Thank you so much. Well, hello, greetings and good evening. Hope you had some good presentations in the last few sessions. So I'm really excited to be here. It's my first time in this EIC conference, and I really thank all the organizers for inviting and giving me the opportunity. So I already mentioned what you could expect, and I hope that some of you could relate to this experience and could we could perhaps also exchange some information afterwards. So having said that a brief words about myself again, my name is Sharma.
My current role is we are global program manager in it, infrastructure services. I have a bachelor in technology, computer science, and also an ongoing MBA education at disorder. I have got about 18 years of yeah. Experiencing the it industry with focus on software development, it infrastructure, particularly in data center and cloud area.
So moving on brief words about my employer work at two group special group solutions to be precise for those of you who do not notice group, it's a German conglomerate multinational focus in engineering, steel construction, and plant technologies, headquarter Inn.
That's where I work.
And yeah, industry solutions very briefly again, specializes in chemical process technologies, mining in the past and cement as well. Yeah. So operation 12 key industries, however, yeah, so focus is of course now to talk about the cloud journey before going further, just taking a pause again, to look at the statistics quite interesting here in 2021, where we stand and estimate to be at hundred Zita bytes by 205, quite amazing. And the interesting, and what please means is 94% of all enterprises are already have started the cloud journey.
So yeah, that's quite quite satisfying. So basically for my, or our journey. So it started in 2018 in the spring when my manager, the head of global infrastructure at the time approached me and asked me to prepare cloud environment until end of the year. So to be able to move applications. Yeah.
So I reply a smile. That's all fine. I have only a few questions. Do I have any budget? And can I hire some people and also who would operate this environment? So I got the answers.
Yes, I have budget. Yes. I get to hire some people and I need to operate myself so well, very nice. So basically within a span of eight months, I need to build up a team, move the infrastructure to the cloud with all this readiness. And also of course hand it over to the operations team, which by the way, doesn't exist yet.
So, so that, that give of course poses pose some challenges, which I try to hear categorizing some, let's say phases or steps and yeah, let's, let's start, take a look at that. So the first step of course is to have a cloud strategy. So if one wants to start a cloud journey sounds like an oxymoron, but probably not because one has to have the understanding of where one stands.
Yeah. So the strength and weaknesses of the organization and the dependencies in terms of technology and, and also the teams.
So, so all these things were part of this and also having management. Yeah. So approval and, and sponsorship were also key. And besides one has to also speak with people within the organization, if they, there was any experience already, or if not outside with experts and peers in the industry. So having come across that to the next step, of course, would be to define some use cases. And for that, of course, one has to start somewhere. The good thing we had at the time was that there was an enterprise architect tool where our systems were vendorized and that was a good starting point.
So I could at least with the help of those enterprise architects, I could pick up yeah. The applications which we wanted to pilot, of course one has to choose the cloud platform.
Yeah. From many choices, right. If not one, one could also have many or couple of them.
So for us, at least it was clear Microsoft Azure at the time and all the use cases and a solution, et cetera, I'm going to touch upon would be mostly yeah. Or only about Microsoft Azure. Right. So after that, of course, the next challenge was to build a team. So there are two options either to hire or upscale. So due to the time constraints I could focus, or I had to focus on hiring from outside. So there are a few skill which are necessary.
I, I, I figured out enterprise architect, cloud solution architect, cloud administrator, network, specialist, identity specialist, server administrator, or that was administrator application specialist. All these are key roles, but of course, depending on the size of the team and project on could combine, right.
And of course not to forget the project manager is also key in the PMO organization. After that the real work starts designing the solutions, the solution architecture.
So if you, if you already have, let's say set of blueprint architecture, so those, those would be quite handy. And if not one has to develop those, so one could refer to Microsoft architectures or at the time our corporate architects also started with some blueprint. So we could align from an application architects point of view, one could decide whether it's a pass yeah.
Platform, service, or infrastructure service for us. We chose at the beginning infrastructure service because we wanted to do lift and shift migration then starts the discussion about hybrid cloud. That's the interesting part, because one has to choose one, let's say standardized data center environment, and also a region where one wants to start the enablement and for the force, all the networking part is important.
The firewalls and, and, and, and yeah, so identities, so which active directory could choose from, do you have a cloud only active directory, or do you want your want to use your legacy active directories? So all this topics of course need to be analyzed and evaluated. So then one has to of course, design the solution, having security in mind. So it's a good idea to have the security colleagues, the information security officers that from the beginning, from the design phase of the, of the solution, and also to have a secure administration concept. So this is also key.
