In today’s IT climate of increased appetite to virtualize data and workloads, many organizations are struggling to determine the smartest move for their IT environments. Making the journey to the cloud should include a trusted advisor to help with decision-making, and possibly also with executing and managing the move. Saab Sensis selected Sirius to help them implement a practical, optimized cloud migration strategy.
Part of the global Saab Group, Saab Sensis provides solutions for the international air traffic control, airline and airport operations markets. The company brings together decades of advanced radar, sensor and related expertise to meet the changing needs of these worldwide aviation markets.
Saab had a desire to be more diverse and redundant, both locally and geographically. Executive management made the decision to migrate their main on-premises data center and applications to the cloud. This move will decrease overhead spending and increase efficiency and optimization, while minimizing downtime.
The cloud solution
Sirius identified and implemented a unique cloud solution that helped Saab Sensis migrate the air traffic management application and related infrastructure—including Windows, webserver and database environments—to a hybrid public cloud environment hosted within the Amazon Web Services (AWS) cloud.
The migration utilized best practices for design and security and increased the reliability and efficiency of the legacy infrastructure. A rehost strategy was chosen, which involves moving applications from the on-premises environment to the cloud without modification. This method is commonly used to migrate large-scale legacy applications in order to meet specific business objectives, such as an accelerated product launch timeline.
AWS Landing Zone—a solution that helps clients quickly set up a secure, multi-account AWS environment based on AWS best practices—was deployed to create the initial account structure. The Landing Zone was deployed with AWS CloudFormation templates from the beginning, significantly simplifying expansion and repeatability. The project included additional manual and automated buildouts and migrations using CloudFormation templates.
AWS Identity and Access Management (IAM) was implemented utilizing the best practice methodologies of least privilege and separation of duties. Migrations were accomplished using tools such as AWS Server Migration Services (SMS) and Database Migration Service (DMS).
The initial cloud infrastructure consisted of multiple AWS accounts—including master, network and security accounts for separation of duties. The migration took advantage of these core AWS services:
|Landing Zone||Role Based Access Control|
|CloudTrail||Identity Access Management|
|Customized AMIs||IAM roles|
|EBS||Security Groups, Palo Alto Firewalls|
The project also utilized granular, least-privilege access control built into various IAM roles and groups for both cloud brokers and cloud consumers, including multi-factor authorization (MFA) for the root user.
AWS Cloud Network Infrastructure
- CloudFormation for easy, repeatable and versioned deployment of account settings, virtual private cloud (VPCs), transit VPCs, and transit gateways
- Security groups
- Direct Connect for dedicated connection to a primary data center and a colocation facility
- Palo Alto Networks VM-Series firewalls
Below are examples of architectures, best practices and specific designs used by Sirius during this implementation.
The cloud data center benefits
The new cloud data center allows Saab Sensis to realize a cost savings while having a more resilient infrastructure that also deploys applications faster. Sirius also provided the following benefits to Saab through this project:
- Highly available, optimized and secure application cloud infrastructure
- Globally available and resilient to worldwide customers
- Quicker time to deploy and update applications
- Cost savings and global reach
As the result of engaging an experienced technology partner, the Saab Sensis cloud migration was strategic, and resulted in a well-architected Landing Zone. The secure, optimized and resilient services necessary to ensure a speedy and cost-efficient cloud migration effort were provided. Using this migration as a stepping stone, Saab Sensis continues to build its cloud to better serve its many worldwide customers.
Sirius is committed to helping clients with projects that ensure future needs can be met. Our team of certified cloud experts continues to meet with Saab quarterly to assess progress and to discuss future improvement opportunities for:
- Cost optimization: right-sizing services, resource reservation, leveraging spot instances, monitoring and analyzing service usage and cost
- Application optimization: performance, function, and design
- Process optimization: develop process automation
- Operational optimization: operations support systems and infrastructure as code
- Security review: protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies
No matter where you are in the cloud implementation process, Sirius has a team of certified cloud engineers and advisors committed to helping businesses successfully achieve their cloud adoption goals. From evaluation and design to implementation, financing and managed services, Sirius can help you develop a successful cloud adoption strategy to optimize application and service delivery, while safely migrating, managing and running applications and workloads.