Preparing for Cloud Migration New Relic Resource|

New Relic has helped many organizations modernize their software stack by giving them the confidence and insights needed to move their applications to the cloud. Our powerful, real-time, and iterative analytics provide 360-degree visibility into on-premise and cloud-based applications, with perspectives on infrastructure, application, end-user experience (synthetic and real), and business success. This guide to Successful Cloud Migration outlines how to

• Understand which applications/components are good candidates to move to the cloud.

• Maintain visibility of application performance and availability before, during, and after the migration.

• Tune applications for proper provisioning .

• Enforce good security practices.

• Manage the increased application and organizational complexity that often comes with a move to the cloud.

For a successful migration, it’s important to stay focused on customer experience and user satisfaction. No matter what the underlying infrastructure, cloud or otherwise, you are responsible for your applications’ performance.

1. Typically, a cloud migration consists of three stages:
2. Preparing for the move
3. Making sure the move goes smoothly
4. Maximizing the benefits of cloud migration

We will look at each stage in depth.

Remember that you are making these changes for business reasons. You are more likely to be successful if you know those reasons and can provide the data behind them.

More than one CIO has insisted on a migration just “because cloud,” but that’s not nearly good enough. Your organization should be clear on exactly what you hope to gain by moving your applications to the cloud.

For one thing, it might not make sense to migrate all your applications—some types of apps are better candidates than others, and many cloud-native business applications are available as a service. Rather than blindly beginning a “lift-and-shift” of all your apps to the cloud, you want to consider all your options. Gartner’s Five Ways to Migrate Applications to the Cloud offers a useful framework:

1. Rehost, or redeploy applications in an IaaS (Infrastructure-as-a-Service) environment.
2. Refactor, or run applications on a cloud provider’s infrastructure—the PaaS (Platform-as-a-Service) approach.
3. Revise, or modify the existing code base before rehosting or refactoring.
4. Rebuild applications entirely on PaaS.
5. Replace applications entirely with SaaS (Software-as-a-Service)—many finely tuned, cloud-native business applications are now available as a service and could offer an alternative to moving your own apps.

Which applications should you migrate?

Not all applications are good candidates for moving to the cloud. Migrating an application that’s already performing poorly, for example, introduces new variables that could make it difficult afterwards to identify if problems are due to the new cloud architecture or lie in the application itself. Applications that have repeatable, acceptable performance against your service-level agreements (SLAs) with customers, on the other hand, are often called “Green Apps” and are usually good candidates for migration. New Relic provides extensive capabilities to define, measure, and report SLAs, which can help you assess which applications are good candidates for migration.

Other appropriate candidates for moving to the cloud include applications with highly variable throughput. Applications that experience large seasonal changes in volume, for example, can benefit from the compute elasticity the cloud provides.

Keeping these considerations in mind, and employing the performance and throughput data provided by New Relic, determine which of your applications are good candidates to move to the cloud in their current form. It’s worth remembering, too, that a cloud migration doesn’t “freeze” your applications. You can still refactor or revise your application after migrating it to a cloud infrastructure.

Establish your baseline

When moving to the cloud, New Relic can serve as both your vehicle for visibility and your anchor for control. Start by capturing performance baselines: Use New Relic APM to view your application’s performance trends—page load times, error rates, slow transactions, and a list of the servers running it. Look at your Apdex score (see Figure 3) to find out whether most users are satisfied with, tolerating, or frustrated by your app. (A higher score is better.)

Also, look at your Web Transactions response time, starting with the list of slowest transactions. Set Apdex for Web and Application performance of Key Transactions—is the response time acceptable? If not, start troubleshooting and tuning. Create baselines against which you can compare performance before, during, and after migration. Likewise, measure error rates so you know if they increase after migration.

Don’t stop with establishing baselines just for what you usually measure, though. Migrating to the cloud will necessarily introduce some new variables, and performance and transaction behavior that was acceptable when all or part of the application was on-premise may cause performance or cost issues when running in the cloud. Make sure to establish baselines for anything that might be affected, even things that are currently working well.

The goal is that no matter what changes you make in your infrastructure, platform, or application, the customer experience should not suffer—ideally, it should be improved!

Cloud Security

Organizations contemplating a move to the cloud are often concerned with the security of their data. Data stored in systems outside of your firewalls must be kept safe and protected.

Before you get into specifics of security, though, it is important to understand that moving from on-premise to the cloud can change the demarcation point for the responsibility of many things, including security.