So how the administrators or the external colleagues, consultants access the solution, how would the solution be built and accessed? So these, these are some key elements which we had to deal with at the time, moving on. So once the quick, quick wins were identified and, and it worked upon, of course, one could not be complacent and then need to, of course, across the next barrier.
Yes, the low hanging fruits are easy to achieve, but then one has to build basically skills and take a look at what next services could be meaningful. So we add to the portfolio and for that one could also attend training, which we did at the time mean personally as well. And then of course, exchange peers and partners from the same industry at web webinars or conferences, et cetera, all those sort of things. Yeah. After that communication is key because cloud was actually a new initiative back in 2018 and there were some resistance, some non-believers.
So one had to of course talk about those by building a community and yeah. People talk and then good words, of course spread. So one has to of also define, or, or identify some key, let's say, change angels to evangelize within the organization and then tell the stories, right?
So this is also one key element communication within the organization, right? So then moving on, go live and handover. So the usual basically challenges there.
One has to identify the operations team while actually the operations team should be onboarded during the design, because they need to be able to also accept the solution. But if it is not possible, which was not in my case or our case, so it was done at least before the go live. And which is why actually the go, I had to be postponed a little bit and also finalize the operations handbook is key.
So, and to align with the operations team. Yeah. So then of course test, well, no need to say, besides monitoring and hyper clear, these are also key. So that one has an eye how the solution is performing during and after the go live. Yeah. Then the operations team takes care.
Yeah.
So, and takes over and yeah, user training also starts and maybe last but not the least continuous service delivery, which is still ongoing. Yeah. An improvement. This is also key having a demand management pipeline. This is very important. So to have a demand management process in some organizations, maybe people have already started automatizing these things and, and basically having some sort of service management process where things come in automatically, and then maybe machines are virtual machines are proficient, whether an on-prem or in the cloud. Right.
So based on the, based on the select parameters, but in our case, this is kind of a manual process. We have a service management tool and define the processes. And so that works that way. So after that, the security update and architecture updates are, are, are ongoing topics.
So, and new ideas would come in and new use cases also would appear.
So one has to work on those as well. Right? Yeah.
So, so far that's the, let's say those are the stuff we did. I heard a bit in order to finish it on time. And of course we, we couldn't finish it in eight months and it took a few months extra due to some fluctuations in the team, not only in the operations, from the operations point of view, but also in the design team and the solution team. Right. So then let's take a look at some concrete use cases.
So which, which, yeah, so which applications or services we could touch upon and not all of these are, let's say implemented, but at least we have addressed all of these. We have a solution and yeah. So we could deploy this. So as in when needed, the first one is actually the, so the applications. So in that one could think about, like, I already mentioned the infrastructure service sort of past architecture.
These are basically typical web applications, which are accessed over the internet. Yeah.
And then those could be either moved, lift and shift wise or also designed, but at least it, they were quite simple and one need not have a VPN solution, right. To connect back to on-prem. And so on of course, authentication was also a key topic here, whether to use legacy active directory or cloud active directory for those. So this again depends on the use case and there is no one size sheet solution for that. Then another use case was, yeah. So legacy and engineering application.
So that's, that's quite critical and it's not that easy because at least back in those days, it was not easy to doable. Now we can't think about it because we have all those technologies now in the cloud GPU accelerated VMs or virtual desktop. Yeah.
So, and for those high computational requests we need, or we have high compute machines also.
So those, those, those, this is possible right now. And there are some challenges as well, of course, depending on the bandwidth requirements and also having a connectivity to the on-prem environment, if, if certain component is installed in the on-prem environment and that's where actually the next use case comes into a picture, the hybrid data center. So the hybrid data center actually involves the, a needless to say, connecting on-prem infrastructure to the cloud.
And here again, there could be multiple, yeah. Architects, blueprints. One could think of having central centrally managed, standardized high available data center, which one can connect to the cloud. So of course one has to have reliable VPN connection, which could be realized by using express route technology or software defined yeah.
Van, if you have one, so, and network availability in firewall. So these are key aspects in this regard. Then another one would be extending infrastructure to the cloud.
