A global leading provider of data and software solutions delivers enterprise customers with access to an advanced panoramic, five-camera image capture platform. This platform uses their proprietary cloud-based technologies and enables users to work efficiently through remote inspections of public spaces.
The Need for A New Cloud Resource Management Model
As its cloud environment continued to increase remarkably, the customer started facing challenges pertaining to resource management, optimization and scalability. The customer has a large cloud environment, with over 3000 cloud resources across all subscriptions. They decided to change the Azure subscription model by joining forces with an information technology products distributor and leverage multiple offerings.
This migration from Azure EA to Azure CSP is first of its kind. Blazeclan proposed a solution to the customer that involved a cloud resource management model to help them achieve their objective within the required time period. Also, the implementation of the solution involved strong support of IT products distributor and the customer.
The customer’s cloud operations team was facing difficulties in managing the growing number of platform applications and subscriptions. For these, they were in the need to deduce estimations for cost limit and access rights. At the same time, they were facing barriers in achieving scalability in their applications owing to the legacy system, which was preventing the leverage of latest features, which included
- Manual efforts in visiting each VM, deploying Azure Site Recovery (ASR) mobility tool.
- Manual efforts in configuring VMs and ASR mobility tool and reporting to ASR for replication.
- Challenges in credentials and accessibility owing to the high count of VMs, close to 2500.
The Solution
Blazeclan’s solution hinges on the customer’s requirement for gaining better control and visibility of its Azure environment, achieving cost optimization and enabling resource consolidation. A multi-work package migration approach was proposed by Blazeclan to help the customer migrate to the CSP platform from EA platform efficiently. In a bid to achieve this objective, the workload was divided into multiple work packages that contained various subscriptions.
Role-Based Access Control (RBAC)
The migration process from one subscription to another is usually supported by the same tenant, however, the role-based access control (RBAC) is not migrated/copied in this case. A single PS script was created and leveraged for extracting all the RBAC regarding every subscription, resource group, and individual resource. This data was made readable with the help of Excel and was presented to the customer.
Instead of using the simple IAM roles for each subscription, the Azure Management Groups was introduced. This enabled the client to fine-tune and manage the Access list easily using groups, rather than adding each member to the required resource. The Azure Management Group is applied to the tenant level. As a result, any new subscription added will automatically have the Default ACL defined respectively in the management group.
Custom-built Linux VM using ASR
To move the resources from Azure EA to Azure CSP, a two-step approach was followed.
- Moving to Azure Resource Manager (ARM) in EA
- Moving from EA classic portal to Azure CSP
A script was created to configure the Agent to report to the appropriate mobility server (ASR configuration server). Custom extensions were created to run this script without logging to each VM separately. The script was run to download and install the Agent on Linux VM.
Automation of access management and integration of best security practices enabled a robust access authorization, thereby strengthening security and compliance. Close monitoring of resource management metrics helped the customer in adding a robust governance layer within the organization.
Key Benefits to the Customer
Cost Optimization: The customer achieved a significant cost optimization on their Azure environment by moving from EA to CSP. Cost optimization of over 20% was realized. This benefit of cost optimization enabled the customer to have better control of their overall IT budget.
Improved Security: Automating access management and integrating best practices for assigning rights and access to resources improved overall security and compliance.
High Scalability: Scalability of applications became easier due to improved resource management and better overall control of the Azure environment. The migration enabled the customer to scale their infrastructure according to the alterations in their requirements.
Tech Stack
Azure API Management | Azure App Service | Azure Application Insights |
Azure Automation Account | Azure AD Domain Services | Azure Cache for Redis |
Azure Cosmos DB account | Azure Database for MySQL server | Azure Database for PostgreSQL server |
Azure Content Delivery Network (CDN) | Azure Cognitive Service | Azure Container Instances |
Azure Data Factory (V2) | Azure Devops Project | Azure Event Hubs |
Azure Kubernetes Service (AKS) | Azure Log Analytics | Mysql Server |
Service Bus | Sql Server | Stream Analytics Job |
Traffic Manager | Azure Virtual Machines |