Mid Market organisations are seeking to better understand the cost models and their ability to innovate in the cloud, they are increasingly challenged as to how to effectively and securely leverage the cloud to transform existing businesses and bring innovative new solutions to market, while keeping core-systems on-premises.
Cloud Solutions Group offers practical and actionable advice as to:
- Determine which applications and workloads are suitable for the Public Cloud and what the cost implications are.
- What should remain on premises.
- Which model is suitable for your business: Private, Hybrid or Multi Cloud.
- Which Public Cloud is best for you.
- Technology selection and Solution architecture of your future state.
- Migration plans
We provide expertise with VMware, SAN- Hybrid and All Flash arrays, Scale out NAS and Hyper-converged technologies and have partnerships with most of the leading and innovative vendors in this space.
We also deliver a range of leading Backup and Disaster Recovery Solutions, whether you are backing up to tape, replicating to another site or planning to utilise the Public Cloud as your Backup target or Disaster Recovery site. We have a range of innovative and proven solutions for you.
When you are planning your next data center refresh, speak to us, we have some of the best engineers and architects in the market and have successfully assisted many customers in transforming their data center services.
Over 70% of Mid Market organisations either have deployed or are planning to deploy a Hybrid Cloud. Hybrid Cloud comes with a unique set of challenges at the network, identity, security, data fabric, automation and management layers.
Cloud Solutions Group has a broad set of innovative and proven solutions that address these challenges.
Some of the solutions we offer are:
Many organisations already have or are in the process of migrating applications and data to the public cloud. One of the greatest challenges is Storage and Data Management and its associated requirements. “Data Gravity” is also a commonly used term in relation to issues associated with migrating large volumes of data to the cloud.
Native Cloud Storage services in the public cloud mostly do not have the necessary Enterprise features and there are 100's of AWS and Azure native storage offerings to choose from, it would be natural to think cloud native is the best in the Public Cloud. This is not always the case.
We need storage that is useful to enterprise applications. Many enterprise applications are simply not written and designed to use native storage offerings like S3. This means you can't just lift and shift an enterprise application to the cloud and expect it to use the native storage. It's better and easier to use a platform that's similar to or an extension of what you have on-premises. This makes migration to the public cloud easier and more secure.
Cloud Solutions Group's approach is to recommend and deliver the right solution for each of our clients specific requirements and projects.
We have a unique and broad set of solutions that solve these challenges:
Cloud Storage gateways:
A cloud storage gateway is an appliance which resides on-premises and translates cloud storage APIs such as SOAP or REST to block-based storage protocols such as iSCSI or Fibre Channel or file-based interfaces such as NFS or SMB. This is really useful as most organisations aren't prepared to use cloud native storage so they use a gateway or translator.
We offer several best of breed gateway solutions that sit on premises and fulfil this role. This includes: AWS Storage Gateway, StorSimple by Microsoft and AltaVault by NetApp.
Cloud tiering is one of the best use cases for cloud storage as it allows you to overcome Data gravity issues. This works as you replicate your data to the cloud, and you are not working directly from your Production data. This is excellent for use-cases like image analysis, as the processing works off your replicated data.
Cloud Backup and Disaster Recovery:
Cloud Tiering enables many Backup, Archiving and Disaster Recovery solutions. It is also good for litigation and legal hold.
Many backup vendors are now calling themselves data management vendors as they use the cloud as a secondary or tertiary tier of data storage. This is one of the best use cases for cloud native storage today. This also includes in-cloud backup solutions for workloads sitting on the Public Cloud. We work with the top Data Management vendors in this space including: Rubrik, Veeam, Commvault, MSP360 and several others.
File/Unstructured Data centralisation and collaboration
Another Great use case for Public Cloud storage is when applications like File servers and CAD/ CAM applications like AutoCad and Revitt can use a local caching solution as use the public cloud as a centralisation and tiering mechanism. This allows them to collaborate in real time as if they're using a local file server across many geographically distributed sites. Cloud Solutions Group works with Partners including Panzura and Talon (now acquired by NetApp and called Global File Cache) to help Architecture and Engineering firms to use cloud as a source of truth and have gateways locally for fast access and caching so the user experience is like they're working from a local file server.
Third Party Enterprise Storage solutions in the Pubic Cloud
Cloud Solutions Group partners with the best of breed solutions including; NetApp’s Cloud Volumes, Pure Storage’s Cloud Block Store, Datrium and HPE-Nimble cloud volumes for Cloud Block storage. These are the leading solutions in the market as they are enterprise storage that lives in the cloud.
This is critical if you're using Virtual Machines and conventional applications in the cloud as they simply just work. It's basically the same software that your applications use in the data centre, so you can be confident that your applications can use it and it works and they won’t lose your data. These solutions have been codified for Systems Engineers and therefore you will ready know how to manage them, as they are what you are used to.