So basically these are core related, but one could also have some additional use cases covered with this topics. So imagine you have either the front end part of the application in the cloud and the backend is in the on-prem because it is necessary as for security regulations or you have the yeah. Front end in the on-prem environment and the backend could be, or database could be in the cloud. And so both are possible.
And additionally, you might have also regulations from security that your directory has to be. On-prem your P management systems, antivirus systems, et cetera. They are on-prem. And due to this, you might need to only operate in a hybrid fashion. So this is again, depending on the use case. And additionally one could also give, let's say some locations or some, some offices, some flavor of the cloud services by giving them isolated, backup, and archive services, or even disaster recovery, let's say via Azure site recovery, which is quite, quite reliable and handy.
So in all these cases, of course, active directory services, whether to use the on-prem or native cloud services, these are yeah. Solution design decisions. One has to make. So moving on again. So the next use case could be, again, under architecture decision, we could have a hybrid data center. And this let's say we start in one region and this could be replicated, or this could be, let's say, yeah, done in another region. So in the same way, and then there could be of course, natural connectivity among this setups.
But if this is highly complex and of course takes time to do a hetero nature of it, one could think about having or giving this different regions, their own cloud environment. This is also hybrid nature. So they basically could extend their OnPrem infrastructure to the cloud. So the benefit is that yes, they could use still central architecture and security guidelines, but they, the support model here is decentralized in nature.
Right. So that that's quite handy.
I'll also show probably blueprint diagram briefly to, to talk about how we realize that then remote sites, satellite locations, these are also, yeah. So use cases where let's say next to some bigger cities, there are small locations and they have no it support staff and they don't want to, let's say the it manager in this don't want to invest much in hardware. And actually he doesn't have, he's a one man show, let's say in that case, it is easy to move those infrastructure to cloud yet PD backing on the network backbone from the next big city. Right.
So again, I have a picture to demonstrate that then what quite ambitious, bold step cloud for strategy. Yeah. For some organizers, it works seamlessly for others. It is a bumpy road.
So again, some challenges there might be to talk about authentication, right.
And also challenges about file services. Whether you are allowed to put your files in the cloud, because they might have a different classification. It is not possible in our case for all of those locations, but maybe in some cases, this is yeah. No brainer and could be realized easily. So one has to then also talk about device management, because if one could think about cloud first strategy, then device management could also go to the cloud.
We, we could realize that via windows autopilot and into technologies. Right. Okay. So these are some of the, again, use cases. One could of course talk at length about this. And there are many challenges for each of those, but I wanted to highlight them.
And yeah, I'm looking forward to, of course, some exchanges later. Yeah. Beyond this discussion where we could also talk about some challenges, maybe quick look at the lessons learned, which is the next slide.
So yeah, team S I already mentioned about, yeah. People leaving and pulling some challenges, delaying progress, et cetera. So documentation of course is key there.
And if, if it is difficult to document these architecture, because it's changing every few months, there are also some cloud documentation tools which one could use, and then, then one could pull those, the architecture quite frequently. And then for applications, point of view, there could be some unknown components in the applications, which one might miss out to define. For example, in one case, I remember there was this email feature, which was not mentioned, which again, sent us back to the drawing board and yeah, that was again, quite quite a nasty surprise.
Then there could be also some unknown infrastructure element, maybe, maybe a firewall or even firewall rules, which could yeah. Could lead us to, you know, so, so wondering what's going on, why let's say some database servers are not reachable from on-prem and so on, so forth then yeah.
Basically expect unexpected in all those topics I already mentioned. And also if you would think that the idea could be some standard configuration in terms of net firewalls, or I dunno, VPN solutions. So it's not always standard. There could be still some customization or troubleshooting.
One is to do 1.1 rolls out to some locations yeah. Outside, let's say your project so on so to speak. Yeah. So there could be issues with VPN not only on the backbone side, but also on the front end on the user side. And yeah. So not all legacy applications are cloud ready. So this is, again, that depends on the architecture of that application. Some applications are not really cloud ready. And then the, the, some, some vendors just try to yeah. Propose in that case, it becomes quite messy and rather do not move that application before redesign. That's that's one recommendation I have.
Yeah.
And one size doesn't fit all. Again. One has to take case back case in some cases, moving on architecture, best practices.
