Hey Checkyourlogs fans,

I am sharing a conceptual outline for 30 full days of classes at a local college that I am pitching to learn the fundamental skills required for Azure and Hybrid Infrastructure. During this course, we will learn how to migrate core elements of a fictitious company, SportCo’s infrastructure, to Azure and have a hybrid configuration. The actual duration of this course is expected to be evenings for approximately 6 – 9 months. The final exam showcased everything students have learned along the way, including how effectively they migrated their on-prem infrastructure to the cloud. It is still in the discussion phase, but I figured I’d share it now if you are looking at something similar. I punched the course outline to ChatGPT, and it came up with a pretty cool representation of the course.   If your organization is interested in something similar, we have customized content and courseware for 25 years.

Weeks 1-2: Foundation, Networking, and Security

Week 1: Introduction and Azure Setup

Day 1: Hybrid Infrastructure Overview and Course Objectives

  • Define the key objectives of the hybrid infrastructure project.
  • Review SportCo’s business model and North American network layout.
  • Discuss the benefits and challenges of hybrid cloud for enterprises.
  • Identify SportCo’s compliance and regulatory considerations.
  • Outline the required Azure and on-premises integrations.
  • Review required licensing and subscription models for Microsoft services.
  • Discuss high-level migration strategy and timeline.
  • Introduce lab environment and setup guidelines.

Days 2-3: Azure Tenant Setup

  • Create the Azure tenant and configure billing and subscription management.
  • Set up Azure Active Directory (AAD) and basic identity management.
  • Design the Azure resource hierarchy: resource groups, subscriptions, and management groups.
  • Set up tagging strategies for resource organization and cost management.
  • Implement Azure Policy for governance and compliance enforcement.
  • Review best practices for subscription management and cost controls.
  • Configure initial role-based access controls (RBAC) across resources.
  • Set up a separate lab environment for training exercises.

Days 4-5: Networking Basics and Virtual Networks

  • Define Azure Virtual Networks (VNets) requirements based on SportCo’s locations.
  • Configure VNets, including subnets, NSGs, and route tables.
  • Set up Azure DNS for internal name resolution across VNets.
  • Implement custom routing rules for inter-region traffic.
  • Establish peering between VNets for seamless data flow.
  • Configure monitoring for network performance and security with Azure Monitor.
  • Discuss network design considerations for hybrid cloud.
  • Create a high-level network diagram for SportCo’s Azure infrastructure.

Days 6-7: Secure Connectivity and VPNs

  • Configure a Site-to-Site VPN between SportCo’s on-prem locations and Azure.
  • Set up VPN Gateway and configure IPsec/IKE parameters.
  • Test connectivity and troubleshoot common VPN issues.
  • Set up a user-based VPN for remote access and discuss best practices.
  • Configure VPN failover for high availability.
  • Introduce ExpressRoute as an alternative option for dedicated connections.
  • Discuss the security implications of hybrid connectivity.
  • Lab exercise: testing connectivity between on-prem and Azure resources.

Week 2: Identity Management and Security Policies

Days 8-9: Implementing Azure AD and Identity Federation

  • Set up Azure Active Directory (AAD) as a foundational identity provider.
  • Configure Azure AD Connect for synchronization with on-premises AD.
  • Discuss single sign-on (SSO) and multi-factor authentication (MFA) options.
  • Review identity synchronization options (password hash, pass-through).
  • Define and configure RBAC roles for granular access control.
  • Integrate Azure AD with third-party SaaS applications.
  • Set up AAD user, group, and resource policies.
  • Lab: Implementing AAD Connect for identity synchronization.

Days 10-11: Conditional Access and MFA

  • Define Conditional Access policies for protecting resources.
  • Implement MFA for high-risk accounts and resources.
  • Set up policies for access based on device compliance and location.
  • Test Conditional Access policies in various access scenarios.
  • Configure named locations and IP whitelisting.
  • Monitor sign-in activity and policy performance.
  • Troubleshoot common Conditional Access issues.
  • Lab: Creating and testing Conditional Access policies for SportCo users.

Days 12-13: Securing the Environment with Microsoft Defender

  • Configure Microsoft Defender for Cloud for enhanced security.
  • Set up Defender policies for threat protection and vulnerability scanning.
  • Enable Microsoft Defender for Endpoint on virtual and on-prem servers.
  • Configure automatic remediation and alerting in Defender.
  • Review compliance policies and Microsoft Secure Score recommendations.
  • Implement security baselines for virtual machines.
  • Configure Defender for Identity to monitor user activity.
  • Lab: Onboard resources and test alerts to Defender.

