The document provides guidelines for successfully migrating applications to the cloud. It discusses assessing applications to determine suitability for migration, building a business case, developing a technical approach, adopting an integration model, addressing security and privacy requirements, and managing the migration project. The key steps involve planning the migration thoroughly through readiness assessments, justifying the business value, designing technical solutions, ensuring integrations continue to function, protecting sensitive data, and executing the migration through testing and cutover.
2. Cloud Migration
Guidelines and steps to ensure a successful migration of existing
applications to cloud infrastructure:
1. Assess the Applications and Workloads
2. Build the Business Case
3. Develop the Technical Approach
4. Adopt a Flexible Integration Model
5. Address Security and Privacy Requirements
6. Manage the Migration
2
3. 1. Assess the Applications and Workloads
Determine what applications and workloads can or cannot be readily moved to
cloud
Determine delivery models can be supported
o Public, Private or Hybrid
Strategy, start with:
o Lowest risk applications OR
Minimal customer data and other sensitive information
o Applications that take advantage of cloud’s elasticity OR
o Determine which applications not to move initially
3
4. 1. Assess the Applications and Workloads
4
Readiness Assessment Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Business • Overall organizational readiness
• Is application owner willing and comfortable?
• How important is application to the business/mission?
• What risk tolerant level of business?
• Is culture favorable to change?
Application Lifecycle • Is application still being defined?
• Is it up for refresh?
• Is the application approaching retirement?
• Can the application be redesigned or technology refresh?
• Will there be efficiency gain?
• Instead of migrating, would it be better to replace with new SaaS
solution?
5. 1. Assess the Applications and Workloads
5
Readiness Assessment Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Application
Architecture
• Is the application web-based or built with SOA?
• If not, can the application be split into modular services?
• Is it monolithic, two-tier, three-tier or n-tier?
• What is the level of effort required to modularize or separate the tiers?
• Does the application scale out?
• Does the application scale up?
• What are the demand fluctuations in the application?
• What impact will moving to cloud have on demand?
Data • Data governance, confidentiality, integrity and quality need to be
preserved
• Is the data bound by statuary compliance?
• Are there data sensitivity and privacy or confidentiality concerns?
• What data integrity concerns are there?
• How does the application manage data requests from a safety and
security perspective?
• How much data exchange will occur between the components of the
application and between application and users?
• Frequent data transfers may pose a higher cost as well as performance
lag
6. 1. Assess the Applications and Workloads
6
Readiness Assessment Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Technology • Performance and resiliency of network infrastructure
• Mitigation design must account for multiple components communicating
across network boundaries
• Techniques such as network isolation, virtual private networks, elastic
addressing, and network segmentation provide very robust and secure
cloud environment
• Ensure application is designed for resiliency
o Immunity to interruption of transactions in midstream
o Local fault tolerance
• Is the application designed for high availability and disaster recovery?
• Standard and open protocols are more readily supported across firewalls
and on public infrastructures than proprietary ones
7. 1. Assess the Applications and Workloads
7
Readiness Assessment Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Security • Different parties must understand that security is joint responsibility
o Application owner, Cloud provider, ITD
• Authentication, authorization remain the responsibility of users at the
application level
• Cloud provider is responsible for security controls, identification and
correction of system vulnerabilities, and defense against specific cloud-
oriented attacks (e.g. at virtual machine level)
• Continuous monitoring facilities by cloud provider is expected
8. 1. Assess the Applications and Workloads
8
Readiness Assessment Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Integration • What are the dependencies between application being migrated and
other systems?
• Applications may depend on each other through
o Control Integration (invoke each other)
o Data Integration (read/write same database or files)
o Presentation Integration (mashed up on the same window or web
page)
• The migrated application may even be the “system of record” for some
key data in a Master Data Management scheme
• The migrated application may rely on common facilities
o User Directory for single-sign on
o Access Control
• Discover
o How extensive the integrations are?
o What protocols used?
o What additional utilities or runtime libraries dependencies?
o What are the performance requirements?
