- 020 8163 7876
- [email protected]
Established in 2003
Train company serving London and the North East
£1 Billion per annum
A multiyear program which involved moving VMWare hosted capabilities to AWS.
Enterprise applications & business critical applications required to be migrated to AWS with minimal outages.
Given that this organisation is a regulated public sector enterprise, our migration strategy was to keep things simple & cost effective without any reduction in quality and security.
2 Year time limit to vacate the VMWare datacentre.
This organisation has many legacy systems & processes which need to be understood in order to migrate successfully to AWS.
Many processes are manual and require human intervention to operate.
Legacy and ageing infrastructure operating systems.
Waterfall & Legacy ways of working.
No observability platforms.
No automation & lack of documentation.
Operational Costs are high for server patching.
Microsoft Licensing Costs are high.
Upskill people in the organisation to new ways of working.
Modernise servers/services where possible.
Our general approach with any infrastructure migration is to review each on premise capability to ensure we understand what we are moving.
This builds confidence and creates an easier approach to transfer the service to the AWS hosted capability.
Image Factory
Create an Image Factory with Hashicorp Packer. This will allow us to use our signature layered AMI build process. This ensures a patch process is put forward and common agents and configuration installed during the builds. Each server on premise is then audited and an AWS AMI created.
Using Spot instances to keep build costs low.
IaC
Using the AMI's we deploy the EC2 infrastructure using Terragrunt/Terraform. This allows continuous delivery of the server and ensure that immutable servers are hosted in ASG's and continuously updated by automated CI/CD.
A repeatable and reliable way to deliver infrastructure.
Copy & Paste Code makes it easy for the team to use.
For static servers, we plug in WSUS/Patch Management systems to ensure security compliance.
Database migration
Database solutions are complete by using data migration and RDS MS SQL Server. Further reducing operational cost by using AWS Serverless technology,
Modernisation
Ensuring that stateless servers are implemented with Auto Scaling Groups, means that we can reduce operational cost, and no longer require Active/Passive servers - thus reducing the hosting cost.
A requirement to modernise rather than replatform the AD Certificate Authority servers means that we created an automated deployment of the Private Certificate Authority using the AWS PCA and AWS PCA Connector to Active Directory.
This reduces the operational burden of managing servers for the private CA.
This solution is integrated to InTune and Fortigate to ensure certificates are issued to devices across the organisation.
A requirement to modernise rather than replatform the Windows FTP Servers opened the opportunity to modernise the SFTP services for this organisation.
Reducing server management, we automated the deployment of the AWS Transfer family. The transfer family integrated to secrets manager and lambda to allow password and key based authentication.
A challenge to automate the deployment of the AWS Storage Gateway services enabled us to innovate and create a Lambda capability to automatically activate the storage gateway. This reduces the time in which the team can create storage gateway capabilities and reduced human error.
Allowing further innovation is the implementation of Route 53 split horizon DNS, which now allows the organisation immense flexibility to resolve DNS queries from complex network and infrastructure components.
Spearheading the infrastructure as code and deployment of the data lake, we helped team collaborate and automate more.
AWS
A well architected delivery for the datacentre migration.
Security: Internet traffic outbound via a FortiGate firewall system. All servers are patched regularly using a combination of patch management and immutable servers.
Costs: EDP/Savings Plans/Reserved Instances all used to reduce commercial costs. Opensource tools used to migrate and create infrastructure, which keeps costs down. Automated infrastructure provisioning allows for transient environments which allows downtime when not in use.
Operations: We introduced Datadog for enhanced observability and cost management. A shift left patch process by building AMI's and releasing to infrastructure, reduced WSUS overhead.
Performance: A like for like deployment of VMWare to AWS EC2 instances ensures that the services continue to run at their best.
Sustainability: Our infrastructure provisioning automation allow non production environments to be created and destroyed when not in use, Using Autoscaling groups allow servers to scale up and down when required.
Reliability: Using our analysis of server capability, we are able to host some servers in Auto scaling groups, which allows us to run 1 server, rather than an active passive setup. This helps reduce the cost by 50% when running a capability, due to the build in fault tolerance of ASG’s.
Datadog
We introduced Datadog to monitor infrastructure and gather logs. This provides a considerable benefit over the self-hosted and unmaintained old platforms. Our deployment of Datadog components if done using Terraform.
People
We help and trained multiple organisation units to modern ways of working on introduce a DevOps mentality to their way of working.
A collaborative way of working, sharing ideas and common code base helped many teams work more efficiently.
Processes
Many processes are automated, which provides a far more efficient way of working,
Products
Opensource tooling for the migration keeps the costs down without reducing quality.
The versatility and extensibility means we can automate more make the delivery of services repeatable, reliable and reproduceable.
A layered AMI approach to allow patching, application builds to be as fast and painless as possible.
Automated implementation using Terraform for observability metrics from Infrastructure, APM, Logs, Syntethic Montioring and custom metrics provided a single pane of glass to view the entire estate.
