business report (professional design)

CLOUD STRATEGY Prepared by Shukur Mohammad, James Taylor, EJ Widun

Revised 4/10/2019 6:21:00 PM

Prepared by Shukur Mohammad, James Taylor, EJ Widun

Revised 4/10/2019 6:21:00 PM of 25

CONFIDENTIAL – NOT SUBJECT TO FOIA

Executive Summary ................................................................................................................ 3

Definitions, Attributes & Taxanomy ........................................................................................ 4

What is Cloud Computing? ................................................................................................................. 4 Attributes of Cloud Computing ......................................................................................................................... 4

Cloud Deployment Models .................................................................................................................. 4

Cloud Computing Service Models ....................................................................................................... 5 Software as a Service (SaaS) .......................................................................................................................... 5 Platform as a Service (PaaS) ........................................................................................................................... 6 Infrastructure as a Service (IaaS) .................................................................................................................... 7

Current State .......................................................................................................................... 7

Risks and Issues with Current State................................................................................................... 7

Why Cloud? ............................................................................................................................ 8

Cloud is a fundamental shift in IT ....................................................................................................... 8 Efficiency improvements will shift resources towards higher-value activities ....................................................... 8 Services will be more scalable ......................................................................................................................... 8 Agility improvements will make services more responsive ................................................................................. 8 Innovation improvements will rapidly enhance service effectiveness .................................................................. 9 Assets will be better utilized ............................................................................................................................ 9 Portability and Flexibility ................................................................................................................................. 9

Creating the Cloud Culture ................................................................................................... 10

Roadmap for Cloud Migration ............................................................................................... 11 1. Create a Cloud Strategy ....................................................................................................................... 12 2. Establish a Cloud Program ................................................................................................................... 12 3. Cloud Discovery ................................................................................................................................... 12 4. Define Governance Structure ................................................................................................................ 12 5. Implement Core Technologies ............................................................................................................... 12 6. Assess and Plan .................................................................................................................................. 13 7. Build and Pilot ..................................................................................................................................... 16 8. Application Migrations .......................................................................................................................... 17 9. Operational Integration and Environment Optimization ........................................................................... 17 10. Define EA Policies ............................................................................................................................... 17 11. Cost/Billing Analysis & Management ..................................................................................................... 17

Appendices ........................................................................................................................... 18

Appendix A - Abbreviations and Acronyms ...................................................................................... 18

Appendix B - Existing Cloud Application deployments .................................................................... 18

Appendix C - Systems/Applications Migrations and considerations ................................................ 19

Appendix D - AWS vs. Azure for IaaS and PaaS ............................................................................... 20 Amazon Web Services (AWS) ........................................................................................................................ 20 Azure ........................................................................................................................................................... 21

Appendix E - Cloud Connectivity Options ........................................................................................ 22

Appendix F - Cloud First Considerations .......................................................................................... 24

References ............................................................................................................................ 25

Links ..................................................................................................................................... 25


Revised 4/10/2019 6:21:00 PM of 25


EXECUTIVE SUMMARY As technology continues to evolve so does Oakland County Information Technology’s (OCIT) infrastructure

environment and development model. The overarching goal of OCIT ‘s Cloud Strategy is the ability to run any time

and run any where. This means that OCIT needs to have the ability to support cloud and on-premise solutions;

where the optimal configuration for performance, reliability and cost can be selected.

For the purposes of streamlining the run any time and run any where strategy, we will determine on a case by case

basis where a workload should reside, and will construct environments where the solutions are either all in the cloud

or on-premises. Splitting workloads between the cloud and on-premises reduces the effectiveness and efficiency of

both technology platforms.

As we look toward our future, Oakland County (OC) is looking to establish a Cloud First approach to application

infrastructures. The Cloud will provide Oakland County with several benefits including econ omies of scale, removal of

non-value added tasks from daily workloads, increased innovation and improved collaboration across IT. We will

establish the standards that govern our cloud environments and enable the Cloud First mindset through our Technical

Design Review process.

Oakland County has been leveraging cloud computing technologies for some time. We have many successful

Software as a Service (SaaS) implementations and some Infrastructure as a Service implementations. Our

preliminary experiences with Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) suggest that they

are suitable for agile, rapid development and deployments.

With the convergence of market trends, successful cloud deployments , limited “On-Premise” capacity and upcoming

technology projects, now is the time for Oakland County to transform the way we do business. We cannot take our

current processes and adapt them to the cloud. We need to create a new way of doing business that

leverages all of the value propositions of cloud. These new and improved processes may be applied to our on-

premises infrastructure to take advantages of the lessons learnt in the cloud as a part of our Outside-In approach.

A true cloud strategy includes a holistic view of IT that requires partnership, collaboration and the support of

leadership to remove the barriers to the cultural chage.

This Cloud Strategy will:

1. Define the cloud and its components creating a common and shared lexicon for OC.

2. Articulate the benefits, considerations, and trade-offs of cloud computing.

3. Identify the program, activities, roles and responsibilities for our transformation to Cloud First computing.

4. Provide a high-level roadmap for cloud migrations.

5. Provide a deicison framework for solutions to migrate to the cl oud.

6. Define the Cloud connection methodologies.

7. Ensure the security requirements are included and met.

8. Establish the governance policies of the cloud.


Revised 4/10/2019 6:21:00 PM of 25


DEFINITIONS, ATTRIBUTES & TAXANOMY

What is Cloud Computing?

