1) A Landing Zone is a configured, secure AWS environment based on best practices that provides a foundation for an enterprise's migration journey. 2) The document discusses how to structure a Landing Zone, including account structure for billing visibility, environment isolation, and centralized services/logs, as well as identity and access management and VPC design. 3) It also discusses building versus buying a Landing Zone and how pre-migration discovery involves decomposing technologies into families and mapping migration strategies to consider specific implications for the Landing Zone.

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Landing Zones
What?, Why?, and How?
Joe Healy
Principal Consultant
AWS
June 13, 2017 Zachary Kelly
AVP Enterprise Engineering
1901 Group

8. Migration & Transformation Track
Tuesday, June 13th - Room 201
8:45 - 9:35 AM
119706 - My CIO Says That We are Going All-In and Migrating to AWS?
Now What?
9:40 - 10:30 AM
125086 - Hybrid as a Stepping Stone: It’s Not All or Nothing for Your
Cloud Transformation Journey
2:00 - 2:50 PM
119707 - Why do I need to plan for Security, Risk, & Compliance before
migrating to AWS?
3:30 - 4:20 PM
119708 - How Can I Build a Landing Zone & Extend my Operations into
AWS to Support my Migration?
4:30 - 5:20 PM
119709 - What Organizational & Governance Changes do I Need to Make
Prior to Migrating to AWS?

9. Three Phase Journey
Assess
Readiness
Assessment
Readiness &
Planning
Migrations
month months months

10. What is a Landing Zone and do I need one?
H
- A configured secure enterprise multi-account AWS
environment based on best practices
- A foundation for your Enterprise migration journey
- An environment that allows for iteration & extension over time

11. Landing Zone – Account Structure
Outcomes
• Billing Visibility
• Environment Isolation
• Small Blast Radius
• Centralized Services
• Centralized Logs

12. Landing Zone – Identity & Access Management

13. Landing Zone – VPC Design
Multi-AZ
Public
vs
Private
Ingress/
Egress
Points

14. Landing Zone – Networking

15. Landing Zone – Continuous Compliance
Event
Driven
Deployment
Pipeline
Holistic
Inspection

16. Build Buy
VS
Implementation Paths

18. 18
There’s an Elephant in the Room…

19. 19
Purpose
▶ Reference architectures and best practices are often
demonstrated…
▶ …but how to successfully perform Pre-Migration Discovery and
Landing Zone Buildout is less frequently discussed
▶ This presentation focuses on a few key activities that 1901 Group
has found leads to successful cloud migration

20. 20
Benefits
▶ CMMI ML3 Development
▶ CMMI ML3 Services
▶ ISO 9001:2008
▶ FedRAMP authorized MSP
Certifications
Differentiators
▶ Enterprise IT “as a service”
▶ Consumption-based delivery
models
▶ Integrated processes and
technology platform
▶ Pricing model includes all facility,
hardware, software and services
▶ Increased infrastructure
performance
▶ Improved situational awareness
of critical services
▶ Lower cost of operations
Infrastructure
▶ Storage management
▶ Network management
▶ Server & Virtualization management
▶ Database Administration
▶ Mobility management
▶ Unified Communications management
Security
▶ Security Information and Event
Management (SIEM)
▶ Threat Detection
▶ Vulnerability Management
Applications
▶ Agile Software Development
▶ Application O&M
▶ DevOps
▶ Private Cloud Storage
▶ Cloud Migration
▶ Cloud application monitoring and
management
Cloud
Services
1901 Group at a Glance – Booth #415
Customers
▶ Dept of Education
▶ Dept of Interior
▶ Dept of Justice
▶ Dignity Healthcare
▶ DISA
▶ FERC
▶ SBA
▶ U.S. Army
▶ USAB
▶ USDA
▶ VDOT
+ Others
1st IT Utility
▶ Established in 2009 as Managed
Service Provider
▶ 14,000 sq ft operations center in
Blacksburg, VA – combination of
talent, quality of life, and
reasonable cost of living
▶ FedRAMP-compliant with multiple
ATOs and security agreements with
federal clients
▶ Over 20 clients in public sector and
commercial
▶ 100% of CPARs are “Excellent”.
D&B Open Ratings of 94 out of 100
▶ Over 6,000 calls per month, over
10,900 Incident and Request tickets
per month
▶ Over 3,000 Incident tickets per
month proactively generated and
resolved by automated monitoring
▶ Device based GSA schedule

21. 21
1901 Group Cloud Factory: A Repeatable Blueprint for Cloud Transformation

22. 22
The Foundation is a Great Team
Build Multi-
Functional
Team
Learn
PartnerTool Up
• Explore Hands-On
• Use Services Internally
• Earn Certifications
• Receive Training
• Receive Mentoring

