The difference between cloud software design and traditional architectures is that cloud software design takes advantage of principles such as decentralization, self-healing, asynchronous, elasticity, and polyglot persistence. As a result, before migrating existing applications, some housekeeping is in order. Below are 5 steps to take before migrating your apps to Azure.
You should already be performing penetration tests on any apps exposed to the internet. You should also be doing source code vulnerability scans with your favorite tool and taking steps to remediate any potential problems. Other typical practices include endpoint security, data encryption, connection string vaulting, logging, and securing any access secrets. These operations should be a part of your current development process and are major steps toward ensuring cloud application security. If you feel there are gaps in your security posture, then get an independent assessment. Once you’ve done all you can on the ground, it’s now time to turn your attention to cloud security.
Azure’s Assumed Breach Strategy is where you’ll start. Understanding that it’s not if, but when a breach will occur, helps to prepare you organization for the inevitable attack. Furthermore, on the application side, Azure’s Cloud App Security Framework will help ensure you’re protected (see below).
- Cloud Discovery – Discover all cloud use in your organization and continually assess risk
- Data Protection – Monitor and control your data, enforce policies, ensure privacy, and be informed
- Threat Protection – Use artificial intelligence and machine learning to detect anomalies and suspicious behavior patterns in your traffic
2. Get your code off the ground
The goal is to eliminate the clutter, so you can focus on the business of software, including DevOps infrastructure. Stop using TFS and build servers and move all source code repos to Visual Studio Team Services (VSTS) and Git. Take the opportunity to define or refine your pipelines and delivery processes. Automate everything including tests, builds, deployments, notifications, defect entry, and task promotion. Remove any human interaction with these processes and you’ll decrease errors, bugs, and defects dramatically.
- TFS server hardware maintenance…gone.
- TFS server patching…gone.
- TFS version upgrades…gone.
- Punching network holes for remote developers…gone.
- Global access…enabled.
- Seamless and secure Azure integration…enabled.
Let’s stop treating our servers like household pets and more like cattle. Put those TFS servers to pasture and let someone else handle walking the dog.
3. App Dependency Mapping
You could not have picked a better time to move your apps to Azure. There are few reasons left for not moving to the cloud. The advantages far outweigh the disadvantages, and your CEO is probably wondering why you’re not already there. But let’s tap the brakes a bit and continue cloud preparations through documentation and diagrams.
In-house apps, developed over time, will have forgotten complexities and integration points that if not considered before cloud migration, could stifle success. However, in most cases simple consideration and remediation will typically thwart any issues. This starts with knowing and depicting app dependencies.
Knowledge that your apps use Windows GAC, are wired into antiquated vendor services, are dependent on data movement processes, require special hardware integrations, or use 3rd party libraries that are no longer supported, is key to a successful and timely migration. These items are easily handled by various Azure components, but planning for them and expecting them is more effective than being reactive.
There are multiple tools to help with this endeavor; however, you’ll still want to examine and debug the code, interview developers, and meet with app users as this discovery process will help complete the picture. The final output should include app documentation and workflow diagrams that depict application dependencies.
4. Understand Azure Services
Organizations are looking for ways to innovate, reduce IT spend, and improve performance and they are banking on cloud technologies to help get them there. Understanding Azure cloud offerings will aid in all the aforementioned categories. Now you’ll have the ability to match right-sized and right-fit cloud components to your in-place applications. We are not interested in jamming the shiny new cloud toy into production, but pairing cloud services to app components that will indeed give you the benefits of leveraging Microsoft’s cloud.
Start with Platform-as-a-Service (PaaS)
As developers we generally adhere to the philosophy that simple is better and less is more, so let Azure handle the infrastructure while you focus on delivering business value. We do not want to patch servers, upgrade hardware, or worry about scale and whether my app will be resilient in a storm. We want to focus solely on developing great products for our business and customers. This is what Azure PaaS services do for us.
