Here at Thomas Duryea Logicalis (TDL) we’re hearing a lot of customers ask us about the best approach when it comes to migrating their workloads into Azure. There seems to be some confusion about what the right approach is and typically, understanding the right starting point to ensure a successful migration.
In this series of blogs, we’ll delve into what you should be looking at when you’ve made the decision to shift all or part of your datacentre into Microsoft’s public cloud.
As you’ve probably guessed, we’re going to look at Governance and how this sets the stage for your migration, it’s probably the least interesting aspect of any cloud migration (from a tech point of view) but it really beds down the fundamentals, and when done right, provides a solid foundation for your organisation to build upon.
Why the need for good Governance?
There are several reasons, but to put it simply, the characteristics of the public cloud - agility, flexibility, and consumption are all elements that need some controls in place, having no controls could mean; at best, messy subscriptions that are difficult to manage, track and maintain and which would inevitably blow out costs. At worst, an environment that is open to complete annihilation.
There are also considerations around compliance and regulation and how to ensure your organisation adheres to those responsibilities when making the move.
Compliance in the Cloud
If you have ever seen the movie Robocop you would know the “You Have 20 Seconds to Comply” scene. Fortunately, you’ll never face a malfunctioning ED-209 demanding this of you in the board room, you may face an auditor though.
Managing compliance is no mean feat, it’s fraught with standards and regulatory complexities that are constantly changing with the onus on the business to maintain their compliance. International electronic data handling laws, GDPR is a classic example of this, and when compliance is not met, could potentially mean the end of your business.
A major benefit of partnering with a Cloud vendor such as Microsoft is that these complexities can be offloaded, or at least shared. Azure has the largest global presence of any Cloud vendor, and as such, address regulatory compliance needs every day because they deal with large volumes of customers and data that span virtually every industry in 140 countries worldwide!
Microsoft offer the Service Trust Platform which gives you complete transparency and allows you to:
- Access audit reports across Microsoft Cloud services using a single pane of glass
- Access compliance guides to help you understand how you can use Microsoft Cloud service features to manage compliance with various regulations
- Access trust documents to help you understand how Microsoft Cloud services help protect your data
Governance can reap savings
Do you remember the advent of virtualisation in the early 2000’s? Virtual machine (VM) sprawl was a common problem. VM's were spun up relentlessly, blowing out budgets and making life difficult for administrators who had to manage the infrastructure. We have now arrived in the Cloud, but this time we have the advantage of hindsight!
With that said, the Cloud era brings more to the table for consideration, it has given us unprecedented access to virtually unlimited computing power and storage whenever we need it, and it’s precisely this type of potential consumerisation that needs to be controlled.
A well thought out policy structure, that mandates which VM SKU can be deployed, force Hybrid Use Benefit or deploying Reserved Instances are just some of the strategies you can employ to keep costs in check. There is also the Azure Cost Management service that helps you manage your spend, but that’s for another blog.
The International Data Corporation (IDC) released a white paper to help you determine which factors you should take into consideration when looking at reducing your costs in the cloud. An interesting graph outlines decisions you make when it comes to consumption early on, that can really save money for your organisation in the long run, when a well thought out plan is executed.
Azure Governance goes well beyond controlling what gets procured though, think of it as a framework of controls specifically targeting areas of your subscription(s) to help meet corporate policy while still allowing business groups and developers to quickly meet their own goals. Microsoft refers to this as “Scaffolding” and here’s how they define it…
“In real life, scaffolding is used to create the basis of the structure. The scaffold guides the general outline and provides anchor points for more permanent systems to be mounted. An enterprise scaffold is the same: a set of flexible controls and Azure capabilities that provide structure to the environment, and anchors for services built on the public cloud. It provides the builders (IT and business groups) a foundation to create and attach new services.”
What else should we be considering?
There are a number of fundamentals that should be considered including:
- Organising subscriptions to minimise "sprawl" and track costs
- Increase security by implementing least privilege access, securing resources and track security issues
- Minimise outages by preventing accidental deletions (see my annihilation comment above)
- Minimise costs and unsupported services through policy
- Monitor resources for outages, compliance and best practice
- Minimise errors and increase agility with automated deployments
Tools for Governance
There are several tools used to control Governance, it's important to discuss what they are and what each function does. Your architects and technical personnel should familiarise themselves with the concepts behind each of these to help reach your business' end goal:
- Azure EA Portal
- Resource Groups
- Resource Locks
Hopefully this blog has prepared you with some of the ground work and armed you with knowledge on what it takes to establish your organisation in the Cloud. In the next blog post, we’ll look at the EA Portal, adoption of proven methodologies and how managing your resources correctly can ensure you’re well on your way to a successful solution.
In the meantime, if you have a challenging Azure project coming up or if you have any questions regarding this blog, please feel free to contact Eddie El-leissy, our Azure Solution Architect.