Cloud migration for improved infrastructure maintenance

The challenge

Business Need

Cloud migration is still a very hot topic today as it opens up a lot of possibilities for organisations. The Client wanted to migrate an application from their own data centre into the global cloud services. The application in question provided services for the public sector. It was available to different user categories: guest users, authenticated external users and internal users (the Client’s employees).

The main driver of this change was the Client’s strategic decision to move all their services into the cloud to reduce the time and effort needed for infrastructure maintenance.

Microsoft Azure cloud services were selected for this project as they were compliant with the security, availability and architecture standards required for the Application Services in the Client’s catalogue.

The solution

Project Details

The Objectivity team analysed the existing application in order to choose the best migration strategy. Several options were considered: rehosting to Infrastructure-as-a-service virtual machines (VMs), refactoring to use Platform-as-a-service (PaaS) resources or rebuilding to a cloud-compatible format.

The team decided to use the PaaS approach and, after a few changes were made, the implementation fulfilled the requirements for the Azure App Service deployment. Azure DevOps was chosen as the software development life cycle tool that is natively integrated with Azure runtime environments.

The legacy application

The legacy application was hosted by VMs in the on-premise data centre. The application VM with the Internet Information Services (IIS) instance ran the application code and internet access was enabled by the DMZ proxy with open HTTP and HTTPS ports.

The application stored its data in a Microsoft SQL Server database hosted on a VM instance. Moreover, the application was integrated with an Identity Provider (IdP), a Groups and User Management service (GUM), an email service (SMTP) and an external API service. 

The data centre provided an internal network with no connection restrictions between the VMs. The IdP, GUM and SMTP were available in the same network. 

The migration

The target application architecture defined the Azure cloud-based deployment as one of the roadmap steps. The application was divided into front-end (UI) and back-end (API) services for a future extension to the mobile application solution. The application protection was provided by an external Imperva Incapsula WAP SaaS tool. The WAP included, among other things, a firewall and OWASP protection. 

The IdP and GUM services were still hosted in the on-premise data centre; the IdP was already open for external connections and didn’t require any changes, and the GUM service was wrapped by the APIM gateway and exposed to the internet. An external SMTP provider replaced the internal SMTP server.

As for the Disaster Recovery (DR) solution, the application was hosted in two regions. The Incapsula WAP provided a DR router that monitored the availability of the primary region and re-routed the incoming traffic to the secondary region in case of failure. The Azure SQL database was replicated in order to synchronise the data.

The result

Business Benefits

After the successful migration from the on-premise data centre to the Microsoft Azure cloud, the Client achieved their main goals. The usage of PaaS resources in the Microsoft Azure environment successfully minimised the application maintenance cost. The Microsoft Azure environment also allowed the team to introduce a disaster recovery process without any modifications to the application.
The usage of Azure DevOps significantly reduced the software development and delivery cycle time.