Every cloud service provider has a demarcation point where delivery of that service ends and a customer’s responsibility begins. That point varies depending on where in the stack the provider draws the line between the service and your code. For example, in an infrastructure service like Amazon’s EC2, the physical infrastructure is the service provider’s responsibility while the operating systems, virtual machines, containers, and the code running on it is your responsibility. That means you are responsible for the security of the OS (updates and security patches), any software you install, configuration of your firewall, and more.

Sound familiar? You have these same security tasks no matter where your servers live.

In a Platform-as-a-Service (PaaS) like Amazon Beanstalk, Pivotal, Heroku, or Azure, on the other hand, the demarcation point lies between the run-time service and your code.

For your provider’s side of the demarcation point, good security questions to ask are:

1. Do you have a security team? (If not, that’s a huge red flag.)
2. Have you been audited for security by an independent third party? (Such as the Cloud Security Alliance)
3. Are there privacy settings built into the service?

By design (due to security, governance, and liability considerations) though, cloud providers do not access or maintain your code. For example, AWS CloudWatch can give you server statistics, but will not report on the health of your applications. That’s on your side of the demarcation point.

With that in mind, cloud-related security issues may include: forgotten instances/services (a developer spins up an instance and then forgets about it), synchronization folders and auto-uploads (make sure you aren’t uploading malware or corrupted files), and data handling (how do you sanitize my data before your throw it away?). Fortunately, none of these are particularly difficult to manage—you just need to remember to deal with them!

Most cloud providers have a good handle on security. Just make sure they provide you with their security processes and best practices (and read them!).

For more insights, check out these two videos:

In this presentation from New Relic’s FutureStack15 conference, Jason Chan, director of engineering at Netflix, discusses how Netflix is able to develop modern software with developers and security auditors working well together.

New Relic’s Chief Security Officer Shaun Gordon explains how to build an effective security program.

Cloud security and New Relic

New Relic is committed to the security of your application’s performance data. We use a variety of industry-standard security technologies and procedures to help protect your information from unauthorized access, use, or disclosure.

When you use New Relic, you have deep control over what, if any, sensitive information you send to us. When you deploy our agents, by default, our security settings and regulatory compliance exceed industry standards, and all data is encrypted in transit. Learn more at newrelic.com/security.

Once you’ve identified which applications to migrate, you’re ready to start the transition. As you begin the migration process, it’s important to start (and continue) to test your applications to make sure the transition hasn’t caused any problems or slowdowns. Running and monitoring applications and components in the cloud is often similar to doing the same on-premise, but there are some very important differences. Here are the main areas you need to focus on:

• Comparing your application performance to baselines

• Looking at differences because of the new architecture(s)

• Verifying the services you are getting from your cloud provider

Preparation pays off

One of the great benefits of using New Relic to assist with a cloud migration is that our analytics function the same way whether an application is on-premise or in the cloud. Because New Relic is SaaS-only, you can move to the cloud without disrupting the application monitoring. (Conversely, it can be difficult to monitor cloud apps/components in a secure fashion with on-premise APM.)

During the migration, use New Relic APM to check the performance of application code, databases, and external services and compare it against the pre-migration baselines you established before (see figure 5). Here’s where all that preparation you did pays off. This is the apples-to-apples comparison you are looking for. After the migration, use New Relic APM for post-migration optimization (see Figure 6):

If you notice a discrepancy between your baselines and your post-migration performance, New Relic APM makes it easy to drill down into your application’s performance and see how it is spending its time.

Test what’s most important

While examining performance, it’s not enough just to ping your servers. In web applications, some transactions, such as purchase confirmations or searches, are more important to your business than others. New Relic lets you create scripts of such key transactions in your applications to measure performance during migration, including app response time, call counts, and error rates. You can also simulate a user’s workflow and set alert notification conditions for when your key transactions are performing poorly.

The cloud changes things

When you migrate an application to the cloud, you may run into unexpected changes, so you need to look at individual variables and the application’s total performance. Behavior that didn’t cause issues when the application was on-premise may have unexpected effects in the cloud. For example, if you move your database to the cloud, queries may run faster, but network time for each request can increase. If a transaction is chatty with the database, overall end-user time can balloon. Likewise, network and per-access time can be higher than in a direct-connect situation. This is where having a solid set of baselines can help you pinpoint any performance hits (see Figure 9).

Monitor your cloud providers

In this new environment, where you’re paying someone else to host your applications in the cloud, close attention to usage data is mandatory to help avoid unexpected costs. You must be able to monitor, troubleshoot, and validate the services you get from your cloud provider.

New Relic offers monitoring for the major cloud vendors, such as Amazon Web Services (AWS) and Microsoft Azure. If you are using AWS, for example, New Relic provides greater context around Elastic Compute Cloud (EC2) instances to help you

• Quickly diagnose and resolve performance issues through root-cause analytics.

