As organizations embark on the AWS cloud journey, one of the most important steps is to migrate their current workloads to the AWS cloud that complements the organization’s Cloud-first strategy. Cloud migration has multiple phases and has to be planned and performed carefully for it to deliver the value that is expected out of it.

There are multiple paths to migrate to AWS cloud. The common ones are:

• “Optimize & Migrate”: Optimize applications to leverage AWS cloud services by rearchitecting or remediating applications. Optimize existing tools and existing processes with modern DevOps approaches like continuous integration, continuous delivery, infrastructure as code. The migration follows optimization. 
• “Migrate & Optimize”: Migrate to AWS cloud first by moving applications as As-Is. Post migration, optimize across applications, tools, and processes.

While each of these approaches has its own pros and cons, most organizations prefer a “Migrate & Optimize” approach which takes them to the cloud faster. This faster migration to cloud is best supported with tools such as AWS Server Migration Service, AWS Snowball, to name a few. These tools are generally categorized as AWS tools and third-party tools.

In this article, we will highlight how AWS tools and services can be leveraged for migrating applications to AWS which in turn can reduce the complexity and cost of migration.

The AWS cloud migration journey

AWS has rich sets of tools and services that play a key role in each phase of the migration to cloud (See Figure 1). Most of these tools are available free of cost for AWS customers and help reduce considerable time and effort. For example, service like AWS Application Discovery helps to discover details about an application technology stack, interdependency etc; service like AWS Migration Hub provides a single view of the progress of a migration.

Discover, assess & plan

This stage is about exploring and discovering the IT portfolio, the dependencies between applications, and considering what types of migration strategies (6R) need to be employed to meet the business case objectives. This phase includes portfolio data discovery (application and infrastructure), analysis and assessment, recommend migration approach, migration cost estimate, migration plan and total cost of ownership estimate. The business case is built using the application assessment results, TCO results, migration cost and finally the ROI.

Some of the AWS tools that help to efficiently perform the tasks in this phase are:

• AWS Application Discovery Service

AWS Application Discovery Service collects and presents configuration, usage, and behavior data from your servers to help understand your workloads better. This data is encrypted and can be downloaded as CSV to perform TCO Comparisons.

• AWS Migration Hub

AWS Migration Hub helps in planning and tracking of migration to AWS cloud. It also provides a single location and one view to track the progress of application migration. It integrates well with AWS migration tools and AWS partner migration tools.

Design, migrate & validate

This phase includes design and setup of AWS cloud landing zone, migrating individual application(s) driven by a Sprint based methodology, and post-migration validation, which includes performance, security, compliance and application validation. Automated provisioning, backup, auto-scaling are all configured as part of this phase.

Multiple AWS tools and services help in making this phase easier and some of them are:

• AWS Database Migration Service (AWS DMS)

Database migrations are not easier tasks, be it homogenous or heterogenous migration to a cloud as most migrations have to be done with minimum downtime. AWS DMS supports homogenous and heterogenous migration to AWS with minimum downtime. AWS DMS also supports streaming of data from existing datastores to Amazon redshift (for data warehouse), DynamoDB(for a NO SQL datastore) and S3(for data lake).

• AWS Server Migration Service (AWS SMS)

Many a time there is no documentation on what changes went into a server which hosts applications, this makes a recreation of the servers tougher. AWS SMS is an agentless service that makes it easier and faster to migrate thousands of on-premises workloads to AWS, especially when there is a need to migrate server as-is to AWS cloud. This service creates AMI(Amazon Machine Image) during migration which can be reused within AWS. This service also supports multi-server migration where a group of servers have to be migrated as part of a single application stack.

• AWS VM Import/Export

VM Import/Export enables you to easily import and export virtual machine images from your existing environment to Amazon EC2 instances and vice versa. VM Import/export supports multiple image format like OVA, VMDK, VHD which can be imported from on-premise to AWS.

• AWS Snowball and Datasync

Migrating data to AWS is made seamless with services like AWS Snowball, which help move terabytes of data to AWS. AWS Datasync helps in keeping real-time data in sync which can help with live migration. To move petabytes of data, AWS Snowmobile service can be used.

Operate & optimize

As applications are migrated and old systems are turned off, a new operating model continues to evolve. This model is highly automated with code, events and driven by DevOps methodology. This agile operating model is supported by set of people, process, and technology that constantly improves as more applications are migrated. Operations include infrastructure and security. Optimization on AWS cloud includes three pillars of cost, performance, and security. AWS has plethora of tools that help to achieve operational excellence and drive continuous optimization.

Operations

Operations on AWS cloud can be highly automated. This is possible with services listed below which help with real-time metrics, alarms (to trigger events) to automate operational tasks.

• Amazon Cloudwatch

Provides data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. AWS Cloudwatch has native integration with more than 70 AWS services. Customers can derive actionable insights from Amazon Cloudwatch Log insights.

• AWS Cloudtrail

Log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This data is very critical for audit and forensics.

• AWS Systems Manager

It provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. This service allows to quickly view operational data for groups of resources, for example, a group of AWS resources for one application and this will help to identify the issues for an application in its entirety.

