Migrating an Application to Azure Cloud

This post covers a non-profit's on-premise application migration to Azure Cloud and the Cloud services implementation models that can be used to deploy applications to Azure.

Overview

A large, not-for-profit organization in the United States used a Result Management System (RMS) web-based application to store data about its members and donors. The web-based application was deployed on-premise, which presented a number of challenges.

In the following sections, we will discuss the use case, benefits, and process of migrating to Azure using the RMS application as an example for Azure through Cloud services implementation models.

Client Snapshot

• Not For Profit organization serving half a million Chicagoans. 
• 5000+ employees

Current RMS application architecture and deployment setup:

• Built with ASP.Net 4.5.
• Hosted on-premise in a data center on a single instance server.
• Can be accessed from the internet.
• Relies on Windows authentication to authenticate users.
• Uses a standard Microsoft SQL Server 2008 database for storing application data.
• Connects to the production databases using a service account.

Challenges associated with on-premise hosting

• Maintenance is highly manual because the application resides on-premise and the database is on a different server.
• No automated system exists to show application exceptions without looking into logs.
• Third-party config tools and a substantial amount of manual effort is required to deploy any new enhancements or issues.
• The existing application lacks centralized navigation to browse different pages and is not prepared to be scalable or integrate with any new systems in the future.
• The lack of role-based access creates a high risk of exposure for all user data.

Compelling reasons to migrate to Cloud

• Greater ease and control in application maintenance through an intuitive dashboard.
• Introducing an interactive maintenance dashboard makes both the application and database available in the same place.
• All application and database exceptions can be tracked through Azure to reduce the amount of time spent identifying them.
• The deployment of new enhancements or issues can be handled through IDEs like Visual Studio and requires significantly less configuration.
• Completely centralized navigation is provided as part of the enhancement and upgrade, which delivers greater flexibility to move around the application.
• The centralized navigation and role-based access enhancement provide more control over data exposure.

Azure Platform Overview

Azure is Microsoft’s application platform for the public Cloud. It allows applications to be deployed to it in various models. It is used to:

• Build a web application that runs and stores its data in Microsoft data centers.
• Store data while the applications that consume this data run on-premise (outside the public Cloud).
• Create virtual machines to develop and test or run SharePoint and other out-of-box applications.
• Offers a wide range of services and the ability to develop massively scalable applications with many users.

Key benefits of hosting in Azure

• Azure is development-focused.
• No need to buy or maintain any infrastructure.
• Easy scale-up and scale-out in the Pay-As-You-Go model.
• Developer(s) with .NET skills can develop and migrate applications on Azure by learning Azure SDK.
• 99.95% SLA for hosted applications.

Azure Migration Considerations

There are several key points that need to be considered when migrating an application to Azure:

1. Application compatibility — Analyze if the application is architecturally fit for Windows Azure before moving.

2. External/internal dependencies — Check if there are any external application dependencies if they need to be analyzed, and if they are accessible through Azure.

3. Application class — Verify how the application is classified in the business. Business-critical and LoB applications demand high availability.

4. Application integration — Check whether the candidate application is integrated with other on-premise applications and shared services.

Azure Migration Methodology

Migration Strategy & Approach

UI Analysis

1. Analyze whether the User Interface can be migrated to Azure directly in the PaaS model

Web applications and web services in non-cloud solutions can be mapped to Windows Azure web roles, while the non-web applications are kept on-premise. Re-engineering work is required to modify the existing web application code to use the Windows Azure SDK. This is to ensure that it runs on Windows Azure as hosted Cloud service. In addition, the library may require modification or will have to be rewritten if using any third-party framework or class library that is not supported by Azure. In the case of the IaaS model, no code changes are required. Instead, the entire server image will be migrated to the Windows Azure virtual machine.

