COVID’s ‘Next Normal’ Fuelling Cloud Migration: The 7 Steps Guide
Blog: NASSCOM Official Blog
The COVID-19 pandemic is accelerating the Digital Transformation journey of enterprises, both large and small. Fundamental to this transformation will be three main technologies: cloud computing, big data analytics and cyber security.
@NASSCOMR recently published a report “SMB Cloud Adoption in India: Towards a Digital First Nation” that analyses the interest in cloud, adoption and maturity levels for SMB users and non-users.
The report was released at a webinar on COVID’s ‘Next Normal’ Fuelling Cloud Migration – an important theme that resonates very well with the report findings.
Based on the panel discussion on the cloud migration journey and the best practices that SMBs can follow, I have attempted to capture the key points below.
Note: This article does not cover all aspects of cloud migration, but will serve as a guideline. While I have attempted to categorise the migration journey into specific buckets, it is by no means linear; many of these steps would need to be carried out in parallel.
THE CLOUD MIGRATION JOURNEY
- DISCOVERY & PLANNING PHASE
- Vital to understand interconnects & interdependencies of application-server mesh; also interdependencies with multiple layers of an application – so you know which servers have to move to cloud as well
- There may be servers that are end-of-life and so you may need upgrades (green field) or legacy machines
- Automation would help standardise configurations for multiple servers
- Anticipate hiccups – compatibility issues with software esp. operating systems; outdated OS that you may need to upgrade; modernization of software for the applications, new requirements, etc.
- SELECTION OF RIGHT SERVICE MODEL:
- Understand Cloud Adoption Frameworks of various cloud service providers
- Depending on the type of applications to move to cloud & the kinds of workload – compute, storage, network – decide on the type of service – IaaS, SaaS or PaaS
- MIGRATION READINESS INDEX* – THE 7 Rs APPROACH:
Not all workloads/applications need to move to the cloud. The 7 Rs approach will help you decide if a particular application is/isn’t suitable for cloud environment:
- Rehosting: Or lift & shift. Most easy to use, most efficient & popular; effectively, replicating on-prem environment on cloud; applications may not be optimized
- Replatforming: Transforming the underlying databases, operating systems, app or web servers; efficient & easy to do & very quick benefits
- Repurchasing: Basically replace on-prem software with SaaS solution; If some applications are difficult to migrate to cloud for various reasons like upgrading, etc. then, going for SaaS may be a good strategy. E.g., CRM can be moved to Salesforce.com
- Re-factoring: Re-architecting applications for cloud; very complex, expensive & time consuming
- Relocate: Moving VMware Virtual Machines from on-prem to VMC (VMware Cloud on AWS)
- Retiring: With a move to cloud, some applications may become redundant esp. legacy applications
- Retaining: Applications remain on-prem; depends on criticality of applications and prioritisation
- SECURITY & COMPLIANCE
- Ensure applications get very secure and flexible connectivity (public & private) and are available to the users all the time – direct impact on UX
- Operational consistency: Lack of a vertical-specific, standard framework for security & compliance
- Advanced threats:
- User access: Decide on who can access; how do you give access; what is the level of access; authentication, etc.
- Application access: Malware threat. There are tools and services available with cloud providers that restrict unauthorised access/usage
- Data leak: Most important. Where the IP or data exchanged mechanism that is not proper, you can use DLP (Data Loss Prevention) software
- Information visibility: Mobile devices & edge computing is leading to information being widely dispersed. You will need policies to decide where to supply information, what information is given to what kind of an authorised user, etc.
- Compliance: Ensure standards like ISO27001, FEDRAM, PCI, HIPAA, SOX, etc. are in place
- Data: Three kinds of checks: Data localization policies (country-specific); Data sovereignty (data is subject to the laws of the country where it is located); Information access
Security & Compliance is the joint responsibility of three stakeholders – the customer implementing cloud; SaaS provider; and Cloud providers
- MIGRATION JOURNEY
Phase I: Do a lift & shift of applications with minimal changes to ensure that the team is comfortable with the new environment
- With lift & shift, you can run the existing production environment without any confusion or risk
- Have a Hybrid cloud strategy (private and public cloud) as a fallback option in case of contingencies
- Start with least critical applications so that there are fewer disruptions and you will also gain experience and the confidence needed. Document your experience. Use automation as much as you can as it saves time in terms of deployments. Anticipate compatibility issues esp. with operating systems
- Load testing: Typically the first step before you start using the applications
- Throughput on cloud may not be the same as on-prem
- When the new environment is ready, initially, test with limited user load with limited users in real production environment; over time, shift 100% of workload to cloud
- Once customers graduate from Phase 1, they go for a multi-cloud environment where they have 2 or more public cloud providers
- Cost savings will not be seen in Phase I. Adopt cloud native services like serverless architecture, spot instances, auto scaling, turning off servers when not in use – this will help achieve maximum cost savings, improve teams’ productivity and time to market
- Utilise cognitive services available on cloud which will give you immediate benefits – image recognition, automation, insights, knowledge search, etc.
- Control and visibility: With the right combination of tools & skills, cloud improves control and observability esp. in a multi-cloud / hybrid environment and this can even be automated
Have a good migration strategy: A good team with right skills, cloud architects, security skills, get management buy-in & ownership
Ensure that you are following DevOps Automation practices and using Infrastructure-as-a-Code while executing the migration
- COST CONTROL & OPTIMIZATION
- Cost control & optimization:
- Very crucial to understand cost attributes of cloud platform – how costs change from one instance site to another. Invest in training and learning about the cost attributes
- Lack of visibility on cost:
- Every application on cloud has to have a person/team owning it, even if it is PoC or shared service. Cost has to be shared/divided across different BUs or attributed to an IT services team. Do not leave anything untagged
- Publish dashboards and make the information available on real-time basis; have alerts when costs deviate too much
- Cost control & optimization:
- Costing: Instead of giving costs based on different cloud services that are running, cloud service providers must give cost breakup in terms of the customers’ application spend and their BU costing – that is how they track their costs internally
Ensure that you train your resources for cloud environment; it is not same as on-prem. Budget for training resources so you can make the best use of cloud functionalities
- Sukhjit Singh, Director-Technical, AT&T (Moderator)
- Tarun Gupta, Business Unit Head – Cloud Services, MothersonSumi Infotech & Designs Ltd.
- Aman Aggarwal, AVP-Cloud & DevOps, TO THE NEW
- Gurprit Gulati, Founder Director, Umbrella Infocare Private Limited
- Ram Narasimhan, MD,CDO & CIOO, Xebia IT Architects India Private Ltd.
- Rashid Sayeed, Director-IT Service Delivery, Conduent Business Services India LLP
* There are variations in the number of Rs: 5 Rs (Gartner), 6/7 Rs (AWS). I have retained 7 as this is what was discussed in the webinar
Please share your feedback at: firstname.lastname@example.org