Office 365: Moving to the Cloud

Customer Segments

When KAMIND migrates customers with fewer than 250 users, our approach differs based on workforce size. We have developed distinct service packages for businesses smaller than 25 end users (be they employees, contractors, or others in the network), 26–75 end users, and 75–250 end users. This helps maintain focus on one of the main deciding factors for small business—cost. It also accommodates growth trajectory, allowing small companies to start small and invest more in cloud IT services only when the return on investment justifies it. These are considerations that KAMIND customers tell us are key to their decision making. Enterprise customers, those with more than 250 users, have different requirements then the smaller clusters, but the needs are very much the same—to reduce ongoing operation costs.

Developing affordable, flexible, powerful cloud solutions has involved a number of interim approaches. Knowing the evolution of today’s IT landscape provides some insight into the current tools available from the major suppliers. For example, prior to 2013, Microsoft served the less-than-75-end-users market with Microsoft Small Business server. Enterprises with more than 75 end users tended to use Microsoft traditional server products such as Windows Server^† 2008R2 and 2012. For a short period between 2008 and 2010 Microsoft offered the Essential Business Server^† (EBS) product family, which was not a good fit for the 75-350 end user market. EBS was designed to provide a graceful path between Small Business Servers (SBS) and traditional Microsoft server products. An EBS Version 2 was under development until it was canceled on March 4, 2010.

The EBS server product offering was one of the first solutions that addressed both on-premises and cloud integration of cloud computing. Its cancelation was a precursor to a change that would be introduced by Office 365. The EBS solution was a three-server solution. It was designed for virtualization and integration of all SBS product features, with remote access and the management tools of System Center essentials. When EBS was aborted, Microsoft lost their leading integrated solution for the 75-plus end user market. This left the traditional Microsoft server products and the Microsoft Online Services to do the job.

The less-than-75 user market has a large set of solutions including Microsoft Home Server^†, Foundation Server^†, Windows Server and Small Business Server^†. In July 2009, KAMIND made a comparison of SBS, EBS, and Microsoft Online Services to determine the return on investment (see Figure 1-2). The crossover point was identified at about 15 users. In other words, with fewer than 15 users, it appeared to be less expensive to deploy Microsoft Online Services than it is to use on-premises services.

As we moved into 2010 and incorporated March 2010 pricing of $10 per user for Microsoft Online Services, the crossover point shifted to between 100 and 150 users. Microsoft Online Services’ price was at $22.50 per user at this time. The corresponding Office 365 subscription E1 is $8 per user today, demonstrating a 65 percent cost reduction.

Open image in new window

So, in March 2010, KAMIND changed its managed services offering to address the new Microsoft Online Services pricing model. We found SBS to be our only option, and it tops out at 75 users. We found that other on-premises solutions were even more expensive.

If we look at the pricing and features of Office 365 today (Figure 1-3), there is no longer a business case to stay on-premises. The cloud-based Office 365 solution is currently the most cost-effective one for any size business. Office 365 today adapts to small one-site enterprises as well as global operations, and it has been growing in size every day. As of late 2013, a reported 69 percent of companies with 20 or fewer employees were using some type of cloud-based IT solution. At the upper end, for example, costs for an enterprise with an on-premises server supporting 1000 users are reduced by 52 percent with deployment of an Enterprise E3 license ($20 per user per month).

Open image in new window

Unless there is a compelling reason to use an on-premises solution, currently available IT resources make it more cost-effective to use a cloud service. There are advantages and disadvantages to whichever solution you use, and you need to understand your business requirements and how well a particular IT approach integrates with your business strategy.

All of us who own or run a business would like to increase efficiency and reduce operational costs. It does not matter the business size. What matters is what customers want. Most customers want the businesses they use for services to be competitive in terms of services and price. In order to be competitive, owners want capability at the lowest possible price. As business owners, we make investments and want our businesses to scale, so we can grow the business and generate resources for expansion.

Once Microsoft reduced the entry prices for online services to as low as $2 per user per month, it became more expensive to deploy on-premises equipment in virtually every enterprise. The challenge for the IT professional is how to help businesses adapt to change while balancing on-premises and cloud requirements. Our approach with all businesses is to examine the business processes of the company to understand the balance. Once the business processes are known, we examine the steps required to deploy a cloud solution to meet the business needs. This is why the approach to the cloud as a solution is so different than a traditional IT solution. The cloud solution for a business is a business process change that reduces the operating costs of the business and improves productivity.

