View the other posts in the series:

What we learned from Migrating custom applications to the Cloud
Part One Key Learnings Overview
Part Two Discover and Assess
Part Three Plan and Migrate 
Part Four Monitor and Report

Since 2010, UnifyCloud has been helping customers migrate custom built, line-of-business (LoB) applications to the Cloud (PaaS, IaaS and SaaS)¹. In this series we will share our key learnings, as well as best practices from our experiences of migrating custom built LoB applications to the Cloud. First, a quick review of why people are moving to the Cloud, and their concerns:

• 70% of CIOs are following a Cloud-first strategy as of 2016²
• Key drivers for the migration to the Cloud: first is reducing costs, second is improving business agility.³
• Primary concerns around moving to the Cloud include Cybersecurity, Privacy and Compliance.⁴

The key to a successful cloud migration is to develop a data-driven cloud strategy. Develop a detailed understanding of your existing infrastructure, and use that as the starting point for developing your cloud strategy. Once you have developed your strategy, create a detailed plan. We recommend a three-step process for migration planning, as outlined below. In this post we will focus on Plan & Migrate.

PLAN & MIGRATE

IaaS

‘Far too many migrations to the Cloud are “lift and shift” rehosting, or other IaaS movements that do not exhibit these characteristics at higher levels. Simply being “hosted in the Cloud“ is insufficient.’

The Top 10 Cloud Myths, Gartner⁵

The fastest and most common path to the Cloud is migrating VMs to IaaS. Quickest way to do this is via Lift & Shift, for example, by moving a VM in Azure IaaS with same resources (e.g. Compute, Storage, Network, Database) as exist in the on premise environment. This typically leads to over-provisioning of Cloud. For most applications, performing a ‘Lift and Shift’ to the Cloud is suboptimal, preventing organizations from achieving cost savings and any increase in agility. The ‘Lift and Shift’ approach often leaves the organization with a costlier infrastructure in the Cloud, than if they had remained on premise!

“When it comes to implementing a Cloud infrastructure, whether it’s public, private, or hybrid, most IT departments view the technology as a way to cut costs and save money, according to a recent analysis from CompTIA.” ⁷

Cost savings is one of the main drivers for Cloud computing. Our experience has been that most developers significantly oversize the Cloud resources when migrating applications to the Cloud, which usually results in high monthly bills from your CSP (Cloud Service Provider). Because of this, many customers do not achieve their anticipated cost savings when they move to the Cloud, simply because they haven’t sized their Cloud resources properly. CloudRecon correctly sizes your Cloud resources based on actual, historical on premises data. This is why it is so important that your infrastructure data include at least a month (longer is better) of actual usage data on CPU, Network, Storage, etc., so Cloud resources can be properly sized to achieve your cost savings.

A Global 500 customer came to us after a ‘Lift and Shift’ migration because they had not achieved their expected cost savings, and were in fact, significantly over their Cloud budget. After analyzing their environment with our Monitor & Report solution, CloudSupervisor^®, we found that their average CPU usage in the Cloud was 6%. The 6% CPU usage was a direct result of inaccurate sizing of VMs during the migration process. We provided detailed recommendations to right size their environment in the Cloud, significantly exceeding their expectations for cost savings from migrating to the Cloud.

Despite all the ‘Cloud cost’ calculators provided by CSPs, properly sizing resources before you move to the Cloud is a very common challenge. The problem is not with the Cloud provider’s cost calculators, those are very accurate; the problem is GIGO (Garbage In Garbage Out). If you don’t know the usage data for your application or VM (CPU, Network, Storage, IOPS, etc.) you can’t input it into the calculator, and you cannot properly size Cloud resources. If you use the on-premise hardware as your sizing guide, you will waste a lot of money in the cloud. Most developers and PMs don’t have this level of detail for the hundreds and thousands of applications that an organization plans to migrate to the Cloud because of the sheer number of on premise resources. This is why we recommend tools such as CloudRecon^®, combined with data from an infrastructure tool, following a data-driven planning process to produce your Cloud Readiness Assessment.

CloudRecon is the only Cloud Migration tool that consumes data from multiple third party infrastructure scanning solutions including the free Microsoft Assessment and Planning tool (MAP), SNOW, SCCM, Movere, and SAM Live!. The customer benefits by using their existing, preferred infrastructure inventory, assessment, and reporting tool to assess their IT environments. CloudRecon identifies custom-built applications that are suitable for migration to Azure PaaS. Azure PaaS enables enterprises to achieve maximum cost savings and business agility, and represents the highest and best use of Cloud.

CloudRecon provides detailed sizing recommendations, detailed cost estimates for the cloud, and supports multiple migration scenarios (PaaS, IaaS and SaaS) that no other Cloud Migration solution provides. Customers can view all the data behind the CloudRecon Cloud Migration recommendations, and make changes using ‘what-if’ analysis to optimize the recommendations based on their knowledge of the applications, their infrastructure, and Service Level Agreements.

Lesson #3: Simple ‘Lift and Shift’ to the Cloud is not optimal. Modernize your applications for PaaS, or size the Cloud VMs based on your historical usage as the starting point. Data must include actual usage data for applications and data platforms such as CPU, Network, Storage, etc.

Enterprises migrating custom built applications to Public, Private and/or Hybrid Cloud frequently over-size their VMs when migrating applications to IaaS. This typically leads to over-provisioning of Cloud resources. This prevents them from achieving the cost savings they expected from moving to the Cloud. One of our F500 customers found they were averaging 6% CPU utilization in the cloud after migration to IaaS, clearly not a cost-effective solution.