Frequency of connections
Amount of data involved
9. 2. Build a Business Case
Requires overall cloud strategy
Requires specific information that
o Describes current state
o Demonstrates advantages
To reduce cost
Deliver meaningful value
Individual business problems with existing applications that cloud computing can
address need to be identified
Specific business justification must prove that cloud computing is the right strategic
alternative
9
10. 2. Build a Business Case
10
Business
Considerations
Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Cost Analysis • Require specific baseline cost for current environment for comparison
• Overall costs of migration must include:
o On-going cloud service costs
o Service management
o License management
o Application re-designs
o Application deployment and testing
o Application maintenance and administration
o Application integration
o Cost of developing cloud skills
o Human resources and talent management implications
11. 2. Build a Business Case
11
Business
Considerations
Considerations for Migration to Cloud Computing
(IaaS or PaaS)
Service Levels • Ensure level of service of cloud-based application comparable to current
service levels
• Required service levels should be agreed with cloud service provider and
explicitly documented
• Application characteristics considerations:
o Application availability
o Application performance
o Application security
o Privacy
o Regulatory compliance
Business Impact • Business factors to be monitored on an on-going basis:
o Revenue impact
o Customer acquisition or engagement impact
o User satisfaction
o Time to market improvements
o Cost of handling peak loads
12. 3. Develop a Technical Approach
Two potential target service model for migration of existing application
o Infrastructure as a Service (IaaS)
o Platform as a Service (PaaS)
PaaS Migration
o Application must be designed for one or more runtime environments available
E.g. WebSphere, WebLogic, JBoss server
E.g. Oracle DB, IBM DB2
o PaaS solution must provide elements of required software stack
E.g. OS, Application Server, Database
o Ensure PaaS environment offers required configurations that current environment
provides
E.g. Software levels, Ability to run scripts, presence of certain tools for setup, reporting,
monitoring etc
12
13. 3. Develop a Technical Approach
IaaS Migration
o Entire software stack is migrated
Application code
Supporting code required
Underlying Operating System
o Package complete software stack as virtual machines (VM) images
Copied into cloud service and executed
o Use of specialized device drivers or hardware devices
Software stack may not work in virtual machine environment
IaaS provider unlikely to support
Not a good candidate for migration
o Test virtual machine software stack by executing on trial VM environment
Hidden dependencies can be found, corrected and process repeated until successful or no affordable solution
13
14. 3. Develop a Technical Approach
Common Technical Considerations for PaaS and IaaS:
o Skills
Prepare and migrate application components
Preparation and deployment of virtual machine images
o Security
Cloud security features different from in-house environment
Security risks and measures to counter must be assessed carefully
Does provider implement strong user authentication techniques?
Does provider offer security tools or services?
o Integration
Avoid network latency and throughput issues that may impact performance of application or dependent systems
Bidirectional integration
Configuration changes (e.g., to reflect new addresses)
New authentication methods
Other technical changes
Current absence of integration or interoperability does not mean such needs will not arise later due to change in
business requirements
14
15. 3. Develop a Technical Approach
Common Technical Considerations for PaaS and IaaS:
o Monitoring and Management
Can in-house tools still be used?
Is it necessary to adapt new monitoring and management facilities supplied by cloud service?
Important to monitor resource usage by applications
Undetected high usage inflate cloud service usage fees
o Scalability
Changes to application code may be required to be structured properly to take advantage of scalable cloud
resources
Challenge of reprogramming application to use multiple processors or multiple machines in parallel could be
significant
o Availability and Backup
In-house designs to support availability of application may need significant adaptation
Backup processes for application may need to be adapted or make use of the environment of cloud service.
15
16. 3. Develop a Technical Approach
Patterns
o Use Patterns to understand the migration of applications
Describe common aspects of cloud computing environments and application design for cloud computing
E.g. Dynamic Scalability, Loose Coupling, Stateful/Stateless Components, Application Component Proxy, Shared
Component
http://www.cloudpatterns.org/
http://en.clouddesignpattern.org/
o Useful for understanding the appropriate organization of software stacks on which
applications depend
o Useful for understanding what changes may be necessary to the application code for
successful migration
16
17. 4. Adopt a Flexible Integration Model
Application owners need to understand impact of connections with other
applications and systems and address it
Classification of integration between applications
o Process (or Control) Integration, where an application invokes another in order to execute
a certain workflow
o Data Integration, where applications share common data, or one application’s output
becomes another’s input
o Presentation Integration, where multiple applications present results simultaneously to a
user through a dashboard or mashup
First task is to inventory the connections or integration points
Integration approaches should
o Be flexible
o Be based on standards
o Consider the possibility that more migrations may occur in the future
17
18. 5. Address Security & Privacy Requirements
Security involves multiple concerns, includes:
o External threats
o Internal threats
o SLA promises on security measures
o Impact of attacks
o Access Control
o Audit
o Risk of access of data by law enforcement agency in legal binding request
Privacy is closely related to security but carries additional burden that violations will
cause damage to company, including:
o Loss of business
o Legal action by people whose information has been disclosed
o Non-compliance with government regulations
18
19. 5. Address Security & Privacy Requirements
Risk Analysis Logical Steps
1. Understand exactly what data will be migrated
2. Map this data to the security classification
3. Identify which data raises privacy concerns
4. Examine applicable regulations and determine what needs to be done and whether
it is possible to meet these demands
5. Perform the normal risk management task of assessing the risk of security or privacy
violations and the impact on business
6. Review cloud provider’s security/privacy measures and make sure they are
documented in the cloud SLA
o Physical security, personnel screening, incident notifications, etc
o Not just technical security protection measures
7. Determine whether results of theses steps actually allow the migration project to
continue
19
20. 5. Address Security & Privacy Requirements
Risk Analysis Logical Steps
8. Consider and implement ways information can be protected in four different
situations:
o During the (physical) bulk migration of data from on-premise to cloud
o Data at rest
o Data in motion
o Data in use
9. Design how to authenticate and authorize users
10. Make sure the user de-provisioning process can be executed quickly
20
21. 6. Manage the Migration
Executing a migration is complex and delicate
Formal project plan and skilled project manager
Migration plan is like all project plans, should
o Track tasks
o Duration
o Resources
o Costs
o Risks
21
22. 6. Manage the Migration
Migration Procedure Migration Details
1. Deploy the cloud environment
Provision, install, and test the
necessary storage, compute, network
and security resources that constitute
the cloud environment in which the
migrated application will run.