Below is a listing of traditional hosted services mapped to the Azure PaaS respective equivalent. This should serve as a starting point. It will take discovery and analysis to ultimately select the appropriate Azure PaaS solution.
|Website||Web App, Blob Storage|
|wcf sERVICE||Web App, API App, Relays|
|API, Web API||API App, Logic App, Function, API Management|
|images||Blob Storage, CDN|
|messaging, Bus, msmq||Queue Storage, Service Bus|
|SQL database||Azure SQL, Elastic Pools|
|nosql||Table Storage, Cosmos DB|
|Document DB||Cosmos DB|
|warehouse||Data Warehouse, Data Lake|
|data movement||Data Factories|
|integrations||Logic Apps, Connectors, Relays|
Move to Containers
Why should I implement containers? What business use cases do containers solve? Below is a high-level list of reasons to use containers.
- Modernize existing applications
- Provide software consistency through like environments
- Abstract network topology issues
- Abstract the underlying OS and infrastructure
- They are self-healing
- They run anywhere and/or in isolation
- Application decentralization
Cons of containerization can include a substantial team learning curve, difficulty of tracking and debugging, maintenance of container images, and not all scenarios fitting the container model. Your CI/CD pipelines and general DevOps posture will also need attention. Again, careful consideration and building a suitable use case will ensure you are using containers wisely. One example is Microservices. You cannot implement microservices properly without containers and container orchestration, but this architecture typically assumes massive scale as a business requirement. Below are the current Azure container offerings.
|Container services||Container orchestration||Kubernetes, Docker Swam, DC/OS|
|Container Registries||Repository of container images||Container housing/storage|
|Service fabric clusters||Standalone node orchestrator||Run anywhere on Windows Server|
|Container instances||Simple and scalable PaaS service||Deploy single containers quickly and easily|
|Kubernetes services||PaaS service||Managed Kubernetes orchestration|
|OpenShift||Red Hat container platform||Container orchestration from Red Hat|
|Docker EE for Azure||Enterprise-grade cluster management||Turnkey Docker container system in Azure|
NOTE: As we speak, Azure is going to start offering Windows containers as an App Service. Currently ,App Services (PaaS) containers are only supported using the Linux OS.
Finally, If you must… Infrastructure-as-a-Service (IaaS)
You can simply “lift & shift” your applications to cloud infrastructure and mirror what on have on premises. This in part is why we can say, “if you can run it on premises, then it will run in the cloud”. Azure has done a marvelous job of making this scenario a reality. The only apps that will not run in any cloud are ones that are poorly architected, highly proprietary, or perform unpredictably. Avoid these apps.
We will leave IaaS options, design, and architecture for another post as they are extensive, but take note that most organizations have a mix of IaaS, PaaS, and SaaS offerings to serve up their line of business applications. Choose the best tool for the job and use it wisely. Then optimize, optimize, and optimize again and remember:
- If it’s already written, don’t re-write it (SaaS)
- If you can abstract hardware, do so (PaaS)
5. Staff Readiness
As developers and technologists, it is our duty to keep pace. It is what we signed up for. The good news for developers is that between Visual Studio, Visual Studio Code, and Azure Cloud Shell we have everything we need for Azure cloud development. Microsoft, in transforming their business, has done a fantastic job of inclusion, open source, and BYOT (Bring your own tools), so many of your daily activities will be familiar. You simply need to focus on Azure and utilizing the educational resources provided by Microsoft. Below is a list of resources to help get you started.
- Azure Application Architecture Guide
- Azure Developer Guide
- Azure Samples on GitHub
- Azure Architecture Center
- Azure Solution Architectures
- Azure Reference Architectures
- Azure Getting Started
- Azure Tutorials
At Quisitive our mantra is ‘Start Right, Finish Right’. Preparing your applications as well as yourself for cloud migration will ensure success. Don’t go this alone. Partner with trusted experts like us who can get you there quickly and then teach you how to maintain and optimize your estate. Migrating applications to Azure doesn’t have to be difficult. Iterative planning and careful preparation will make sure you’re on the right path.