Tuesday, July 27, 2021

configuring azure update manager for azure VM patching

 Patching the VM's in azure is one of the most important task in cloud operations to treat vulnerability fixes. We have a service called "update manager" is available for the same in azure portal. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and reduce the risks of increased cyber security threats. However, because of the changing nature of technology and the continual appearance of new security threats, effective  update management requires consistent and continual attention.

The basic architecture of azure update management is given below. The solution can be used to push updates for on premises and azure VM's 











Let's configure update management in azure portal step by step and test the patching in a linux VM.

  • The following steps highlight the actual implementation
  • Create an Automation account.
  • Add the Log analytics account with automation account 
  • Link the Automation account with the Log Analytics workspace.
  • Enable Update Management for Azure VMs.
  • Add the VM's to the update manager 
  • Patch the VM's using update manager 

Login to the azure portal and select the "automation account" from the search bar . Create the "automation account" as below . Create azure run as account is optional as it is used to manage azure resources from azure runbooks . I am keeping this as default "yes" . Please keep it in mind that name of the "Automation account" should be unique 

















We have succesfully created the Automation account called "unixchipsac" in the same resource group which log analytics workspace contains 















Next step is to add the  Log analytics workspace with the automation account . Select the Automation account which we created and go to update management , we may need a separate log analytics account for the update manager which can be created along with the update manager configuration .














So configured "update management" profile will be as below













Next step is to create a virtual machine in linux as below , i have created a virtual machine in linux named as  "unixchips1" and same is available in update manager portal when we click add VM option 








































Now we have to patch the VM using update manager . If you click on the "missing update" tab you can see the missing updates for the particular VM.














We have to schedule the patching by providing details like deployment name, VM name, groupname ( this option is useful where we can add the machines to different groups and patch together) , pre or post scripts for patching 















So we have successfully scheduled the patching window as below 















After the patching if we click the jobs we can see the patching is completed successfully


 











If we check the Job statistics , we can see the report as below . So we have successfully patched the VM using azure update management 
















Thank you for Reading this blog and feel free to post your feedback and comments 















Thursday, July 15, 2021

Cloud Migration strategies

 Cloud migration is a complex and well planned process as we considering long term running business strategies.  That is why every cloud migration roadmap needs to define a clear migration strategy for every application that is based on a holistic application analysis. This analysis should not only take into account technical aspects but also business, organization, security and compliance. The selected strategy fundamentally affects the expected migration effort, the potential amount of benefit of using cloud and possible long term cost savings of the new operations model.

So let’s first have a look at what the 6 R’s are and where the concept comes from. Essentially, you can think of each “R” as an available migration strategy for your applications. Each strategy indicates a clear outcome for a transformed application, but not necessarily the actual migration steps to take. The concept was first mentioned by the Gartner analyst Richard Watson in 2011. The 5 original strategies – namely the Rehost, Refactor, Revise, Rebuild and Replace – were revived and adapted in a widely cited blog post by Steven Orban of AWS in 2016. Orban kept some of Gartner’s strategies, renamed some and added a new one. Via the AWS Cloud Enterprise Strategy Blog, the approach has been made public and became popular. Thus, the 5 R’s became the 6 R’s. Today, the 6 R’s are used as a fundamental guideline for almost any cloud transformation. Although there are still disputes about whether further strategies should be added, we at Txture adopted the key strategies of Orban’s article: Rehosting, Replatforming, Repurchasing, Re-architecting, Retire and Retain.

Let's discuss more in details of the strategies and discuss some example along with them 

Rehosting

This strategy is known as lift and shift and this is particularly low cost effort compared to other strategies. The virtual machine and the application that runs in are simply copied as-is to a cloud provider. The most important benefit of this strategy is migration speed because no architectural refactoring needs to be done. Moreover, the migration can often be done automatically using a variety of lift-and-shift or so-called workload mobility tools.
But this strategy has some drawback also as it cannot use the entire cloud potentials. Applications are not designed to use cloud strategy directly because no changes are performed in application level and we are doing lift and shift 

Example

A VM currently running on your local ESX cluster is copied to your vSphere instance running on AWS or is started as an equivalent AWS EC2 instance, GCP VM instance or a compute instance of some other cloud provider.


