Why Cloud Migrations Fail (A partial list of questions)

A staggering number of cloud migrations fail (even Google couldn’t give me an exact figure, but search for ‘cloud migration failure rates’ and you will be astounded).

This is all the more puzzling considering the advanced nature of the tooling and the infrastructure available in/on the public cloud today.  These questions are based on real-world migrations and range from the very basic (is it internal facing, external facing), to seemingly innocent (does the app use external APIs?) to advanced questions around the High Availability Requirements of the app.

In my humble opinion, neglecting to answer these cloud readiness questions is a sure fire way to ensure failure (or at least, suffer serious setbacks).   Some of these questions are truly Make or Break. If you don’t address these upfront, you have zero chance of moving your app successfully to the cloud.

1. This questionnaire is now app agnostic and can be used for J2EE, LAMP, ASP.NET apps – and also includes the Kubernetes, Microservices and Containerization use cases in the full version).   It doesn’t apply to Data Warehouse migrations (see Why data warehouse migrations fail (upcoming post))
2. This is only a partial list of questions..For a true cloud readiness assessment, several important questions around microservices, identity etc. need to be considered.

General App Questions To Ask Before Migration

IaaS or Paas? (also read, Before you PaaS out)

• The choice between IaaS and PaaS can be tricky.  Look closely at each tier of your app. For e.g., if you have customized IIS modules in your web tier, chances are you will not be able to leverage Elastic Beanstalk or Azure App Services PaaS offerings.
• PaaS should always be a first choice. However, there are several gotchas around whether your app can be hosted on a PaaS platform. Remember that PaaS is both volatile and largely, inaccessible (underlying resources are not accessible).
• IaaS can be a failsafe option, however, it comes with it’s own set of challenges. Do you want to be responsible for maintaining the OS patches and updates?  Do you have a staff to handle day to day maintenance tasks (e.g. DBA tasks)?

Is your current technology stack supported?

• Obviously, figure out whether your current stack is supported on the cloud’s PaaS model. For example Google’s app engine supports a limited number of runtimes, whereas app engine flex supports most of the popular runtimes (LAMP, Java, .NET, Python…)
• If PaaS is not going to work, look towards IaaS. However, be aware of the fact that ancient runtimes (e.g. .NET 1.0 and 1.1) will still have difficulty finding a home on the cloud.  Windows Server 2003 images (AMIs and prebuild server images) are not even available on the public cloud anymore. (For options on moving legacy apps, you will need the full questionnaire..)

Do you have Baseline Performance Metrics?

• Before you test your app on the cloud, ensure that you have a baseline of performance metrics from your current, on premises deployment. I used a tool called StressStimulus (alongside Fiddler) to get my performance baselines. While Fiddler alone can suffice, the ease and user friendliness of StressStimulus saved me time.
• Ensure that you run the same performance tests on your cloud deployment to really gauge the difference.

Internet / Intranet / Web Visibility Questions

• This is one of those questions that often stumps my customers. Not because it is hard to answer, but because it seems inconsequential.
• Is your application external facing (serving internet users), internal facing (serving internal users) or both? (There’s a lot of firewalling, subnetting, NATing, Proxying and NACLing that needs to happen to accommodate the answer to this question). The cloud readiness of your application is highly dependent on it’s existing visibility.

In Transit / At Rest Data Encryption / Certificate Services Related Questions

• at Rest data encryption is fairly straightforward to accomplish (for e.g. AWS’s S3 buckets offer SHA256 encryption as default). Your buckets, your EBS volumes – everything can be easily encrypted at rest.
• In transit data encryption is up to the customer. From your data center to the cloud, you would need either VPN (and correspondingly IPSec encryption) or a DirectConnect (which is unencrypted by default).
• For your web servers, it is easy to obtain SSL/TLS certificates using Certificate Services provided by all public clouds. These are convenient because they will ‘renew’ your expiring certificates on your behalf. See also ‘Load Balancer Questions’ towards the bottom.

Connectivity to the Cloud

• Do you currently have a dedicated pipe (DIrectConnect, ExpressRoute, Cloud Interconnect….) to the cloud? Do you have a Cloud VPN connection?
• Do you anticipate migration large (TBs) worth of data (for e.g. large DW databases)?

N-Tier Related Questions To Ask (Mostly, make or break questions)

Caching Model

• Which app tiers utilize caching (e.g. asp.net output caching, application caching)?
• What type of cache (e.g. Memcache….) does the app use? Is there a ‘cloud equivalent’ of the caching product?

Data Access Layer Questions

• Does your app use an ORM layer or a regular Data Access Layer (CRUD layer)?
• How are credentials passed from the DAL tier to the Database? How would this map out on the cloud?

Web Services and Middle Tier Questions

1. Does the app consume any external web services (Google APIs, Geo Location etc.)?  This seemingly innocent question can have repercussions on how your network is structured in the cloud. With private subnets lacking any route to the internet, you may have to opt for a NAT gateway or a NAT instance just to make your API call.
2. Does the app expose any APIs? If so are they RESTFul, SOAP or both? This again, can have repercussions on the subnet that hosts your API layer.

Data Tier Questions (Make or Break Questions)

• Included only in the full list of questions

Reporting and Data Analytics Within the App

• Reporting and analytics questions are included in the full list only

Infrastructure Related Questions – Make or Break Questions

HA and Clustering (See also Failover Options in the Cloud)

• For each tier, describe the clustering? Is your web server clustered? Is your database clustered? How were you planning on mapping these to the cloud ?
• More questions in the full list of questions..

Load Balancing (included in the full list of questions)

Proxies, Reverse Proxies…More (included in full list of questions)

The Number One Reason App Migrations Fail (The Cloud’s Dark Secret)

This perception of ‘elasticity’ is highly damaging.  Elasticity can certainly provide you with more memory (in the form of additional instances) when one instance runs short on memory, but you need to ask ‘Why is this running out of memory’? There is no substitute for hands-on performance tuning each of your tiers.  The cloud isn’t magic.  It’s not going to resolve memory leaks in your application.

Diagnosing memory usage issues requires time, dedication and sophisticated tooling. However, the results are usually so enlightening that, once addressed, you may be able to run your app on the smallest of instances. So  again, bigger isn’t better. Bigger just means ‘Find out why I cannot work with smaller instances’?

In my experience, no public cloud provider comes right out and admits this. After all, the more instances you provision, the more you get invoiced. In addition, most cloud services have limitations. For example your elastic load balancer cannot scale indefinitely and at some point will shut down (and leave you with a humongous bill before it shuts down).

Even if you answer all of the questions above, if you had a leaky app to begin with, the cloud isn’t going to make your app performance any better (at least not long term). You WILL need to hire a professional troubleshooter to diagnose your app.

Summary

This is a partial list of some of the more important questions. For a full list of questions, consult

• anuj.com
• For cloud migration projects or cloud consulting on AWS, GCP or Azure, contact Cloud Migration Architect

 

Anuj has helped diagnose thorny performance issues in n-Tier apps. Contact SHI Cloud Solutions for your next cloud assessment.  To set up a free consultation with Anuj,  pick a slot that works for you. For speaking opportunities, contact Anuj on SpeakerHub.