“Cloud Computing is a style of computing where elastically scalable technical capabilities are delivered as a service

using Internet technologies.” – Gartner

Attributes of Cloud Computing

• Abstraction – infrastructure abstracted from the customer and delivered as a service.

• Agility – ability to provision and re-provision infrastructure resources since it is delivered as a service.

• Reliability – improved availability with multiple redundant sites.

• Scalability – ability to accommodate varying loads (scale-up, down or scale-out).

• Elasticity – ability to cope with loads dynamically.

• Security – provides a secure infrastructure.

• Performance – is reliable and can be monitored.

• Maintenance – is easier to maintain with self-service for all configurations.

• Multi-tenancy – ability to host multiple tenants.

• Metered usage – ability to monitor and control usage. Pay as you go model to reduce capital expenditures.

Cloud Computing can deliver System Infrastructure components (Network, Storage, Servers, Load Balancers etc.),

Application Infrastructure components (Services, Platforms, Applications, etc.) and provides licensing flexibility (Bring

your own License or purchase from the service provider).

Cloud Deployment Models

Deployment

Model

Definition Service

Providers/Examples

OCIT

Private Cloud Cloud Infrastructure operated

solely for a single organization,

whether managed internally or by a

third-party, and may be hosted

either on-premise or off-premise.

OpenStack, VMWare Private

Cloud, IBM SoftLayer, etc.

Oakland County does not

have the size or scale to

warrant the need for a

Private Cloud at this time.

Public Cloud Cloud Infrastructure made available

to the general public or a large

industry group and is owned by an

organization providing cloud

services.

AWS, Azure, Rackspace,

etc.

AWS and Azure are

currently leveraged for OC

today. We will continue to

use these cloud

environments, but look to

improve our design,

implementation and

governance.

Hybrid Cloud Cloud Infrastructure delivered by

some combination of private and

public services, from different

service providers.

The cloud infrastructure is a

composition of two or more clouds

(private, community, or public) that

remain unique entities but are

bound together by standardized or

proprietary technology that enables

Cloud bursting for load-

balancing between clouds.

Application deployed to the

cloud infrastructure and data

is on-premises.

At some point in the future,

this type of cloud structure

may be needed. At this point

we will not be leveraging

this deployment type.


Revised 4/10/2019 6:21:00 PM of 25


data and application portability.

Community

Cloud

Cloud Infrastructure shared by

several organzations and supports

a specific community that has

shared concerns (e.g., security

requirements, policies and

compliance considerations, industry

requirements).

It may be managed by the

organizations themselves or a third

party, and may exist on-premise or

off-premise.

AWS GovCloud, Azure

Government Community

Cloud.

AWS and Azure Government

clouds host environments

for several federal, state

and local government

entities.

Oakland County will

leverage this type of cloud

environment. We will need

to create a design,

implementation and

governance process.

Cloud Computing Service Models

Figure 1 shows the comparison options of the different cloud computing service models. A typical deployment in the

cloud environment for an OC application could include components in each of the three cloud service models.

Figure 1: Comparing Cloud Computing service models

Software as a Service (SaaS)

The capability provided to the customer is to use the provider’s applications running on a cloud infrastructure.The

applications are accessible from various client devices through a thin client interface such as a web browser (e.g.,

web-based email).The customer does not manage or control the underlying cloud infrastructure including network,

servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited


Revised 4/10/2019 6:21:00 PM of 25


user-specific application configuration settings. Applications are typically upgraded and maintained by the SaaS

provider.

e.g.: SalesForce, Kronos, ArcGIS Online, Office 365, Okta, etc.

Pros:

• Quick implementation – since there is no hardware or software to setup and configure, the implementation

times are greatly reduced.

• Zero planned upgrades – the service provider is responsible for all planned upgrades. OC may need to test

the changes for some planned upgrades with the vendor.

• Patches and Upgrades – are automatically applied (more often on a scheduled timeframe). This ensures the

customer always uses the most current version of the softwareand also includes the latest security patches.

• Availability and Redundancy – is the responsibility of the service provider.

• Backup and Retention – is the responsibility of the service provider.

• Security – is the reponsibility of the service provider. This includes security compliance testing, scans,

certificates, etc.

Cons:

• Control – the customer has little control over the application other than who has access. The customer can

alter configurations, but not to customize the core functionality.

• Vendor lock-in – switching to a new vendor may become difficult, especially with customizations.

• Patches/Upgrades – Patches and upgrades to the software are automatically applied (more often on a

scheduled timeframe). There will not be an option to back out of certain patches or upgrades as the customer

has may not have a say in the pre-established SLAs, maintenance windows, etc.

• Integration – integrating with on-premises data and applications may require additional effort, since the data

is hosted by the service provider.

Platform as a Service (PaaS)

The customer is provided the ability to deploy onto the cloud infrastructure customer-created or acquired applications

created using programming languages and tools supported by the provider. The customer does not manage or control

the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the

deployed applications and possibly application hosting environment configurations.

e.g.: AWS RDS, Azure App Service, etc.