  











Replatforming 

In contrast to Rehosting, Replatforming leads to cloud optimization due to some cloud platform adoption, while keeping the application core architecture the same. Replatforming requires deeper insights into the application or the virtual machines to be migrated than Rehosting but does not lead to the complexity and effort typically associated with Rearchitecting[3]. Replatformed applications show some cloud-native characteristics like horizontal scaling and portability. Often, Replatforming is used when replacing database backends of applications with a corresponding PaaS database solution of a cloud provider.

Example

An application currently runs on a VM and uses a NoSQL database running on a different VM. When re-platforming to e.g. AWS, AWS DynamoDB may constitute a proper replacement for your on-premises database. This way you do not have to manage the underlying compute resources of the database yourself anymore. Similarly, this can be discussed for the application software itself too, given that its runtime environment is supported by a cloud providers' application platform. Otherwise, a plain Rehosting strategy can be applied.













Re-Architecting 



For highly critical applications that require cloud-native characteristics or applications that need thorough modernization due to outdatedness or performance issues a higher migration effort is typically profitable and hence should be part of cloud considerations. Re-architecting (also called Refactoring or Rebuild) is the strategy that usually leads to the highest transformation cost. However, it allows optimized use of the cloud, leading to cloud-native benefits and making the application future proof. In doing so, the affected application is refactored using an alternative application architecture. Typically this involves breaking down the application’s components into smaller building blocks, microservices and wrapping them into (Docker) containers for a deployment on a container platform.
Re-architecting an application often comes along with the opportunity to even break down the supported business processes into fragments, which greatly improves simplicity and makes a business process more agile.

Example

Basically this strategy comes in while you redesigning your applications to move from own server setup to cloud based microservice architecture like AWS EKS or azure AKS . You target a cloud solution for your inhouse developed “Production Planning Manager”. Your application is hosted on your physical server. Since you are operating in a highly specialized business area, an off-the-shelf application is not readily available for you. As this application provides some of your crucial business capabilities you commission the development of a new version of the application based on a cloud-native architecture. During the development of your solution blueprint you identify e.g. common data domains, shared service functions as well as expected capacity and load demands. Accordingly, you implement a microservice landscape and service facade (typically a proper web-based GUI) which you can pack into containers and deploy in a Kubernetes cluster.













Retire 


The Retire strategy means that an application is explicitly phased out. This makes sense when the business capabilities this application provides are not needed anymore or are offered redundantly. We see this often in those cases where organizations recently went through mergers and acquisitions. You should take the cloud transformation project as a welcome opportunity to screen your application portfolio and reduce obsolete applications on the go.

Example 

While reviewing your application portfolio you discover an application that only has a handful of users but incurs significant license cost. The capabilities that this application offers are provided by a more modern application that was implemented recently and with great user acceptance. This is why you retire the old application as soon as possible and advise remaining users to switch to the new standard application.














Retain


Retain (or Revisit) means that you do not migrate the application at this point since you are lacking important information or are hindered by other factors. For some applications, a move to the cloud just does not make any sense. For example, due to latency requirements, compliance reasons or simply because the benefits of a migration won't outweigh the cost and effort to be invested. You should, however, always set yourself a reminder to “Revisit” the application because the technical or compliance landscape might have changed.


Example

The application in scope has real-time latency requirements as it is essentially running your production line. Also, it involves secret information to be stored and hence the use of filesystem encryption, demanding the sole control of yours. It is unlikely (still not impossible) that a public cloud data center is the right candidate for your application. This is why you decide to keep the application as-is for now or for longer.













Repurchasing 

Repurchasing (also called Replacing) is the strategy where the legacy application is fully replaced by a SaaS-solution that provides the same or similar capabilities.
The migration effort heavily depends on the requirements and options of migrating (live) data. Some SaaS-replacements for on-premise products from the same vendor offer an option to quickly migrate data with little effort or even automatically. Some providers offer analysis tools to assess the to-be-expected migration effort. However, this might not be the case when switching to a product of a different vendor or if the migration path has been interrupted due to neglected maintenance of the on-premise application.

Example

A typical example of Repurchasing is replacing the outdated on-premise CRM software with a SaaS-solution like SalesForce or HubSpot. Another important example that is currently shaking up many organizations, is the migration from on-premises SAP deployments to the cloud.












So as i explained these are the cloud strategies and we may need to select from this according to our requirement and business plan , by considering long run in the cloud setup.