AWS Infrastructure Specific Questions

  1. On Premises IP Address Space Allocation – What address space is being extended – and what is the break up per subnet
  2. Is the Firewall / Palo Alto also meant to filter outbound traffic from each subnet?
  3. Is the Firewall / Palo Alto meant to be the single point of entry for all internet traffic?
  4. Are there currently Certificate Services on the on premises DC? Do we need similar services on the AWS DC?
  5. What is the use case around a) AD DC in AWS b) Identity in AWS (microsoft and non microsoft ADs? Social Accounts?). If identity sync, what is the use case for identities in AWS?
  6. DNS –  Will  ‘conditional forwarding’ be set up in the on premises AD to go to the Managed AWS AD?
  7. What is the primary public/private domain name in use?
  8. Does AD Failover include DNS?

App Specific Questions

  1. Is your application external facing (serving internet users), internal facing (serving internal users) or both?
  2. What are the different types of users of the apps (include all the internal admin users that will be maintaining / administering the app)?
  3. How do admin users users currently log in to app and to the underlying hosts (app servers)?
  4. How does the In Transit / At Rest Data Encryption currently work? Is there a need to encrypt on AWS? Are we planning on using AWS KMS?
  5. Is there an app load balancer in use? If so, what is the plan for Load balancing on the cloud?
  6. Where does the app’s SSL / TLS certificate reside? What type of certificate do you possess (domain validated, company validated……?)
  7. Does your app reach out to the internet? If so, how does your app access the internet? (reverse proxy ?)

Backup / Replication Specific Questions

  • Are we using backup  of VMs  mainly for Backup as a Service or Disaster Recovery as a Service (off-site protection and business continuity with instant recovery)
  • Are the VMs all in vCenter? If so, have we considered using vCenter and AWS Connector for backing up the VM?
  • Is Replication (VM) Required – if so, are we using  SMS or Cohesity?
  • Is SQL Server Replication Required (are we using Native SQL Server Always On or AWS DMS or Backup/Restore)

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.