• AWS License Manager
  

There are multiple ways to acquire and use licenses in AWS like Marketplace, BYOL (Bring your own License) for multiple vendors like Microsoft, SAP, Oracle. This essentially means there has to be an easy way for management and governance and the answer is AWS License manager. This service helps create rules to avoid violations and licensing breach as well as integrate with other AWS services like AWS Service Catalog, AWS Systems Manager and AWS Organizations.

• AWS Config

This service continuously monitors and records AWS services configurations and evaluates against desired configurations. It helps to identify violations and track changes And integrates with AWS services like AWS Cloudtrail and helps to correlate configuration changes to a particular event.

Operations - Security

Security and Compliance on AWS is a shared responsibility model. This means some responsibility lies with the customer and the rest lies with AWS. Shared responsibility also varies based on the type services(Infrastructure services Vs Platform services) consumed in AWS.

Multiple AWS services provide features to protect AWS infrastructure and the hosted applications. These services help to provide an effective security operation for organizations. All these services support CLI, API and Console interface which makes it easier for DevSecOps.

• Amazon Macie

Amazon Macie is a fully managed service(no servers to manage by customer) which uses machine learning to automatically discover, classify and protect sensitive data. Amazon Macie gives visibility into how the sensitive data is accessed or moved and detects anomalies in data access and alerts when it detects risky or unauthorized access. This service delivers its findings to AWS CloudWatch Events which helps with downstream integration for action and analytics.

• Amazon GuardDuty

Amazon GuardDuty is a fully managed threat detection service which monitors for malicious activities and unauthorized behavior within an AWS account. AWS provides multiple service logs like AWS Cloudtrail, VPC flow logs, DNS logs, and threat detection is effective only when these logs are analyzed for adequate actions with Amazon GuardDuty, which analyzes billions of events across multiple log sources. No software or hardware has to be managed by the customer. This service uses machine learning, integrated threat intelligence (connecting events) and anomaly detection.

• AWS Shield

AWS Shield is Distributed Denial of Service(DDOS) protection service which is fully managed by AWS. This service provides continuous detection and mitigation to shield against DDOS attacks. There are two tiers of this service called Standard and Advanced. By default, all AWS customers get the standard service at no cost. Standard service defends customer’s AWS environment against them most common network and transport layer DDOS attacks. Advanced service offers higher-level threat protection against applications hosted on Amazon EC2, ELB, etc and also provides 24x7 access to AWS DDOS response team to handle potential threats and events.

• AWS Inspector

An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It assesses applications for exposure, vulnerabilities, and deviations from best practices. This helps to enforce security standards and to identify deviations due to changes being introduced to an environment. AWS Inspector makes it easier to adopt DevSecOps.

Optimization - Cost

Cost is always a primary driver to move to AWS cloud. Optimization of cost is an agile and continuous process as workload characteristics continue to change. Many AWS Services help with continuous optimization of cost by providing visibility into services usage and cost projections.

• AWS Cost Explorer

AWS Cost Explorer provides insights and visibility into AWS services costs for customers. It quickly creates reports and charts and the

• AWS Budgets

AWS Budgets lets customers to define budgets based on budget types (cost and usage) and help monitor AWS services usage. This helps continuously monitor cost and usage against a defined budget and alert anomalies, deviations by integrating with AWS services like AWS SNS(Simple Notification Service). AWS Budgets data can also be accessed programmatically with APIs.

Optimization – Performance

AWS services like AWS X-Ray and AWS Trusted Advisor provide insights into the application performance, performance bottlenecks, and checks and provides recommendations related to architecture, and application performance.

• AWS X-Ray

AWS X-Ray provides end to end visual insights into a transaction which in turn helps to identify performance bottlenecks into an application that is hosted on Amazon EC2, Amazon ECS, AWS Lambda and AWS Beanstalk. This service supports applications written in Java, .net, and node.js.

• AWS Trusted Advisor

AWS Trusted Advisor is another service from AWS which when enabled can help in comparing your environment against established best practices which includes security, performance, cost, service limits, fault tolerance.

Conclusion

Combining the right set of AWS tools, services and frameworks and working along with a proven AWS partner is the right recipe for a successful AWS Cloud migration.

For details about AWS partnership with Wipro, please refer wipro.com/partner-ecosystem/aws/our-partnership

Vikrant Sahu

Cloud Solutions Architect, Wipro Limited

Vikrant specializes in AWS and DevOps. He helps enterprises modernize their application landscape by embracing public cloud services. Has experience in all the phases of software development lifecycle from Requirement Analysis, Estimation, Design, Development, Testing, Release, and Maintenance. Vikrant Sahu Cloud Solutions Architect, Wipro Limited Vikrant specializes in AWS and DevOps. He helps enterprises modernize their application landscape by embracing public cloud services. Has experience in all the phases of software development lifecycle from Requirement Analysis, Estimation, Design, Development, Testing, Release, and Maintenance.

Maran Marudhamuthu

AWS – Partner Solutions Architect with the Global System Integrators & Influencers Team Amazon Web Services

Maran works with the large GSIs to provide guidance on enterprise cloud adoption, migration strategy and adopting AWS services