Pros:

• Server-less Architecture – the customer does not have to manage hardware, operating systems, database

systems, and programming stack servers are not required to stand-up the components of the solution. This

leads to faster implementation of the solution as there is no installation of the platform required.

• Allocated Resources – is configurable and can be scheduled and scaled in most cases, if required.

• Features – more features are readily available, which would otherwise require installation and configuration

of additional components.

• Backups – are easily handled with standard and established procedures.

• High-Availability and Redundancy – can be configured.

• Security – is implemented with industry best practices for the platform.

Cons:

• Vendor lock-in – switching to a new vendor may require coding changes, and re-architecting, which can be

time consuming, based on the complexity the solution.

• Patches/Upgrades – Patches and upgrades to the platform are automatically applied (more often on a

scheduled timeframe). There will not be an option to back out of certain patches or upgrades.


Revised 4/10/2019 6:21:00 PM of 25


Infrastructure as a Service (IaaS)

The customer is provided the ability to provision processing, storage, networks and other fundamental computing

resources where the customer is able to deploy and run arbitrary software, which can inc lude operating systems and

applications. The customer does not manage or control the underlying cloud infrastructure but has control over

operating systems, storage, deployed applications and possibly limited control of select networking components.

e.g.: AWS, Azure, Rackspace, IBM SoftLayer, etc.

Pros:

• Custom Architecture – the customer has complete freedom in designing the architecture as required by the

applications. This means that the customer must manage operating systems, database systems and

programming stack servers. This provides complete control to building a custom architecture and implement

custom components.

• Allocated Resources – is configurable and can be scheduled and scaled, if required.

• Backups – are handled with customer standards and established procedures.

• High-Availability and Redundancy – can be configured using customer solutions.

• Security – is implemented with industry best practices by the customer.

• Vendor lock-in – switching to a new service provider most likely will not require rearchitecting the solution

and coding changes.

Cons:

• Maintenance – Since the architecture is designed by the customer, the customer holds the responsibilitues of

administering and maintaining the entire architecture, which could include security, firewalls, monitoring,

alerting, etc.

• Patches/Upgrades – Patches and upgrades to the to the infrastructure have to be managed by the customer.

CURRENT STATE Oakland County (OC) has a majority of deployments on-premise, but is also currently using many cloud computing

services. Here are some of the current cloud deployments:

• SaaS: Office 365, Salesforce, ArcGIS online, Kronos, Google, Salesforce

• PaaS: Azure Media Services, Azure Mobile Services, SharePoint online

• IaaS: AWS VPC and Virtual Machines, which host the SharePoint websites for OC and G2G customers and

the NACo Application Store (.Net web application).

Risks and Issues with Current State

• The current RAP environment is running at maximum utilization.

• Our current on-premise infrastructure does not scale well with demand.

• Our current cloud deployments have been designed to mimic some of the on-premise processes, which

replicates the same problems in the cloud

• Our current cloud connections need to be expanded, scalable, redundant and provide increased security for

the various type of cloud deployments we will have in the future .

• Our current processes do not include a Cloud First mindset; meaning that without evolving our strategy we

will migrate our technical debt o the Cloud without looking at new technologies to optmize and leverage the

best practices.

• The Culture of Collaboration is missing from our current cloud deployments. Having a true Cloud First

mindset will increase our need of cross-team collaboration and holistic ownership.

• Our method of securing our Cloud Infrastructure must evolve from how we secure things to a re quirement

driven security model.

• Our current infrastructure is not portable – we cannot move our workloads to efficiently util ize our capacity in

the cloud and on-premises.


Revised 4/10/2019 6:21:00 PM of 25


WHY CLOUD?

Cloud is a fundamental shift in IT

Cloud computing enables IT systems to be scalable and elastic. We as OCIT, do not need to determine their exact

computing resource requirements upfront. Instead, we provision computing resources as required, on-demand. Using

cloud computing services, OCIT does not need to own data center infrastructure to launch a capability that reliably

serves thousands of concurrent users, but instead can leverage the pay-as-you-go model for provisioning new

infrastructure.

As shown in the Figure 3, the cloud expenditure and adoption has progressively increased over the past few years

and is projected to increase in the near future.

Figure 3: Public Cloud forecast

Using a public or community cloud like AWS or Azure would give OCIT access to infrastructure and services

relatively inexpensively, in minutes. In our current environment, it would take months to procure and configure

comparable resources and significant management oversight to monitor, maintain and upgrade systems. Applying

cloud technologies across OC can yield tremendous benefits in efficiency, agility, and innovation.

Efficiency improvements will shift resources towards higher-value activities

Only a fraction of the investment in data center infrastructure delivers real, measurable impact for the departments,

agencies and the general public serviced by OC. Improvements in efficiency will be seen in software applications and

end-user support. These savings can be used to increase capacity or be reinvested in other alternatives, including

citizen-facing services and inventing and deploying new innovations.

Services will be more scalable

With a larger pool of resources to draw from, individual cloud services are un likely to encounter capacity constraints.

