Before designing any cloud landing zone for (SMB) customers, you need to have a perfect understanding of what workloads you can expect at the source system.
Take a look at my drawing; I used to sell similar PODs in a multi-tenant shop. Each customer had their own virtual datacenter (not using VMware vCloud Director; but a similar concept).
How minimal/typical (SMB) IT looks like?
I. Core/Networking services
I am not going into the details of SMB customers’ basic networking services, but you can imagine a standard boring 192.168.0.0/24 subnet with DNS, DHCP services enabled. Active Directory is likely on Windows box unless Linux shop with OpenLDAP, Samba and some kind of open source Office, etc. Typical NAT, computers (servers and desktops) can access public internet (outbound traffic) and users can access some of the internal services – port forwarding (VPN most likely) connecting from externally (inbound traffic).
II. Likely Windows based workloads
II/1 Identity Services (Windows Active Directory)
Beyond networking, identity is the most critical and foundational service for every customer. It’s an obvious fact when you have multiple computers joined to Domain you need to have a centralized registry to manage usernames and passwords; see objects in the domain (such as joined computers) and be able to allocate some policies to the computers.
II/2 File Server Services (Samba, CIFS, SMB file share)
There is user data stored as files. Most created by users: documents, presentations, charts, drawings, etc.
Some of the files used by applications as shared files to save user work (think about dBase, Microsoft Access, or just text files (XML, JSON, etc.) to store data.
When it comes to working together i.e. opening & editing the same Excel or PowerPoint together as a Team; Microsoft 365 requires users to put files on “modern online cloud-based locations” such as One Drive and SharePoint. They operate behind Microsoft Teams.
If you have such requirements; I am not sure that even Azure Files/Sync is a good idea. I will investigate this topic later, but it seems Microsoft wants users to put their Office documents on their cloud storage if they want to work together and legacy SMB storage (such as NetApp) is not necessarily preferred.
II/3 Database Services (OSS databases; MS SQL Server, Oracle, DB2, etc.)
There is user data stored in databases. Because of securing legacy LOB applications, you do not want to move the database and the client app too far from each other. There is something called database cursor/window and fetching. Still, in 2022 there are many LOB apps designed for low latency LAN where the connection between the database server and desktops running the application is low. If you introduce a high latency VPN connection between database and client applications there is a risk of a bad user experience (depending on how the application has been coded).
This dilemma introduces the need for Terminal Server (Remote Desktop Session Host) or Virtual Desktop Infrastructure; where applications run next to the database (in the same local network) and users just connect their remote terminal sessions (the keyboard-video-mouse travel on the network; not the database records).
For database migrations, I used this tool at Microsoft to estimate if the application will work in PaaS or you need Managed SQL Instance (IaaS) or SQL in a VM. A combination of a Virtual Desktop and SQL PaaS is a nice design.
II/4 Terminal Server (RDSH/VDI) or Virtual Desktop Services
As mentioned before; the most reliable and secure way of doing remote work is to provide a full desktop/or application streamed to the user. Citrix XenApp and VMware Horizon leading this market. When it comes to Windows only (with a limited connection broker) you will see multiple alternatives. At the end of the day, it’s about
- good user experience – it’s mainly about the display protocol; Citrix ICA/HDX is the obvious leader; VMware improved a lot over the years, AWS has WorkSpaces leverage Teradici PCoIP, most cases Microsoft RDP does a good job.
- an easy way of printing – this is soo basic, but sometimes can go complicated; shared (IP) vs. personal printers/scanners (USB)
- enjoy bi-directional audio – imagine a Zoom, Microsoft Teams, Google Meet, or Cisco Webex call without having audio while you need to share your screen with colleagues.
- RAW USB device redirection – sometimes it works, sometimes it does not work. Supported WebCams might work via RDP virtual channel; however RAW USB recreation requires special software (drivers) and/or hardware equipment. And remember, USB cables are not necessarily designed for IP redirection (ultra-low latency expected by drivers and applications)
II/5 Backup Solution for VMs, Files, Databases
VM image (block) or File Level? Application, Crash, or File level consistent? What are the RTO and RPO? Many questions here. Some people do not want to spend money on this; so they use free scripts (ghetto VM backup) partly do the job. Some people still stop VMs and copy overnight with PowerShell. Not even using incremental backup. OMG.
Assuming people using backup software; Microsoft shop likely using System Center Data Protection Manager to do this job. When they start using Azure; they will see similar (same) software called Azure Backup Server. VMware has Data Protection. Do not forget about super popular 3rd party backup and replication software such as Veeam. Remember, you can run Veeam on-premies and in multiple clouds Azure , AWS or GCP as Veeam appliance available.
How much does the backup cost on-premises and what’s the expected cost in Cloud? Looks like an easy question, but actually, it’s not. Consider RAW data vs. decrypted data travels on the network. Think about complex retention policies.
II/6 Monitoring and Management Solution
How much space is left on the OS disk (/root or C:\)? Have you installed the latest updates on the OS? What process is killing the CPU on a particular VM? What about noisy neighbors on networking?
Some SMB uses free software to track this. Very few have System Center Operations Manager. VMware offers Update Manager and vRealize Operations. In the cloud, you will have a major dilemma about how to design the same thing at a reasonable price.
III. Likely Linux/OSS based workloads
III/1 DNS – public domain services
This is likely the “bind” service. Probably it’s combined with email and website offering since the same DNS zone was used.
III/2 E-mail – webmail and SMTP, IMAP, POP3, MAPI, etc.
I used free software (such as FreeBSD/SendMail) and later Zimbra (VMware used to offer it). They are all nice, however, Exchange Online (Microsoft 365) and Gmail (Google Workspace) are much better options. Maintaining on-premises mail systems is quite expensive. You can still check and ask local service providers and their offers. But they might not meet the quality of the hyper scalers. Think about SPAM filtering and RBLs. It’s not an easy one. I would move the email to SaaS without any doubt.
III/3 Web sites, App Services – WordPress and similar
Likely every SMB has a website. Moving it to the cloud might work, however, a low-cost WordPress PaaS hosting can always compete with public cloud PaaS offerings. This blog actually runs on SiteGround, which is actually migrated recently to the Google Cloud Platform.
This introcudes a new topic on App Migration. At Microsoft I used this tool to check how IIS can run on Azure App Service. It supports Linux workloads as well.
I will take a look on Cloud Adaption Frameworks: compare and understand what they offer for SMB customers landing in Cloud. I hope its easy to understand and explain to others while not introducing additional complexity to smaller (up to 25 VM) migration projects.
Microsoft Cloud Adoption Framework for Azure – Cloud Adoption Framework | Microsoft Docs
AWS Cloud Adoption Framework (amazon.com)
Adoption Framework | Google Cloud
Cloud Adoption Framework | Oracle
Cloud Methodology: Evaluate Cloud Migration Needs & Downtime Tolerance – Alibaba Cloud