• Database compatibility – analyze whether the existing database is the best fit to migrate to Azure.
• Application maintenance/management – identify how the logs are maintained and where they are stored.
• Scalability/elasticity – identify whether the application design supports scalability as Azure supports it.
• Compliance requirements – check if there are enterprise compliance and regulations that govern whether the data can be moved/stored outside the enterprise’s control.
• Cost – validate whether moving the application is cost-effective for the organization.
• Security – clarify whether the same level of security can be provided after migrating to Windows Azure in terms of Data security Authentication Authorizations.

2. Transactions / Session Handling

Session State Management

In Azure, each web role instance runs on its own VM server and is configured behind a load balancer. The ASP.Net session state is not automatically shared across instances in this load-balanced environment. Various approaches to address this are as follows:

1. Session state management using Inproc — Inproc session state may be the best-performing option and is the default state management unless overridden. In load-balanced environments such as Windows Azure, this will only function for single-instance setups. If more than one instance is used, it might result in inconsistency.

2. Table storage session provider — It is a subset of the Windows Azure ASP.NET providers specifically designed and written for use in Windows Azure. The table storage session provider is a custom provider that is compiled into a class library (.dll file), enabling developers to store session state inside Windows Azure table storage. This approach is relatively low-cost, well-tested, and ready for consumption, with almost no re-engineering work required.

3. Windows Azure SQL database session provider — Windows Azure SQL database is essentially a subset of SQL server. It can also be used as storage for the session state. With just a few modifications, it can be derived from the SQL server session provider. When used with the existing database, it is cost-effective.

4. Windows Azure cache:

1. In-role cache allows caching. It uses a portion of its memory for the web or worker role instances that host an application, or with a dedicated one deployed to Windows Azure Cloud services. One does not have to pay any premium for the cache.
2. Azure cache preview gives access to a secure, dedicated cache that is managed by Microsoft. A cache created using the service is accessible from applications within Windows Azure, running on Azure Web sites, web and worker roles, and virtual machines.

Business Layer Analysis

Windows Azure caching remains the recommended option, despite the debates. Developers and architects could always consider a different option if it suits a given scenario.

1. Authentication and authorization model — Analyze and understand the current authentication mechanism in the application.

1. Check if the same authentication approach in the cloud application can be adopted (for instance, using forms-based authentication).
2. Explore Cloud-based solutions for authentication. Utilize Windows Azure Active Directory Access Control (also known as Access Control Service or ACS) to authenticate users from identity providers when the user attempts to gain access to a web application. These include Microsoft, Google, Yahoo, and Facebook.
   1. Deploy Azure virtual private network to communicate with enterprise active directory.
   2. Use Windows Azure Active Directory with integrated on-premise organization active directory.

2. Interaction with other modules/applications Web services

• They can be converted to Azure WCF services, hosted either as a web role or worker role.
• They can be left as on-premise services and can be exposed through Azure service bus or Azure VPN
• Windows Services: They can be hosted as worker roles.
• Native code: A managed wrapper can be created and deployed as part of an Azure package. It can be consumed from any Azure-hosted service.

3. Diagnostics Support — Windows Azure diagnostics provides non-intrusive capture of diagnostic data and its subsequent data to the Windows Azure storage service. In WA diagnostics, one can:

• Implement custom logging and save the log information to Windows Azure storage tables.
• Push event logs to the diagnostics store.
• Push failed request logs to the diagnostic store.
• Push performance counter data to the diagnostics store.

4. Message Queues — MSMQ is not currently supported in Azure. Azure storage queue and service bus queue features can be used to implement queues in Azure. Azure service bus topics/subscriptions can be used for the message publish and subscribe model.

5. Configuration Changes

• If the application accesses any information from physical storage, it must be migrated to Azure storage / CDN Windows Azure SQL database.
• Check for any hard-coded physical disk paths in the applications. Azure applications should not have any hardcoded physical disk or network access values. For example, The application saves any information to the local system/access information.
• Check for any third-party library or content references. They need to be included as part of the Azure package. Provide a session and identify the provider (ADFS / ACS information) in the web configuration file.