As a result, services hosted in the cloud would be able to more rapidly increase capacity and avoid service outages.

Given appropriate service level agreements and governance to ensure overall capacity is met, clou d computing will

make the OCIT’s investments less sensitive to the uncertainty in demand forecasts.

Agility improvements will make services more responsive

Cloud computing will also allow OCIT to improve services and respond to changing needs and regulations much more

quickly. With traditional infrastructure, OCIT’s service reliability is strongly dependent upon the ability to predict


Revised 4/10/2019 6:21:00 PM of 25


service demand, which is not always possible Cloud computing will allow OCIT to rapidly scale up to meet

unpredictable demand thus minimizing similar disruptions. Notably, cloud computing also provides an important

option in meeting short-term computing needs; applications need not invest in infrastructure in cases where service is

needed for a limited period of time.

Innovation improvements will rapidly enhance service effectiveness

Cloud computing will not only make our IT services more efficient and agile, it will also serve a s an enabler for

innovation. Cloud computing allows the OCIT to use its investments in a more innovative way and will help OCIT take

advantage of leading-edge technologies.

Assets will be better utilized

According to a recent analysis, OCIT is not fully ut ilizing allocated capacity. Low utilization is not necessarily a

consequence of poor management, but instead, a result of the need to ensure that there is reserve capacity to meet

periodic or unexpected demand for key functions.

With cloud computing, total infrastructure resources are pooled and shared across large numbers of applications and

organizations Cloud computing can complement data center consolidation efforts by shifting workloads and

applications to infrastructures owned and operated by third parties Capacity can be provisioned to address the peak

demand.

As utilization is optimized by migrating workloads to the cloud infrastructure, more value is derived from the existing

assets and in-turn reducing the need to continuously increase capacity which means less expenditure on hardware,

software, operations, maintenance, and power consumption.

Portability and Flexibility

Cloud computing gives OC the f lexibility to alleviate capacity problems with on-premises infrastructure and hence

provide the option to be portable with application deployments. This in turn converts a lot of OCIT’s capital Expense

budget into Operational Expense and helps us better plan and utilize our infrastructures in the cloud and on -

premises. Having the option to deploy applications to multiple infrastructure platforms where optimal configuration for

performance, reliability and cost can be selected based on the application requirements.


Revised 4/10/2019 6:21:00 PM of 25


CREATING THE CLOUD CULTURE The shift toward a Cloud First mindset requires a shift in our current culture. This will be an ongoing shift, in which

we will need to exemplify and improve our collaboration throughout the entire organization.

Figure 4: Oakland County Culture of Collaboration

Building off this model of culture of collaboration as shown in Figure 4, we are recommending the following roles to

help ensure Collaboration and a clear delineation of responsibility.

IT Steering – This group will be responsible for setting the strategic objectives for the effort, securing funding and

providing continual change management support for the mind set change. This will start with helping share the

message of the mindset through the celebration of successful events.

Architecture Team and CTO – This group will provide the current state and future strategic direction for this effort.

The team will assist in the planning of cloud development, execution and integration strategies on a project by project

basis. This group will identify and lead the implementation of governance of Cloud which will balance between

performance, optimization, fiduciary and fiscal responsibilities.

IT Security and CISO – This group will establish the requirements for security, compliance and data. The group will

also consult on the execution of individual projects ensuring the alignment to the requirements and constraints

defined by the team. This group will have representation in establishing the governance process.

Applications Team – This team is responsible for the execution of projects to the Cloud First mindset. This team will

ensure the business and service delivery needs are implemented in the most effective and efficient manner. This

group will have representation in establishing the governance process.

TSN – This team is responsible for the day to day operations of the cloud environment. This includes monitoring

performance servers and network. This group will have representation in establishing the governance process.

We will leverage our new Technical Design Review Process for the Architecture, Security, Applications and TSN

Team to collaborate on the right solution on a project by project basis.


Revised 4/10/2019 6:21:00 PM of 25


ROADMAP FOR CLOUD MIGRATION Figure 5 shows the overall roadmap for cloud migration and adoption for Oakland County. It is broken into multiple phases (color -coded), each of

which will be discussed below.

Figure 5: Oakland County Cloud Roadmap


Revised 4/10/2019 6:21:00 PM of 25


1. Create a Cloud Strategy

A cloud strategy will increase the understanding of how decisions about the cloud can affect and improve the delivery

of work at OC. It will help us understand best practices, which will translate into speed and agility to improve

availability and delivery of software and services for OC customers. It will also contain the definitions of cloud

computing in terms of Oakland County's view and a roadmap for how implement a Cloud First strategy.

2. Establish a Cloud Program

The first step on the Cloud Roadmap is to establish a cloud program and identify projects to implement the strategy.

The Cloud Program will:

• Gain the understanding of cloud computing and infrastructures.

o Research the latest technologies in provisioning servers and environments.

o Get trained on cloud technologies and best-practice implementations.

o Gain extensive knowledge on provisioning “Infrastructure as Code”.

o Develop and implement cloud models needed for OC's future based on migrations and further

resource needs.

• Evaluate the current cloud deployments and make suggestions for improvement or migrations to new OC

standards.

