Professional Documents
Culture Documents
AWS / ACME
Problem statement - Our Understanding
On Premises Data Center hosting various internal applications - a total of
145 servers:
67 servers running VMware ESXi hypervisor hosting 214 VMs
Other 78 servers - mostly Solaris and MS Windows Server instances.
All the 145 servers are in use, 6 out of the 214 VMs are to be decommissioned
Current DC lease expiring in 12 months and the intent is not to renew the
contract
Very little AWS experience within ACME IT workforce and any migration
related risks to business critical applications need to be managed
effectively.
Mobilize
Application discovery/analysis – ADS and Athena to get EC2 recommendations and dependencies
Security and Compliance – Understand and factor in any specific security and compliance needs
Landing Zone – AWS account and org structure (how many AWS accounts to create), centralized
concepts such as Security, IAM, Network, Audit administration
Mobilize people, partners, processes – critical mass of AWS skilled people
Operations – Target cloud operating model and operations integration approach to transition to it
Migration Planning – create migration waves/phases based on information gathered in assess and
mobilize phases (criticality, release cadence, dependencies, complexity and risk )
Initial Migration/PoC – proving the migration process, architecture and tooling .
All VMs are tier 0 or 1 (24x7) •Migration low risk workloads – less complexity and
dependency,less CPU and storage
** Pic sourced from internet – Google cloud blog 4 •Migrate application and DB servers handling sensitive
data subject to regulations
Migration tranches to be decided based on ADS findings (no of EC2 instances, dependencies), release cadence, interdependent
workflow analysis, down-time allowed. Tranches will be iterative in nature and the foundational activities of the subsequent
tranche to be started while the current wave is being tested.
Target State (representative)
•Multiple AWS accounts setup in line
with the customized Landing zone
•Multiple application VPCs
•External Load balancers, Checkpoint
security firewalls etc in external facing
Presentation VPC.
•Provision of a sidecar VPC for
outbound internet connectivity.
•3-tier layering between web server
layer, application server layer and DB
in each application VPC
•Cross VPC connectivity using VPC
Endpoints.
•Connectivity to AWS services like S3,
Systems Manager, Lambda functions
etc using VPC endpoints.
•Connectivity to ACME network using
AWS Direct Connect for other on-prem
datacenters and staff access.
Multi Region deployment can be considered for DR Need further clarity on DR objectives and current setup
A mix of multi site active/active or active/passive DR strategy can be setup based on Application Tiers (RTO/RPO objectives)
Migration Team Structure
CIO Office
Migration Steering Committee
Business Representatives
Latency during transition states – while some of the apps are on-prem.
Assumptions
DR mechanism exists in line with application tiers and more details will be shared
Any major changes/releases planned for the impacted applications will be readily
communicated
The servers marked to be decommissioned will be sunset on-prem and need not
be migrated onto AWS cloud.
Decisions around SAP upgrade will be taken shortly and the concerned servers to
be included in (accounted for) the migration.
T H A N K Y O U !