Enterprise cloud adoption is no longer a marginal phenomenon. Since 2014, there has been an increasing trend of enterprise cloud adoption. This was made possible by massive efforts on the part of cloud providers to become enterprise-grade, as well as IT leaders beginning to fully understand the risks and benefits of public cloud usage, rather than carry misguided perceptions about public cloud security, compliance, and regulatory restrictions.
Many enterprises, however, lack the skills, knowledge, and expertise required to architect a public cloud that optimally balances their technical and business requirements with a stable, sustainable business and financial model. In fact, lack of resources and expertise is listed as the #1 challenge among enterprise IT leaders who are actively exploring a public cloud deployment. Many of them therefore opt for a managed architecting and onboarding process to make sure they’re reaping the maximal benefits the cloud has to offer while avoiding common pitfalls, and subsequent financial and operational repercussions.
In this paper, we will explore AllCloud’s Enterprise Onboarding Program, aimed at enterprises who wish to adopt public cloud services as an integral part of their IT strategy, which consists of first understanding each customer’s unique cloud requirements, then creating a cloud architecture to answer these requirements, and finally, deployment of the selected architecture, as well as mentoring and onboarding of enterprise IT personnel.
The State of Enterprise Cloud Adoption Today
A recent survey shows that nearly 60% of enterprises are in mature stages of cloud adoption in 2017, and run, on average, a third of their workloads on the public cloud. Only 4% of enterprises are not considering cloud at all. The survey also indicates that security, one of the great barriers to enterprise cloud adoption in the past, decreases as a main concern for enterprises as they become more mature in the cloud (by 40%), while lack of resources is a growing concern for enterprises adopting cloud, and only decreases when enterprises are fully cloud-mature.
Lack of resources is indeed a major concern for enterprises making their way into public cloud. Cloud adoption isn’t just about opening an AWS or GCP account, spinning up machines, and getting to work. It requires careful planning, and more importantly, a change in the mindset of cloud engineers, managers, and users, from an on-prem asset mindset (“one server”) to a cloud service mindset (“one server-hour”), and the benefits and consequences of employing a public cloud service.
AllCloud Offers a Solution to Cloud Migration
AllCloud is a global leader in cloud adoption practices, specializing in the complex, highly sensitive enterprise domain. Following hundreds of successful enterprise cloud deployments, we’ve gained vast knowledge and experience in common enterprise cloud migration challenges, and have devised a Landing Zone as part of our Enterprise Cloud Onboarding Program. The program is a holistic process meant to help enterprises take their first steps in public cloud with confidence, making sure they are utilizing cloud infrastructure as efficiently as possible, while focusing on the strict security, compliance, and governance measures required by enterprises.
The onboarding program includes two main phases: enterprise integration and migrating applications.
Phase I: Enterprise Integration
The first phase of the program is about laying the foundations for a cloud deployment that best fits the enterprise’s processes, practices, and regulations. This phase involves the planning of operational, financial, and regulatory aspects of enterprise cloud migration. Essentially, it’s about setting up a “walled garden” within the cloud that best fits the customer needs. Initially, we provide an overview regarding the different services and use cases, whether internal or customer-facing. Focus groups are then created for dealing with each aspect of cloud migration: corporate IT, security, legal and finance, and procurement. The outcome of these focus groups is a suggested solution for each of the enterprise integration items listed below. AllCloud then performs a review of each and, once cross-group consensus is reached, skilled internal teams are created and the solution is implemented.
After going through this step with numerous Enterprise customers and repeatedly coming across the same system design use case and requirements, AllCloud has created an automated Enterprise Landing Zone which is an infrastructure-as-code solution used to quickly and safely set up and maintain the new cloud environment. The Landing Zone is used to expedite necessary and common processes required by all Enterprise companies. The Landing Zone Scope highlights are automation of the following:
- AWS Account creation
- Governance policies, rules and tools
- Network deployment
- Auditing and Logging
- Identity Management provisioning
- Service Operation Monitoring solution
- Integration of 3rd Party solutions
- Finance controls
The following key topics are covered at length during enterprise integration with the Landing Zone:
-Identity and Access Management (IAM)
Most enterprises already have IAM in place of their different systems and applications for regulatory compliance audits. AllCloud sets up the cloud providers’ IAM for the customer and integrates it with existing IAM systems or as part of an identity federation set up by the customer.
The main tenets of cloud are on-demand, self-served, and metered. This means that users, who in the past had to go through their IT organization in order to provision IT resources, now have infinite resources at the tips of their fingers. The loss of central IT control over resources may lead to unwanted phenomena like “cloud sprawl” and “shadow IT.” In order to make sure that users are not free to do whatever they want in the cloud, governance measures must be put into place. AllCloud sets up clear rules and processes which allow IT to take back control and properly govern their cloud. These include new account creation, account settings and provisioning, service enablement, regional permissions, cloud marketplace restriction, best practices, and service whitelist.
Cloud financial planning isn’t as simple as “switching from Capex to Opex.” Cloud resources are consumed as services and not as assets. For example, one on-prem VM provisioned to a user is a fixed cost asset, regardless of how much time it’s actually used. In the cloud, on the other hand, each VM-hour is metered and invoiced, so unused VMs can accumulate heavy costs which then yield a surprising cloud bill at the end of the month.
In addition, the on-demand pricing model is not the only one that exists in the cloud. Providers also offer additional pricing models, like upfront usage commitments for long-running workloads or spare capacity pricing for sporadic ad-hoc workloads, models which offer significant discounts compared to on-demand pricing and require precise financial planning. AllCloud sets up a financial plan for enterprises’ migration to cloud services. These include determining the dynamic cloud TCO model, budget management, monitoring and alerts, cost optimization, and internal cloud chargeback processes.