• Have a cloud ready environment available for migrations and future deployments.

o Prepare governance and automation procedures for IaaS, PaaS and SaaS models.

o Implement security policies.

o Establish standards for communication with on-premises infrastructure and resources.

o Determine the integration platforms and processes for cloud services.

• Establish Goals and Objectives for Cloud implementations.

• Migrate pilot applications to the Cloud.

• Begin the migration process with Application services.

3. Cloud Discovery

This phase will identify and inventory existing Oakland County Cloud IaaS, PaaS and SaaS deployments. These

services will eventually be brought under the standard policies and procedures that will be established as a part of

the Cloud adoption and implementation.

When looking at Oakland County's Cloud Roadmap, once the strategy is approved and the initial Cloud discovery

phase is complete, most of the remaining tasks can be done in parallel.

4. Define Governance Structure

Policies and processes for governance in the Cloud environments will be established and implemented in this phase.

This includes, but is not limited to support, monitoring and alerting, SLAs, pa tching, etc.

5. Implement Core Technologies

To be successful in migrating applications to the cloud environments, core solutions need to be in place. Here are

some of the solutions identified:

IAM – An effective SaaS based IAM solution will greatly reduce the amount of manual effort involved in integrating

active directory users to cloud platforms and applications. An IAM solution provides:

• Standard authentication method for applications migrating to the cloud.

• Standard authentication method to authenticate and administer cloud resources.

• Standard authentication method for SaaS applications.

Integration Platform – Integration platforms help different applications and services talk to and share data with each

other. An integration platform helps:


Revised 4/10/2019 6:21:00 PM of 25


• Ensure that the same datasets are being used across different applications. Metadata and versioning

ensures the data is kept consistent.

• Integrate different types of applications independent of platform, programming language or operating system,

so they can be bound together in workflows and processes.

• Collaborate between distributed and scattered applications, regardless of where they are deployed.

• Take security considerations into account so that data is shared is only with the right resources.

6. Assess and Plan

Requirements for the cloud environments will be gathered after consultations with the appropriate groups within OC

and external vendors. These requirements will not be fixed, but will be living documents as they will change as the

underlying cloud technologies change and as our experience with the cloud grows.

Select Cloud Service providers

This phase will comprise of researching and defining the criteria of when to use cloud environments for Oakland

County. We will position Oakland County for innovation and provide the flexibility of using the right environment for

each solution.

Define Cloud Environment Requirements

This step of the cloud environment requirements phase will determine the requirements for logging, log retention,

monitoring, alerting, reverse proxy, load balancing, PaaS vs. IaaS, storage types, VM type evaluations, High -

availability, DR, etc.

Define Network requirements

This step of the cloud environment requirements phase will be used to determine the IP address ranges, subnets,

Firewall requirements, firewall logs and retention, etc.

Define Connectivity options

We have identified the three methods to connect to cloud environments:

ISP/Internet – This will be the primary method of connecting to the cloud and will be used for Cloud Administ ration

and all hosted Web Applications and services in the Cloud. This requires that our ISP/Internet connectivity is robust ,

secure and reliable at all times.

IPsec VPN – This will be used for back end connections to data and databases hosted in the clou d, non-public

applications hosted in the cloud that require dedicated/sustained bandwidth and cloud administration activities that

require dedicated bandwidth. Since this also uses internet bandwidth, reliability of our ISP connections is paramount.

Bonded Connection – This will be used for secure, private connections to the cloud environment where connectivity

and bandwidth are mission critical. This is a more expensive option and should be utilized judiciously where there

cannot be any compromise in the reliability, security and performance of the connection.

Additional information about the connection types to the cloud are detailed in Appendix E.

Define Cloud Security requirements

Security is a shared responsibility between Oakland County and the Service Provider. This applies to both SaaS and

PaaS/IaaS deployment models. A high-level overview of the responsibilities is indicated in Figure 6.

Even though the infrastructure provided by Public, Community and Hybrid IaaS and PaaS service providers is shared

between multiple customers, security and isolation is provisioned by virtual networks for each customer. This

guarantees the security of customer data within the virtual networ k.

This phase will identify and enforce the security requirements and standards in the cloud.


Revised 4/10/2019 6:21:00 PM of 25


Figure 6: Cloud Security responsibilities

Create Reference Architecture

Once all the requirements are gathered, a reference architecture can be created for applications and services that

will be hosted on the Cloud Architecture. This architecture will include options for high -availability, redundancy and

DR and will be tested out with the pilot application deployments.

Applications assessment and readiness

Oakland County’s existing application portfolio should be evaluated to determine next steps in migrating to the cloud.

We have identified the following paths each application can take as shown in Figure 7. We will evaluate solutions to

manually migrate or automate migrations using third-party products.

Figure 7: Application Migration Paths

Re-Host (Lift and Shift) – This type of migration will be simplest, where the application can be moved to a cloud

environment without any changes to the infrastructure or services in the cloud or any changes to the application

code.

Refactor (Re-Architect/Decouple) – This is the most complex of migrations where the applications and the

infrastructure will have to be modified. A few modules of the application might need to be rewritten to accommodate

the migration to the cloud.


