Improving Your Azure Cloud Deployment: Expert Advice

SHARE

The Microsoft Azure Cloud is a dominant force in today's hybrid cloud and multicloud world. Given its size and rapid growth, the Azure Cloud is moving steadily toward eventually replacing – or playing a core supporting role for – the datacenter.

To be sure, Azure isn't simple. Like the other cloud leaders, it offers a vast menu of services and solutions. In particular, migrating to the cloud is a concern for companies.

Cloud Storage and Backup Benefits

Protecting your company’s data is critical. Cloud storage with automated backup is scalable, flexible and provides peace of mind. Cobalt Iron’s enterprise-grade backup and recovery solution is known for its hands-free automation and reliability, at a lower cost. Cloud backup that just works.

SCHEDULE FREE CONSULT/DEMO

To provide insight into the Azure Cloud, I'll be speaking with Neil Mackenzie, Principal Cloud Solution Architect at Microsoft. For the last several years, Mackenzie has focused on helping customers migrate to Azure, so he knows migration particularly well.

Download podcast:

Portrait of Azure Cloud: What Distinguishes Azure Today?

Edited highlights below:

Mackenzie:

"A lot of the work in my role is helping customers be successful. We're a customer success organization at Microsoft. We work with customers to help them with whatever projects. A lot of them are migrations of... Infrastructure migrations as they're growing, especially for large enterprises, and then typically like 80/20 rule, there's only a small amount of new development going on. Most work is actually already existing, and so it's helping with these migrations, for large enterprises particularly.

"I think at this point we've got a cloud that's pretty much fully functional. All of the core things are there and there's lot of features are being developed to improve them. And so we've got the basics completely covered. The big thing I think is, we have a... It's really hyper-scale. We have data centers all across the world now, we've got like... I used to know where all the data centres were, [chuckle] there's so many I don't know where they are anymore.

"I think it's just like 54 or 55...So generally we got two in Korea, we've got things like South Africa, North [chuckle] some of the names are getting wild.

"We typically launch two in every region we're doing for DR purposes, but it's pretty much all the continents bar Antarctica I think at this point. We've got a pretty strong coverage globally.

"So we're definitely building it at scale, which is what we have to do, it is really a hyper-scale business. And Microsoft has had a long and deep relationship with enterprise customers and so working with them for the hybrid model, so they can be on premises and move at their velocity into Azure has been good for them.

Typical Challenges of Cloud Migration

Mackenzie:

"If we're starting off a migration we'd often use tools like we have things like Azure Migrate, so you can actually analyze your on-premises infrastructure in a fairly benign way, and see here's the kind of things we can move, here's the VM sizes we need when we move. And then you can actually, once you've understand that, you can pick isolated workloads and say, well, let's move them. We've got things like Azure Site Recovery that can do sort of block-level replications to the cloud or you can do database migrations.

"It's not just data governance, it's who can do what. So you may have a company with several thousand employees with rights to touch the cloud in some ways, how you keep that under control? Who can do what, ensuring the network team can set up the network and they have control over what's done in the network, but giving developer teams and application teams the ability to use that network in a way that's not slowing the business down. So it's not just data, it's the whole platform, the governance needs of that from providing RBAC, role based access control so that people can do... They can look at things but they can't touch things or some people can touch things. Or use a privilege identity management too. You have read access all the time, but if you absolutely positively need to do something, you can get a two-hour temporary access through using privilege identity management, and then after two hours, you're cut off. So it's a lot of that type of thing, coming along of...

“And things like just locking down all external paths is a very common one. And how do you do that and still let people work. 'Cause if you go to say the Azure portal and they'll have tutorials, sort of spin up a VM and you get a VM, you get a virtual network and in five minutes you'll get a completely brand new virtual network, a VM and a public IP address, and how to ensure that public IP address is safe and secure. And so there's a lot of governance work to actually just prevent things like that. When you're learning, that's cool, but if you're actually trying to work in production, you don't necessarily want random public IP addresses on your corporate network. [chuckle]

"Using the jump to the cloud is a good opportunity for them to do things like that, make that additional step instead of their old way of just deploying staff. And start doing things like declared deployments and etcetera, of their infrastructure... It makes a very repeatable and I think that's a great time to do that jump. And once you do that, it gives you a lot of benefits. Like I say, if you can, a lot of people say what's your backup strategy? How are you gonna backup VMs in the cloud? And we have technologies you can backup. You can use Azure backup. But for a lot of things, if you've like stateless workloads, why back it up? Just redeploy it, it's quicker to redeploy it than to back it up and then deploy it as a backup. And so, try to encourage people to just think about things like that, where is data on the machine, do you... If this machine is just a stateless machine, don't back it up. Save the money and just redeploy it.

