How We Leveraged Microsoft Azure To Meet On-Demand Needs

Chad Leverenz, VP, IT Infrastructure & Development, Mercy Housing
94
136
35

Chad Leverenz, VP, IT Infrastructure & Development, Mercy Housing

Like most non-profit organizations, we experienced rapidly growing needs for visualizing analytics, producing business intelligence, improving OLTP and OLAP server performance on-demand, and backing up files. However, like most non-profit organizations we did not have the budget to support hiring more human resources to meet the needs.

In January, 2015, we needed to leverage a cloud platform that could support our enterprise needs and Microsoft Azure was the obvious choice given our experience and skills. We heard there was a charity program in development but Microsoft Philanthropies was not ready to release the new program to support non-profit organizations and we did not have time to wait. Therefore we committed to an Enterprise Agreement (EA) with Microsoft and started migrating servers from our on-premises data center into the Infrastructure-as-a-Service (IaaS) platform in Azure. The following were the business drivers for migrating to Azure successfully:

1. Move away from Capital Expenses for hardware and move into known and predictable Operating Expenses in Azure

2. Keep the scope for each migration phase small and controlled
a. Eliminate upgrades at the same time
b. Minimize patching to the operating system during the migration
c. Do not allow configuration changes “while we’re in there”

3. Identify the critical systems that need immediate solutions
a. Including those that are weak in computer, memory, data I/O, and storage
b. Critical systems that lack robust and duplicate backups are strong candidates to migrate
c. Enterprise systems that affect the most quantity of employees are obvious migration targets given their high resource utilization and the on-demand options to spin-up new VMs, add resources, or add storage on the fly and at set thresholds

  ​The ability to scale services within 15 minutes is a feature we have never had before and now we utilize it nearly every week   

4. Architect “no more and no less” to make the solution work
a. Configuring geo-located failover nodes is not in scope
b. Monitoring services and logs is a requirement
c. Open only the ports needed for the services within Network Security Groups

5. Phase the solution from IaaS to PaaS
a. Utilize Microsoft-managed failover, load-balancing, and backups
b. Identify Storage containers for the right size, speed, and type of container
c. File services should be geo-located if there is a need to resolve for high end-user latency
d. Eliminate IaaS VMs where PaaS services meet the need; logging, databases, and front-end web services

6. Utilize vendor SaaS as much as possible for OLTP
a. Since we do not serve applications to our constituents, we do not have a need to refactor our applications for Azure SaaS
b. We do not want to host our business applications (ERP, CRM, Operations) in Azure if the vendors that created them can do it just as well in their cloud platform
c. The only enterprise system we host in Azure is our Enterprise Data Warehouse (Mercy Analytics).

7. Consider Azure solutions for all new projects including the following:
a. App Services
b. Web Services
c. SQL Services
d. Storage
e. Enterprise Mobility + Security (MDM, MAM, 2FA, InTune)
f. DNS
g. Active Directory
h. IoT
i. Log Analytics
j. Security Center

We learned several things about Microsoft Azure that made us adapt to their governance, style, and platform management.  

• Microsoft releases changes, patches, updates, and product improvements very quickly and with little advanced communication. We need to adapt our team to watch frequently, subscribe, listen, learn, and play with new technologies frequently to see if there is value in implementing to resolve issues and bring new functionality to the platform

• Everything we created in Classic mode would have to be recreated in Resource Manager to leverage the new functionality, manage the services effectively, and see the enterprise at a glance

• Microsoft’s support for Azure has been very quick, responsive, accurate, helpful, and they admit failure when it occurs and without bias, which makes vendor partnering easier to move forward as a unit together

• Microsoft Philanthropies did not allow us to turn our EA into a Philanthropies subscription so enduring yet another migration and deployment is a third instance (better learn how to use JSON to deploy VMs and service frequently). The new migration tool has been very helpful to ease this burden

Overall, Azure has provided us significant improvements in our ability to meet business needs. The ability to scale services within 15 minutes is a feature we have never had before and now we utilize it nearly every week (how did we do it before Azure?). Our IT employees are excited to learn new technologies, stay current with IT innovations, and exercise idea-generation as a team.

Going forward, we would like to see Microsoft consider improving Azure for non-profits by doing the following:

• Allow subscriptions to change from EA to Philanthropies with a single click
• Allow multiple Philanthropy subscriptions to merge with other subscriptions to amalgamate into a single charity donation
• Continue using ea.azure.com for Philanthropy subscriptions
• Create custom Administrator roles by granular feature (e.g. InfoSec role, Tier-2 role, Procurement Role, CIO role) and allow us to change role default permissions for those currently assigned (Service Administrator, Billing Administrator, User Administrator)
• Create a hosted File Services storage container that allows for NTLM permissions from Active Directory, utilizes DFS across geo-located containers, and allows for external sharing, reporting, InfoSec controls, and link expirations
• Create a System Center Service Manager service so we do not have to utilize IaaS
• Import GPO policies, converting them to InTune policies, and changing all domain-joined nodes into Azure-joined nodes for immediate MDM, MAM, and 2FA integration (for Windows 7 and higher)
• Offer best practices configurations by default (email in Office 365, spam/malware, data loss prevention policies, and security policies in Azure)

Read Also

Increasing Business Agility and IT Efficiency by Hyper-V

Peder Jungck, CTO, BAE Systems, Intelligence & Security

The IoT is Reality in Industrial Applications

Bob Karschnia, Vice President, wireless, Emerson

Open Source .NET: Machiavellian, Altruistic, or Darwinistic?

Morgan Senkal, Web Programmer and ScrumMaster, Metal toad

On POINT with SharePoint 2010

Onyeka Nchege, VP and CIO, Interstate Batteries