Revised 4/10/2019 6:21:00 PM of 25


Re-Platform (Lift and Re-Shape) – This type migration requires a change to the infrastructure or platform the

application is hosted on. For example, we might have to use a different data storage for file systems on the cloud

platform. Migrations can be achieved

Replace (Drop and Shop) – This type of migration will replace the existing application with a SaaS application or a

COTS application that can be hosted in the cloud.

Retire – These applications are slated for retirement and do not need to be migrated.

Retain – These applications will not be moving to the cloud. There could be various reasons that can affect this

decision some of which could be the complexity of the application, integration, or security and compliance.

These migration paths are explained in more detail in Figure 8.

Figure 8: Application Migration Routes


Revised 4/10/2019 6:21:00 PM of 25


Figure 9 shows the decision tree for new application initiatives at Oakland County. We should look at SaaS and cloud

based deployments before making the decision to host the application on -premises.

Figure 9: New Application decision tree

Select Pilot Applications

Once the applications analysis and cloud readiness is complete, a list of applications will be selected for pilot

migrations. These applications will be selected based on distinct criteria like .Net applicat ions, Java applications,

COTS, applications that require high-availability, applications that require auto-scaling, etc.

7. Build and Pilot

Create base (minimum) Cloud Architecture

This will be the phase where we implement the Cloud Environment where and when needed based on the

requirements identified in the phase above. At the end of this phase, we aspire to have one functional IaaS based

cloud network with IPsec VPN connectivity which meet the overall environment and network requirements. The cloud

environment will be scripted so that it can be used to create similar environments within the same service provider.

We will also identify any additional solutions required to satisfy the requirements.

Migrate Pilot applications

This phase will migrate the pilot applications that were identified in the prior steps and will utilize the cloud

architecture that has been built. This will provide us with the experience to effectively migrate the rest of the

applications and also the benchmarks on estimates and effort to do so.


Revised 4/10/2019 6:21:00 PM of 25


8. Application Migrations

Once all the phases of the previous steps are complete, we can start with migrating the applications based on the

established priorities. This may be accomplished by a migration tool or a manual process.

The high level components of migrating applications to the cloud are shown in Figure 10. Based on the amount of

data that needs to be uploaded to the cloud, we have to employ a different method (one of which is manually

shipping the data to the service provider).

Figure 10: Application migration phases

9. Operational Integration and Environment Optimization

As we migrate toward our cloud first mindset, the Pilot Team will be leveraging tools for streamlined integration and

environment optimization. The Pilot Team will partner with the Architecture Team on the implementation and use of

an API integration standard as well as tools to highlight environment performance and tuning. The application

readiness assessment will be a direct input into how we start our Cloud moves, which will help in the overall

environment optimization.

10. Define EA Policies

The Architecture Team will be defining the standards and policies for Cloud use. These standards and policies will

evolve and be refreshed over time. It is imperative to leverage the Technical Design Review Process to ensure

alignment with our standards.

11. Cost/Billing Analysis & Management

Cloud is a true pay as you go expense. It is critical to manage and control the cost structure of the environment. A

finely tuned and optimized environment is critical to the fiscal success of Cloud. This phase will create the process of

how the governance team will ensure proper cloud sizing. The results of this analysis will be reported to IT Steering.


Revised 4/10/2019 6:21:00 PM of 25


APPENDICES

Appendix A - Abbreviations and Acronyms

• OC – Oakland County

• OCIT – Oakland County Information Technology

• SaaS – Software as a Service

• PaaS – Platform as a Service

• IaaS – Infrastructure as a Service

Appendix B - Existing Cloud Application deployments

SaaS – O365, ArcGIS Online, Security Mentor, Forms Assembly, Kronos, Salesforce, SurveyMonkey, Basecamp, and

Google services.

PaaS – Azure Mobile Services, Azure Media Services, SharePoint Online

IaaS – Compute, Storage, Network, Load Balancing, etc. in AWS


Revised 4/10/2019 6:21:00 PM of 25


Appendix C - Systems/Applications Migrations and considerations

To effectively move applications to a Cloud IaaS/PaaS, we have to identify all the integrations and their endpoints.

These integrations will determine the level of complexity in migrating the applications and the processes used to

share information.

Here is a template to identify the integrations for applications with examples of possible values:

Endpoint Examples: • SQL Server DB • Oracle DB • Web Service • API • Flat Files • Web Page • Application

What Format is used for the data exchange? Examples: • JSON • XML • TXT • CSV • N/A

Which Protocol/Port is used for communication? Examples: • HTTP/80 • HTTPS/443 • TCP/1433

Which application/process is accessing the Endpoint? Examples: • Batch process • Web application • Thick client application

Who is accessing the Endpoint? Examples: • OC user in AD • External user in AD • Anonymous

Is the Endpoint the source or destination for the data? Examples: • Source • Destination

Based on high-level analysis, here is a list of systems/applications that are possible candidates for migrating to a

cloud platform:

Enterprise GIS

Health and Human Services Communications portal

COTS applications, with no integrations

Etc.

Migrations of these applications could impact licensing for WebSphere, Oracle, etc.


