-side encryption;
• Customer key encryption.
It is important to enable real-time encryption and decryption of the database, associated backups and transaction log files at rest without requiring changes to the application. Transparent data encryption encrypts the storage of an entire database by using a symmetric key called the database encryption key. Even if the entire storage is encrypted, it is important to also encrypt the database itself. This is an implementation of the defense-in-depth approach for data protection.
Due to regulatory and compliance reasons, many organizations must store specific data in a given geographical area. Each cloud vendor provides several regions in which we can deploy our resources.
Secondly, every cloud has a privilege management component (IAM) which governs the access given to users and automated resources. Privileges for setup services, storage devices, provisioning compute, and many more are given based on the roles. It is critical to govern the granted accesses and strictly apply the
Cloud Security
privilege policies to limit access to required resources only. This is equally important for identities for programmatic access (service accounts) which are used to grant permissions to VMs and other types of cloud services. Escalation of such privileges is one of the key attack surfaces on public cloud infrastructures. To optimize identity and access management we suggest the following activities:
• Treat identity as the primary security perimeter
• Centralize identity management
• Enable single sign-on
• Turn on conditional access
• Enable password management
• Enforce multi-factor verification for users
• Use role-based access control
• Lower exposure of privileged accounts
• Control locations where resources are located
Another key security aspect is the proper configuration of the firewall rules. Firewalls prevent all access to the database server until it is specified which computers have permission. The firewall grants access to databases based on the originating IP address of each request. Especially, prohibiting access to any unused, publicly addressable, unsecured ports.
To begin with, we recommend using the native Cloud Vendor Firewall Application as well as the web application firewall in the Application Gateway. They offer basic security with a fully stateful firewall service, built-in-high availability, unrestricted cloud scalability, FDQN filtering, support for OWASP core rules set, and simple setup and configuration.
Cloud Security
Profitability
Cloud computing is based on the payment-for-usage model. The model brings tangible benefits. There are no upfront costs of the hardware, no need to procure hardware or worry about staffing the maintenance teams. Most importantly, there is no need for a long-term cost commitment – you can discontinue the service and eliminate the associated costs within a short period of time.
The additional benefit with cloud is the ability to temporarily or permanently increase the required resources and pay only for the time these additional resources are used.
Many companies are also taking the advantage of categorizing the costs as CapEx, as opposed to OpEx costs involved with traditional infrastructure. The downside of the pricing model is the increased difficulty to accurately predict the annual spend. Financial outlook can be prepared based on the historical usage and prices, but it is subject to potential future peaks that are not always predictable.
Elasticity
When the workload is changing, depending on an increase or decrease of processing demands; the process of adding resources or removing them, can be automatized based on the actual system needs. Cloud services can for example add extra resources to handle increased network traffic in your e-commerce shop that is incrementing for a specific period of time (for example during the night, after unexpected online news about your services) and then remove those extra resources when the network traffic decreases. This prevents the application from going dark at the network traffic peak and saves sales opportunities for the e-commerce shop.
Pay for what you really use and for the time when it is necessary. Usually compute engines work only when the workloads are being processed. This means that not all services need to work 24/7. Huge amounts of money can be saved when the clusters, which are not used, can be turned off.
The Business Value of Cloud Transformations
Cloud Transformation Business Value
Being up-to-date
While using the cloud computing services, we can focus only on the creation and deployment of the applications that we want to deliver. The cloud provider is responsible for:
• Software updates
• Hardware configuration
• Hardware upgrades
• IT infrastructure management and maintenance
• Security standards (both digital and physical – data centers)
Global
Cloud providers run data centers across the globe. This grants the possibility to be on the local market, close to your clients and with low-latency of your services.
Services can be easily replicated in many regions to create local access, that can ensure meeting the legal requirements of your clients – regarding data storage and data compliance.
Physical Security
The responsibility of securing your data rests on the shoulders of the cloud provider. They need to take care of the physical security of data centers (building access, server access) and the digital security (network and systems access). Data centers are designed like fortresses, with rigorous procedures such as surveillance, monitoring, and physical barriers like fences etc. They prevent unauthorized access within their workers in the data centers. Datacenters must comply with key industry security standards like ISO/IEC 27001:2013 and NIST SP 800-53 for security and reliability.