Day 14: Review and Lab Day

  • Review the week’s networking and security configuration steps.
  • Complete hands-on labs to reinforce concepts learned.
  • Address common troubleshooting scenarios in hybrid connectivity.
  • Perform end-to-end testing of network and identity setups.
  • Conduct peer assessments and knowledge sharing.
  • Review any policy configurations that may require adjustment.
  • Validate VPN, AAD, and Conditional Access configurations.
  • Q&A session on network and security foundations.

Weeks 3-4: Service Migrations and Infrastructure Configuration

Week 3: Exchange, File, and Print Services Migration

Days 15-16: Microsoft Exchange 2016 to Office 365 Migration

  • Set up hybrid Exchange Server configuration.
  • Plan namespace for seamless mail flow.
  • Verify mail flow and autodiscover configuration.
  • Set up Hybrid Configuration Wizard for phased migration.
  • Prepare user accounts and groups for migration.
  • Perform initial batch migration of mailboxes.
  • Monitor mail flow and user connectivity.
  • Lab: performing Exchange migration steps in the lab environment.

Days 17-18: Mailbox Migration and Management

  • Conduct phased migration of mailboxes to Office 365.
  • Test mail routing and troubleshoot potential issues.
  • Set up user self-service for O365 applications.
  • Monitor Exchange Online performance and health.
  • Adjust DNS records for final Office 365 cutover.
  • Remove legacy Exchange Server dependencies post-migration.
  • Perform backup and archiving configuration in Office 365.
  • Lab: Finalize mailbox migration and test configurations.

Days 19-20: Migrating Corporate File Servers to Azure Files

  • Configure Azure Files and Azure File Sync.
  • Set up sync groups for hybrid file server access.
  • Migrate file shares from on-prem servers to Azure.
  • Configure NTFS and ACL permissions in Azure Files.
  • Review options for SMB access and performance tuning.
  • Implement backup policies for Azure Files.
  • Discuss considerations for data residency and compliance.
  • Lab: File server migration and Azure File Sync testing.

Days 21-22: Print Services to Microsoft Universal Print

  • Set up Universal Print and register corporate printers.
  • Assign user access to Universal Print queues.
  • Configure print management policies in Azure.
  • Migrate local printers and queues to Universal Print.
  • Monitor and troubleshoot Universal Print configurations.
  • Discuss the pros and cons of cloud-based print services.
  • Set up access control policies for secure printing.
  • Lab: testing Universal Print with corporate users.

Week 4: SQL Server Migration and Desktop Virtualization

Days 23-24: SQL Server 2016 to Azure SQL Migration

  • Assess SQL Server databases for migration readiness.
  • Use Database Migration Assistant for compatibility checks.
  • Configure Azure SQL Managed Instances and resource pools.
  • Migrate databases with minimal downtime.
  • Test SQL connectivity with SportCo’s Sage 500 system.
  • Set up SQL monitoring and alerts in Azure.
  • Implement data encryption and backup policies.
  • Lab: SQL Server migration and integration testing.

Days 25-26: SQL Database Migration and Optimization

  • Optimize database performance and query indexing.
  • Review Azure SQL’s scaling options and cost optimization.
  • Configure geo-replication for disaster recovery.
  • Implement Azure SQL auditing and compliance policies.
  • Secure SQL access with firewall rules and AAD integration.
  • Set up custom alerting for critical database events.
  • Troubleshoot SQL Server to Azure SQL connectivity.
  • Lab: Database optimization and disaster recovery setup.

Days 27-28: RDS and Virtual Desktop Configuration

  • Set up Azure Virtual Desktop (AVD) for remote access.
  • Configure session hosts and network access to AVD.
  • Create and manage AVD host pools.
  • Configure AVD with GPU-enabled VMs for graphic-intensive apps.
  • Implement multi-session hosts for resource optimization.
  • Set up profile management and FSLogix for user sessions.
  • Configure security policies for AVD access.
  • Lab: Implementing and testing AVD configurations.

Day 29: AVD Session Configuration and Load Balancing

  • Scale AVD host pools based on user demand.
  • Configure load balancing for optimized performance.
  • Test AVD connection stability and troubleshoot issues.
  • Set up AVD session limits and application controls.
  • Review AVD monitoring tools for real-time management.
  • Configure cost management and alerting for AVD usage.
  • Set up AVD disaster recovery options.
  • Lab: scaling and managing AVD sessions.

