NeroBlanco Lotus Notes to O365 MaaS
We’re often asked why our Migration as a service offering is more advantageous than any on-premises solution an organisation could wish to deploy.
Typically if a company has decided to host their email in the Microsoft cloud they have already familiarised & accepted all the certifications which Microsoft abides by in their services, like O365 & Azure.
https://azure.microsoft.com/en-gb/overview/trusted-cloud/
Azure IaaS is the same as any other organisation’s data centres, except they are run by Microsoft who manage millions of servers in Azure for tens of thousands of organisations. The Azure servers & services are not accessible at all from the internet unless you punch holes in the firewall to open up ports or you are deploying a service which inherently requires internet access. Within an Azure resource group (where the MaaS servers would be located) other servers in the tenant would never have access to the MaaS infrastructure unless you wish to configure it. We don’t.
We have chosen Azure to host our MaaS (It’s IaaS with our own skin & methodology on the migration) because most organisations are utilising O365 services. We see using Microsoft Azure IaaS servers to perform the migration as an easy side wards step from a governance perspective. Furthermore, they are hosted in roughly the same data centres, so there are speed efficiencies to be had.
Twan wrote an awesome blog on the other advantages of Microsoft Azure Data Centers.
https://neroblanco.co.uk/2017/10/inside-microsoft-azure-datacenter-architecture/
So lets get down to the real nuts and bolts of why our MaaS is better….
Note:- below is only for the migration of data into O365. It does not refer to other supporting technologies like coexistence and directory synchronisation which would typically (although doesn’t have to be) be done on premises.
Security benefits.
- It conforms to the Microsoft trust model (linked to above)
- Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, such as Australia IRAP, UK G-Cloud and Singapore MTCS. Rigorous third-party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.
- The IaaS is secured and disconnected from being accessible from the internet as default.
- We only need Port 1352 access to your domino servers over a VPN.
- You do not need to give us personal AD accounts on your network, or personal VPN access into your network, further restricting what we might be able to access. (but we will need a Lotus Notes account)
- A site to site VPN can be created between our Azure tenant and your servers.
- Access can be restricted to IP addresses for both your data centers, our access & O365.
- We have MFA for all admin accounts to our Azure tenant.
- A dedicated DC & domain is deployed for your MaaS which only has named individuals with access to the servers. Therefore we do not need any access to your internal infrastructure.
- We delete your users data 5 days after the migration is complete, and tear down the servers & logs once the migration is complete.
Performance benefits.
- Azure is scalable, if we need more servers or require higher performance machines we can deploy them in a matter of minutes.
- Because of the proximity of Azure, we typically see a 500 MB/hour transfer into O365. Most on premises migration workers can only achieve MAX 200 MB/hour. (That’s if an on premises internet gateway or VM infrastructure can cope with the number of workers required with concurrent sustained transfers and high availability)
- Your data is hosted on a dedicated Domino Staging server (Server ID owned by you) therefore removing the reliance on your infrastructure to perform the migration.
- We’re using Microsoft pipe to the “internet” aka O365.
- Because we can migrate data quicker, we have more capability to fix migration issues without risking the migration bleeding into the business day.
- We are not impacted by other processes which impact servers and performance in your organisation, like backups or updates.
- If you have a 2 GB mailfile to migrate at 200 MB/hour, that will take 10 hours over night, leaving no room at all for data quality failures (which can be common place). We can migrate at 500 MB/hr which leaves room for break/fix. (assuming Microsoft provision the mailbox in a timely manor)
Process and methodology benefits.
- The migrations will be stress free, as we will be operating it using our proven custom processes and methodology, you can focus on floor walking and supporting your users, VIPs & VVIPs through the transformation.
- No need to have the same technical specialists (for things like VM, DNS, firewall, internet, server support etc) available throughout the night to support any issues on your infrastructure who need to be available during business hours too. (unless we cannot access your domino servers)
- You do not have to configure, install and support all the infrastructure & accounts required to operate the migration. (we do require E3 licenses)
- The migration is tactical and hopefully you will only need to do this once. Is there any point in training your teams to up-skill and perform a tedious migration figuring out a plethora of issues for the first time? They can focus on other O365 technologies and services, along with their day job.