cloud journey assess-migrate-manage customer facing
TRANSCRIPT
Customer Facing Presentation
Cloud JourneyAssess-Migrate-Manage
May 20
1
Contents
► Cloud Journey landscape and challenges
► TDL Cloud Journey model
I. Cloud Readiness
II. Cloud Security
III. Cloud Migration
IV. Managed Cloud
► Why TDL
► Next Steps
2Thomas Duryea Logicalis
Cloud Journey Landscape Today
The average business runs 38% of workloads in public
and 41% in private cloud
36% plan on embracing cloud for advanced use
cases, including leveraging data services, warehousing, analytics, AI, big data and
machine learning
Virtually all organizations, 96%, use the cloud in one way or another
Cloud usage is
now ubiquitous
Increasing number of workloads
in public and private clouds
Growing importance of
advanced workloads to business
Using Cloud
Yes
No
Future Plans
Advanced
Others
Enterprise Cloud Strategy
Multi-Cloud
No plans
Single private
Single public
1,000+ Employees
Multi privateMulti public
Hybrid cloud
Cloud Journey Landscape - Today
4Thomas Duryea Logicalis
The average business runs 38%of workloads in public and 41% in
private cloud
36% plan on embracing cloud for advanced use cases, including leveraging data services, warehousing, analytics, AI,
big data and machine learning
Virtually all organizations, 96%,use the cloud in
one way or another
Cloud usage is now ubiquitous
Increasing number of workloadsin public and private clouds
Growing importance ofadvanced workloads to business
Multi private
Multi public
Hybrid cloud
Using Cloud Future Plans
Yes
No
Advanced
Enterprise Cloud Strategy
Multi-Cloud
No plans
Single private
Single public
1,000+ Employees
What does this mean to your organisation?
► A lack of transparency about true operational costs leads to less confidence in public cloud as a strategy
► Without a clear strategy for public cloud, IT is unable to deliver on the business increasingly agile requirements
► Missing out on the new security and governance capabilities that are delivered with public cloud
► A competitive disadvantage in the marketplace
5Thomas Duryea Logicalis
Key Cloud Adoption Challenges
14%
32%
35%
39%
40%
45%
57%
Corporate or executive sponsorship
Challenges around data locality andlocation
Legacy applications or otherservices
Challenges around GRC(governance, risk and compliance)
Legacy infrastructure
Cost (TCO, ROI)
Complexity around security
Cloud Expertise Essential to Success
Key Cloud Adoption Challenges
7Thomas Duryea Logicalis
14%
32%
35%
39%
40%
45%
57%
Corporate or executive sponsorship
Challenges around data locality andlocation
Legacy applications or otherservices
Challenges around GRC(governance, risk and compliance)
Legacy infrastructure
Cost (TCO, ROI)
Complexity around security
Cloud Expertise Essential to Success
TDL Cloud Journey
8Thomas Duryea Logicalis
Curious
No cloudbut want to move safely
➢ COSTS➢ MIGRATION STRATEGY➢ ROADBLOCKS
Engaged
Some workloads in cloud but not
optimised forsecurity , scale,
support
READINESS
ASSESSMENT
SECURITY
ASSESSMENT
➢ ACCESS CONTROL➢ NETWORK SECURITY➢ PATCHING➢ DATA ENCRYPTION
Prepared
First workloads in place and
ready for deployment
➢ FOUNDATIONS➢ GUARDRAILS➢ SUPPORT
INITIAL PRCP
DEPLOYMENT
Active
Continuous integration and deployment to
PRCP
➢ RE-USE OF PLATFORM AND GUARDRAILS FOR GUARANTEED SUCCESS
Optimum
Continual reconfiguration to
meet changing requirements
ONGOING PRCP
DEPLOYMENT
Cloud Production Maturity
➢ WORKLOAD DEPLOYMENTS