"And so people often don't think of that type of optimization. Especially coming from on-prem where they're used to backing up everything and we do provide the tools to allow you to back it up, but especially if you can move into an infrastructure's code regime where you can quickly deploy things in 10 minutes. Why don't you just do that? Just quickly backing it up and restoring it afterwards. So helping people understand that type of optimization is good. Obviously, another thing that happens, we've noticed is companies, when they start moving, after the six months they get sticker shock.

"We're spending a lot of money and then we'll work with them to get that cost down. And so, when you kinda move over and then start doing cost optimization. And it's typically, especially the first time you move in, it's a pretty general observation that you will get this kind of... You just move everything over, and then you working for six months, so this is kind of getting expensive. Let's work on cost optimization. And it's totally possible. On-prem data centers are often heavily under-utilized, so you just... If you take the same machine and move it to the cloud, you can cut the size in half over what they're doing. It's so easy, it's so trivial to change the size of machine. It's basically a reboot to change the size of the machine.

Key Tips for the Azure Cloud

Mackenzie:

“So we have things like Azure Advisor, so it actually runs from the Azure portal and it will give you hints to say this VM is under-utilized, think about down-sizing. We actually do tell people that on the portal. So definitely look at Azure Advisor for kind of getting really fast tips on here's how you can basically save money. Things like Azure Security Center's a great one. They actually give you a security score. If you've turned it on and are using it, they will actually give you a security score, here's how secure as we think you are, and here are 100 ways or whatever ways you can actually improve. It will actually tell you how it came up with the score and give you a prioritized list of things to improve security posture, which is pretty useful. And if some of them aren't relevant you can turn them off, you can say don't show me this one again. You might be a Linux place and some of them are Windows-related, so you configure the Windows one. But Azure Advisor is definitely the first place to start.

“And then we'll actually look at things like CPU utilization, seeing if you're using it correctly. Typically, if people are already on the platform I would try and encourage them to look at modernizing and to using platform services, because there's a huge operational benefit from using things like Cosmos Db for your backend databases, rather than, say, hosting on virtual machines. Hosting things in virtual machines, even SQL Server, always on, you can run SQL Server always on on, say, two virtual machines and get highly available SQL Server, but why don't you use a platform service that gives you that capability straight out of the box and you don't have to manage the virtual machines, you don't need to think about backups.

“For example, if people are moving SQL Server to Azure, I would always tell them first to look at SQL database or managed service and if it works on SQL database, great. You save a ton of time, you save a ton of effort operationally, you can have a timed backup or a restore, if you ever need to restore, it's literally a slider on the portal, and restore from two and a half hours ago and bang, you're done. Rather than having to run virtual machines yourself, you kind of... And at the end of the day I think we want people out of the business of managing virtual machines and it's an easy way to migrate and it's just taking what you kind of have and moving into virtual machines, but modernizing out of virtual machines is a great thing to do, because you get out of that operational aspect of running virtual machines, thinking about virtual machine backups, etcetera.

“Look at Azure Monitor. Make sure Azure Monitor or some other monitoring tool is... We have a lot of people using Splunk and stuff like that as well. We're very partner-friendly, we work with everyone. Looking at that, to make sure that you are using things cost effectively and that you're getting the performance you expect out of things. So it's all about... If you're looking at it, you wanna kind of get the base cost performance you can for your applications.”

Key Cloud Buzzwords: Kubernetes to Cloud Native to Multicloud

Mackenzie:

Kubernetes is obviously phenomenally important. Like four or five years ago there was like several different ways to manage applications and then survey the system. People were talking about Mesos and Docker Swarm and Kubernetes and Microsoft with Azure Service Fabric, and so there's many different ways. There was a lot of competition for what was the way to manage the containers and microservices. Kubernetes clearly won that battle in a big way. It's a very significant player, it's very important and it's phenomenally popular. There's an increasing realization as time goes on when every three months there's a new release, there's a KubeCon every three months.

“And so it's becoming a very large platform and I think people are starting to like it. The hope was it would be a platform for developing it, for deploying apps, and I think people are starting to realize it's now got to be such a big platform that it's now a platform for developing platforms for deploying applications.