Revised 4/10/2019 6:21:00 PM of 25


Appendix D - AWS vs. Azure for IaaS and PaaS

Both AWS and Microsoft Azure offer similar capabilities to some degree, along the lines of compute, storage and

networking. They share the common elements of a public cloud: self -service and instant provisioning, auto-scaling,

security, compliance and management features. Both companies also continually invest in meeting demand for new

cloud services. As indicated in Figure A1, AWS and Azure are the leaders in the Gartner Magic Quadrant for IaaS in

August 2016.

Figure A1: Gartner Magic Quadrant for IaaS

Amazon Web Services (AWS)

Amazon Web Services (AWS), a subsidiary of Amazon.com, is a cloud -focused service provider with a very pure

vision of highly automated, cost-effective IT capabilities, delivered in a flexible, on -demand manner.

Officially launched in 2006, it is the most mature Cloud Computing service provider and has the more customers and

adoption than any other provider. AWS now has more than 70 services that span a wide range including compute,

storage, networking, database, analytics, application services, deployment, management, mobile, developer tools

and tools for the Internet of things.

https://aws.amazon.com/

https://azure.microsoft.com/en-gb/


Revised 4/10/2019 6:21:00 PM of 25


Although SDKs are available for many languages, the more popular programming languages are Python & Java.

Pros:

• AWS has a diverse customer base and the broadest range of use cases, including enterprise and mission -critical applications.

• It is the overwhelming market share leader, with over 10 times more cloud IaaS compute capacity in use than the aggregate total of the other 14 providers in this Magic Quadrant.

• AWS offers the cheapest pricing for compute and storage, and continually competes with other service providers from a cost perspective.

• Everything in AWS can be scripted. This is a big step in provisioning I nfrastructure as Code, which will help with the speed and agility in provisioning a re-provisioning infrastructure.

• Being the market leader has enabled it to attract a very large technology partner ecosystem that includes software vendors that have licensed and packaged their software to run on AWS, as well as many vendors that have integrated their software with AWS capabilities.

• It also has an extensive network of partners that provide application development expertise, managed services, and professional services such as data center migration.

• AWS is a thought leader; it is extraordinarily innovative, exceptionally agile, and very responsive to the market.

• It has the richest array of IaaS features and PaaS-like capabilities. It continues to rapidly expand its service offerings and offer higher-level solutions.

• It is the provider most commonly chosen for strategic adoption. • It is the most stable of the all the cloud providers in terms of availability and reliability.

Cons:

• While AWS works very well with Windows based systems and solutions, it does not offer ready to use platforms and tools for Windows based systems.

• AWS does not offer a PaaS solution for IIS, which hosts .Net applications.

• The learning curve is may be higher for Microsoft centric organizations.

• AWS pricing is per hour, rounded up.

• Amazon EC2 (Virtual Machines) have a shorter lifespan than traditional on -premises virtual servers. Amazon forces its customers to migrate to a newer version of the VM to stay on the latest technology.

Azure

Azure is Microsoft's cloud platform and is open across multiple frameworks, languages, and tools. It is fully scalable,

localized in that it is hosted globally in many datacenters, and has widespread capabilities.

Although SDKs are available for many languages, the more popular programming languages are PowerShell & .Net.

Pros:

• Azure is the more popular choice for Microsoft's corporate customers as it is designed to work hand in hand with other Microsoft products.

• Oakland County can leverage the Microsoft EA agreement for licensing in Azure.

• Smaller learning curve for Microsoft shops.

• Azure pricing is per minute, rounded up.

• Azure is the second most adopted platform for IaaS and PaaS according to Gartner.

• Very easy to integrate and deploy .Net applications with Azure PaaS offerings.

• It is integrated with Visual Studio, which makes development and deployments to Azure much simpler.

• SQL Server 2016 has deeper integration with Azure.

Cons:

• Does not offer all the features of AWS.

• Microsoft’s long-term roadmap for Azure isn’t very visible. The portal and design of the services has drastically changed in the past few years, which can lead to confusion. The programming model has also changed and evolved in the recent past to make it more flexible, which resulted in a change in the code.

• Microsoft is not the innovator in this field.

• Azure Virtual Servers have a shorter lifespan than traditional on -premises virtual servers. Azure forces its customers to migrate to a newer version of the VM.


Revised 4/10/2019 6:21:00 PM of 25


Appendix E - Cloud Connectivity Options

ISP/Internet IPsec VPN Bonded Connection SD-WAN

Target Usage This will be used for

Cloud Administration

and all hosted Web

Applications and

services in the Cloud.

This will be used for

back end connections to

data hosted in the cloud,

non-public applications

hosted in the cloud that

require

dedicated/sustained

bandwidth and cloud

administration activities

that require dedicated

bandwidth.


secure, private

connections to the

cloud environment

where connectivity

and bandwidth are

mission critical.


secure private

connections to the

cloud environments

where reliability,

redundancy,

connectivity and

bandwidth are

mission critical. This

will also help

prioritizing and

managing the cloud

bandwidth.

Current State Redundant ISP

connections in

Waterford and Troy

Connection to AWS

implemented with a

router. Connection to the

Mainframe will also be

implemented with this

router.

All connections terminate

on the external firewall.