➢ TEMPLATED BLUEPRINTS AND PATTERNS
Hybrid Cloud
OptimisedCurious Engaged Prepared Active
No cloudbut want to move safely
➢ COSTS➢ MIGRATION STRATEGY➢ ROADBLOCKS
CLOUD READINESS
ASSESSMENT
Some workloads in cloud but not optimised for
security , scale, support
➢ ACCESS CONTROL➢ NETWORK
SECURITY➢ PATCHING➢ DATA ENCRYPTION
CLOUD SECURITY
ASSESSMENT
First workloads in place and
ready for deployment
PRODUCTION READY CLOUD
PLATFORM
➢ PRIVATE CLOUD (NetApp 3 tier, Nutanix HCI, Dell HCI)
Continuous integration and deployment to
PRCP
➢ WORKLOAD DEPLOYMENTS
➢ MIGRATIONS➢ TEMPLATED BLUEPRINTS
AND PATTERNS
PRODUCTION READY CLOUD
PLATFORM
Continual reconfiguration to
meet changing requirements
CLOUD MANAGED
SERVICE
➢ RE-USE OF PLATFORM AND GUARDRAILS FOR GUARANTEED SUCCESS
TDL Cloud Maturity Journey
➢ HOSTED CLOUDTDL Cloud
➢ PUBLIC CLOUD (Azure, GCP)
WHAT YOU GET
WHAT YOU GET
WHAT YOU GET + 1
WHAT YOU GET
WHAT YOU GET + 1
WHAT YOU GET + 2
CLOUD READINESS
ASSESSMENT
CLOUD SECURITY
ASSESSMENT
PRODUCTION READY CLOUD
PLATFORM
PRODUCTION READY CLOUD
PLATFORM
CLOUD MANAGED
SERVICE
Optimised
Curious
Engaged
Prepared
Active
No cloudbut want to move safely
Some workloads in cloud but not optimised for
security , scale, support
First workloads in place and
ready for deployment
Continuous integration and deployment to
PRCP
Continual reconfiguration to
meet changing requirements
TDL Cloud Maturity Journey
WHAT YOU GET
WHAT YOU GET
Thomas Duryea Logicalis 12
Cloud Readiness
Readiness Assessment
► Real-world sizing estimates and cost expectations
► List of incompatible workloads and a strategy for transformation
► Overall strategy roadmap with budget costs
13Thomas Duryea Logicalis
Next steps
1. Understand interest
2. Approve proposal to proceed
3. Questions and interviews
4. Workshop
5. Recommendations and roadmap
14Thomas Duryea Logicalis
Thomas Duryea Logicalis 15
Cloud Security
Security Assessment
► Best practise security assessment against Logicalis Production Ready Cloud Platform standard incorporating Microsoft Cloud Adoption Framework, industry specific standards and real-world experience from our Azure Expert MSP Centre of Excellence.
► Four key focus areas:
1. Security
2. Network
3. Governance
4. Application Architecture.
16Thomas Duryea Logicalis
Security Category Awarded Grade / Colour
Environment Analysis
Subscription Ownership Needs Attention
Role Based Access Control Needs Attention
Remote Access Acceptable
Data Encryption Needs Attention
Virtual Machines Caution
Security State Monitoring Caution
Network Security
Networking Acceptable
Zero Trust Approach Caution
Connectivity to Customer Networks OK
Inbound and Outbound access Acceptable
Service Traffic No Data
DMZ OK
Governance
Naming Conventions Needs Attention
Cost Reporting and Tagging Needs Attention
Monitoring Caution
Azure Logging Caution
Azure Backup Caution
Patching Acceptable
Application Architecture
Availability and Resiliency Needs Attention
Disaster Recovery Needs Attention
Traffic routing Caution
Traffic Management and segregation Caution
Azure Backup Caution
Next steps
1. Understand interest
2. Approve proposal to proceed
3. Gather documentation
4. Assign read-only access to Cloud Consultant
5. Recommendations report is presented.
17Thomas Duryea Logicalis
Thomas Duryea Logicalis 18
Production Ready Cloud Platform
Production Ready Cloud Platform
Transitioning the right workloads to the cloud in the right way is business critical.
