Mark MacInnis | Enterprise Architect
What makes one business integrate fully into new platforms while another fails to make steady progress? Why do cloud initiatives stall? Why is the real total cost of ownership (TCO) understood months after moving to the new platform or technology?
These are questions my experience has enabled me to address and resolve, and I can do the same for your business.
Who am I?
I am architect and technologist with many years of active leadership in collaboration and design along with deep hands-on experience with public and private cloud as well as on-premises platforms, implementing best-practice and architectural excellence have become my instinct.
Having deep experience in distributed system design and support for full-stack solutions, I approach each solution with a clear and unique objective.
The purpose of this portfolio …….
Is to show some examples of the projects I led. I make the connection between the desired outcome and actual result, showing that my experience is something I’m sure you will find to be a great asset to your business.
Driving Successful Integrations
Integrating new solutions for your business should improve the bottom-line. What that bottom line is and how it is achieved is not always as clear as it should be. Is it to improve the functionality of the application? Improve the response of the application? Increase security? Reduce the total cost of ownership (TCO)? Increase portability?
I’ve taken 10+ years of developing and implementing processes for integration and translating that process to something that works for all stakeholders. Whether your business uses TOGAF, SAFe or some other architectural framework, these factors keep the the initiative on track.
Example 1: Zero-Trust Network Design
For most organizations, ‘lift and shift’ involves more than a simple migration. This client had strong networking expertise and strict perimeter networking practices that were to be preserved as part of their migration of a 3-tier application to the public cloud.
Action
I worked closely with NetSecOps to understand their network security requirements and help them see how their cloud adoption can be secure.
I met them where they were, designing a hybrid architecture that they could support and grow. A more cloud-native design was added to their roadmap for true end-state architecture for the near future.
I worked with their infrastructure and operations teams to deploy the networks, NVAs (network virtual appliances), RODCs (read-only domain controllers), web, app, and DB VMs.
I worked with NetSec teams to create secure connectivity within the cloud (east-west) and external connectivity (north-south), maintaining the requirements for least privilege access and deep packet inspection.
Addressed their remote access concerns by replacing a jump box system with Bastion services over secure TLS.
Created services to synchronize FTP and email functionality with dependencies in the existing data center.
Worked with the application team to refactor the middle tier as legacy configuration needed to be updated.
Result
Application was successfully moved to the cloud. Training sessions followed and all teams can support the full stack in it’s new platform. They are also well-positioned to continue to modernize and improve the application to address the speed of their business.
Example 2: Disaster Recovery Solution
For the above client, a DR solution needed to be included in the design. I led that design, implementation and testing of the solution.
Action
I worked closely with Cloud Ops team to help them build a solution that would meet their immediate goals for DR.
Due to their strict networking requirements along with IaaS-based applications, pre-staged networks for perimeter security and VMs were created. A warm instance of a SQL replica would be made master in a fail-over situation. All other VMs where spun up at the time time of the event, using Azure Site Recovery (ASR).
Result
DR tests where successfully carried out and within the required RTO/RPOs.
Example 3: Post-Acute Hiring Application - Legacy-to-AWS
I was tasked to bring that in-house from their tech platform which was built on outdated HW running free applications in a data closet.
Action
I engaged with developers and product team that came on board with the application.
I assessed the application workload through performance analysis and discovery.
I built a project around the scope and method of the move, given the deadline I had to work with.
The deadline was built on the risk of remaining on existing fragile infrastructure.
I worked with developers to rebuild/refactor the application for AWS.
Moved workloads into AWS
From MS SQL server to AWS RDS
Replaced limited-function free software LBs to AWS ALBs
Designed and configured security groups.
Designed and configured network topology and communication flow.
Handed it off to developers and worked with Ops/Sec for maintaining app health and regular review/optimization of environment.
Result
The risk of having everything on an expired tech stack with no redundancy was mitigated and the application is running in AWS using real SLAs for uptime, availability, and security.
Example 4: Greater ROI Realized Through Rebuild and Refactor - Datacenter-to-Datacenter (GE-to-HealthcareSource)
Sometimes leveraging what you have makes sense. In this acquisition, the tech stack closely resembled what we were already using for other applications.
The company had a contractual obligation to be completely integrated in a short time. I decided to leverage what we already had, but lift and shift would be cost prohibitive.
Action
I engaged with regular discussions with GE staff for the application being acquired and their data center provider (and its staff).
I assessed the application workload through performance analysis and discovery.
Created doc repository for cross-team reference and updates.
I built a project around the scope and method of the move, given the deadline I had to work with.
I separated the stack into various technologies and assigned owners according to their expertise.
Identified ways to decouple services, offloading functionality for better application performance. Other design changes were reviewed and tested having to do with transaction/storage IO, SDN, security, JVM application allocation, and compute.
Migration timeline and success metrics were created
Optimized our VMware vSphere environment by creating separate clusters for SQL server (virtualized) due to its unique performance requirements. This also included creating new specs for and purchasing new Dell blades according to their CPU and memory architecture.
Result
Right-sized the workload and migrated into our vSphere environment.
Datacenter cost went from $70k/mo to 12,400/mo
Integrated into our platforms for Web, app, and DB.
In the above scenario, we needed to make the QA environment more accessible for the application engineers, so I decided to build them their own subscription in AWS.
Action
Since the app was not ready to be re-coded, this was a lift and shift move.
Ran daily Cloudwatch job with Lamba function to shut down the environment daily to save costs.
Result
Developers were able to work on the application without getting Ops involved.
Production and QA/Test environments were completely separate.
It’s part of my process to illustrate and explain the reason and functionality of the solutions I propose and implement to all business units.
Example 5 - Multi-tenant clients access to a copy of their own DB to run reports against.
To meet an obligation made by the Product team to give SaaS clients a copy of their own DB to run reports against, I wanted a solution that was secure and scalable. The assumed method (of having it all in our datacenter) would not meet those requirements to my satisfaction. Nevertheless, we had an obligation to make this happen.
Action
I quickly stood up an Azure subscription for the clients to access and consume.
Since we weren’t sure how many clients actually signed up for this, I proposed 2 solutions depending on expected number of tenants.
After discussions internally and externally with customers, we decided on the ‘nominal tenants’ solution (see illustration).
Result
More secure/less overhead: No multiple VPNs to our data center
Native SQL tools used to access. No need for any VPNs
Consistent data with RO client access. Rewritten at each replication cycle.
More scalable
Easy enough to create subscriber DBs in Azure
Service-based
Managed SQL
Elastic DTUs
Serverless (unknown or sporadic customer access with no real baseline). Not live perf-critical DB.
Integrates with Azure AD / Our Office 365 integration for seamless integration into our existing RBAC policies.
Contact
Please feel free to contact me with any questions or to arrange a conversation. I look forward to hearing from you!
Email: mark.macinnis@comcast.net