Global Engineering Organization Scales Cloud Services Across 15 Business Units

The Challenge

A global technology, defense, and engineering group needed help migrating the IT workloads of fifteen business units to the cloud, scaling shared services, reducing technical debt, and mitigating corporate risk.

The Solution

Leveraging the AIS Cloud Delivery Framework (CDF) and Microsoft cloud technologies, AIS established a unified cloud platform fit for commercial and government business units, migrated workloads, and scaled cloud services to the appropriate users.

The Results

The organization’s infrastructure is now streamlined through one cloud environment, creating consistency and efficiency in business processes while reducing technical debt and corporate risk.

Establish, Migrate, and Scale Cloud Solutions

Our client, a global technology, defense, and engineering group headquartered is organized across four primary areas of capabilities: Aerospace, Electronics, Land Systems, and Marine. Within these focus areas, there are fifteen separate business units that are either commercial or defense.

The team embarked on an effort to bring all their business units into the cloud and establish a set of shared cloud services.

The organization was looking to achieve the following goals:
Improve security and regulatory compliance audit processes/capabilities
Reduce corporate operational and cyber/penetration risk
Optimize cost savings and reduce capital investments
Create flexibility across business units and processes

To achieve these goals, we established the following objectives for the project:

Leverage SaaS, IaaS, and PaaS to reduce maintenance labor
Reduce audit scope (physical security) and implement Policy as Code
Implement Agile and DevOps processes
Create a catalog of a standard set of shared IT cloud services
Increase data analytics and reporting capabilities
Enable cloud productivity and collaboration tools

Secure, Compliant, Flexible Cloud Architecture

The organization wanted to migrate IT workloads off depreciating physical data centers and into the cloud to increase cash flow and improve security and performance. The goal was to create a centralized cloud architecture leveraging Azure and Microsoft 365. AIS configured Azure subscriptions, deployed a secure Azure landing zone, and established network connectivity to on-premises.

Security and governance were a top priority. AIS implemented policies so IT administrators can better manage governance, risk, and audit compliance for all business unit subscriptions through a compliance dashboard.

Wherever possible, we introduced automation and Infrastructure as Code (IaC) deployments to move quickly and efficiently. We created a prioritized list of features as backlog items to drive continuous improvements.

Leveraging Shared Cloud Services

AIS used shared services to create a customized cloud solution set for the company’s various business units. The cloud modernization effort spanned commercial and sovereign (US Government) public cloud environments. We determined that Azure Commercial and M365 Commercial should be used for the commercial business unit, purchased through the Microsoft Commercial CSP program. Azure Government and M365 GCC High were targeted as the cloud service provider for defense business units, purchased through the Microsoft AOS-G program. AIS is a top tier Microsoft partner, participating in both the CSP and AOS-G programs to provide our customers with the best Microsoft technology solutions and product team support.

Shared services leveraged include:

Identity Management: Centralized Azure Active Directory tenant for commercial business units, and multiple custom domains per tenant for each. A dedicated AAD tenant was required per unit for defense business units due to non-technical factors, such as billing and segmentation requirements.
Vulnerability Scanning & Reporting: Azure Policy and Azure Security Center were used for standard reporting on deployed resources. We also used the Microsoft Security Code Analysis tool for IaC vulnerability scanning and reporting.
Core Cloud Networking & Communication: Azure VWAN to enable hybrid connectivity and transitive routing in the cloud. S2S VPN connections to individual business units. Standard VNET and subnets for segmentation of traffic. Azure Firewall (Secure HUB in VWAN) for intrusion prevention (IPS).
Cloud-based Storage and Compute: Business applications primarily Azure IaaS, Exchange Online for email. The minimal initial use of PaaS except for to provide platform capabilities.
Performance Monitoring: Initial capabilities provided by native capabilities, such as Azure Monitor and Log Analytics.
Configuration Management & Monitoring: Delivery through a combination of Azure Policy and PowerShell DSC using Azure Automation as a “serverless” pull server (for IaaS config management). Nightly infrastructure builds push IaC templates to the environment to set expected configuration and remediate any additional configuration drift.
Collaboration: M365 Exchange Online for all Exchange workloads, Teams enabled for internal collaboration, SharePoint Online newly available (no migration of legacy SharePoint), Azure File Share to replace some file share workloads.
Backup & Disaster Recovery: Azure Backup for VMs and Azure File Shares.
Patch & Update Management: Operating system-level patching with Azure Update Management for Windows-based servers.
Compliance Reporting & Remediation: Azure Policy, Azure Security Center, PowerShell DSC, and Azure automation to implement technical controls.
Core Automation & DevOps: Azure Repos for IaC code and templates; Azure Resource Manager (ARM) Templates with PowerShell for deployment scripting. Azure Pipelines to orchestrate nightly environment deployments of IaC, AIS Service Catalog functionality. Azure Automation and PowerShell DSC for orchestration of specific package installation (extensions, etc.) at scale.

Our Asset-Based Consulting Approach

AIS provides customized solutions based on our enterprise clients’ needs and goals, leveraging IP, and assets developed from experience and expertise. We used the AIS Cloud Delivery Framework (CDF), an ever-evolving framework that supports cloud migration, modernization, and data projects through the documentation of project backlogs and Git repos for faster, successful cloud transformation efforts. The CDF provided the initial backlog and deliverable samples for early project sprints and was adaptable to client requirements. In this case, the client mandated the use of Atlassian tools (Confluence, JIRA) so the Azure DevOps backlog was adapted for JIRA as the backlog management tool and Confluence as the system for providing documentation deliverables.

AIS was able to establish a secure set of cloud environments to meet commercial and defense business unit needs, migrate IT workloads, and provide scalable shared services to the fifteen business units. The company was able to decommission their existing server infrastructure and turn their attention, and IT spend, from maintaining legacy assets to growing the future of their business.

Seeking similar outcomes?

Learn how AIS can help you implement technology solutions that deliver real business results.