To assist you in your understanding, we have created a small company called Ready Design Custom Cupcakes (RDCC). We will look at RDCC business requirements and how these requirements compare to on-premises and cloud needs for cloud services.

Strategic Overview

RDCC management wants an IT system focused on supporting the LOB applications rather than supporting commodity software. The IT staff at RDCC has submitted a capital expenditure (CAPEX) spending request to upgrade the aging RDCC servers. RDCC management is seeking alternatives to reduce both CAPEX and operational expenses (OPEX).

The following is a summary of RDCC’s IT management requirements with a focus on determining potential commodity products plus a comparison of them with the various business needs to design a solution addressing both on-premises and cloud needs.

On-Premises and Cloud Resource Requirements

Many different arguments are made to justify keeping servers on-premise vs. moving them into the cloud. They range from control over the data (intellectual property rights) to reducing costs. The secret is to look at the problem from a service level, to differentiate services that provide a competitive advantage from those that are a commodity. In other words, identify the business processes, and look at those processes from an IT services point of view that promotes business growth. Differentiate those capabilities from those that are core to the business, but have no strategic value. Commodity services (those that are not core to the business) move to the cloud.

If a cloud migration is approached correctly, you can achieve both objectives—promoting business and reducing cost for core commodity services. This seems like a simple problem, but it is actually very complex. To help address this, we look at the business from a capability point of view, and we will use that point of view to help us in our decision process.

What IT elements will help sustain competitive advantage? That is the overriding question in each of these categories. Each business is different, depending on of its needs. An obvious example is the e-mail capabilities for business. A few years ago, a business needed to place on-site servers to have ownership and control of their e-mail (intellectual property). This need drove the Microsoft Small Business Server market. Today, e-mail is a commodity, so unless there is a different business need for an on-site mail server, it no longer makes business sense (see Figure 1-3) to manage.

In all cases, it is wise to seriously look at the cloud and the impact on the business. At KAMIND we looked at our customers, from the small five-person law firm to the larger 2,000-employee business. We looked at the impact from a commodity services perspective, and in all cases, we found that the cloud cost at least 50 percent less than on-premises equipment. The only caveat was bandwidth (the ability to transfer large amounts of data at fast speeds to cloud services). If the bandwidth was not available, then it did not make sense to migrate to the cloud.

More Ready Design Cup Cakes (RDCC) IT Issues

As noted earlier, RDCC was running on Exchange Server 2007 using ISA Server 2004 as a security server. They were deployed on older Dell servers. In this configuration, RDCC did not have Microsoft software assurance, so all software licenses for the upgrades would need to be purchased. Figure 1-3 shows the current service level breakdown and Table 1-3 shows the deployment cost breakdown for the on-premises and cloud options. The support costs are not shown, but the IT professionals who handled on-premises equipment support know that management of that equipment would require at least half of an IT professional’s time. Both options are listed in Table 1-3.

The RDCC IT manager reviewed the support requested and proposed a budget of $123,000, approximately $10,000 per month. The IT manager expects this will consume half of the on-staff IT professional time at a cost of about $70,000. RDCC management looked at the cost and requested the IT manager do a comparison against the monthly costs using a subscription (cloud) model.

The IT manager reviewed the information and was shocked to see that the on-premises solution costs $7,000 per month more than the Microsoft Office 365 solution. He also became aware that he could free up half of his time not having to manage an on-premises server. RDCC’s management reviewed the financials and chose the Microsoft Office 365 solution, saving $150,000 in a one-year period. RDCC management also committed to having all of their franchise users use Microsoft Office applications as the office standard and decided to deploy two distinct offerings for franchises. At the franchise level, they specified the E1 service with Office Web applications. This allowed the franchise owner to use either the web applications or purchase the retail version of the Office software. At RDCC corporate offices, they can either use the Office subscription service (E3) or deploy the Office 2013 software through a volume license.

RDCC’s decision to use Microsoft Online Services reduced the CAPEX and OPEX for the fiscal year. RDCC IT staff estimated that the deployment costs were between $50 and $100 per person in one-time fees, for a total of $6,000. The $6,000 migration cost for the RDCC deployment was one-fifth the estimated cost of the Exchange 2010 deployment. RDCC management realized that the selection of online services significantly reduced the cash outlay for the organization.

