A critical component of successful cloud migrations is AWS Well-Architected Review (WAR) landing zones — hospitable cloud environments defined by standard, secure cloud infrastructure; policies; best practices; guidelines and centrally managed services. Landing zones are safe ports of entry for migrated IT assets.
Creating landing zones is inherently complex, and traditional methods of manual configuration often introduce errors that make migrations inefficient and less secure.
To appreciate the importance and challenge of creating Well Architected landing zones, consider the analogy of a large group of people who decide, en masse, to resettle their community on another planet. Leaving behind the infrastructure of their lives on Earth — houses, jobs, roads, governance and a breathable atmosphere — they board a spacecraft and rocket toward a new home.
If before departure the travelers arrange for the construction of a suitable landing zone on the new planet, they’ll experience a smooth transition and begin their new lives on firm footing.
But what if the contractor has experience building landing zones suited to the environment on Venus but not that of Mars and the landing area is pocked with potholes or the landing strip is crooked or too short?
“The way that you make a secure landing zone in each cloud is fundamentally different,” said Philip M. Gollucci, Director, Solutions Architecture and Centers of Excellence Cloud Lead at T-Rex Solutions, LLC.
Space travelers and cloud migrations suffer when they rely on poorly configured landing zones. In both examples a crash is possible — but even that isn’t the worst-case scenario. “If you’re lucky, it ends with a crash,” Gollucci said. “If you’re average, it ends with an explosion: Crashes are recoverable; explosions not so much.
The uncertainty that poorly conceived, manually configured landing zones introduce means that “you literally have no idea what’s going to happen next,” he said.
The Solution: More Automation, Fewer Errors
To facilitate cloud migrations, government agencies are turning to solutions that automate the configuration of cloud landing zones. These prebuilt areas hold necessary capabilities and controls — for the benefit of people, processes and tools (DevSecOps teams) — required of IT assets migrating to the cloud from on-premises environments.
“You really want to make sure you have the correct security, the correct configuration, and that it’s maintainable over time and monitored in the correct way,” said Jason Keplinger, Chief Technology and Innovation Officer at T-Rex Solutions, LLC.
A robust product can implement landing zones in multiple cloud environments in support of agencies’ hybrid, multicloud solutions. Automated configurations enable faster, simpler, securer and more efficient migrations.
To that end, automated tools provide Secured, Managed, Infrastructures, Landing Zones, and Environments (SMILE). Features of the best tools incorporate use of Infrastructure as Code (IaC) and Continuous Configuration Automation (CCA), which align with and embed current best practices, before deployment.
“It’s important to have processes laid out before you put applications or data into a cloud environment so that you’re setting yourself up for a good authority to operate,” Keplinger said.
An expertly configured landing zone provides benefits well beyond the initial migration. Consider again our intrepid interplanetary travelers. A well-conceived, comprehensive landing zone will provide infrastructure to establish their colony and a path to prosperity with adequate shelter, security protocols, rules of engagement, community policies and enforcement, and means to centrally manage common community interests.
Similarly, automated landing zones smooth the process of cloud migrations — during the initial transfer of on-premises assets to the cloud and extending into the operational phase.
This article is an excerpt from GovLoop’s recent report, “Landing Safely in the Cloud: Automated Landing Zones Reduce Manual Configuration Problems.” Download the full report here.