Again, these are some key findings. Again, there are many out there, depending on the use case, I could not, of course discuss all of them in details today because the time will not be sufficient, but yeah. Documentation already key and naming convention convention sounds like a, a minor topic, but it's, it's quite important. Yeah. So when you are talking about bigger environment yeah. Hub book technology, which is again, one handy architecture blueprint. So I have a slide for that to briefly show this in the next ones, firewall application, gateway load balancer, to protect the environment.
Yeah. So if you have internet facing applications and if you want to load balance cetera, so these are some elements which you can, of course also use from the cloud, or you can bring your own from your favorite vendors hybrid cloud for that you need already also VPN.
And I mentioned express route and yeah, ASD one could be the state of the art. If you have one or side to side, VPN is also a low cost quick solution, which one could implement then disaster recovery. One has to of course, think about it for the cloud services as well. Backup and recovery based on defined. Yeah.
R P R two and yeah. Retention policies, which the organizations would define Microsoft V one or as your V one. That was also one key technology to realize, let's say the hybrid solution with help of express RSD van then. Yeah. So virtual desktops for basically virtualizing some of those desktop heavy compute applications, like applications is doable and yeah. Autopilot for device management. And also for please do think about a VPN solution form for, for home office workers further. There is. Yeah.
So some again, ES Microsoft documentation, some reference architecture here talking about hybrid network architecture.
So basically on this side, again, on the left side here, your on-prem infrastructure, which help of some gateway, you could then leverage either via the express route or via the VPN gateway in the cloud, the connectivity, and there we could have your different yeah. So elements in the cloud. So moving on to maybe a bit more complex picture here, but this is my favorite because it actually encompasses all the different use cases.
So here again, so this is again, courtesy Microsoft documentation. You have your on-prem, which connects to the Microsoft virtual van, which leveraged and the Microsoft backbone. And then it's quite easy to do the V peering to either your resource groups or to your subscriptions where you have a SPO architecture.
So hub, meaning all your central components are in your yeah. In your either hub subscription or hub resource group, and then your yeah.
Different services, which could be again, controlled, via role based access control or management group policies, et cetera, then could exist in different resource groups. We call them spoke either resource groups or, or, or subscriptions, right?
So, and then you place your individual infrastructure or elements or application elements, et cetera in there and do of course product from the cloud or for the interfacing sites. You have your firewall applic, get to cetera already reset. You could bring your own firewall vendor appliance. So moving on again. So this is simplified basically a version of the same I'll quickly skip and then move, maybe pause here quickly. This is again, the architecture for region, which gets their own cloud environment.
So they basically have their OnPrem environment here at the bottom with their own, you know, local active directory, antivirus and patch management, cetera. And in this case, let's say as appliance, they can connect to the Azure again, all secure here, right.
And then they could have their services installed there. So this could be then applied of course, for different regions or different locations. So then this is the small remote office architecture blueprint.
Again, I mentioned where they could piggyback on the bigger location nearby, but they could have, let's say, move their print services, file services, et cetera, to the cloud, and then still leverage all those from the Azure environment. Okay. Then I think I'll briefly touch upon then some file service architecture again, which is again from Microsoft. So this is the Azure file share again for this. The key requirement is that the identities have to be in the cloud if this is not possible, because there are on-prem active directory, cetera.
So one could use still DFS based file service and still use the Microsoft backbone and the Azure services, et cetera, to, to deliver this service.
Right? So then some security best practices to wrap up. So follow your reference architecture, whether from your own enterprise architects or from Microsoft, but do align with information security via some security audit risk. Cetera could also go for some independent security from third party to close those risk before go live. And yeah. So of course have some yeah.
Zero trust policy allow only your dedicated, trusted team to access those, identify some policies. Yeah. Have your monitoring systems in place and also have join over lever process defined with identity and access management teams. Good idea. To connect to so team or tread hunting solutions and yeah. Review all those regularly, which security department. Right?
I mean, project management again. So here proof of project were possible. And then key is communication and being agile. Right? Yeah. And service management process and tools is don't underestimate that because you need a good service management tool and some processes for incident problem and change management have the demand management also aligned and well defined and yeah, well have a CMDB, keep it updated. And with that, I would like to wrap up. But of course I would like to quote from my favorite transformation guru, let's say John Pico, the art transformation is a process.
It's not an event. So it's, it's a continuous journey. Yeah. I hope I could deliver some of my lessons learned and use cases from my journey or our journey here. I'm looking forward to as far as being able to connect with you, some of you later. Yeah. Thanks for your attention.