E-Mail Utilization and Retention

RDCC management sought to avoid this type of expense in the future and to make any discovery process more automated and less labor intensive. RDCC policy is to have a 10-year compliance archive segmented into different groups: the factory workers archive is one year, middle managers are two years, and sales and management are 10 years.

Note

Microsoft views an archive as a duplicate mailbox where data is copied from the primary mailbox. In the E1/E2 versions of Office 365, the archive is 50 GB; in versions E3/E4, it is unlimited in size.

There are three types of archives in Office 365: personal archives (local PSt and cloud), shown in Figure 1-4, and compliance archives. Personal archives (local or PST) are files in which the content is controlled by the user. A compliance archive must have data immutability; the user cannot change the data. The Office 365 (versions E1 and E2) personal archives are limited to 50GB. Office 365 archives in E3 and E4 are unlimited in size and can be made immutable (for compliance requirements). The compliance archive is controlled by business policies governed by the organization business processes and federal regulation.

Open image in new window

Network Infrastructure

RDCC has a large, robust network infrastructure to support user requirements of 200-plus employees and franchise owners. The franchise owners’ businesses run seven days a week, from 5 a.m. to 10 p.m. (Pacific Standard Time).

Open image in new window

To keep the network capability as it is, RDCC IT staff was faced with upgrading an aging on-premises data center with the latest Intel® processor-based servers from Intel, Dell, or IBM. The IT design staff proposed replacing the data center in Figure 1-5 with an Intel Server. The RDCC IT staff felt that this approach would provide the most comprehensive set of features for the cupcake virtualization and would accommodate growth. The unresolved issue was how much to deploy on the Intel Server vs. the cloud.

The Intel Server is 6U in size and allows up to 14 high-speed SAS drives to be arranged in a data storage pool. RDCC IT staff is planning to use the 1TB SAS drives, which allows a storage pool size of 14,366GB, with an online hot spare. As far as RDCC IT staff is concerned, this allows them to reduce the size of the data center (Figure 1-5) to a single 82-inch rack. RDCC IT staff selects the Intel Server over other vendors’ products based on the following considerations:

• Lower power consumption

• More flexibility in adding computing capacity

• Intel Xeon 6-core processors will enable support up to 12-24 virtual machines with a combined memory size of over 256GB

• Fault-tolerant compute module support with auto failover

• Fault-tolerant storage module with external SAN support

To help them in their decision process RDCC IT staff modeled storage pool consumption on the Intel Server test drive site (see www.intelmodularserver.com ). This site allows them to try different configurations and out-of-band management systems to develop the best solution. Figure 1-6 shows a storage pool view of the Intel Server with a modular server with a RAID 1 and a RAID 5 subsystem.

Open image in new window

The Intel Server allows for organizing the Storage Access Network (SAN) or the attached SAN into a set of storage pools. The storage pools are then allocated to the individual compute module. In Figure 1-6, they added two SAS drives to the storage pool. However, when they built their virtual drives, they decided to organize the data in a RAID 1 configuration. KAMIND recommends that the RDCC IT staff deploys the Intel Server storage with a global hot spare.

Information Security

RDCC’s information security requirements are similar to those of most companies. RDCC wants to make sure their data is kept private. They want to control access to their data and the computing resources. These are their business needs. RDCC doesn’t want to use any cloud service that required an intellectual property transfer. Some cloud services companies use IP rights assignment as a way to sell additional product and services to the companies’ employees.

All of us have heard of reports of credit card numbers being stolen from retail store point-of-sale computers. How about a government employee leaving a laptop that contains thousands of social security numbers in a car and that laptop is stolen? There are countless stories of identity theft. The stories all come down to this: How safe is your data? The safety of your data is what information security is all about, and the crux of the problem is data access and control.

Realistically, it does not matter where your data is located. It can be safe anywhere—with the right precautions. The processes and security around your data and how it is controlled is what matters. As an example, does the network administrator have access to your e-mail? What password policies are in place to ensure that your data is under control? What is the physical security like? Who picks up the trash in the evening in your data center? Who has access after-hours to the information? All that matters is how data is managed. Data loss prevention is critical for RDCC’s business to ensure confidential information stays inside the company and there is no IP rights assignment to use the Office 365 cloud service.