These vendors have worked out how to use cloud native resources in an enterprise way. NetApp has both options, that is a cloud connected array as well a virtual array you deploy directly into the Public Cloud.
Cloud Solutions Group also delivers VMware on AWS and VMware on Azure, as these are great options as they deliver a common platform and management plane to run your applications. You already know VMware works and how to manage and use it. It can make sense to use it elsewhere. It's practical and it works.
For organisations looking to move to a DevOps model, we can help you automate your infrastructure and implement Infrastructure as code with: Source Code repositories, Blue Prints and automated testing and builds.
These tools can first be deployed on premises and are still valid in a Hybrid or Public Cloud configuration.
The Cloud Solutions Group Engineering team have over 10 years experience migrating client environments and deploying new solutions on both platforms.
The public market cloud is continually evolving, Azure has gained significant traction and closing the gap with AWS and Google has joined the race. Navigating and selecting the ideal platform for your business isn't an easy task.
As independent consultants, we will help you determine which Public Cloud best suits your organisation and use case from a; cost, features and technology perspective.
With the rise of Cloud SaaS offerings such as Office 365, the options for End User collaboration are vast. While these options have unlocked new abilities to collaborate and increase productivity, navigating and selecting the appropriate services has become increasingly complex. To add to this complexity, securely enabling staff to collaborate while data is distributed across devices and the Cloud poses new security risks to organisations.
Our End User Compute practices aims to help organisation navigate the new Cloud era of collaboration to enable the flexibility to work from any location, any time, while also ensuring data is secure and protected from outside threats.
The set of services below provides some examples of how our End User Compute practice can help your business take advantage of Cloud based collaboration;
We are strong Citrix and Microsoft partners with many successful deployments and case studies.
Networking and Security have always been challenging. They are increasingly difficult in a Hybrid and Multi Cloud environments.
Cloud Solutions Group focuses on software defined and automated Network and Security solutions that are intrinsically secure and deliver a virtual cloud network by architecting security into the infrastructure and application as opposed to bolting it on later.
Our offerings are:
Our software defined solutions work both in an on-premises and Hybrid/Multi Cloud context.
Network Core and LAN Refresh:
Whether in conjunction with a Data Center refresh or a broader LAN refresh Cloud Solutions Group works with the leading vendors and can assist you with:
With a seismic shift to Cloud Based applications and Data sharing Platforms the end point is the new Perimeter. Cloud Solutions Group delivers a set of solutions that address this:
Both Wi-Fi and SD WAN and now critical components of both Remote working, Edge Computing and Cloud solutions.
Cloud Solutions Group partners with the market leading and innovative partners that align with our values of; simplicity, value and innovation.
Our Managed Services practice offers a set of services that we tailor to fit individual clients' needs.
It can range from a Service Level Agreement, to selective technology outsourcing, to Managed Public Cloud or Private Cloud solutions. These include;
Businesses more than ever rely on their digital platforms to remain competitive and differentiate their value in very disruptive and fast paced markets.
By partnering with a trusted Managed Services Provider, you can ensure critical services are proactively monitored and maintained allowing you to focus on further growing your business.
Please contact us to discuss your particular needs.
Networking is one of the key (if not the most important) foundations and enablers for hybrid and multi-cloud architectures. If the Network layer and all the associated components are not designed and implemented correctly you can end up with an; insecure, latency ridden, expensive, siloed and complex environment. Simply doing what you have always done on-premises for Networking and Security does not work in a hybrid and multi-cloud context. There are a myriad of design decisions, layers and options for clients to choose from. Cloud Solutions Group delivers best of breed solutions to help our clients solve these problems:
Connectivity to the Public Cloud:
There are 3 main options for secure connectivity to the public cloud that we offer our clients depending on their requirements:
1. VPN connections – Using IPSEC tunnels over the internet is the most cost effective and simple option and can be a good solution in use cases where:
2. Direct connections- Solutions like Azure Express Route and AWS Direct Connect are great as they give you a dedicated network connection from your on-premises Data Centre or Co-Lo directly into the Public Cloud. These can scale up to 100Gps performance!
This suits use cases where your applications are latency sensitive and you need to transfer a lot of data over the network for things like; backup and disaster recovery replication and for communication between applications that can be spanned across on-premises and the cloud or applications that need to talk to others that are in different locations. These connections make the cloud appear like an extension of your on-premises datacentre.
3. MPLS WAN- while costly, it is better than a VPN from a performance perspective as it is private and can be used in conjunction with a Direct Connection, which can give you the best of both worlds.
