Infrastructure Modernization

Strategic Data Center Migration

Enterprise Financial Services
Duration: 6 Months
Azure Migrate, ExpressRoute, Terraform
Table of Contents

Project Snapshot

**Role:** Migration Technical Consultant
**Scope:** Full Date Center Exit (238+ VMs, 60 Applications, 30TB Data)
**Budget:** $500k CapEx Avoidance
**Team:** 6 (1 Cloud Architect, 2 DevOps, 1 NetOps, 1 DB Admin, 1 SecOps)

Executive Summary

Board-Level Risk: Relying on end-of-life hardware exposed the firm to potential catastrophic failure and compliance fines. The "do nothing" cost was estimated at $50k/month in maintenance and lost agility.

Faced with a critical hardware refresh cycle (+40% YoY cost increase) and an expiring data center lease, I led the strategic migration of the organization's core financial systems to Azure. This program was not merely a "lift and shift" but a foundational modernization effort.

  • Objective: Exit Data Center within 8 months (Hard Deadline).
  • Constraint: Zero unplanned downtime for mission-critical SQL workloads.
  • Outcome: Delivered 2 weeks early, achieving 30% TCO reduction and enabling first-time agile deployment capabilities.

My Ownership & Boundaries

I Owned (Accountable): Migration application and server assessment, Migration Strategy (6 Rs), and Cutover Governance.

Team Owned (Responsible): App Code Remediation (Dev Team), Physical Decommissioning (Ops Team), Cloud Architect (Landing Zone design).

Governance & Architecture

To ensure predictability, I implemented a "Ring-based" Migration Wave Model. We validated the target operating model using a Pilot Wave (Ring 0) before touching production data.

Application Profiling & Mapping

A common pitfall in migrations is server-only focus. I led a Service-Oriented Discovery phase using Azure Migrate and Service Map to categorize our 238+ VMs into functional clusters:

Dependency Grouping

Identified "Chatty" application clusters to ensure DB and Logic tiers migrated in the same maintenance window, preventing cross-cloud latency lag.

Business Service Mapping

Mapped IT assets to Core Business Functions (e.g., "End-of-Day Settlement"), ensuring all interdependent systems moved together.

Target State

We effectively deployed an Enterprise-Scale Landing Zone using Terraform. Key architectural decisions included:

  • Identity: Extended AD to Azure via Domain Controllers in Identity Subscription.
  • Connectivity: Hub-and-Spoke topology with Azure Firewall for traffic inspection.
  • Resiliency: ASR (Azure Site Recovery) for block-level replication with a proven 15-minute RPO.
30% TCO Reduction
(vs On-Prem Refresh)
100% SLA Adherence
(During Cutover)
2 Wks Ahead of Schedule
(Delivery Speed)

The Strategy (6 R's)

I utilized Azure Migrate as the central orchestration plane, but the real value was in the portfolio rationalization:

1. Rehost (Lift & Shift) - 60%

Core SQL backends moved via ASR. This minimized risk for stateful workloads.

2. Replatform (Quick Wins) - 25%

Moved IIS Web Frontends to Azure App Service. This immediately offloaded patching responsibility to Microsoft (PaaS).

3. Retire (Cost Avoidance) - 15%

Identified "Zombie Servers" during the assessment phase. Decommissioning these saved $2k/month immediately, fully funding the ExpressRoute circuit.

Security & Governance Enforcement

For this mission-critical migration, we bypassed the public internet for all discovery and metadata collection.

Azure Private Link Architecture

Configured Azure Migrate Projects over Private Endpoints. This ensured that the discovery data from the on-prem appliance was tunneled through a Site-to-Site VPN directly into the Hub VNET via Private Link, meeting the client's "Zero Internet Discovery" mandate.

Network Requirements

Ensured the following ports were opened on the internal firewall for the appliance:

  • 443 (HTTPS): Outbound to Azure APIs.
  • 445 (SMB) & 135 (RPC): Inbound for agentless discovery.

RBAC Matrix

Personas mapped for the migration lifecycle:

  • Migration Lead: Project Contributor.
  • Ops Team: VM & Site Recovery Contributor.

Enterprise Billing Hierarchy (EA/MCA)

Designed the billing skeleton to support accurate chargeback for the 60+ applications across 8 departments. We structured the Microsoft Enterprise Agreement (EA) environment as follows:

[EA Enrollment] ➔ [Department: Financial Svcs] ➔ [Account: Prod Ops] ➔ [Subscriptions]

Managed the transition from traditional EA enrollment to Microsoft Customer Agreement (MCA) to leverage enhanced cost-analysis APIs and unified billing for modern Azure workloads.

Success in large-scale moves depends on the "Socialization" of the plan. I established a T-Minus Communication Strategy to manage business expectations:

  • T-Minus 30 Days: Executive notification & downtime window negotiation.
  • T-Minus 7 Days: Final change-freeze on application code.
  • T-Minus 24 Hours: Final Pre-Flight checklist and "Go/No-Go" readiness call.

Operational Checklists

To ensure "Zero Error" execution, every cutover followed a strict Microsoft-aligned playbook:

Pre-Migration Checklist

  • Verify full data backup & restore validation.
  • Quiesce application services to lock data state.
  • Validate Azure NSG/Firewall rules for migration ports.

Post-Migration Checklist

  • Smoke test: Validate internal/external API endpoints.
  • Inventory check: Confirm AD/DNS propagation.
  • Decommissioning: 14-day "Cool-off" period for source HW.

Roll-back Strategy

The Point of No Return: 4:00 AM (2 hours before business open). If data consistency or latentcy checks failed, we triggered an automated fallback to the on-prem replica, ensuring 100% service availability for the business.

Critical Challenge: Hardcoded IPs

The Problem

Legacy financial apps had hardcoded database IP addresses. Refactoring code would delay cutover by 3 months, missing the lease exit date.

The Solution

I designed a "masquerade" solution using Azure Load Balancer NAT rules and an internal DNS Private Zone. This simulated the old IP schema within Azure, allowing apps to migrate without code changes. We scheduled the code refactor for "Day 2" optimization.

Strategic Business Value

Beyond the technical success, this program transformed the IT organization by aligning with the Microsoft Migration Execution Guide (MEG) framework:

  • Financial Alignment: Shifted from lumpy CapEx spikes to predictable OpEx utility billing, optimized via Azure Hybrid Benefit.
  • Operational Velocity: Reduced VM provisioning time from 3 weeks to 4 hours via Terraform-based Landing Zone automation.
  • Risk Mitigation: Established a "Cloud Foundation" capability, enabling the organization to handle advanced AI and Analytics workloads securely.