Skip to content

Secure a safe landing in your Google Cloud Migration process

Google Cloud
Google Cloud Landing Zone

Cloud Migration at scale is a big challenge. At the start, you need to prepare an up-to-date inventory of assets and organize them into logical blocks that should be moved together. Blocks should respect application dependencies and technical constraints like network latency limitations. 

However, in this article, I want to focus on the next step, as the topic of asset discovery and migration planning is covered in detail in our recent webinar, which you can watch on-demand.

Once you have all IT assets for cloud migration documented and prepared, you can start building your cloud migration strategy and start the migration process

But first: consider the challenge…

The trickiest part of the migration process is finding the right balance between speed and safety. Running at maximum speed is important to limit the time of increased complexity, which stems from the need to manage the extra components and technologies used for migration. The need to minimize the costs of duplicate data storage during the migration process is a factor as well.

Also, the whole organization can be uncertain as to which applications are running on-premise at any time, which part is already migrated, and the possible impact on performance during the transition. 

Migration tips

  • A key factor for mitigating communication issues is the creation of a cloud migration communication strategy in advance, with a transparent one-stop dashboard where users can check the migration roadmap, current status, migration progress, and current issues. 
  • Adoption of DevOps deployment and support procedures can help with the preparation for a  fast-changing environment, as well as focus on automated testing for Infrastructure deployment code, which can help to reduce the risk of rollbacks.
  • One of the best approaches you can take to achieve this is building a dedicated Landing Zone. We use this term to describe a specific set of tools, processes, and structures which are designed to help with the safe landing of on-premise workloads in the cloud environment. It is based on best practices and helps to cover the deployment of core elements like identity management, resource hierarchy, network, and security control primarily by terraform code and by customization of predefined templates, which can significantly speed up the adoption of IaaC (Infrastructure as a Code) at the beginning of the cloud journey. 

What to expect from the Landing zone

Defining a landing zone can help with the transformation to cloud-native deployment, as it outlines minimal standards to enforce core security and organizational policies. 

It is important to ensure that deployments arriving in the cloud meet these rules and security requirements because fixing the mess later is much more complicated and time-consuming. It is a good way to prevent technical debt.

For large and medium-scale migrations, there is a special team dedicated to landing zone development and deployment focused on enabling cloud resources for other teams processing application migration or data transfers.  

How to create a good Landing zone team

The team in charge of developing and maintaining the Landing zone is typically composed of members from both the customer and service provider sides. Throughout the process, development and maintenance know-how is shared within the team.

A typical example of tasks for the team is creating the code needed to automate object hierarchy management and access to cloud resources based on organizational data sources (usually corporate information systems such as LDAP or CMDB). Therefore, a good Landing zone team needs at least one or two members familiar with the topic.

Core networking setup should also be part of the Landing zone. Typically, it covers general connectivity between on-premise networks and cloud, VPN networking, networking policies, and customer-facing networking objects like load balancers. This code usually handles customer-facing SSL certificates as well.

A crucial responsibility of the Landing zone team is the organization and management of centralized logging and monitoring of cloud resources. This ensures that all applications in the cloud will be connected to the central monitoring as soon as they land in the cloud environment. 

Land safely with Devoteam 

Landing zone deployment is a part of our Cloud Foundation Accelerator offering based on Google’s recommended methodology. We create our extensions with compatibility in mind so that you can benefit from future upgrades provided out of the box. We extended this code base with additional modules based on our experience from real migration projects, and we contribute to upstream code as well.  

Let’s have a coffee and discuss your successful landing in the Google Cloud Migration process. Do not hesitate to get in touch with us. We are ready to guide you through your Google Cloud journey.