Modernise the IT infrastructure, Improve the DR / BCP capabilities, remove the primary DC that was in the office, improve security and embrace Microsoft 365.
Outline of the Client Brief
Current Technology Stack
Citrix delivery for all users, both in the office and remotely, thin clients and desktops in the offices and laptops had been purchased as part of their Covid strategy to provide connectivity from home.
Primary DC in the office with a hosted backup in Docklands, VMware, flash storage, SRM for DR/BCP, legacy applications on Windows & Linux, on-premise Exchange & email archiving, Airwatch MDM for mobiles devices, 3rd party MFA and a range of other point solutions.
Phase 1 – Review & Strategy
We sat down with the technology leadership and talked through their aspirations, current issues, technology preferences, team skills, budget & timescales. Additional input from senior management and business heads helped to frame the requirements and highlight the current issues that needed to be addressed.
Through a couple of workshop sessions, we developed a broad scope strategy :-
- Embrace Microsoft 365
- Provide greater flexibility for the users, capitalise on the laptop investment and move away from thin client & citrix delivery.
- Move the data centre services away from the office (so a future office move would not be dependant on moving the DC)
- Consolidate services & solutions
- Implement additional security (MFA, Conditional access, locked down BYOD ….)
Phase 2 – Transformational projects
Together with the client we developed a number of projects to transform the environment, this enabled them to see the works in manageable chunks that could be aligned together to deliver the business outcome.
- Microsoft Exchange migration to M365
- Laptop, desktop, phone & device transformation
- Data Centre migration
- Networking (LAN & WAN)
- Telephony & Collaboration
Phase 3 – Project Evaluation & implementation
Each of the project area’s were evaluated individually with options, costs, timescales, effort and risks identified.
Microsoft Exchange migration to M365
The decision to go with M365 was made early on, the team used a trusted partner to assist with the technical migration & hybrid setup, so the team could concentrate on the user migration and business impact.
Key issues & challenges identified were :-
- Users having their UPN as their primary email address
- Public folders had been used as file / email storage for some departments
- Complex shared mailbox environment for some departments
- Email Archive – Millions of emails spanning 15+ years
Laptop, desktop, phone & device transformation
The current technology stack was reviewed with the team and a few workshop sessions outlined the proposed strategy.
- Embracing the M365 platform as much as possible
- Intune MDM,
- AutoPilot deployment
- AzureAD joined & managed devices
- Support for limited BYOD capabilities
- Retirement of thin clients
- Standard naming conventions
- Location based profiles
- Software deployment via Intune
- Updates via Intune Rings
- Compliance policies
- Remote access to applications
Data Centre migration
One of the key objectives was to move the primary DC from the current office location, this would enable an office move to be conducted without the need for moving the DC.
Two major options were considered :-
- Migration to Cloud & remove all On-premise equipment & services
- Remote hosted dual DC’s
The two options were evaluated and 5 year costing models put together, we also looked at the staff capabilities, risks and impact on applications.
The business decision was taken to stay with a traditional on-premise solution with dual hosted DC’s.
Several options around migration were considered, including re-purposing of existing storage technology, “big bang” migration and new infrastructure & greenfield solution.
After a number of discussions and workshops, costing & risk analysis sessions, it was decided that all new equipment would be provided and this then led to a technology shift to Nutanix HCI (Hper-Converged Infrastructure). This provided an opportunity to deploy a scalable solution with inbuilt disaster recovery & replication, micro-segmentation and the ability to build, test and migrate at a pace to suite the business users and IT.
Networking (LAN & WAN)
There was an opportunity to standardise the offices LAN & WAN and deploy standardised solutions & connectivity to the new DC’s.
The existing Firewall technology was retained, but with a new “standard scheme” and this was paired with Cisco Meraki LAN & Wireless products to ease management, monitoring and deployment.
Older SD-WAN solutions were phased out with native firewall VPN’s replacing them.
End-points were secured with Cloudflare Zero-trust products, so the environment & applications can be controlled, but accessible to the users seamlessly both in and out of the office’s.
Telephony & Collaboration
A wide range of products were being used across the offices with a wide range of products and services including Zoom, MS Teams, Video conferencing, audio conferencing etc.
A proposal to migrate all telephony & collaboration to MS Teams UCaaS platform was floated, but was put on hold, but will be re-visited in the future.
Conclusion
Overall the projects became a mulit-year program of change, the business has reaped the rewards by gaining control over their aging environments, reducing their product sets and attack surfaces, improving their security posture and being able to report back to the board around cyber security & risk mitigation.
They have a fully functional high availability platform and feature rich end points providing the user base flexible access to the business applications and services.
The company has a strategy to work towards and have been embracing SaaS products where suitable, reducing the number of “point” solutions and have a standardised and manageable environment.