“The big three cloud providers all offer Kubernetes service. And to me, I think that almost if you're using the Kubernetes service inside a cloud provider, you almost have now two clouds. You've got the Kubernetes platform that has its own needs similar to a cloud, then you've got the cloud itself. So like an Azure, we've talked earlier about all the governance stuff you need to do in a public cloud, if you're an enterprise. Startups may not care about governance, a lot of big enterprises do care about governance. And now you've got to think of the same thing inside Kubernetes, so you've kind of got to think of two different environments. They don't necessarily match completely, and that's the same across all the public clouds. It's not unique to Azure. To me if you are using Kubernetes at scale, and you're using cloud at scale, you're almost like multi-cloud already, just with the two things.

“Because it's clearly a hybrid environment. Kubernetes has got its own way of doing things, it's got its own CLIs, etcetera, and then you've got the clouds ones as well, so you've got... If you're a smaller, if you've got a small application, all you're doing is running Kubernetes, you can focus on that, but if you're a large enterprise with sophisticated V network requirements and all the other stuff and the governance requirements you have that you have to do for the cloud environment and suddenly you've also got to do them for Kubernetes and they're different, so you've now got to learn two different... You've got to learn tool sets essentially, and I think that's becoming a challenge for people at scale. If you're just doing one cluster, it's not a big deal, and you don't care too much about the security, it's not that big a deal, but if you're an enterprise that does care about security, I think it is a bigger, bigger issue.

Cloud native to me was... The defining feature of a cloud was, the infrastructure's fragile. On-prem you buy very fancy, hardware and it doesn't really fail that often. The cloud... I guess Google 20 years ago started this trend of just commodity hardware. So a lot of hardware, there's some great changes. We want relatively cost-effective cheap hardware. We're not buying the fanciest machines we can because that's not a cost-effective way to do things. So the cloud historically was, since the fragile VMs could die under you, so cloud native to me was really developing applications that would survive in that fragile environment.

“And you wanna do things like make them highly available by scaling out, like websites, scaling, so they just have like one massive server. So to me cloud native is really about how do you develop applications or run in that fragile environment. Kubernetes is one way to do that. There's many other ways to do it. The other thing to me is native cloud. We have a lot of native cloud services, Amazon's got a lot of native cloud services. To me, the more you can use native cloud services... It's not just about tying you to that cloud provider. I think from an operational perspective, it makes your life a lot easier if you are able to use the native cloud services rather doing it yourself. I think that's better than just being cloud native in the Kubernetes sense.

“I think multi-cloud happens and really in large enterprise, where different divisions have chosen for different reasons different clouds, at enterprise scale the amounts of money changing hands are so large, that I think basically companies commit to one cloud or the other in general. Sometimes you'll get crossover for various reasons. There may be a special service that we offer, Jim, like say, some of our cognitive services that may be unique that people might wanna use in a small scale. But at sort of large-scale, multi-cloud's challenging, just because really, from a human perspective, you have to learn two clouds.

“Yes, to me, people say like you can put stuff in Kubernetes and move it wherever you like and move it around, but that's not the real challenge. The real challenge is the human call stuff, all the other stuff around it that you would have to learn, etcetera, which people might want to do, they might want to be skilled in multiple clouds. But I think in general, it's not a major thing to be multi-cloud.

The Near Term Future of Azure Cloud

Mackenzie:

“I think one of the interesting things I've seen recently is the open application model. So trying to make the life of application developers easier, and try and bring some control. Personally, I'm a big fan of structure, PaaS. We don't use the PaaS word anymore. But I was definitely a fan of the more structured side of PaaS where you had constraints.

“I think as a word [PaaS] has become so diffused. I mean, obviously, IaaS is here and we understand that, and SaaS is, say, Office 365 or whatever. But as the spectrum is so wide now and has been for long time. Kubernetes is very close to say VMs. They're almost, they're containers, it's pretty much close to running this raw VM. And I think it's sucked a lot of air out of everything else, and more of what I would call a structured PaaS, saying, if you have these constraints on our cloud, we will give you these benefits, that kind of thing. Like the original Azure, for example, like when we came out in 2008 with the original PaaS cloud services, you can literally give Microsoft two files, and then we created 50 machines and deployed all the stuff on them on your behalf.

“But you got a lot of benefits out of it. There was a lot of constraints, but also a lot of benefits. And I think with Kubernetes is really unstructured PaaS, and so it's kind of the IaaS end of it. And so a lot of the benefits you would get from constraints are gone. So I think just in general, the spectrum is too wide there for PaaS in the traditional say, six, seven years ago.

“We [at Azure] obviously have a big focus on our Kubernetes platform and the things on top of it, to try and make enterprise developers' lives easier…”



NewsletterDATAMATION DAILY NEWSLETTER

SUBSCRIBE TO OUR IT MANAGEMENT NEWSLETTER