Mark MacInnis | Enterprise Architect

What makes one business integrate fully into new platforms while another fails to make steady progress? Why do cloud initiatives stall? Why is the real total cost of ownership (TCO) understood months after moving to the new platform or technology?

These are questions my experience has enabled me to address and resolve, and I can do the same for your business.

Who am I?

I am architect and technologist with many years of active leadership in collaboration and design along with deep hands-on experience with public and private cloud as well as on-premises platforms, implementing best-practice and architectural excellence have become my instinct.

Having deep experience in distributed system design and support for full-stack solutions, I approach each solution with a clear and unique objective.

 

“It can be challenging when business requirements change but thinking about the outcome helps me roll with the dynamics of modern industry.”

 
 
 
8 Phases Of a Successful Integration

8 Phases Of a Successful Integration

Driving Successful Integrations

Integrating new solutions for your business should improve the bottom-line. What that bottom line is and how it is achieved is not always as clear as it should be. Is it to improve the functionality of the application? Improve the response of the application? Increase security? Reduce the total cost of ownership (TCO)? Increase portability?

I’ve taken 10+ years of developing and implementing processes for integration and translating that process to something that works for all stakeholders. Whether your business uses TOGAF, SAFe or some other architectural framework, these factors keep the the initiative on track.

Example 1: Secure and Sensible Cloud Virtual Desktop Solution

Many of my clients are facing a decision on what to do with their desktop infrastructure. Why?

Broadcom’s acquisition of VMware has placed an expensive and complex burden on people who have been running on VMware solutions, such as Horizon, for many years. Others are finding Citrix too expensive and are tired of managing a complicated in-house infrastructure.

Azure Virtual Desktop is the best candidate for replacing these solutions for many organizations.

My clients report a significant improvement in performance, compared to their former solution, and it’s much easier to manage.

The key is to deploy the solution carefully and with intent, meaning that you understand the client’s requirements and build with best of breed features. To do this well requires a design that is optimized for performance, cost, and is security-focused.

Action

  • Built Azure foundation using Landing Zone Accelerator. Many of my clients do not have a production-ready environment, so this is always the first thing I do to allow for a secure and easy to manage design following Microsoft’s best recommendations for cloud adoption.

  • I wanted to best utilize the host pool for cost, performance, and consistency, using:

    • FSLogix on zone-redundant Azure Files storage.

    • Scaling plans to allow the environment to grow and shrink based on business usage.

    • Azure Insights to give the client comprehensive visibility into performance, capacity, and end-to-end connectivity.

  • I am serious about security, so a robust firewall solution is always part of the design. In this case, the client was already using Palo Alto devices on premises, so I implemented Palo Alto NVAs (network virtual appliances) to meet their firewall and network-inspection requirements. This was used in combination with distributed firewalls and routing (Azure network security groups and user defined routes). Azure private endpoints were implemented in keeping with best practice for securing client data.

Result

End users had better performance than their VMware Horizon solution and had consistent desktop experience.

Dynamic scaling led to major cost savings as only required compute resources were used according to end user activity.

The client (working initially with me) was able to quickly analyze connectivity performance end-to-end. This was vital as end-users were cutover to the AVD solution, giving them the best experience while optimizing the cost savings for the solution.

Designing and building the best foundation for this solution has has paved the way for clients like this one to continue to modernize their business as part of their cloud adoption journey.

Azure Virtual Desktop with Palo Alto and FSLogix integration. Azure’s native highly available infrastructure was utilized for uninterrupted experience. Private endpoints were used to secure client data.

Example 2: Zero-Trust Network Design

For most organizations, ‘lift and shift’ involves more than a simple migration. This client had strong networking expertise and strict perimeter networking practices that were to be preserved as part of their migration of a 3-tier application to the public cloud.

Action

  • I worked closely with NetSecOps to understand their network security requirements and help them see how their cloud adoption can be secure.

  • I met them where they were, designing a hybrid architecture that they could support and grow. A more cloud-native design was added to their roadmap for true end-state architecture for the near future.

  • I worked with their infrastructure and operations teams to deploy the networks, NVAs (network virtual appliances), RODCs (read-only domain controllers), web, app, and DB VMs.

  • I worked with NetSec teams to create secure connectivity within the cloud (east-west) and external connectivity (north-south), maintaining the requirements for least privilege access and deep packet inspection.

  • Addressed their remote access concerns by replacing a jump box system with Bastion services over secure TLS.

  • Created services to synchronize FTP and email functionality with dependencies in the existing data center.

  • Worked with the application team to refactor the middle tier as legacy configuration needed to be updated.

Result

Application was successfully moved to the cloud. Training sessions followed and all teams can support the full stack in it’s new platform. They are also well-positioned to continue to modernize and improve the application to address the speed of their business.

Azure integration of client’s 3-tier application under the zero-trust model.

Example 3: Disaster Recovery Solution

For the above client, a DR solution needed to be included in the design. I led that design, implementation and testing of the solution.

Action

  • I worked closely with Cloud Ops team to help them build a solution that would meet their immediate goals for DR.

  • Due to their strict networking requirements along with IaaS-based applications, pre-staged networks for perimeter security and VMs were created. A warm instance of a SQL replica would be made master in a fail-over situation. All other VMs where spun up at the time time of the event, using Azure Site Recovery (ASR).