23. 23
Pre-Migration Discovery: AWS Migration Strategy

24. 24
Pre-Migration Discovery: Process and Documents

25. 25
Pre-Migration Discovery: Technology Families with Migration Strategy
Decomposing Discovery
data into Technology
Families and AWS
Migration Strategies
provides a high-level view
of project complexity:
• Creates natural Best Practice
work blocks for project and
resource planning
• Visual representation clearly
communicates intended
activities to business and
technical stakeholders
• Facilitates risk identification
toward risk management
strategies
Technology Families Mapped to AWS Migration Strategy
Technology Family Migration Strategy
General AWS Environment AWS Best Practice Reference Architecture
Customer Enterprise Services and Tools Native AWS, Repurchase, Rehost, Retire
Required Local Servers and Storage Retain
"Migratable" Applications Rehost
Citrix as a Service (XenApp) Rehost
Private Storage Replatform
Solaris to Red Hat Enterprise Linux Refactor
PowerBuilder to "Generic" Platform Refactor
Public Event Website New Build

26. 26
Risk-Based Approach to Address Issues Early and Gain Buy-in
Risk Identification and Mitigation
Risk Mitigation Approach
Heavy application dependency
entanglement
Move multiple applications in blocks, troubleshoot and update
config/code in Cloud environment
Moving off Exadata could create
data access performance issues
Add resources, refactor SQL queries and associated code, refactor
data access workflow, tune and optimize databases
Application performance issues
Add resources, optimize garbage collection, optimize session
management, destroy unreachable objects, close database
connections and statements, improve error catching
Public/Private Cloud Latency
Optimize networking, deploy local caching in Public Cloud (ex. Cloud
OnTap)
SPARC to x86 “Endian” data conversion, code refactoring, emulation (worst case)
WAN performance issues
Optimize WAN accelerators, increase circuits in case of bottlenecks,
CloudFront where applicable, code changes to reduce data transfer
load
Public Cloud Interoperability
Recommend using Azure for AD and Mobile Device Management,
do not recommend running and syncing Live/Live applications
across AWS and Azure
Oracle 12c RDBMS and Middleware
Upgrade RDBMS and Middleware software versions as needed,
make required application code changes to support upgrades
Potential for Unexpected Costs “Elasticity Engineering”

27. 27
Landing Zone: Best Practice HA Architecture
Customer Users
Start with AWS
Reference Architecture
to enforce HA Best
Practices…
• Provides an out-of-the-box
template architecture
suitable for most HA
enterprise systems
• Minimizes “design sprawl”
by specifying proven top-
level architecture
• Provides robust “wrapper”
services for existing
applications

28. 28
Landing Zone: Specific Implications of Migration Strategies
…then move to specific implementation details populating the reference architecture with
well-formed systems:
• Focus is on complex migration issues, not infrastructure or environment
• Decouples each Technology Family from overall environment to minimize risk and facilitate iterative rollout of services
• From here: Elasticity and automated orchestration to enforce “clean,” cost-effective environment
Technology Families Mapped to AWS Migration Strategy
Technology Family Migration Strategy Landing Zone Considerations
General AWS Environment
AWS Best Practice Reference
Architecture
AZ's, Region DR, VPC Architecture, Security
groups/access control, STIG baselines of
target OS, Secure network architecture
Customer Enterprise Services and Tools Native AWS, Repurchase, Rehost, Retire
Analyze services, Determine 1901 Group /
AWS overlap and Deploy Native AWS,
Rehost, or Retire
Required Local Servers and Storage Retain
Write data to S3/Glacier for DR and long
term storage
"Migratable" Applications Rehost
Automated cloud migration tool, EC2, EBS,
ELB
Citrix as a Service (XenApp) Rehost
Build Citrix HA environment, Deploy FIPS
compliant NetScaler in Private cloud,
Perform automated cloud migration
Private Storage Replatform
Build private storage and migrate data, AWS
DirectConnect to GovCloud
Solaris to Red Hat Enterprise Linux Refactor
Build RHEL target architecture, Middleware
and Application code updates
PowerBuilder to "Generic" Platform Refactor
Auto convert to JSF, Refactor code, Data
access changes for SQL Server
Public Event Website New Build
Lambda, S3, Rekognition, WAF, Shield,
ElastiSearch

29. 29
Conclusions
1. Structured Pre-Migration Discovery leads to accurate and
actionable decomposition of Technology Families into AWS best
practice Migration Strategies
2. The Migration Strategy view leads to specific Landing Zone
implications and requirements, guiding detail Landing Zone design
3. When built within AWS best practice architectures, the resulting
Cloud Landing Zone reduces risk, ensures security, high
availability, performance, scalability, and above all, migration
success

30. 30
Let’s Go!

31. Thank you