Identity and Access Management:
Identity and Access Management is another challenge as each cloud provider (IaaS, PaaS and SaaS) has their own authentication platform and you don’t want to end up with a scenario where you have to authenticate with different credentials to each cloud. This makes Single Sign On mandatory as well as a risk, because if your identity is compromised the hacker can access all of your environments. Therefore, Cloud Solutions Group offers solutions such as Multi Factor Authentication, Role Based Access Control and Conditional Access that are critical to protect your Identity. There are several excellent third-party solutions that we Partner with that solve this problem.
DNS is another challenge. Each public cloud has their own DNS solution which can lack features compared to on-premises Active Directory and other third-party solutions. The challenge is how to integrate the public Cloud DNS services seamlessly with your private DNS so you're not doing a lot of DNS forwarding and your DNS name resolution works seamlessly across the Cloud and your Data Centres.
There are several third-party solutions that Cloud Solutions Group partners with that solve this problem and most of them bundle DNS, with DHCP and IPAM(DDI). If you are moving to a hybrid or multi cloud architecture, we recommend implementing a centralised DDI solution together with the cloud native ones. In some cases, it can be best to just use a central solution. It is different for each client.
Business Continuity and Disaster Recovery:
Resilience and Disaster Recovery are done differently in the Public Cloud. Things we take for granted on-premises like Virtual Machines accessing shared storage, which enables features like HA, V-Motion and Fault Tolerance- do not exist in the public cloud. This makes resilience within the network architecture even more important.
Dependent on the business needs of each application, we need to architect layers of availability and resiliency across all your environments and clouds. This includes architecting for:
· Multi Availability Zone resilience,
· Having subnets that can span across Availability Zones,
· Ensuring that your Load Balancers are Availability Zone resilient,
· Deploying Virtual Machines across Availability Zones so you can easily failover.
Cloud Solutions Group implements Cloud Architectures with each of these layers in mind.
SDWAN also has a place in the architecture. It is easier to deploy SDWAN if you're only connecting a few sites but when you reach a certain threshold, the number of subscriptions you need to purchase, and costs will increase. However, SD WAN is fantastic for bonding cheap links together and providing QoS and Failover across lower cost links. Cloud Solutions Group works with the ebst of breed SDWAN vendors which have solutions that integrate with the Public Clouds both for SaaS and IaaS as well as vendors which you can consume SD WAN as a Service.
For security in a hybrid/multi cloud environment we suggest using a combination of native and third-party solutions, for Firewalling, IDS and IPS we use native tools as much as possible. You can deploy virtual copies of your on-premises firewall in the cloud but be careful not to create a chokepoint for your traffic by forcing it all through the firewall.
You still need some third-party tools, as things like Layer-7 security are tough to get in the public cloud and security teams are used to using their on-premises firewalls to solve this problem. Doing SSL termination for Deep Packet Inspection (DPI) can create performance issues as it's not practical. Some DPI is needed for traffic going to the internet. You don’t want to do it for all traffic as it can create performance issues, so we work with our clients to overlay granular policies when we implement this.
Automation is really important, and you should be provisioning using Infrastructure as Code tools and automating as much as possible. Automation also makes cloud governance easier. This is because you can track and allocate spend to the right cost centres in your organisation.
If you are using only 1 Public Cloud, we would implement Cloud native tools, as they will be easier to automate than third party tools, as the tooling and API’s are more seamless and integrated. For Multi-Cloud designs we use tools like Azure ARM templates as they work across different clouds and on-premises platforms.
Cloud Solutions Group is currently helping numerous clients to rapidly enable secure remote working and improving the distributed work experience.
There are many challenges associated with remote working including:
Most commonly we are helping our clients with:
In addition many vendors are providing free or heavily discounted tools. Please contact us to discuss your needs.
User identity has become the new focal security threat plane. What is even more concerning is that once an identity is compromised it takes an average of 146 days to detect an attacker within a network and that over 81% of network intrusions are due to compromised user credentials .
Every organisation has now either moved too full or partial remote working for all its employees. There has been an exponential increase in “bad actors’ and hackers who are now taking advantage of what can be a significant decrease in our security posture, now that large numbers of users are remote working.
The greatest threat is that the perimeter has now moved to the end user’s; identity, devices, their home networks and home offices as opposed to the comparative safety of the corporate network. Many of you have already deployed VPN solutions to encrypt and secure access to corporate data. This is a great start but is vastly insufficient.
It is critical for IT to maintain a fine balance between enabling the business to continue to operate, while also maintaining compliance and security.
Cloud Solutions Group delivers the following 7 security solutions to help organisations protect, automate and enhance their security posture. We are offering a free 2 hour Identity focussed security workshop to the first 5 clients that contact us.