• Rightsizing is a more efficient migration approach. Use actual performance data from the on premise application to correctly size the VM in IaaS to maximize cost efficiency.
• Rightsizing and Consolidation is the most cost effective of the three approaches for migrating VMs to the Cloud. After rightsizing is completed, servers are matched up to run on the same VM. For example, a high compute and low storage VM could be consolidated with a low compute high storage VM for additional operational cost savings. As part of the planning process you should be sure to match SLAs, and other characteristics of applications you plan to host on the same VM.

PaaS

‘Simply “migrating to the Cloud” does not automatically provide the key characteristics of the Cloud, i.e. scalability, elasticity, service-based, and with metered usage.’

‘To gain these characteristics requires refactoring and rewriting, or writing new applications from scratch. In both cases, a thorough understanding of the available – and evolving — Cloud services and their implications is critical to get the desired benefits’

What You Need to Know About Cloud Application Development, Gartner⁶

Modernizing applications to PaaS provides the greatest benefits to an organization. The Cloud Readiness Assessment identifies candidate applications suitable for modernization to PaaS. CloudPilot provides a deep and detailed analysis of applications and their readiness and costs to migrate to the Cloud, at a fraction of the time it would take with expensive manual assessments.

CloudPilot^® uses static code analysis to accurately determine migration of on premise custom-built applications to Azure PaaS, IaaS, or Stack. Scans are provided in a fraction of the time it would take to conduct expensive manual assessments. Our experience, confirmed by many of our customers, is that a typical developer can manually scan an average of 10,000 lines of code in 3 days, assuming they have a good understanding of the underlying application to be migrated, and have an average understanding of Azure PaaS. Manual scanning is prohibitively expensive for PaaS migrations.

A Global 50 customer had an custom application with over 436,000 lines of code and database scripts for modernization to PaaS. Manually scanning this application just to identify code changes needed to migrate to the Cloud would have taken 131 days! It was scanned by CloudPilot in 8 minutes and 37 seconds. The scan identified the 129 code changes that needed to be made for the application to successfully migrate to Azure PaaS, down to the line of code. The report included detailed estimates in person hours to complete the migration, T-Shirt sizing (S/M/L), and grouping the changes into categories such as networking, cybersecurity and storage. Sample guidance provided for developers is in the screen shot below. CloudPilot saved this Global 50 customer hundreds of thousands of dollars just in estimation costs alone.

Because of the static code analysis, CloudPilot offers a ‘touch free’ migration option for migration of workloads to IaaS VMs or Containers.

For PaaS migrations, which involve modernization of the application, additional productivity benefit from providing developers with sample code they can ‘cut and paste’ for the migration, combined with links to authoritative guidance, as well as security and compliance reports, is incalculable.

Developers don’t always know all the dependencies of their applications. We often find that the developer who is currently responsible for an application, and was not the original developer, may not have a detailed understanding of the dependencies. Static code analysis is very helpful  in uncovering application dependencies. In one case, we had a developer tell us that their application only used one database. When scanned by CloudPilot, we discovered the application actually connected to seven databases. Database migration is also handled by CloudPilot:

CloudPilot reports provide developers with sample code they can use, links to authoritative guidance, and cybersecurity and compliance reports. The productivity benefit of providing developers with sample code they can ‘cut and paste’ for the modernization to PaaS, combined with links to authoritative guidance, as well as cybersecurity and compliance reports, is incalculable. The CloudPilot report assists the entire development process, through the initial assessment to determine the application modernization effort, during the modernization process as a Project Management tool, and with final testing including actual configuration data.

Lesson #4: To support migrations at Cloud Speed and Cloud Scale, you need to use automated tools. Scan applications for migration to PaaS and IaaS in minutes instead of the months it would take to do so manually, identifying application dependencies, and providing recommendations for cybersecurity and compliance.

Cybersecurity & GRC

Cybersecurity and GRC are critical for applications migrating to the Cloud, and the subscriptions those applications are hosted in. Cybersecurity and Compliance are often listed as one of the most important concerns regarding Cloud migration. Therefore, your automated tools need to support you to comprehensively address Cybersecurity and Compliance at each stage of the Cloud migration in an automated way. A common security and compliance issue is applications running on out of support software.

Cybersecurity

You need to ensure that your application code and associated configuration settings are following the cybersecurity standards of your organization. Due to Cloud Speed, changes in CSP services almost daily, it is not practical to expect developers to become cybersecurity experts, or to remain current on cybersecurity recommendations and best practices. Tooling is needed to provide guidance to developers to help them ensure the code they are developing follows cybersecurity best practices.

Summary

Successful migrations to the Cloud require being data driven, and following a structured process. Our experience recommends using integrated automated tools for enterprises to manage the complexity of migrating application to the Cloud, through their application lifecycles, at Cloud Speed and Cloud Scale. Different Tools are used at different stages of the process. CloudAtlas looks at migration process and challenges holistically to support Cloud migration. The underlying knowledgebase ensures best practices are followed throughout the entire process for cost control, cybersecurity and compliance (GRC).

References

¹ NIST Reference to Cloud Service Models starts on page 2: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

² IDC CIO Agenda webinar

³ InformationWeek; September 29, 2016 & Seth Robinson; Senior Director, CompTIA

⁴ SIM IT Trends Study, 2017

⁵ Gartner: The Top 10 Cloud Myths, October 2014 G00270265

⁶ Gartner: What You Need to Know About Cloud Application Development, November 2013 G00247030

⁷ InformationWeek; September 29, 2016

View the other posts in the series:

What we learned from Migrating custom applications to the Cloud
Part One Key Learnings Overview
Part Two Discover and Assess
Part Three Plan and Migrate 
Part Four Monitor and Report