Scalability
One of the biggest advantages of moving to the cloud is ease of scaling the infrastructure. Cloud vendors provide tooling to automate horizontal and vertical scaling depending on the physical resource requirements at a given time of day.
Vertical scaling is the creation of more powerful machines by expanding their computation capabilities by adding CPU or extra memory. Generally, we can use one of the predefined machine types which the cloud vendor supports. Also, there are providers which allow us to redesign the machine size.
Horizontal scaling is adding extra servers that operate together as one unit. It is also possible, but it depends on the architecture of a given solution. Computing
Cloud Transformation Business Value
power scaling can be hand-made or fully automatized by the cloud provider, basing on the pre-configured triggers such as CPU usage, number of requests for additional resources etc.
Storage services are one of the major benefits of the cloud. Storage is inexpensive, unlimited, and has built-in redundancy
One of the key capabilities of the cloud is the possibility to separate computation and storage. Object storage services, such as S3 or Azure blob, allow to achieve massive scalability and persist large amounts of data at efficient storage costs. Whenever computation is required, services such Hadoop can be provisioned on demand to perform the calculations and then be removed. Transient computing infrastructure is one of the major benefits of migrating to the public cloud, as it allows:
• Cost reduction by using resources when they are actually needed, the only constant cost is for the storage;
• Faster processing which can be achieved through horizontal scaling.
Data Recovery
Data loss is a major concern for organizations. Storing data in the cloud means that it is always available for reading and writing. The cloud infrastructure also provides data loss prevention services. Object storage services provide different storage classes, typically there are archive options which are best for backup and infrequent access.
Even hot tiers are backed by rigorous SLAs and 3x redundancy. If needed, it is also possible to enable cross-region replication to create asynchronous copies of data centers located in other geographic locations. However, it is important to verify SLAs of the above option because, depending on the needs, its behavior may not be appropriate for a given architectural choice. Additionally, some services have built-in backup/replication options such as managed databases. There are also services strictly designed to assist in DR (such as Azure site recovery for VMs).
Always-on availability
When using the managed services, cloud vendors provide an SLA which usually gives high access uptime for all the users/devices.
Cloud Transformation Business Value
Lingaro offers transformative cloud solutions with a wide technology span and customized project approach. We support every strategy to leverage cloud services from inception and assessment to implementation and maintenance.
We run cloud adoption projects on both project and organization levels.
Together with the clients, we discover main KPIs of decisive stakeholders and identify current inventory and plan the change across all axes. Our clients decide whether to go slowly, step-by-step, or with a more top-down approach to benefit from everything that various cloud service providers have to offer.
Lingaro’s Approach to Cloud Transformation Projects
Lingaro Cloud Capabilities
Lingaro’s Cloud Capabilities
Lingaro Cloud Capabilities
Our working model bases on close cooperation with all key stakeholders to design cloud migration projects that
• Include well-defined KPIs
• Support effective change management
• Help you benefit from the best the cloud solutions the market has to offer
During delivery, we can adjust the solutions and data structures to best meet the business users’ day-to-day requirements.
Lingaro’s Cloud Capabilities
With our Solution Driven Delivery 04 Model, consisting of 4 steps we bring the fastest Time-to-Value possible.
Lingaro Cloud Capabilities
MVP
The Minimum Viable Product satisifies critical business needs
with sufficient fuctionalities.
Its iterative building process allows for prompt feedback for further product evolution. Fast time to value is one of the key objectives and expectations.
Evolution
In this phase, new data types are added and more
focus is put on common understanding, consistency,
and the accuracy of data.
Expansion
Based on the learning experiences, new enhancements
and features are proposed and implemented. Work is focused on Data Lake use case expansion
and further adoption at the same time making sure that settled users are not impacted
by the changes.
Sunset
The sunset phase gives the opportunity to phase out
the legacy systems that were part of the transformation journey.
1 2 3 4
