Discover, assess & plan
This stage is about exploring and discovering the IT portfolio, the dependencies between applications, and considering what types of migration strategies (6R) need to be employed to meet the business case objectives. This phase includes portfolio data discovery (application and infrastructure), analysis and assessment, recommend migration approach, migration cost estimate, migration plan and total cost of ownership estimate. The business case is built using the application assessment results, TCO results, migration cost and finally the ROI.
Some of the AWS tools that help to efficiently perform the tasks in this phase are:
- AWS Application Discovery Service
AWS Application Discovery Service collects and presents configuration, usage, and behavior data from your servers to help understand your workloads better. This data is encrypted and can be downloaded as CSV to perform TCO Comparisons.
AWS Migration Hub helps in planning and tracking of migration to AWS cloud. It also provides a single location and one view to track the progress of application migration. It integrates well with AWS migration tools and AWS partner migration tools.
Design, migrate & validate
This phase includes design and setup of AWS cloud landing zone, migrating individual application(s) driven by a Sprint based methodology, and post-migration validation, which includes performance, security, compliance and application validation. Automated provisioning, backup, auto-scaling are all configured as part of this phase.
Multiple AWS tools and services help in making this phase easier and some of them are:
- AWS Database Migration Service (AWS DMS)
Database migrations are not easier tasks, be it homogenous or heterogenous migration to a cloud as most migrations have to be done with minimum downtime. AWS DMS supports homogenous and heterogenous migration to AWS with minimum downtime. AWS DMS also supports streaming of data from existing datastores to Amazon redshift (for data warehouse), DynamoDB(for a NO SQL datastore) and S3(for data lake).
- AWS Server Migration Service (AWS SMS)
Many a time there is no documentation on what changes went into a server which hosts applications, this makes a recreation of the servers tougher. AWS SMS is an agentless service that makes it easier and faster to migrate thousands of on-premises workloads to AWS, especially when there is a need to migrate server as-is to AWS cloud. This service creates AMI(Amazon Machine Image) during migration which can be reused within AWS. This service also supports multi-server migration where a group of servers have to be migrated as part of a single application stack.
VM Import/Export enables you to easily import and export virtual machine images from your existing environment to Amazon EC2 instances and vice versa. VM Import/export supports multiple image format like OVA, VMDK, VHD which can be imported from on-premise to AWS.
- AWS Snowball and Datasync
Migrating data to AWS is made seamless with services like AWS Snowball, which help move terabytes of data to AWS. AWS Datasync helps in keeping real-time data in sync which can help with live migration. To move petabytes of data, AWS Snowmobile service can be used.
Operate & optimize
As applications are migrated and old systems are turned off, a new operating model continues to evolve. This model is highly automated with code, events and driven by DevOps methodology. This agile operating model is supported by set of people, process, and technology that constantly improves as more applications are migrated. Operations include infrastructure and security. Optimization on AWS cloud includes three pillars of cost, performance, and security. AWS has plethora of tools that help to achieve operational excellence and drive continuous optimization.
Operations on AWS cloud can be highly automated. This is possible with services listed below which help with real-time metrics, alarms (to trigger events) to automate operational tasks.
Provides data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. AWS Cloudwatch has native integration with more than 70 AWS services. Customers can derive actionable insights from Amazon Cloudwatch Log insights.
Log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This data is very critical for audit and forensics.
It provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. This service allows to quickly view operational data for groups of resources, for example, a group of AWS resources for one application and this will help to identify the issues for an application in its entirety.
There are multiple ways to acquire and use licenses in AWS like Marketplace, BYOL (Bring your own License) for multiple vendors like Microsoft, SAP, Oracle. This essentially means there has to be an easy way for management and governance and the answer is AWS License manager. This service helps create rules to avoid violations and licensing breach as well as integrate with other AWS services like AWS Service Catalog, AWS Systems Manager and AWS Organizations.
This service continuously monitors and records AWS services configurations and evaluates against desired configurations. It helps to identify violations and track changes And integrates with AWS services like AWS Cloudtrail and helps to correlate configuration changes to a particular event.
Operations - Security
Security and Compliance on AWS is a shared responsibility model. This means some responsibility lies with the customer and the rest lies with AWS. Shared responsibility also varies based on the type services(Infrastructure services Vs Platform services) consumed in AWS.
Multiple AWS services provide features to protect AWS infrastructure and the hosted applications. These services help to provide an effective security operation for organizations. All these services support CLI, API and Console interface which makes it easier for DevSecOps.
Amazon Macie is a fully managed service(no servers to manage by customer) which uses machine learning to automatically discover, classify and protect sensitive data. Amazon Macie gives visibility into how the sensitive data is accessed or moved and detects anomalies in data access and alerts when it detects risky or unauthorized access. This service delivers its findings to AWS CloudWatch Events which helps with downstream integration for action and analytics.
Amazon GuardDuty is a fully managed threat detection service which monitors for malicious activities and unauthorized behavior within an AWS account. AWS provides multiple service logs like AWS Cloudtrail, VPC flow logs, DNS logs, and threat detection is effective only when these logs are analyzed for adequate actions with Amazon GuardDuty, which analyzes billions of events across multiple log sources. No software or hardware has to be managed by the customer. This service uses machine learning, integrated threat intelligence (connecting events) and anomaly detection.
AWS Shield is Distributed Denial of Service(DDOS) protection service which is fully managed by AWS. This service provides continuous detection and mitigation to shield against DDOS attacks. There are two tiers of this service called Standard and Advanced. By default, all AWS customers get the standard service at no cost. Standard service defends customer’s AWS environment against them most common network and transport layer DDOS attacks. Advanced service offers higher-level threat protection against applications hosted on Amazon EC2, ELB, etc and also provides 24x7 access to AWS DDOS response team to handle potential threats and events.
An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It assesses applications for exposure, vulnerabilities, and deviations from best practices. This helps to enforce security standards and to identify deviations due to changes being introduced to an environment. AWS Inspector makes it easier to adopt DevSecOps.
Optimization - Cost
Cost is always a primary driver to move to AWS cloud. Optimization of cost is an agile and continuous process as workload characteristics continue to change. Many AWS Services help with continuous optimization of cost by providing visibility into services usage and cost projections.
AWS Cost Explorer provides insights and visibility into AWS services costs for customers. It quickly creates reports and charts and the
AWS Budgets lets customers to define budgets based on budget types (cost and usage) and help monitor AWS services usage. This helps continuously monitor cost and usage against a defined budget and alert anomalies, deviations by integrating with AWS services like AWS SNS(Simple Notification Service). AWS Budgets data can also be accessed programmatically with APIs.
Optimization – Performance
AWS services like AWS X-Ray and AWS Trusted Advisor provide insights into the application performance, performance bottlenecks, and checks and provides recommendations related to architecture, and application performance.
AWS X-Ray provides end to end visual insights into a transaction which in turn helps to identify performance bottlenecks into an application that is hosted on Amazon EC2, Amazon ECS, AWS Lambda and AWS Beanstalk. This service supports applications written in Java, .net, and node.js.
AWS Trusted Advisor is another service from AWS which when enabled can help in comparing your environment against established best practices which includes security, performance, cost, service limits, fault tolerance.
Combining the right set of AWS tools, services and frameworks and working along with a proven AWS partner is the right recipe for a successful AWS Cloud migration.
For details about AWS partnership with Wipro, please refer wipro.com/partner-ecosystem/aws/our-partnership