But what’s the best way to do this?
Do it yourself?
Engage expert consultants?
Pre-configured environment.
19Thomas Duryea Logicalis
• Secure, granular model
• Design principles of disabled by default, access only where required
• Detailed logging and auditing
• Next generation security capabilities built in
Networking Security Designarchitecture
Ongoingmanagement
• Enshrine company policies, procedures and controls
• Protect administrative access, including ensuring access only from trusted locations
• Report non-compliance in real time
• Adhere to encryption and data sovereignty policies
• Guidelines for all future deployments
• Built in disaster recovery and high availability
• Security principles
• Simplify portal administration
• Consistent backup and recovery
• Automated security management
• Leverage DevOps and automation
• Detailed reporting to avoid “bill shock”
Key considerations
High level design
CONTOSO APP#1
CONTOSO APP#1
WAN
Site A
Site B
Site C
Site D
Express RouteCircuit
p-ause-vn-hub-0110.103.0.0/21
VPN
Virtual Network Gateway
Gateway Subnet
Primary Firewall
Secondary Firewall
xxx
Public
Azure load balancer
xxx
Private10.103.0.0/24
Azure load balancer
xxx
WAN
Azure load balancer
p-ause-sn-jump (10.101.16.0/28)
p-ause-sn-core (10.101.32.0/24)
GatewaySubnet (10.101.0.0/24)
p-ause-sn-dmz (10.101.16.16/28)
p-ause-vn-vnet-0110.101.0.0/17
p-ause-sn-mgm (10.103.193.0/24)
p-ause-sn-app (10.103.195.0/24)
p-ause-sn-db (10.103.196.0/24)
p-ause-sn-dmz (10.103.199.0/24)
p-ause-vn-vnet-0410.103.192.0/21
Express RouteConnection
Virtual Network Gateway
Panorama
Internet
Route Tablep-ause-rt-vnet-040.0.0.0/24 → ILB
10.103.192.0/21 → ILB
Route Tablep-ause-rt-vnet-04-sn-app
0.0.0.0/24 → ILB10.103.192.0/21 → ILB
10.103.196.0/24 → Vnet
Route Tablep-ause-rt-vnet-04-sn-db
0.0.0.0/24 → ILB10.103.192.0/21 → ILB
10.103.195.0/24 → Vnet
Route Tablep-ause-rt-vnet-010.0.0.0/24 → ILB
10.101.0.0/17 → ILB
p-ause-sn-app2 (10.104.1.16/28)
p-ause-vn-vnet-0310.104.1.0/25
Route Tablep-ause-rt-vnet-030.0.0.0/24 → ILB
10.104.1.16/28 → ILB
Core Rules- All Non-Azure ExpressRoute and VPN traffic to traverse Firewall- All Azure internal traffic to traverse firewall- All internet traffic to traverse firewall
Log Analytics
Storage
AzureAutomation
Availability set
NSG
NSG
NSG
NSG
NSG
NSG
NSG
NSG
NSG
p-auea-sn-mgm (10.105.193.0/24)
p-auea-sn-app (10.105.195.0/24)
p-auea-sn-db (10.105.196.0/24)
p-auea-sn-dmz (10.105.199.0/24)
p-auea-vn-vnet-0410.105.192.0/21
Route Tablep-auea-rt-vnet-040.0.0.0/24 → ILB
10.105.192.0/21 → ILB
Route Tablep-auea-rt-vnet-04-sn-app
0.0.0.0/24 → ILB10.105.192.0/21 → ILB
10.105.196.0/24 → Vnet
Route Tablep-auea-rt-vnet-04-sn-db
0.0.0.0/24 → ILB10.105.192.0/21 → ILB
10.105.195.0/24 → Vnet
p-auea-sn-app2 (10.104.1.16/28)
p-auea-vn-vnet-0310.104.1.0/25
Route Tablep-auea-rt-vnet-030.0.0.0/24 → ILB
10.104.1.16/28 → ILB
NSG
NSG
NSG
NSG
NSG
Australia South East
Region
Australia East Region
Azure Active Directory
Domain Services
Azure Active Directory
Vnet Peering
Vnet Peering
Vnet Peering
Express RouteCircuit
VPN
Virtual Network Gateway
Gateway Subnet
Primary Firewall
