100% Cloud will never happen!

I like the idea of starting a brand-new blog site by the name of “Empty Datacenter – 100% Cloud” and then writing the first article, indicating that this will never happen.

But this is exactly what happens during the ‘cloud familiarization period’. The WHAT? Exactly.

During my journey from an on-premises driven consultant for Exchange & Active Directory Enterprise Infrastructures to a Cloud Architect focusing on Office 365, Azure AD and Enterprise Mobility, I noticed by my own thoughts and behaviors and by those of my colleagues and customers that “being cloud minded” is not of a binary category.

Most people understand a few core principles of what it means to be 100% cloud minded. So, in my experience, the 100% cloud approach gets deeper and deeper into one’s mind over time.

People (we all) need time to get used to new environments, paradigms and so on. This is what I call the ‘cloud familiarization period’ (and to be honest, I think this period never ends).

In the beginning of this period, it can happen, that an IT colleague is totally familiar with the benefits of Office 365, completely convinced to move all company mailboxes to the cloud and believes in the future of Microsoft Teams. But if you dig deeper, this IT guy does not really believe in the near end of ‘the fileserver’. He neither believes in empty datacenter halls because ‘our SAP* servers will never go to the cloud during my career’ (* it does not have to be SAP, but you get the idea).

So, in my opinion, when talking about 100% cloud, you should have an empty datacenter as a vision in mind. That means, after moving all the Microsoft Infrastructure to the cloud, your IT infrastructure could look like this:

pic1-1

Pic1

The main message of this picture is: move as much to the cloud as possible now and consider the rest (your on-prem DC) also as a cloud. But let’s proceed step by step.

First, to move the “basic” Microsoft environment means to move:

Mail & File

pic1-2

Pic2

  • Local Mail to Exchange Online
    • Considered as a no-brainer
  • User file servers to ‘SharePoint’
    • With the term “user file servers”, I want to exclude data that is still processed from local apps and so on. To move everything from local fileservers (and SharePoint servers) to OneDrive, Teams, SharePoint Online (and Groups) is technically not hard, but you must work hard regarding change management and user adoption.
  • Comment on Teams
    • As we all know, Teams is the successor of Skype for Business. It is quite easy to use Teams for chat, group-chat, audio calls and conferences. It’s getting a bit harder, if you also move the telephony services to Teams, at least in an enterprise environment. Using which feature by which tool must be well thought through.

The Client

Then, following up with the 100% cloud approach, you should move your clients to the cloud:

pic1-3

Pic3

So, how does this look like from a user perspective? The user receives a new laptop at his desk in the office or at home or where ever you want. He unpacks and starts it and runs into the Out-of-box-experience (OOBE). He types in Username & Password and joins automatically the AAD. The device gets then enrolled into Intune and policy settings are then applied. Intune also installs all user-specific software on the box and after a while, the user can log on to his new machine without IT even touched it. And the best: no on-premises management service was involved. All client management (AAD & Intune etc.) itself is evergreen.

This client loves the freedom of the internet, calls the cloud his home and hates boundaries like Proxy Servers and Firewalls.

Users, on the other hand, love this new client, since it supports collaboration instead of preventing it.

For this new freedom, we need new security concepts. Security concepts that have the global collaboration needs of the users in mind, that also let the users use the tools they need and give them more self-services possibilities to enable them to act fast. With those new security approaches, we also get the chance to improve the overall security of our systems, because we can leverage intelligent cloud solutions that “know” not only our system, but many Microsoft environments from customers all over the world.

The following picture describes the difference between the old and the new security approach:

pic1-4

Pic4

So, in the new world, we must go away from the perimeter approach towards an entity security approach. Considering certain networks as trust worthier than others does not work in a mobile world where computers bypass the company borders in the pockets of their employees.

When we start to protect all entities in question (Identity, Device, Services, Documents), than we gain both: more security and more mobility.

Microsoft offers here an “defense-in-depth product catalogue”, all hosted or connected in/to the cloud:

  • Identity Security
    • MFA
    • Identity Protection
    • Privileged Identity Management
    • RBAC
    • Monitoring/Auditing/Reporting
  • Device Security
    • Secure Boot & Integrity
    • Bitlocker Harddisk encryption
    • Evergreen patching
    • Hello for Business & Passwordless Sign-Ins
    • Endpoint Protection with Windows Defender
    • Advanced Threat Protection
    • Credential & Exploit Guard
  • Service Security
    • Conditional Access & Compliance
    • Device Health Attestation
  • Document Security
    • Azure Information Protection
    • DLP

By now, we were talking about the “company managed (Win 10) client”. In a 100% cloud approach, we also have to think about connecting other devices, mobile devices and private computers (Windows, Mac & maybe even Linux).

In the upcoming posts we will hear more about the mentioned security solutions and the possibilities for mobile and private devices and we dig deeper into them.

The last boxes in the basement

Now, let’s talk about the apps and services we avoided to talk about until now. There are hundreds of applications in your server rooms besides “Mail”, ” File” and “Collaboration/Communication” services.

A 100% Cloud approach means to move them to the cloud. It’s as simple as that.

This is where the “never gonna happen” mantra starts. And therefore, you must keep your clear vision of a cloud-only IT AND be as pragmatic as necessary. Start a project that goes through all your applications and checks them against a priority list like this one:

  • Do we still need this? (I have seen companies that saved a lot of money by asking this simple question)
  • Is there a SaaS service available for this application?
  • Can we move it to Azure (IaaS)?
  • Can we easily ‘publish’ it by Web Application Proxy? (since it speaks http)
  • Do we have to App-vpn to it?

Taking this list and going through all the apps in the basement, we sometimes call “app feng-shui”.

This list is a priority list from top to bottom and it is not complete, but you can imagine what to do here. The benchmark here is “user experience”. In a 100% cloud approach, you should provide the best possible user experience, regardless of the location of the device connecting to your services, no matter where servers reside, it runs on.

You may have recognized that the ‘last boxes in the basement’ struggle against the 100% cloud approach. But this is not so important. And it should not lead you to the conclusion not to start with it at all!

In fact, this is the point! You must do here, what you can to get as close to the 100% as you could. In addition to “app feng-shui” you should also plan on how to proceed with those apps in one year and later. Maybe you get new possibilities then, since a SaaS version is already under development.

Summary

So, that’s it. Your datacenter is (nearly) empty now. As mentioned before, we will dig deeper into many areas mentioned in this blog post in upcoming posts.

I would like to end this post with a list of things you can achieve for you and your company by going 100% cloud:

  • Mobility: from each device and location
  • Evergreen: always up-to-date, for security and for the latest tools and features
  • Collaboration: enable your users to collaborate easily with whom they want without having to use Shadow IT tools
  • Self-services: freedom and agility to the user
  • State of the art security: prepared for modern threats by leveraging cloud intelligence
  • Knowledge sharing: users will be able to share knowledge with community tools.

Is all this easy to achieve? No. Does your company need to change in every cell of its ‘body’? Yes, but I believe it is worth it.

I am really looking forward providing articles here that help you to empty your datacenters and taking full advantage of the 100% cloud approach.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.