• First part to be laid down is the structure of the virtual
network.
o Private cloud architecture
According to ITD standards for network
addressing
o Public cloud architecture
Network structure is prescribed in advance by
cloud provider
o Virtual private cloud implementation
Connecting VPN to existing internal networks
require significant work to match
Network addressing spaces
Namespaces
Other network aspects
• Create individual virtual machines and attach them to their
respective storage units.
• Reconfigure DNS by updating name servers to resolve newly
created VMs through network gateways.
• Provision security devices
o Firewalls
o VPN routers
22
23. 6. Manage the Migration
Migration Procedure Migration Details
• Configure directory services access by
o Implementing and testing connections between cloud
service and ITD’s directory server
LDAP
Active Directory, etc
OR
o The federation between cloud service provider’s
authentication system and ITD’s
2. Install and Configure the
Applications
The applications and supporting
middleware should now be installed
and configured on the cloud servers.
Done through automated deployment
templates.
• Implement all integrations between cloud applications and
other applications or resources, including directory services
• All monitoring solutions should be implemented and tested,
including any add-on monitoring tools
• If cloud application servers are to manage and monitor
licenses, apply the activation kits and keys
• If existing monitoring and key services are to be reused,
make and test the connections from the application servers
to the resources
23
24. 6. Manage the Migration
Migration Procedure Migration Details
3. Harden the Production
Environment.
Install additional utilities for business
continuity and security. Note that
some of these services may be
provided by the cloud provider and
they should be tested.
• Put in place and test automated backup capabilities
• Install and configure anti-virus software or malware
protection
• Issue to all project team members their initial credentials
for cloud service access, per their role in the project or
ongoing operation
4. Execute a Mock Migration.
Undergo a trial run of the migration
project plan to uncover unintended
results or unnoticed issues during the
planning phase. The mock migration
date should be sufficiently distant
from the desired final cutover date to
have time to rectify problems.
Involve the cloud service provider in
the migration date selection.
• Ensure all contractual aspects are in place with the cloud
service provider, since the subsequent tasks will start
consuming cloud services
• Since it is important to simulate all aspects of the final
migration,
o Schedule downtime for existing systems during the
time required for migration
o Notify users in advance
• Import application data and configuration settings into the
cloud environment
• Run test scripts to validate
o Application and data migration
o Connectivity from all endpoints
o Proper access and authority 24
25. 6. Manage the Migration
Migration Procedure Migration Details
• Start the cloud environment and applications
• Ask a preselected group of test users to validate the work
environments and systems are functional
• The test users should follow formal test plans, designed in
advance to exercise as many possible features of the
application with allotted time
• Restart the on-premise production environment
• Document migration duration and metrics
5. Cutover to Production Cloud.
Assuming a successful mock
migration, or one that only
encountered minor issues with a clear
fix, establish a formal cutover
schedule.
If the mock migration ran into serious
issues, then repeat after correcting
the causes
• Update the migration plan, taking into account the lessons
learned during the mock migration about
o Tasks to be added or removed
o Actual durations measured
o Changed in resources required vs Initially expected
o Etc.
• Line up necessary resources from cloud provider, which may
be different from the mock migration since this will now be
the real definitive migration
25
26. 6. Manage the Migration
Migration Procedure Migration Details
• Communicate
o Migration steps
o Timeline
o Impact to all users
o Summary to management
o Instructions for day-one steps that individual users
must perform to access cloud services
• Re-execute the Mock Migration procedures but at the end,
instead of restarting the old production environment,
inform all users to apply the instructions they have received
to restart their work using the migrated application
• Begin license, application and database monitoring for the
production cloud environment
• For some time after cutover, a special “hotline” should be
established for prioritization and solving issues during initial
usage time
• Hold one or more formal checkpoint meetings after
migration to track any issues that need any additional
project task and resources
26