Networking is a critical issue in IT infrastructure, divided into internal and external networking. Internal networking refers to the connectivity between the enterprise’s cloud resources (similar to the on-prem LAN), where AllCloud plans network architecture, IP address planning and perimeter security. External networking refers to the connectivity between cloud resources and the outer world (enterprise users and customers), where AllCloud helps plan remote access, public Internet connectivity, VPN solutions, and dedicated line services to cloud providers.
Security, Auditing, and Compliance
Security, one of the most sensitive issues in cloud adoption—often keeping IT leaders awake at night—requires special attention. AllCloud’s experienced cloud security experts help devise a security plan for the enterprise’s cloud deployment, including IP restrictions, enforcement procedures, hardening policies, encryption and key management, and MFA.
AllCloud also provides integration of cloud resource logging systems and security event logging systems with enterprise SIEM systems that allow for automatic auditing and reporting for compliance purposes.
-Enterprise Services and Procedures
AllCloud takes care of setting up common enterprise resources and supporting infrastructure in the cloud. This includes setup of directory services, app catalogs, image repositories, data replication, business continuity, CI/CD practices, monitoring, email servers, message servers, enterprise service buses, and more.
-Personnel Onboarding and Training
Setting up an enterprise cloud isn’t just about the infrastructure, processes, and integration. It’s about the enterprise personnel who will be managing and operating the cloud deployment. Within the Enterprise Cloud Onboarding Program, AllCloud introduces, trains, and mentors all employees who take part in the enterprise cloud, with the intention to bequeath the “cloud mindset” to all users and administrators of the cloud, and prevent inefficient usage, or “cloud sprawl,” one of the common cloud birth pains. Trained personnel includes IT admins and support, DevOps and SecOps engineers, developers (cloud users), finance, and procurement.
Phase II: Migrating Applications to the Cloud
The end of phase I marks a point at which the enterprise’s cloud environment is set up and ready to take in workloads and applications. It’s not always as simple as spinning up a VM in the cloud for every VM on-prem. The cloud brings with it flexibility, agility, and scalability that are not available on-prem and require re-thinking of application architecture. Phase II of AllCloud’s Enterprise Onboarding Program is about understanding the optimal cloud architecture for each enterprise application, deploying it, and maintaining it. The application migration process is divided into three steps: architect, build, and operate.
Phase II of AllCloud’s Enterprise Cloud Onboarding Program: The Application Migration Deployment Process
- Rehost (“lift and shift”): The quickest way to migrate to the cloud. This involves copying on-prem application architecture into the cloud (VM for VM) and deploying the application in a cloud replica of the on-prem architecture. It can be done two ways: manually or automated. It’s not a very efficient migration strategy and ignores the scalability and flexibility enabled by cloud infrastructure.
- Replatform (“lift and reshape”): Similar to the rehost method, but includes a bit of tinkering with the application architecture to ease operations (e.g. migrating the database infrastructure to a managed platform like AWS RDS) or reduce costs (e.g. switching from licensed middleware to open-source).
- Repurchase (“drop and shop”): Involves getting rid of on-prem applications and replacing them with a cloud-native SaaS solution (e.g. migrating from an on-prem CRM system to a SalesForce®-based solution).
- Refactor / Re-architect: A complete rebuild of the application code and architecture as a cloud-native application, decoupling of application building blocks, and planning for agility with serverless architectures. This is the most expensive option, but, with clear business justification, the most beneficial one.
- Retire: Planning for cloud migration involves creating a full inventory of enterprise applications. In the process, many “forgotten” applications which are no longer useful to the enterprise are re-discovered, and retired.
- Retain: Whether it’s utilizing on-prem infrastructure or simply a matter of priorities, some applications will not be migrated to the cloud and kept as-is.
“6 R’s” to cloud app migration; Credit: medium.com
In the first part of the application migration process, AllCloud holds a workshop with all relevant IT stakeholders. In the initial 2-4 weeks, we take inventory of all applications running in the enterprise IT environment, and decide on the right migration plan (the right “R”) for each and every application. The workshop is led by AllCloud’s highly experienced cloud architect team made up of infrastructure, security, and automation experts.
The second step of the application migration process is the implementation of the workshop decisions and conclusions. AllCloud’s diverse engineering team—consisting of DevOps, SecOps, cloud automation and operation engineers, as well as supporting cloud architects —carries out application migration processes in a 4-10 week period, depending on migration volume and complexity.
The last step of the application migration process focuses on bridging the knowledge gap and working hand in hand on operating the now-migrated cloud applications. AllCloud’s engineering team is reinforced with cloud operation engineers, who are experienced in managing cloud applications, maximizing their uptime and keeping them secure, compliant, and efficient. This step includes not only operations, but also building and mentoring of an in-house customer operations team, making sure that they all have a deep understanding of cloud application dynamics and requirements.
While enterprise cloud adoption is in mainstream adoption phase, cloud migration isn’t as simple as opening a cloud account and spinning up VMs; it requires a high level of expertise and shift in the IT mindset. AllCloud is very experienced with enterprise cloud migration, with a track record of hundreds of successful deployments behind it. Following our vast enterprise experience, we’ve devised An Enterprise Landing Zone to expedite the Enterprise Cloud Onboarding Process, which is meant to quickly and safely set up the foundations of an enterprise cloud infrastructure, involving all relevant enterprise stakeholders, followed by a case-by-case application migration program, along with thorough mentoring and enablement of IT staff in adopting a cloud mindset.