Result

DR tests where successfully carried out and within the required RTO/RPOs.

Tested DR Design

Example 4: Post-Acute Hiring Application - Legacy-to-AWS

I was tasked to bring that in-house from their tech platform which was built on outdated HW running free applications in a data closet.

Action

  • I engaged with developers and product team that came on board with the application.

  • I assessed the application workload through performance analysis and discovery.

  • I built a project around the scope and method of the move, given the deadline I had to work with.

  • The deadline was built on the risk of remaining on existing fragile infrastructure.

  • I worked with developers to rebuild/refactor the application for AWS.

  • Moved workloads into AWS

    • From MS SQL server to AWS RDS

    • Replaced limited-function free software LBs to AWS ALBs

    • Designed and configured security groups.

    • Designed and configured network topology and communication flow.

    • Handed it off to developers and worked with Ops/Sec for maintaining app health and regular review/optimization of environment.

Result

The risk of having everything on an expired tech stack with no redundancy was mitigated and the application is running in AWS using real SLAs for uptime, availability, and security.

Sample of how AWS services were leveraged for migration from on-premises datacenter. Rebuild and refactor made the most sense for this scenario. Immediate advantages were realized for virtual networking, distributed firewalls, and other security fea…

Sample of how AWS services were leveraged for migration from on-premises datacenter. Rebuild and refactor made the most sense for this scenario. Immediate advantages were realized for virtual networking, distributed firewalls, and other security features.

HHS-Web-stripped.PNG

It’s important that the teams who support the solution understand how it is flows and is secured.

HHS-AD.PNG

Active Directory Integration

Significant reduction in cost and overhead, rather than having instances as ADDCs

Example 5: Greater ROI Realized Through Rebuild and Refactor - Datacenter-to-Datacenter (move from acquired application to our datacenter)

Sometimes leveraging what you have makes sense. In this acquisition, the tech stack closely resembled what we were already using for other applications.

The company had a contractual obligation to be completely integrated in a short time. I decided to leverage what we already had, but lift and shift would be cost prohibitive.

Action

  • I engaged with regular discussions with the company staff for the application being acquired and their data center provider (and its staff).

  • I assessed the application workload through performance analysis and discovery.

  • Created doc repository for cross-team reference and updates.

  • I built a project around the scope and method of the move, given the deadline I had to work with.

    • I separated the stack into various technologies and assigned owners according to their expertise.

    • Identified ways to decouple services, offloading functionality for better application performance. Other design changes were reviewed and tested having to do with transaction/storage IO, SDN, security, JVM application allocation, and compute.

    • Migration timeline and success metrics were created

  • Optimized our VMware vSphere environment by creating separate clusters for SQL server (virtualized) due to its unique performance requirements. This also included creating new specs for and purchasing new Dell blades according to their CPU and memory architecture.

Result

  •  Right-sized the workload and migrated into our vSphere environment.

  • Datacenter cost went from $70k/mo to 12,400/mo

  • Integrated into our platforms for Web, app, and DB.

SaaS application network diagram I created that all teams used for easy troubleshooting and configuration management.

SaaS application network diagram I created that all teams used for easy troubleshooting and configuration management.

In the above scenario, we needed to make the QA environment more accessible for the application engineers, so I decided to build them their own subscription in AWS.

Action

  • Since the app was not ready to be re-coded, this was a lift and shift move.

  • Ran daily Cloudwatch job with Lamba function to shut down the environment daily to save costs.

Result

  • Developers were able to work on the application without getting Ops involved.

  • Production and QA/Test environments were completely separate.

CTM-QA Stripped.PNG
Lambda shutdown.PNG
CTM-QA SGs.PNG

It’s part of my process to illustrate and explain the reason and functionality of the solutions I propose and implement to all business units.

Example 6 - Multi-tenant clients access to a copy of their own DB to run reports against.

To meet an obligation made by the Product team to give SaaS clients a copy of their own DB to run reports against, I wanted a solution that was secure and scalable. The assumed method (of having it all in our datacenter) would not meet those requirements to my satisfaction. Nevertheless, we had an obligation to make this happen.

Action

  • I quickly stood up an Azure subscription for the clients to access and consume.

  • Since we weren’t sure how many clients actually signed up for this, I proposed 2 solutions depending on expected number of tenants.

  • After discussions internally and externally with customers, we decided on the ‘nominal tenants’ solution (see illustration).

Result

  • More secure/less overhead: No multiple VPNs to our data center

  • Native SQL tools used to access. No need for any VPNs

  • Consistent data with RO client access. Rewritten at each replication cycle.

  • More scalable

    • Easy enough to create subscriber DBs in Azure

    • Service-based

      • Managed SQL

      • Elastic DTUs

      • Serverless (unknown or sporadic customer access with no real baseline). Not live perf-critical DB.

      • Integrates with Azure AD / Our Office 365 integration for seamless integration into our existing RBAC policies.

Azure-Nominal.PNG
Azure-Many.PNG
IMG_6131.jpg

Not all Business

I love spending time with my family and photographing wildlife.

I have a small studio at home where I create music and am enjoying seeing the same love of music develop in my 10-year-old son.

Contact

Please feel free to contact me with any questions or to arrange a conversation. I look forward to hearing from you!

Email: mark.macinnis@comcast.net

LinkedIn: www.linkedin.com/in/mark-macinnis-cloud-architect