CHANNEL PROS ARE FAMILIAR with server management, network management, and even virtualization management. They’re generally far less familiar with the ins and outs of managing virtual instances and network resources in public clouds like Microsoft Azure.
According to Shashank Katikaneni, vice president of operations at American Technology Services (ATS), a cloud services management company in Fairfax, Va., managing in Azure is similar to on-prem. “You still have OS updates, security updates, and the like,” he says. The biggest mental hurdle, “is that you have no hardware but a lot more flexibility.” If something isn’t working correctly, you can spin up a new instance and restart.
Eric Boyd finds that the difficulty or simplicity of managing Azure depends on your customer’s IT structure. If it’s centralized, “Azure is much simpler,” says the founder and CEO of responsiveX, a management and technology consultancy headquartered in Chicago. If decentralized, he suggests building a central platform with other groups attached in a hub-and-spoke arrangement, with each group having their own landing zone that connects to the hub.
Eric Boyd
However, he notes, Azure management is ultimately not a matter of harder or easier, but different. Once you get over the learning curve of treating server management much like a development process, it’s simpler. “You have to learn automation and scripting and consider management like code. Then it’s much easier and much more consistent and reliable once configured.”
Best Practices
VIAcode, an Azure development and optimization company in Redmond, Wash., does its best to erase the line between cloud and on-premises management. “Our server management guidelines are the same, as we follow best practices in financial management, security, and operations,” says Victor Mushkatin, CEO. “We follow the cloud center of excellence and start with an assessment of the customer environment.”
While the details differ, he continues, “you still need the same processes.” When migrating a customer from on-prem, for instance, the Azure environment offers more options to consider, such as for file shares. Rather than a file server, you may point users to a SharePoint server on a VM.
Mushkatin divides migration and management into three phases: landing zone, workload, and management. The first covers basic details like identity, connectivity, and security. If customers prefer their existing Cisco VPNs, for example, you can keep them, or move to Azure tools. Azure has a built-in firewall, load balancer, and gateways too, or customers can keep their existing systems.
Workload concerns applications and the user environment. Do you provide apps straight from the cloud or in a virtual desktop? Management includes backup, monitoring, and application controls.
“Backups are more complex,” Mushkatin says. On-prem, once you backed up a VM or a database, you were done. Azure Backup, however, omits some workloads. Azure Application services, SQL, and others have their own backups, and each application prefers their own approach to protect their own data. “Integrators often must bring in a third party to properly back up their environment,” Mushkatin says.
Azure Active Directory expertise is an important part of management too. “AD experience with Microsoft 365 will give you a leg up,” says Boyd. Azure AD hasn’t quite reached feature parity with domain services on-prem, he adds, but there are features in Azure AD you don’t get on-prem.
Other vital resource categories such as monitoring server and application health, costs, and security become more important in Azure because they create vulnerabilities in the cloud if you don’t pay attention, adds Boyd. “Security levers and controls are easier in the cloud, but encrypting data at rest, key rotation, encrypting data channels, and the like must be done correctly, and in new ways.”
Victor Mushkatin
Mushkatin agrees, stressing the need for security policies. “Clients get a security bill every month and think they’re covered,” he explains, “but we see security challenges all over without security policies in place.” For instance, during a security assessment, he found a customer had configured 46 containers, and all were public. “You have to be secure by design on every level,” Mushkatin says.
The greater surface area for attack in the cloud makes security more complex, he continues. Even large organizations rarely have the muscle to govern security comprehensively because they started with a mesh of different approaches and tools. “Once you get everything on Azure management, you can see how inconsistent a customer’s security configuration was,” says Mushkatin.
Critical security-related resource management tasks for Katikaneni include selecting the correct architecture to integrate your on-prem environment with the cloud, and paying attention to where people store things when configuring your backup process. Without controls, users spread files between various servers.
Cost Considerations
Boyd still finds he must educate customers on the misconception that moving to the cloud will automatically save them money. Savings are possible, he notes, but not for the main value propositions of the cloud, which are time to market, ability to configure the right service for the right job, compliance certification, and security across multiple regions. In fact, he says, you may spend more.
Costs are a hot button for all customers, and mistakes in Azure can slam your own bank account, says Mushkatin. “Before, you ordered hardware, you had to wait, and you had time to prepare properly. Now, you can click and have whatever you want. One client department had six replicas rather than two, and it cost them $10k per month.” Another of his customers forgot to change the verbosity setting on a log report and generated terabytes of useless data during a stress test. “It’s a pay-as-you-go model with easy acquisition, and you can waste a lot of money,” Mushkatin notes.
License management is one way to save money. Licenses, especially for Microsoft Windows Server with an enterprise agreement, may be used with Azure systems, explains Boyd. “Use Azure Hybrid Benefit to apply those licenses and reduce your Azure service cost.” The same goes for Windows Server VM and SQL Server licenses.
Besides better license management, Boyd suggests training yourself to think of servers as a utility cost, not a sunk upfront cost as in the past. “You pay for real consumption, and every provisioned unit.” Poorly configured servers with more RAM, CPUs, and storage than necessary cost extra money every minute. Even properly configured workloads should be turned off when unnecessary, such as virtual desktop infrastructure instances after hours.
Boyd also likes to save on servers that run constantly but don’t change. “You can create a volume discount for reserved instances or reservations for configured servers that stay the same.”
Finally, he suggests learning to use subscriptions in Azure, which function like a boundary in billing and access control, then use Azure Management Groups to control those subscriptions.
Learning Curve
Most channel pros, and increasingly many of their customers, know they need to go to the cloud, and Mushkatin doesn’t sugar coat the challenges of Azure management such as the hundreds of services in Azure that all send out release notes. “You have to keep up with everything,” he stresses. Menu redesigns may annoy your customers, but API changes will break your applications.
Hardware techs will need retraining, says Boyd, because “Azure deploys with code,” not hardware.
Channel pros may want to follow Katikaneni’s playbook on that. Since his company went all in on Azure in 2015, his techs got up to speed quickly because the company trained a few at first and then they helped the others.
Image: iStock