Secondary Firewall
xxx
Public
Azure load balancer
xxx
Private10.103.8.0.24
Azure load balancer
xxx
WAN
Azure load balancer
p-auea-sn-jump (10.102.16.0/28)
p-auea-sn-core (10.102.32.0/24)
GatewaySubnet (10.102.0.0/24)
p-auea-sn-dmz (10.102.16.16/28)
p-auea-vn-vnet-0110.102.0.0/17
Express RouteConnection
Virtual Network Gateway
Panorama
Route Tablep-auea-rt-vnet-010.0.0.0/24 → ILB
10.102.0.0/17 → ILB
Log Analytics
Storage
AzureAutomation
Availability set
NSG
NSG
NSG
NSG
LogicMonitor
Serviceendpoint
Vnet Peering
Vnet Peering
Vnet Peering
Vnet Peering
p-auea-vn-hub-0110.103.8.0/21
Traffic Manager
Primary
Secondary
Azure Key Vault
Azure Key Vault
LogicMonitor
External User
Out of the box compliance
Out of the box compliance
Industry specific compliance
Next steps
1. Understand interest
2. Approve proposal to proceed
3. Design workshop
4. Deployment of platform
5. Documentation and handover.
25Thomas Duryea Logicalis
Thomas Duryea Logicalis 26
Migration
Migration
27Thomas Duryea Logicalis
Leverage our years of experience in successful cloud migrations with an Azure Expert MSP audit approved Framework.► Business Application focussed approach
► Lift and Shift focus, with transformation as 2nd
stage to deliver a fast, low risk migration
► Optional onboarding to managed services.
28
Managed Cloud
Thomas Duryea Logicalis
Managed Cloud
Whether you are working on mission-critical apps, entire datacenter footprints, or hybrid environments, as an Azure Expert MSP we have proven capabilities to be able to help you.► Confidence in the availability of core workloads &
applications
► Risk management for system security & reliability
► Governance to ensure cost optimisation
► Savings delivered & reported monthly
► Te nobitae prero te quisqui ut volloribeat isquenobitem harumqui dolent ommos rerum
► Idempore pratiss untibus nam a et magnat lique sit
► Olupta arum harum quam re 29Thomas Duryea Logicalis
Measures of success
Performing at an acceptable level
Operating in a secure manner
Using resources in a cost-effective manner Leveraging
the latest technologies
Overall approach
04Design
the solution
framework
03Prove &
validate
concept
02Discovery of
available
options
01Identify the
business
problem
07Evolution
into next
generation
Cloud Team
CLOUD ARCHITECTURE AS A SERVICE (CAaaS)
GOVERNANCE + SECURITY
Azure Managed Services
Process for Delivering Services in the Cloud
05Onboarding
transition
06Run
solutions
Pillars for success
Support
Cloud Architecture as a Service (CaaAS)
Monitoring
Capacity Management
Security & Governance
Cost Optimisation
Disaster Recovery Validation
Thomas Duryea Logicalis 33
Why TDL
Azure
MSP
Azure
Partners
Azure
Expert MSP
< 65 Globally
Trusted and certified
Best of the best
Highly evolved form of managed services partners
Deep skillsets across DevOps/Sysops, architecting
cloud solutions and technical professional
consulting
Proven to deliver business outcomes for your
solutions and applications
Whether you are working on mission-critical apps, entire datacenter footprints, or hybrid environments, Azure Expert MSPs have proven their capabilities to be able to help you.