Establish, Migrate, and Scale Cloud Solutions
Our client, a global technology, defense, and engineering group headquartered is organized across four primary areas of capabilities: Aerospace, Electronics, Land Systems, and Marine. Within these focus areas, there are fifteen separate business units that are either commercial or defense.
The team embarked on an effort to bring all their business units into the cloud and establish a set of shared cloud services.
- The organization was looking to achieve the following goals:
- Improve security and regulatory compliance audit processes/capabilities
- Reduce corporate operational and cyber/penetration risk
- Optimize cost savings and reduce capital investments
- Create flexibility across business units and processes
To achieve these goals, we established the following objectives for the project:
- Leverage SaaS, IaaS, and PaaS to reduce maintenance labor
- Reduce audit scope (physical security) and implement Policy as Code
- Implement Agile and DevOps processes
- Create a catalog of a standard set of shared IT cloud services
- Increase data analytics and reporting capabilities
- Enable cloud productivity and collaboration tools
Secure, Compliant, Flexible Cloud Architecture
The organization wanted to migrate IT workloads off depreciating physical data centers and into the cloud to increase cash flow and improve security and performance. The goal was to create a centralized cloud architecture leveraging Azure and Microsoft 365. AIS configured Azure subscriptions, deployed a secure Azure landing zone, and established network connectivity to on-premises.
Security and governance were a top priority. AIS implemented policies so IT administrators can better manage governance, risk, and audit compliance for all business unit subscriptions through a compliance dashboard.
Wherever possible, we introduced automation and Infrastructure as Code (IaC) deployments to move quickly and efficiently. We created a prioritized list of features as backlog items to drive continuous improvements.
Leveraging Shared Cloud Services
AIS used shared services to create a customized cloud solution set for the company’s various business units. The cloud modernization effort spanned commercial and sovereign (US Government) public cloud environments. We determined that Azure Commercial and M365 Commercial should be used for the commercial business unit, purchased through the Microsoft Commercial CSP program. Azure Government and M365 GCC High were targeted as the cloud service provider for defense business units, purchased through the Microsoft AOS-G program. AIS is a top tier Microsoft partner, participating in both the CSP and AOS-G programs to provide our customers with the best Microsoft technology solutions and product team support.
Shared services leveraged include:
- Identity Management: Centralized Azure Active Directory tenant for commercial business units, and multiple custom domains per tenant for each. A dedicated AAD tenant was required per unit for defense business units due to non-technical factors, such as billing and segmentation requirements.
- Vulnerability Scanning & Reporting: Azure Policy and Azure Security Center were used for standard reporting on deployed resources. We also used the Microsoft Security Code Analysis tool for IaC vulnerability scanning and reporting.
- Core Cloud Networking & Communication: Azure VWAN to enable hybrid connectivity and transitive routing in the cloud. S2S VPN connections to individual business units. Standard VNET and subnets for segmentation of traffic. Azure Firewall (Secure HUB in VWAN) for intrusion prevention (IPS).
- Cloud-based Storage and Compute: Business applications primarily Azure IaaS, Exchange Online for email. The minimal initial use of PaaS except for to provide platform capabilities.
- Performance Monitoring: Initial capabilities provided by native capabilities, such as Azure Monitor and Log Analytics.
- Configuration Management & Monitoring: Delivery through a combination of Azure Policy and PowerShell DSC using Azure Automation as a “serverless” pull server (for IaaS config management). Nightly infrastructure builds push IaC templates to the environment to set expected configuration and remediate any additional configuration drift.
- Collaboration: M365 Exchange Online for all Exchange workloads, Teams enabled for internal collaboration, SharePoint Online newly available (no migration of legacy SharePoint), Azure File Share to replace some file share workloads.
- Backup & Disaster Recovery: Azure Backup for VMs and Azure File Shares.
- Patch & Update Management: Operating system-level patching with Azure Update Management for Windows-based servers.
- Compliance Reporting & Remediation: Azure Policy, Azure Security Center, PowerShell DSC, and Azure automation to implement technical controls.
- Core Automation & DevOps: Azure Repos for IaC code and templates; Azure Resource Manager (ARM) Templates with PowerShell for deployment scripting. Azure Pipelines to orchestrate nightly environment deployments of IaC, AIS Service Catalog functionality. Azure Automation and PowerShell DSC for orchestration of specific package installation (extensions, etc.) at scale.
Our Asset-Based Consulting Approach
AIS provides customized solutions based on our enterprise clients’ needs and goals, leveraging IP, and assets developed from experience and expertise. We used the AIS Cloud Delivery Framework (CDF), an ever-evolving framework that supports cloud migration, modernization, and data projects through the documentation of project backlogs and Git repos for faster, successful cloud transformation efforts. The CDF provided the initial backlog and deliverable samples for early project sprints and was adaptable to client requirements. In this case, the client mandated the use of Atlassian tools (Confluence, JIRA) so the Azure DevOps backlog was adapted for JIRA as the backlog management tool and Confluence as the system for providing documentation deliverables.
AIS was able to establish a secure set of cloud environments to meet commercial and defense business unit needs, migrate IT workloads, and provide scalable shared services to the fifteen business units. The company was able to decommission their existing server infrastructure and turn their attention, and IT spend, from maintaining legacy assets to growing the future of their business.
Seeking similar outcomes?
Learn how AIS can help you implement technology solutions that deliver real business results.
Contact Us to Get Started