1. Multi Factor Authentication (MFA)- With Users’ identities now being the new security threat plane, MFA is critical. Especially now that many organisations have enabled Single Sign On to all their applications. MFA will act as an additional layer of security on top of your remote employees’ accounts and passwords. You can utilise policies to prompt users to authenticate by SMS, phone or by asking additional security questions. This can all be automated. MFA comes with the free version of Azure AD and with Office365 subscriptions, Google has a similar offering at the moment.
2. Conditional Access -A logical add on to MFA is Conditional Access where you enable zero trust with enforcement and automation of access policies. Conditional Access policies are simply a set of policies that become automated workflow rules that determine if and when a user can have access to a particular application, datasets, devices or files. Typical criteria are:
a. The user’s location- if a user is suddenly logging in from Bulgaria when they work in Melbourne, they can be prompted for a multi factor login or just be blocked, or have read only access etc.
b. The device they’re logging in from- does it meet the minimum patching and OS requirements of your organisation? You can either block or enforce another level of authentication.
c. What User or Group Membership they are part of- determines what applications and data they have access to.
3. Protecting your information in all types of documents- whether they are:
· internal or external to your organisation,
· are sent by email,
· on premises or in cloud platforms.
Having a powerful and more importantly easy to use and enforce, document protection solution is critical to your data security.
This is especially when users work remotely for prolonged periods of time. The temptation to export confidential files to USB, email to personal accounts or share and store on non-corporate Cloud solutions is very strong. There are some excellent solutions that allow you to tag data, using easy to create policies and templates and enforce data security policies on your data, either when it is being emailed out of your organisation, exported to USB or shared on a Cloud Platform.
Relevant solutions that enforce these policies to ensure that only specific people can have access to your data and determine what they can do with it.
4. Cloud Application Security – up to 80% of employees use non sanctioned applications. Now that employees are accessing resources and apps from outside your corporate network it’s no longer sufficient to have rules and policies on your firewalls. Shadow IT or as some users call it “getting stuff done” can be particularly pervasive in times of change. IT will only find out later on when something inevitably goes wrong. The solution to this is to use a Cloud Application Security Broker or CASB such as Microsoft’s Cloud Application Security solution (MCAS). MCAS will:
a. Discover- it will show you what Cloud Apps your staff are accessing.
b. Assess- determine the app’s compliance against agreed upon risk factors.
c. Control- allow you to non-intrusively control access to these applications and overlay policies across data and files.
5. Single Sign On (SSO)- secure SSO is a key enabler for remote working. Having to sign in every time you log in to an application is a great way to frustrate users. There are many great secure SSO and password management solutions. Azure Active Directory is an excellent one and SSO for 10 applications is part of the free version of Azure AD. It scales to 1000’s of applications in Azure AD premium 1 or P2. A critical part of this is enforcing strong password policies and regular password changes.
6. Mobile Application and Mobile Data Management- There are many solutions that will enable you to facilitate BYOD, which are especially useful in times like these as many employees will be logging in from their own devices. MDM -which most of you already have- will only enable you to enforce limited device level policies. What is more important is being able to allow users to access applications and data from their own devices, while you quarantine (excuse the pun) corporate data and applications. User’s personal data and applications are completely separate from a security perspective and you can block data transfer and visibility between them. Virtual Desktops are another popular enabler of BYOD. New cloud-based solutions like Microsoft Intune for Hybrid Device Management and Azure Virtual Desktops are easy to deploy and activate.
7. AI/ML analytics-based monitoring and protection tools- automated solutions like Azure Advanced Threat Analytics with Advanced Threat protection are critical in a time when hackers are also using the power of the cloud and AI to hack users identities. Solutions Like Microsoft Azure Advanced Threat Protection learn your Users “normal” behaviour and then can identify and advise IT based on policies (that you set) when malicious activity is occurring. This can be things like logins from unlikely locations (where travel time would be longer than the location of the last log in), known “bad” IP addresses”, legacy browsers and many others. These integrate with Conditional Access and MFA to ensure you can protect you organisation and can enforce a password reset or a second form of authentication.
For Microsoft shops all these solutions complement and integrate nicely with each other. For example, Single Sign On, Multi-Factor Authentication with Conditional Access and the Cloud Application Security, all can be either deployed as stand-alone solutions and when deployed together, integrate and add value to each other. Many of these security solutions are bundled in Office365 E3 and E5 packages and all of them are in the Enterprise Mobility and Security Suite. Microsoft is rebranding Office365 for Business to Microsoft365 for business for organisations with less than 300 users on April 21. This means that if you own Office365 for Business you will already own90% of the above solutions.
The first 5 organisations that contact us, will receive a free 2 hour identity based Security workshop. Please e-mail me at email@example.com
Copyright © 2020 Cloud Solutions Group Australia - All Rights Reserved.