There were dozens of workloads in the delivery company’s on-premises data centers; 34 were in scope for the initial migration to the chosen AWS region.
The delivery company partnered with Kyndryl to design the AWS landing zone, migrate the workloads, and manage the workloads based on service-level agreements.
Creating the AWS landing zone
Kyndryl used AWS Control Tower to set up the landing zone. An AWS landing zone provides controls for setting up the security posture of the environment and configuring the set of AWS services needed to operate the delivery company’s workloads. The Control Tower automatically creates the connections among AWS services used in the landing zone, a process that would otherwise require days of manual work. The landing zone includes integration with AWS CloudWatch for monitoring, which simplifies the view of production events and streamlines remediation. With the Control Tower, Kyndryl established an organizational unit within which the delivery company’s multiple AWS accounts are now arranged in a hierarchy for easy management control.
Migrating workloads in waves
Following a well-established methodology used in thousands of migrations for hundreds of other customers, Kyndryl migrated the company’s workloads in four waves, two of which were performed in parallel.
- First wave: Using a proof of concept with a limited number of virtual machines, Kyndryl tested the configuration of a Carbonite migration environment, making adjustments as needed.
- Second wave: Migrated all x86 Windows and Linux virtual machines using Carbonite.
- Third wave: Moved the Oracle databases and re-platformed on Amazon Relational Database Service (RDS) for Oracle.
- Fourth wave: Performed IP changes and user acceptance testing, then handed off to the Kyndryl team responsible for 24x7 monitoring and management.
Securing the workloads
In the earliest design phase, by working with both the delivery company and AWS security team members to identify and assign privileges to roles, set up data encryption, and define risk assessment policies and resolution protocols, Kyndryl determined how the company’s data would be accessed and handled securely. That work informed Kyndryl’s creation of the new landing zone.
Connecting the parts into a whole
Kyndryl configured a Meraki appliance in the AWS region to enable appropriate connectivity within the internal network spaces as well as between the AWS region and the delivery company’s other production sites in GCP, Azure and Alicloud. Finally, Kyndryl enabled its own multi-cloud management systems to connect to the delivery company’s networks for ongoing monitoring and maintenance of the migrated workloads.
A trustworthy blueprint for future migrations
Kyndryl planned and executed the migration in a single month, without interrupting delivery company’s business. This demonstrated the feasibility of achieving the migration goals in the company’s ambitious IT modernization strategy.
By aligning the AWS landing zone with security best practices, Kyndryl provided a blueprint for how to move fast without compromising security.