メインコンテンツにスキップ

Post and Parcel Delivery Company

Consolidating and transforming operations

A large post and parcel delivery company handles mail, catalogues, parcels and targeted business communications for customers in 15 countries.

Business challenge

The delivery company is engaged in a large-scale IT modernization effort. They have more than 100 workloads deployed on four hyperscale cloud providers — Amazon Web Services (AWS), Microsoft (Azure), Google Cloud Platform (GCP) and Alibaba (Alicloud) — and in two on-premises data centers. Managing multiple deployments resulted in a great deal of redundant IT work. The company needed to reduce this complexity.

Transformation

The delivery company had already set up integrated monitoring and management across the whole IT estate with a vendor of multi-cloud management services. By taking over multi-cloud management, the vendor removed the company’s internal burden of needing staff with expertise in their different cloud environments.

In the next phase of transformation, seeking to simplify cost control across deployments, the delivery company decided to move workloads to AWS, its preferred provider. An AWS Control Tower management account would provide billing visibility across the entire landing zone, within which migrated workloads reside.

Migrating the workloads from on-premises data centers was delivery company’s top priority.

Results

An Amazon Web Services (AWS) landing zone aligned to security best practices

Predictable costs through a consolidated view of operations

Accelerated project completion—done in a single month

Solution

There were dozens of workloads in the delivery company’s on-premises data centers; 34 were in scope for the initial migration to the chosen AWS region.

The delivery company partnered with Kyndryl to design the AWS landing zone, migrate the workloads, and manage the workloads based on service-level agreements.

Creating the AWS landing zone

Kyndryl used AWS Control Tower to set up the landing zone. An AWS landing zone provides controls for setting up the security posture of the environment and configuring the set of AWS services needed to operate the delivery company’s workloads. The Control Tower automatically creates the connections among AWS services used in the landing  zone, a process that would otherwise require days of manual work. The landing zone includes integration with AWS CloudWatch for monitoring, which simplifies the view of production events and streamlines remediation. With the Control Tower, Kyndryl established an organizational unit within which the delivery company’s multiple AWS accounts are now arranged in a hierarchy for easy management control.

Migrating workloads in waves

Following a well-established methodology used in thousands of migrations for hundreds of other customers, Kyndryl migrated the company’s workloads in four waves, two of which were performed in parallel.

  1. First wave: Using a proof of concept with a limited number of virtual machines, Kyndryl tested the  configuration of a Carbonite migration environment, making adjustments as needed.
  2. Second wave: Migrated all x86 Windows and Linux virtual machines using Carbonite.
  3. Third wave: Moved the Oracle databases and re-platformed on Amazon Relational Database Service (RDS) for Oracle.
  4. Fourth wave: Performed IP changes and user acceptance testing, then handed off to the Kyndryl team responsible for 24x7 monitoring and management.

Securing the workloads

In the earliest design phase, by working with both the delivery company and AWS security team members to identify and assign privileges to roles, set up data encryption, and define risk assessment policies and resolution protocols, Kyndryl determined how the company’s data would be accessed and handled securely. That work informed Kyndryl’s creation of the new landing zone.

Connecting the parts into a whole

Kyndryl configured a Meraki appliance in the AWS region to enable appropriate connectivity within the internal network spaces as well as between the AWS region and the delivery company’s other  production sites in GCP, Azure and Alicloud. Finally, Kyndryl enabled its own multi-cloud management systems to connect to the delivery company’s networks for ongoing monitoring and maintenance of the migrated workloads.

A trustworthy blueprint for future migrations

Kyndryl planned and executed the migration in a single month, without interrupting delivery company’s business. This demonstrated the feasibility of achieving the migration goals in the company’s ambitious IT modernization strategy.

By aligning the AWS landing zone with security best practices, Kyndryl provided a blueprint for how to move fast without compromising security.