The next episode of the “Cloud stories from Norway” videoshow is ready for watching! In this 40-minutes long show we feature Azure cloud best practices, patterns, tips & tricks used in production in the products and services of well-known Norwegian companies.
For this episode, Maxim Salnikov from Microsoft invited Jan Egil Ring, a Lead Architect at Crayon – an important partner of Microsoft, that helps Norwegian and not only companies to build and operate cloud projects, and Morten Hansen, an Infrastructure Architect at TINE – the largest Norwegian dairy product cooperative consisting of around 15 000 farmers and more than 5 000 employees. From two short, focused tech sessions you will learn about
- Best practices and findings during the migrating of 120 VMs to Azure in just 1.5 months
- What other projects on Azure are under development in TINE and Crayon
- Many more cloud tips & tricks to skill you up on cloud technologies!
The video is available online, you can watch it here: On-demand
We received many technical questions during event, here are the answers on some of them:
|How did you do in order to get a cost estimate for the Azure related costs for this migration? Could you use the TCO calculator in Azure?
||We used Azure Migrate to perform an initial assessment of the whole datacenter, and then broke it down to the VMs that was in scope for the migration project. The assessment feature in Azure Migrate is really good and allows you to select factors such as region, reserved instances and so on. For common infrastructure costs like ExpressRoute which was implemented in the same time frame we used the Azure Pricing calculator. Although, the Azure TCO Calculator you mentioned very useful in order to account for all costs such as datacenter operations, so you get a good insights into Total Cost of Ownership.
|Have you adopted ‘subscription democratization’ principle from the Enterprise-Scale or have you chosen to retain a full control of subscriptons within central IT? If the latter one, what were the main reasons?
||Central IT is in charge of common «infrastructure subscriptions» such as the hub subscription (ExpressRoute, domain controllers and such) & the landing zone for the AMP project. Others subscriptions are created on a business unit basis where central IT provides some control with regards to networking and access controls – using Azure AD PIM and RBAC to provide access for application owners, vendors and so on.
|Regarding your monitoring strategy: have you moved SCOM VMs ‘as-is’ to Azure or have you adopted cloud native tools with Azure Monitor, Log Analytics, workbooks, etc.?
||SCOM VMs was moved as-is, and is mainly used for monitoring the datacenter and the ~30 production plants. For new cloud native services, Azure Monitor is being leveraged as the primary tool of choice. One of the reasons of continuing the usage of SCOM is that Tine already have invested a lot of time and efforts in the SCOM infrastructure, using SquaredUp on top for dashboarding. Also, Azure Monitor is not so suitable for all existing technologies in Windows Server such as Failover Clustering and so on. Tine us using Azure Arc for all on-premises servers though, so we might look into the new Azure Monitoring agent deployed via Arc at some point.
|How big was the project teams from Crayon and Tine and how was it (rougly) divided in terms of technical competency areas?
||The project team was 5-6 persons working with priority. And we had the possibility to get help from others since this project was important to TINE.
|Was the main reason for chosing Azure vs competitors that Azure had/created server locations in Norway?
||That was one of the main reasons. We needed fast response times to different services, for instance database and integrations services. The response times in Norway compared to outside Norway was noticeable: ~20-25 ms to West Europe, ~4-5 ms to Norway East with VPN and ~2-3 ms to Norway East with ExpressRoute.
|I see that you used a hub & spoke architecture and that you used different vnets for the spokes. How would it work with using subnets instead of vnets? How much cost would it save and would it be worth it?
||If using one large VNet divided into multiple subnets instead of carving out multiple VNets, one would have been tied to a single subscription as a VNet cannot span multiple subscriptions. As a VNet itself doesn`t incur any cost, I don`t believe the cost difference would be much (if anything). There are other elements to think of when moving the discussion to one subscription vs many. A single subscription for an Enterprise is considered an anti-pattern in the Cloud Adoption Framework. There are many reasons for this discussed in the framework, but one thing to consider is that a subscription is «a unit of scale». There is a certain amount of virtual Cores, virtual machines and so on available by default within a subscription. To go above these, one must file a quota increase request and detail the demand now and in the coming 6-12 months. Even though the cloud is «limitless», there are some boundaries in practice – so planning is key.
|About backup solution, what do you recommend when you have servers running on prem as well as in Azure? Good to have 2 solution or just one azure solution for all servers?
||It depends whether there are any existing backup solution in place on-premises which makes sense to continue or not, but in general we backup services where they run with regards to RTOs. For on-premises, we also leverage the Azure Backup integration in System Center DPM both for off-site storage and for long-term retention (it replaced tape-based backups 6-7 years ago). In you have a greenfield environment and do not have any System Center DPM licenses, you could use Azure Backup Server which is essentially the same product, but with a difference licensing model (tied to an Azure subscription instead of a System Center licence). That is, if you are keen to leverage a Microsoft product for on-premises backups – which makes sense when using Windows Server and other Microsoft products. There are Azure backup/storage integrations in 3rd party product such as Veeam as well.
|A question for Morten: Can you give a ball park figure on the cost or time savings this project has given you?
||The cost savings is just for TIP is just for the project work itself between 100000-200000, in addition to time saved with regards to being able to deliver infrastructure on-demand. We also would have needed more servers on-prem. Since we have 2 datacenters we saved 2 more physical servers approx 350000,- in addition. And that is only for TIP. We also have some minor projects that has given cost savings. BUT: In addition we have gained so much better control and documentation. Cost is of course important, but using Tags to document and work in a better way gives a lot of ‘unexpected’ savings. And also, to turn off servers between 22:00-07:00 (test environments for instance) saves us money. For production workloads which needs 24/7 availability, we are using Reserved Instances which saves a significant amount over 3 years.
|Hi! Was Azure Migration tool used to the purpose of getting an overall insight of the on-prem infrastructure?
||The AMP project main purpose was to move servers, but it also gave us one advantage we have not thought about: When system owners were asked if servers had to run 24/7 or if they were critical we actually managed to remove some of the servers as well. The tool also helped us get a better overview of the ON-prem environment.
|How can new organizations learn from Crayon journey and working towards the UN sustainability goals?
||I recommend to read this regarding goals: https://www.microsoft.com/en-us/corporate-responsibility/un-sustainable-development-goals
|How fast is Azure (spinning up VM’s, generating tags, web client performance etc) vs competitors?
||In the past, provisioning VMs was a bit slower than the competiton, but after implementing a new feature where I believe there are «hot standby» VMs waiting for customizations in the backend it has improved significantly. Typically when provisioning a Windows VM using a Terraform template, it completes in ~3 minutes. Linux is faster (depending on distro). For other services I haven`t made any comparisons, but in genereal it varies a lot by service. It is also enhanced in newer versions, for example Application Gateway deploys in ~25 minutes vs ~45 minutes in the V2 SKU vs the V1 SKU IIRC.
Stay tuned for the next episode of the “Cloud stories from Norway”!
How to follow all Microsoft Norway’s and local tech communities’ events about Azure cloud for the developers – conferences, seminars, workshops, training, webinars, etc.? Just follow our technical twitter https://twitter.com/MSDevNo
To stay connected:
Feel free to send your questions about the Azure cloud technology and educational events here: firstname.lastname@example.org
Developer Engagement Lead at Microsoft Norway
All episodes of “Cloud stories from Norway»