N/A N/A

HA Yes Yes Needs to be designed Needs to be

designed

Current

Bandwidth

500MB (250MB to

Waterford, 250MB to

Troy)

Uses Internet bandwidth

500MB (250MB to

Waterford, 250MB to

Troy)

Bandwidth to be sized

and implemented by

UC-Vmail

Uses Internet

bandwidth. This

option can combine

bandwidth available

from ISPs and

Bonded connections

to create a

redundant pipe to

the cloud.

Current Usage 300MB 300MB of internet

bandwidth is currently

used. We have to

analyze how much of this

is VPN traffic.

N/A N/A

Planned Future

Bandwidth

1GB (500MB to

Waterford and 500MB

to Troy)

1GB (500MB to

Waterford and 500MB to

Troy)

TBD TBD

Future State No changes planned. Since this will be the

primary connection path

for external connections,

The voicemail project

will implement a

session border

The voicemail

project will create

and execute an RFP


Revised 4/10/2019 6:21:00 PM of 25


we need a project to

build an environment to

meet our needs. We

need an appliance for

intelligent routing to the

external and internal

firewalls. External

firewalls will be used for

client to server

connections and

administration

connections. Internal

firewalls will be used for

server to server and

cloud connections.

Traffic prioritization and

guaranteed bandwidth

rules need to be

formalized.

controller that will be

the enforcement

mechanism for voice

and voicemail.

Data efforts that

require a bonded

connection will follow

the standards like IP

SEC - a future project

will be needed to

implement this when/if

it is needed

This connection type

will only be used for

situations that require:

• Guaranteed

bandwidth

• No jitter or noise

• Low latency

to select a SD-WAN

provider and

implement policies

to manage this

connection.

Traffic prioritization

and guaranteed

bandwidth rules

need to be

formalized.

Environment

Changes

Any change in the

environment must

ensure adequate

bandwidth and

performance to

maintain cloud needs.

Any change in the

environment must ensure

adequate bandwidth and

performance to maintain

cloud needs.

Any change in the

environment must

ensure adequate

bandwidth and

performance to

maintain cloud needs.

Any change in the

environment must

ensure adequate

bandwidth and

performance to

maintain cloud

needs.

Monitoring and

Performance

We need monitoring

of what is being used,

peak requirements

and how to blend

demand

We need monitoring of

what is being used, peak

requirements and how to

blend demand. We need

prioritization, dedicated

bandwidth and throttling

to ensure performance.

We need to monitor

quality of service,

usage and burst. This

will drive bandwidth

subscription changes.

This solution

provides feedback

of usage and

performance, which

should help up

priorotize and

manage babdwidth

and throttling to

ensure optimal

performance.


Revised 4/10/2019 6:21:00 PM of 25


Appendix F - Cloud First Considerations

In addition to the high level decision flow, the Architecture Team will be leveraging a best practices Gartner model to

drive the correct cloud decision. Here are some of the key criteria when looking at Cloud First Deployments.

Criteria Considerations

Initiative and Mode • Focus of the effort (Rapid Innovation, Application Process, Infrastructure)

• Mode of development (Traditional vs. Agile/Uncertain)

Business Outcomes and

Financials

• Priority of the effort (Financial, Flexibility or Other )

• Impact of user demand on cost model

Business Processes and

Information Affected

• Current Cloud Usage by the area/domain

• Dependencies on business processes affected and where the processed

reside

• Data Sensitivity and privacy

Application Suitability • Is it a Cloud Ready Application or a lift and shift application?

• Is the application legacy or new and what is the complexity of the

application?

• What is the level of integration with other applications?

Operational Impact • What are the support/management needs of the application?

• What environments are required?

• Alignment to the Architectural, Security, Operational and Application

Development standards of the County?

Skills and Capabilities • Level of technical skills required?

• Availability of the skills in the market.

Agility • Are the processes and functions mission critical, business critical or other?

• Presence of APIs?

• Level of third party support for additional services?

Compliance • Type of data

• Applicable laws and legal mandates for this data

• Level of the provider's experience in this space

Security • Level of security controls required

• Contract clauses for security

• Level of provider's experience in this space

• Encryption?

Availability • How is data stored (unique, primary, replicated)?

• Data availability requirements

• SLAs defined and mechanisms to measure compliance

Provider Specific Risks • Vendor viability

• Contingency and exit plan

Licensing • Is the application serving G2G customers?


Revised 4/10/2019 6:21:00 PM of 25


• Does OC own licensing required for this application?

REFERENCES • Reference Architecture – https://en.wikipedia.org/wiki/Reference_architecture

LINKS ▪ AWS Regions and Services – https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

▪ AWS CJIS Compliance - https://aws.amazon.com/compliance/cjis/

▪ Azure Regions and Services – https://azure.microsoft.com/en-us/regions/#services

▪ Azure Compliance – https://www.microsoft.com/en-us/trustcenter/Compliance

https://en.wikipedia.org/wiki/Reference_architecture

https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

https://aws.amazon.com/compliance/cjis/

https://azure.microsoft.com/en-us/regions/

https://azure.microsoft.com/en-us/regions/

https://www.microsoft.com/en-us/trustcenter/Compliance



business report (professional design)

Documents