• Maintain an accurate list of EC2 instances so you can see if you are overprovisioned.

• Recognize when an instance is deprovisioned to help reduce UI clutter.

• Use AWS tags to quickly filter, group, and organize your EC2 instances using native information like availability zone, region, and size.

For more information see http://newrelic.com/aws.

Test and optimize

New Relic can display key performance indicators (KPIs) from day to day both before and after your move to the cloud. Use this information to see where your applications can be optimized. The migration dashboard below (Figure 11), for example, can help track KPIs during and after migration.

Optimization is always a good idea, but it’s especially important when moving to cloud-based architectures. Optimizing application and infrastructure footprints provides immediate and recurring (monthly) savings. For both operation and optimization, you must test to ensure that new architectures work and scale. For example, once you have established that your Apdex is acceptable (1.0 is perfection) and your transaction performance is being maintained, you can start to look at host size and start making adjustments.

Once you’ve successfully moved your apps to the cloud, how do you make sure you see the benefits you expected? To start with, going to the cloud enables agility, and agility often means DevOps. DevOps requires collaboration and the ability to maintain performance and availability even as the pace of change and releases increase. New Relic’s powerful Deployment Tracking, Notes, Plugins, and Insights tools help consolidate as much monitoring as possible into a single dashboard that takes on particular importance after migration.

Deployment Tracking in New Relic APM (see Figure 12) provides the ability to clearly understand when a release was implemented and to compare performance before and after the deployment. This ability to quickly assess the performance impacts of every release is critical to agile development, DevOps, and continuous integration. In the image below, the gray bar shows the moment of deployment, so you can quickly see if the latest push has introduced performance problems (or, more optimistically, fixed an existing problem).

The Notes function is another powerful collaboration tool. You can add public or private notes to charts and maps on any page in the New Relic user interface, which facilitates communication among teams, organizations, and geographies. It’s also easy to create a snapshot or send a link to a live graph.

New Relic Plugins are free extensions that add a variety of functionality, including letting you monitor your entire app environment in a single interface. You can choose from more than 100 existing plugins that are easy to deploy, or build on your own (you can keep your custom plugins in-house, but we encourage you to share them with the New Relic community.) Plugins can save your teams significant time compared with sifting through multiple datasets in disparate interfaces.

New Relic Insights receives, organizes, and visualizes data from multiple New Relic products in real time. It is designed to provide users with the ability to create role-specific dashboards that track global, business-centric KPIs as well as function-specific technical KPIs, facilitating the creation of a performance culture based on data-driven decisions. This can help improve collaboration among product, development, and operations teams.

Application modernization (re-architecture) and microservices

After migration, it’s a good idea to consider re-architecting your applications to take better advantage of the cloud. More fine-grained and less monolithic apps are usually more suitable for DevOps, agile development, and so on. Microservice architectures are an increasingly popular option, but replacing one monolithic service with numerous microservices may make it harder to visualize your application and keep track of all the services involved. New Relic Service Maps (see Figure 15) are visual, customizable representations of your application architecture. They automatically show you your app’s connections and dependencies, including databases and external services. Health indicators and performance metrics show you the current operational status for every part of your architecture.

Another thing to keep in mind with microservices is that they increase the amount of performance data an application generates. Traditional methods of analyzing performance data (such as OLAP) may no longer function properly at the new data volumes. New Relic’s Software Analytics Cloud is highly scalable and designed to handle the volume of data generated.

When re-architecting (or planning to do so), it is important to choose a monitoring solution that is future-proof regardless of what approach you take.

Browser and mobile app performance

A move to the cloud most directly involves server-side components, but can also affect the performance of your applications in the browser or on mobile devices. For browser-based applications, typically 70% or more of the end-user response time is due to code rendering in the browser itself. If a login transaction spends only 500 milliseconds in the application (i.e., on the server) but takes the browser 7 seconds to load the page and 14 seconds to get to first interaction, all the work you’ve done to move the application to the cloud will not significantly improve customer experience.

Tracking performance on the client or mobile device requires sophisticated monitoring diagnostics at the end-user processing tier. Use New Relic Browser and New Relic Mobile (see Figure 16) to monitor performance, diagnose problems, and optimize code running in the end-user processing tiers in order to ensure the best possible customer experience across all digital channels.

Summary

Migrating apps to the cloud offers many benefits, from improved performance to increased agility, but it can also be challenging. New Relic’s Software Analytics Cloud can help ensure successful planning and migration, operation, and optimization of hybrid and 100% cloud applications. Our platform is secure, multi-tenant, and highly scalable. We at New Relic look forward to working with you to successfully migrate your applications to the cloud and manage them once the migration is complete.