There are many aspects of physical data security. Figure 1-7 is a picture of a Microsoft data center. All server access is controlled and limited to a few select individuals. Microsoft also has controls on who accesses the data. This is a critical aspect of data security that is often overlooked.

Note

Microsoft’s policy is that the customer owns the data, not Microsoft.

Microsoft believes that the data is owned by the customer, and the customer has 100 percent control over the data. To put this in perspective, the customer must grant Microsoft permission to access the data. This philosophy limits data access and establishes the controls necessary for data security.

Open image in new window

The next part of data security is built around the standards necessary for access and control of the data. The Microsoft software design philosophy is built from an idea of secure code design. Secure code design means that the software is designed using best practices from the ground up. To put this in perspective, the code in the data centers is built from a best practice software design known as code secure. Michael Howard and David LeBlanc wrote the Microsoft book Writing Secure Code. This is a must-read book if you are doing any software development.

Writing Secure Code walks a developer through the process of software development and describes the way to prevent attacks on software. This book provides examples of how software developers must padlock their code to prevent unknown attacks. The philosophy of Microsoft security begins at the core of the product design lifecycle—the developer. If you do not put the correct processes in place, then the products built on top of those products will not be secure. This philosophy of security permeates modern Microsoft products as well as the data center.

Note

Employ a risk-based, multidimensional approach to safeguarding services and data. All products must go through the secure development cycle to release code publicly. The secure development lifecycle ensures threat development management.

Microsoft supplies a multi-tenant architecture based on Active Directory and built from secure code design. Microsoft has scaled the data security problem and discovered the weaknesses of various security products. Microsoft discovered that when a deployment is scaled beyond certain practical limits, security issues that no one else has thought of emerge. Microsoft deployment of the Exchange data infrastructure goes beyond the limits of whatever has been tested before. Microsoft has greater than 40M mailboxes that use Windows Azure Active Directory security. Microsoft augments the design with data access policies that prohibit the unauthorized access of data. To ensure compliance, these policies are monitored automatically within Microsoft Office 365 software, a feature that meets RDCC design goals.

Open image in new window

With its security requirements met, RDCC is ready to use the Windows Azure Active Directory services (see Figure 1-8) to manage the entire business and ultimately move all on-site servers to the cloud and Office 365. The following are approaches to achieving this phased “migration.” RDCC’s long term plan is to move the database to a hosted service in Azure and add a WordPress site that will be integrated to the Office 365 environment. RDCC felt that Azure allowed the company to expand to the cloud for all commuting services in a secured manner.

Cloud Requirements

The commodity products that are readily available externally include Microsoft Exchange, SharePoint, web conferencing, virus management, and spam/virus filters. RDCC IT estimated that 35 percent of their IT resources could immediately be saved by moving to the cloud.

Migration Cost and Approaches

Granted, Table 1-4 (covered earlier in the “Desktop Support and Upgrade” section) makes many assumptions about hardware and software costs and support. However, it provides a good illustration that the total cost of ownership is quite different if the costs of server upgrades and software upgrades are considered. That is, when one compares apples with apples.

If it takes at least three years to receive a payoff from an on-premise solution, it is worthwhile to look at the cost tradeoffs and other business and technical assumptions. As an example, Table 1-2 illustrates cloud deployment costs to be less than 30 percent of the deployment costs for an equivalent on-premises solution for 50 people.

It is possible to overlook the deployment costs associated with hardware, software, infrastructure, and security required for a server-based solution. The other factor for migration to the cloud depends on employees. Small business migration can be greatly aided by IT skillsets among employees—and on whether they have accepted the migration as a positive thing. It is good practice to involve end users in the planning and transition, and to thoroughly communicate its benefits at key points in the process.

The cloud migration cost for small organizations will vary depending upon the organization skills. Office 365 migrations are about business process changes. In organizations that tend to have well-known business process, migration is quick. Organizations that change the business process experience longer cloud migration.

The business process change for a 20-user business may involve creating a program to train administrative assistants in handling the day-to-day issues like password changes, spam issues, and Outlook configurations. In this specific case, there was an initial cost in setting up the training, but rapidly dropped as soon as trained administrators took over.