Database Analysis

There are three ways to maintain application data while migrating an application to Azure:

1. Reside on-premise
2. Create SQL Server in Azure VM
3. Windows Azure SQL Database (PaaS)

Approaches and Recommendations

1. Analyze the DAL layer and see if any framework/class library is being used.

1. Determine whether it is supported with the Windows Azure SQL database.
2. Frameworks such as Entity Framework (EF) are supported with Windows Azure SQL Database. The DAL layer code must be rewritten if using any third-party class library or framework that is not compatible with Windows Azure SQL Database. This is to achieve compatibility with the database.
3. Windows Azure SQL Database supports only SQL authentication. Consider whether changes are needed to the authentication scheme in the application.

2. Determine whether all data required by the application is in a single database or if it is dependent upon:

1. If the application database uses a linked server concept to interact with another database, it cannot be moved to Windows Azure SQL Database. This is because it does not support the linked server feature.
2. The above problem can be solved using the Windows Azure Virtual Network feature. This is where the on-premise application database is exposed to Azure Cloud applications.

3. Determine the modifications required to be done in the database schema for migration to Windows Azure SQL Database.

1. Run SQL Migration Wizard to have a complete list of all the modifications required for Azure porting.
2. Windows Azure SQL Database demands some constraints on the database schema to be deployed, such as the primary key constraint on all the tables. One should make necessary modifications to the database schema to be ported to Windows Azure SQL Database.

Data Migration Strategy

The application migration strategy should also include a data migration strategy as most of the applications are typically data-centric. Therefore, while migrating applications from on-premise to Cloud, we need to ensure that the users do not see any discrepancy in their data. The application can store data on a disk, in a database, in network stores, and more. Cloud provides the flexibility to persist data in the same way they are stored in the on-premise application. Azure-hosted applications data can be saved in the following ways:

1. Data from Database to Windows Azure SQL Database / Windows Azure storage
2. Static content to Windows Azure Storage (Blob) / XDrive.
3. Message queues to Windows Azure queue storage/service bus queue.

Migration Execution

In the migration of the candidate application (RMS), components are migrated to Cloud in an incremental and independent fashion. At each phase, it was ensured that the application worked with no internal (application) / external (network) issues. The section below explains the migration process for the IaaS options.

New Features Implemented

• SendGrid: New NuGet Package Manager to support email functionality from Application hosted on Azure.
• Timeouts: Handle timeouts in Entity framework and in the application configuration.

Outcome and Future Benefits

Simplified administration — Easier DB management drives operational efficiencies as upgrades and maintenance are handled by cloud providers. Leading-edge tools are more accessible, version control is minimized, and add-on services, like backup and recovery, improve productivity.

Lower cost — Cloud services shift expenses from upfront hardware and software costs to economical pay-per-use operating fees, often with no long-term commitments. Reduced DBA expenses and free open-source tools offset cloud service expenses.

Higher scalability and availability — Cloud DB as a service (DBaaS) offers highly scalable compute and storage resources with minimal capacity constraints. High availability is enabled by automated backups, periodic snapshots, and synchronous replication across availability zones.

Advanced security — Cloud DBaaS are built with strong threat prevention, robust access control, isolated VM instances, IPSec VPN connections, and encryption at rest and in transit. Many offer industry compliance, such as PCI governance, that evolve with changing regulations.

Improved business agility — Cloud-based RDBs, like those in Azure, enable faster innovation, improved staff, and partner access, and expedite time-to-market, often provisioned in minutes versus weeks for on-premise solutions. They also provide increased access to advanced tools and best practices to speed development cycles.

Improved business agility is the primary benefit that enables organizations to make more informed, real-time business decisions. Additionally, application enhancements like a centralized navigation page, and adaptation of toolkits (e.g. SendGrid for Email, iTextSharp for PDF report generation) supporting a Cloud environment, provide greater reachability to various users.

Visualized reports that enhance user decision-making capabilities: