by Plaster Group’s Enterprise Software Team
The Cloud is Important
I’m going to skip the opening paragraph that explains why the cloud is Important. You already know.
The question is: how are you going to adopt the cloud in your solution portfolio? What’s the best way not to just use the cloud, but get massive competitive advantage out of it?
Azure is Microsoft’s cloud offering, and in this post I want to offer some perspectives you can take away on Azure and how it can fit within your existing infrastructure. I want to talk about some common, limiting perspectives on why it might seem difficult to move to Azure, and see why they’re not the scary monsters they might seem to be. I hope to show you that you’re ready to start moving to Azure as soon as you’re done reading this article.
Why Microsoft Azure?
First, I want to share at a high level my view of Azure and how it compares with Amazon’s AWS. AWS is the market leader in cloud computing, and many startups today use it. AWS is a great platform, with extensive infrastructure and platform services that let you build applications at web scale, including EC2 for compute, RDS for relational database, Dynamo DB for NoSQL, Auto Scale, and dozens of other features. I’m a big fan of AWS, and Amazon continues to improve it.
So why would a company choose Microsoft Azure? What does Azure offer that AWS doesn’t?
They both offer Infrastructure-as-a-Service, offering both Windows and Linux machines. They both offer high-speed, nearly-unlimited scale NoSQL, BLOB, and SQL storage. They both have rich management API’s to enable automation of every aspect of operations.
With that said, Azure also has all of Microsoft’s experience in how their products already work for you. They didn’t throw all of that away as they’ve grown and shaped their cloud offering. If you’re in a Windows-centric enterprise, Azure has been shaped to make your path to the cloud as smooth as possible. It’s made to be able to handle as much or as little of your infrastructure as you’re comfortable with, with little friction. If you’re a developer – web or desktop – Microsoft is working hard to give you a flexible architecture across on-premises and cloud deployments. And that’s why I recommend Azure over AWS for Windows-centric environments. Not because AWS isn’t great – it is – but because there’s real benefit for a Windows environment to use Azure over AWS.
(And if you’re in a Linux environment, don’t get me wrong, it’s awesome for you, too.)
Taking New Perspectives
Let’s look at some of the common concerns about moving to Windows Azure, and how we might address them or see them differently.
I don’t want my Active Directory outside of my firewall.
I’ll give two perspectives on this. First, the inevitability. Second, the benefits, since, really, it’s an enormously Good Thing when you see what it gets you.
First, it’s fairly inevitable that you’re going to sync your Active Directory to Microsoft’s cloud. Why? When you use Office 365, and want to integrate it into your environment in any meaningful way, you’ll have to sync your AD to Office 365, and Office 365 uses Azure Active Directory. If you have Office 365, then you already have a tenant in Azure Active Directory (AAD). (If you don’t, I’d highly recommend taking a look at it for your enterprise, and I’ll tell you why in a different post.)
Second, even if you have no plans to adopt Office 365, there’s enormous benefit to AAD. Microsoft gives you free identity federation with hundreds of common SaaS applications. Your users get a single-sign on experience, and you get control over your SaaS user accounts, so you know exactly how many users you’re paying for on Workday, Trello, LucidChart, and many, many others.
OK, but I’m definitely not syncing my passwords to the cloud.
Well, there are benefits for your users if you do, but the fundamental perspective I want to offer is that Microsoft is exceptionally good at security now. The bad old days of Windows XP and Slammer are well over. When you sync your passwords with the rest of your AD information, Microsoft re-encrypts the already-encrypted password, sends the file using TLS (to re-encrypt the double-encrypted passwords in transit), and then stores the password in Azure Active Directory with both levels of encryption in place. It’s as secure as they could make it.
When you use DirSync (Microsoft’s on-premise-to-cloud AD synchronization tool) to sync your user accounts and passwords, it means that you no longer have to run any authentication platforms like Active Directory Federation Services in your infrastructure. Azure Active Directory can handle all of your authentication needs.
Don’t forget: Microsoft runs Bing, MSN, Office 365, Azure, and Microsoft.com (itself a Top 50 site worldwide), among many, many other properties. They’ve got this whole IT and security thing figured out by now.
I’ll have to drill a truck-sized hole in my firewall to make it work.
Not at all. Azure Virtual Networks allows you to create a site-to-site VPN with Microsoft’s data centers using your existing firewall. You define the IP addresses you want on virtual machines in Microsoft Azure to match your internal networks addresses. You can even use your existing DNS servers. Everything works together just as if it’s one extended data center.
I don’t trust cloud performance.
I’ve been in this business for over twenty years, and one thing that has remained the same is that system engineers always ask for way bigger hardware than they really need, since they don’t want to be accused of sizing too small. Because of that, a lot of servers sit around running under 10% CPU and under 50% memory usage, draining more electricity than they really need. Moving your workloads if they’re already virtual (and especially if they’re still on physical servers) is an opportunity to right-size your Azure virtual machines based on their actual needs and usage patterns, not on the timeless tradition of over-specifying hardware. (Not that I’ve ever done that.) It turns out you can get a lot done even on small and medium instances, and the cost savings can be tremendous over running your own servers.
And if you need entire servers to yourself, Microsoft Azure offers instances with massive scalability, massive memory, and enormous local storage. It’s up to you.
Where it’s possible, using auto-scale is a great way to make sure your performance is consistently great at the lowest possible cost. Whether you’re using IaaS or PaaS, auto-scaling your instances is the best way to use the fewest resources while giving all of your users and customers a great experience.
Migration is hard.
If you’re already running System Center, then all you have to do is fire up the Azure Management Pack, and you’re connected to your Azure infrastructure. Combine that with Virtual Machine Manager, and System Center becomes a console that allows you to move virtual workloads back and forth easily.
We’ve looked at Azure and AWS. We’ve looked at a few myths about being ready for the cloud, and offered some perspectives that answer those challenges.
Now, you’re ready to get started.
Plaster Group Cloud Computing consulting can help you navigate your move to the cloud. We’ll help you create a roadmap for your migration, and we’ll help you execute on it, saving you time and money while opening up new levels of flexibility and opportunity for your IT infrastructure to serve your enterprise.
Save money, increase flexibility, serve your organization: that’s what the cloud is all about.