Moving infrastructure workloads to the cloud can benefit your organisation immensely, with infinite possibilities as both the service catalogue of available offerings increase exponentially and the maturity of established services is enhanced almost daily.

Azure Cloud Adoption series is an opportunity to converse on a few key topics. A combination of lessons learned or could avoid/improve early on your cloud adoption journey. Most of these capabilities won't even cost you anything other than the time to implement them. Today I wanted to set the scene and start at the beginning; for me, it is to envision what the future might look like, more specifically, what success will hopefully look like for your organisation.

This blog will glance at a Cloud Adoption Strategy, a scalable modular Azure Tenant and policy-driven Governance guardrails.

Cloud Strategy

For most organisations migrating to the cloud is an iterative approach; Benjamin Franklin once said, "By failing to plan, you are planning to fail", and that, in essence, is why every organisation requires a cloud strategy, a plan of efforts to achieve business goals, aspirations and outcomes via the cloud. The cloud strategy will assess financial, technical, change management velocity and cloud provider(s) considerations, among other criteria.

It is also important to acknowledge that gaining the optimal benefits of the cloud will most likely be achieved over time; however, it doesn't mean you won't have any advantages on the first day. To fully capitalise on the potential of the ever-multiplying cloud offerings, evolving and maturing within your organisation's ability is widely recommended. Organisations generally start with familiar technologies and services, making quantified progressive advances while serving business objectives and driving innovation through internal growth and retrospective learnings.

A typical cloud journey lifecycle could be summarised into 4 stages, some of which might include:

  • Cloud-hosted: Also known as the opportunistic stage, when you want to re-platform, migrate or extend an existing environment while imitating as much as possible what you're already familiar with, simplifying and reducing the risk of initial cloud adoption and skillset requirements. With a sound migration strategy, you should be able to migrate legacy applications and systems into more modern infrastructure and services, increasing performance and saving you costs. Utilising infrastructure-as-a-service in the cloud is an excellent example of achieving increased performance and cost saving early in your cloud adoption, a chance to assess compute and performance requirements and match those to the latest compute cloud technologies options.
  • Cloud-ready: This could be summarised as the cloud-first mindset stage. Managed Services in the cloud reduce risk, operational responsibilities and cost. Moving workloads onto managed services is appealing but often requires cloud- and solution-specific expertise. Leveraging scaling and only-use-what-I-need and when-I-need-it approach increase uptime and availability while saving on commitment costs. Another widespread use case would be to de-couple applications stacks and implement proven architecture patterns and designs, enabling modern or enhanced feature capabilities; and integrations to systems or data services. Sometimes considered as the gateway to capitalising on the organisation's greatest asset, data represented to critical stakeholders, ensuring data-driven quantifiable decisions.
  • Cloud-enabled: The cloud-committed and -enhanced stage. Where self-healing, orchestration and everything-as-code convey predictable and repeatable workloads while adopting proactive security and an optimal-cloud approach.
  • Cloud-native: The stage where microservice, low-to-no-code, serverless and cloud-native services are utilised to deliver business outcomes and encourage an autonomous environment, which is otherwise not possible. A philosophy that everything is available, managed and connected.

The challenge is to evolve organically through these lifecycle stages and not get stuck at any stage before achieving your cloud strategy goals or meeting your business objectives. Through continuous planning, reviewing, optimising and constantly measuring, we can naturally grow through the cloud journey stages and ultimately optimise the cloud for your organisation.

Every design and architecture solution should enable us to evolve into the next stage of our target state. Our decisions should translate into scalable and modular solutions to avoid rework. We can achieve that by having and socialising this clear end state strategy, "what good looks like", for your organisation. Saying it differently, a clear roadmap of initiatives on how existing or legacy workspaces will transition and modernise over time as the organisation gain cloud maturity on its cloud journey.

My Azure Tenant

Architecture is often compared to the construction of a skyscraper building. Setting up the Azure tenant structure (a collection of Management Groups, Subscriptions and Resource Groups) initially, in this analogy, could be compared to the foundations of a skyscraper building. The foundation needs to accommodate the scalability of levels and horizontal growth to meet the requirements to completion. To further exploit this metaphor, it would be unfeasible for the foundation only to meet the requirements of the first floor. When you want to construct the second and consecutive levels, you realise that you need to increase the foundation's structural strength, which often means starting from scratch or rebuilding. Azure landing zones are a set of best-of-breed structures and best practices, producing isolation and scalability for your workloads, regardless of your organisation size, connectivity, management, security, cloud maturity or networking requirements.

On the one hand setting up a modular foundation for your tenant, a placeholder skeleton hierarchy with a clear separation of roles and services, enables growth and cloud maturity without rework. On the other hand, it provides managed governance structures for control and compliance, reducing risk and increasing security and confidence.

Governance

"For they are the rulers and they must rule themselves." - Franklin D. Roosevelt.

The Azure tenant serves many masters, and these organisational stakeholders often have different interests or concerns they wish to prioritise. Top management might be more concerned with Compliance and Risk management, and mid-management might have a more urgent requirement for governance and costs. At the same time, the technical team favours agility, the ability to deliver with minimum constraints. Azure Policies and RBAC (Role-Based-Access-Controls) are a mechanism utilised to acknowledge all these masters guardrails by enforcing best-practice standards, compliance, security and governance controls within the Azure tenant. A policy would compare resources in Azure against business rules. The hierarchy structure assures inheritance and compliance, provides complete control, and natively integrates with Azure Active Directory for Role-Based-Access-Control. The hierarchy policy inheritance model strongly promotes the benefits of establishing a good tenant structure to secure a sustainable and easy-to-manage policy platform.

Azure policies, or policy definitions, can be grouped to make up a policy initiative or a policy set, meaning that we can assign business rules to resource scopes (Management Groups, Subscriptions, Resource Groups and Resources).

Policies of non-compliant resources can follow or control different responses and outcomes depending on the rules we apply to the policy, also known as effects. Some responses include:

Deny change, Alter before or after the change, Log event/change and Deploy compliant resources.

The Azure Policy faculty endorses the ethos of letting Azure govern itself.

Cloud partner

Choosing the right cloud partner is essential; you will have access to on-demand specialised expertise and provide your organisation with thought leadership and insights on what your industry is doing or avoiding. The ideal cloud partner's importance should extend beyond being only a service provider within the project's scope. The actual value exists in establishing a relationship with a partner who will contribute to the organisation's think-tank, share industry lessons, keep track of the market pace and provide business value insights. A great vendor will have close ties with the Cloud Provider(s) and have direct access to the support they offer, including subsidies and financial aids; these usually equate to derisking or fast-tracking the organisation's cloud adoption journey. It would be unreasonable to expect your organisation to have all the experience and knowledge from day zero. Utilising cloud partners to help drive immediate and meaningful outcomes for your organisation in the short term. At the same time, leadership concentrates on what skillsets, support and expertise are required internally to support the organisation over the medium to long term, yielding the best possibilities in support of the Cloud Strategy.