Contrast this 20-user migration with an international organization that was more end-user literate with computers and technology. This was a 35-person company that was migrated to online services in three days across four different countries. The users were migrated from an on-premises solution to Microsoft Online Services.

Larger companies are business process driven. As an example, the migration of a 400-person public library in Denver Colorado had two business goals: to reduce operation costs and to retrain IT staff on new technologies. The technical migration was simple; move mail from server x to the cloud. However, the business process change was complex. In this case, a program was designed to grow grass roots support in the company and build a peer user support network. The migration, which was originally forecasted for four months, reduced the schedule by one month. Office 365 is about business process changes and how to empower and organization to embrace the change.

The migration environment differs depending on the business. Some businesses are running under the Microsoft Active Domain architecture, such as SBS or equivalent. In some cases where there is a non-Microsoft OS, the mail migration cost depends on the OS where the mail and documents reside. There are other factors in the migration costs, and the solution comes down to the business processes.

Remote Monitoring with Windows Intune and Systems Center

Remote monitoring and management allows a group of computers to be managed and controlled from a central location. The rationale for remote management and monitoring is to contain operations costs. As organizations’ computing infrastructure becomes more complex, we are always looking for ways to reduce the complexity of the environment. There are many different sets of remote management and monitoring tools. Typically, remote monitoring is looking for a way to aggregate data to allow a proactive analysis of the work environment. Figure 1-9 replicates the Windows Intune Monitoring dashboard for a typical small business.

Open image in new window

Microsoft recently introduced Windows Intune†, a desktop management tool for inventory, updates, and security policies, which can be purchased by end users through Microsoft Online Services. The Office 365 user accounts are linked into Windows Intune, providing better desktop management. It is highly recommended to deploy some type of tool to determine systems health. Office 365 requires that the desktop user systems be up to date and patched with the latest security patches. These desktop management tools are used to identify problems so proactive action may be taken to resolve issues before they become serious problems and affect business continuity.

Optimizing Core Services with the Cloud

Core services are those basic services that all businesses require including e-mail, file and print services, and document storage/management. Internal web sites, web/video conferencing, and instant messages are core cloud services that are also used in day-to-day business. All other services used to conduct business can be best described as LOB applications or services on-premises. When we look at the core services, we are looking for ways to optimize the business for productivity and operating efficiency.

Business Efficiency

Optimizing business efficiency involves looking at the core services that make businesses work and making them work as well as possible (see Figure 1-12). Supporting core IT services on-premises involves hiring information technology workers, ordering new server software, and planning migration of users on workstation software to support the new software releases. This is an ongoing struggle in all businesses, and it costs resources to perform it adequately.

Open image in new window

A complete cloud services migration involves moving the on-premises infrastructure to the cloud. As noted earlier, moving to the cloud can allow businesses to either reduce the IT support staff necessary to maintain the on-premises solution or reallocate the resources for different IT projects. Operational costs can be reduced for additional services such as business continuity and disaster recovery. These services are standard with all cloud services partners. Microsoft Online Services offers 30-day mailbox content and SharePoint recoverability and 14-day recoverability on a mailbox deletion. Additional Microsoft Online Services include e-mail point-to-point encryption and immutable compliance archive (such as legal hold and the Finra – Financial Industry Regulatory Authority ( www.finra.org ).

Typical migrations involve removing on-premises e-mail (the internal SharePoint web site) to Microsoft Online Services and centralizing conferencing from a third-party supplier to Microsoft Live Meeting. There are sometimes differences in the user interface, but the Microsoft Online Services Business Productivity Online Suite helps resolve them. Services that are left on-site are designed around existing LOB applications using CRM systems and SQL LOB applications, as well as the traditional file/print services.

Next Steps for RDCC

Before RDCC migrates their business to the cloud and Office 365, there is planning to be done. To help plan for the migration, the management team attended a demonstration event as participants in the Microsoft Experience Center (MEC). The MEC demo walks the user through the experience using different persona to fully understand the capabilities of Office 365. This is a key step in the planning cycle for Office 365 migration. As RDCC looks at their business in detail, they will go through a typical planning and evaluation process. Office 365 migration is smooth, but it is essential to plan and test. The next few chapters will detail RDCC’s experience.