Day 30: Review and Lab Day

  • Recap and review all configurations done in Exchange, SQL, and AVD.
  • Perform hands-on labs to reinforce key topics.
  • Troubleshoot complex scenarios in SQL and AVD.
  • Address user questions and peer reviews.
  • Finalize configuration documentation and topologies.
  • Test final end-to-end service configurations.
  • Q&A session on advanced hybrid integration.
  • Lab: Comprehensive troubleshooting challenge.

SportCo Overview

Company Background

SportCo is a leading North American sporting goods provider, operating a network of retail outlets and distribution centers across the continent. Established over two decades ago, SportCo has grown into a recognized name in the industry, focusing on high-quality equipment, apparel, and accessories for a wide range of sports. The company has expanded into e-commerce and now manages a robust digital presence to reach customers beyond physical stores.

Corporate Structure and Geographic Distribution

SportCo operates with a centralized headquarters, regional offices, retail stores and distribution centers across the United States and Canada. Key locations include:

  1. Headquarters (HQ): New York City, NY
    • The main administrative and executive hub for SportCo, handling finance, HR, and corporate functions.
    • It houses the core IT infrastructure and the primary data center that supports operations.
  2. Regional Offices:
    • Toronto, Ontario, Canada – Overseeing operations in Canada, including retail and distribution management.
    • Dallas, Texas, USA – Serving as the central operations hub for the Southern U.S. market.
    • San Francisco, California, USA – Supporting West Coast operations and product development efforts.
  3. Distribution Centers:
    • We are strategically located in Chicago, Illinois, and Vancouver, British Columbia, to expedite product delivery across North America.
  4. Retail Outlets:
    • Over 120 retail stores across North America are connected to HQ for central management and inventory control.

Current IT Infrastructure

SportCo’s legacy infrastructure has been managed with a mix of on-premises data centers and WAN connectivity to ensure consistent operations across locations. Below is a breakdown of their current IT environment:

  • Headquarters Data Center:
    • Hosts critical applications, including a Microsoft Exchange 2016 server for corporate email and Microsoft SQL Server 2016 supporting SportCo’s accounting and ERP system, SAGE 500.
    • Active Directory (AD), managed on Windows Server 2012 R2, is the company’s core identity solution.
    • Corporate File Servers manage shared storage, housing data for various departments and critical documents.
    • Remote Desktop Services (RDS) are configured to support remote access for teams across regional offices and remote workers.
    • Print Servers support internal printing services across HQ and remote offices.
  • Regional Offices:
    • Smaller data rooms equipped with basic server infrastructure, each with file and print services to reduce latency and manage site-specific data.
    • WAN connectivity to HQ using MPLS (Multi-Protocol Label Switching) circuits, providing reliable and low-latency connectivity.
    • Redundant internet connections for essential network resilience.
  • Retail Stores:
    • Connected to HQ via WAN links provided by local ISPs, optimized for low-cost, basic internet service.
    • Store-specific POS (Point of Sale) systems that sync data back to HQ on a scheduled basis.
    • Local network security policies are in place, but most security features are managed centrally from HQ.

Network and Security

  • WAN Links: SportCo’s WAN consists of MPLS circuits for regional offices and internet-based VPNs for retail locations.
    • Headquarters and regional offices use redundant MPLS connections with failover for reliability.
    • VPN configurations secure data between retail stores and HQ, enabling centralized data synchronization.
  • Firewall and Security: Headquarters and regional offices use enterprise-grade firewalls, while retail stores rely on ISP-provided security measures.
  • Backup and Disaster Recovery: On-premises backups are managed at HQ, with limited data replication between regional offices.

Executive Summary for Cloud Migration

Current Challenges with Legacy Infrastructure

SportCo has relied heavily on its traditional, on-premises IT infrastructure for day-to-day operations. However, as the company has grown, the legacy systems are increasingly unable to meet modern business demands:

  1. Operational Inefficiencies:
    • The existing on-premises Exchange server faces frequent performance and scalability issues, especially during high-traffic periods.
    • Limited scalability and rising maintenance costs make the on-premises infrastructure costly and cumbersome.
  2. Geographically Disparate Workforce:
    • SportCo’s distributed locations and mobile workforce require secure and reliable access to applications from anywhere.
    • Traditional RDS and VPN solutions struggle to deliver consistent and secure remote access to many employees, especially as demand for remote work flexibility increases.
  3. Security and Compliance Concerns:
    • SportCo must comply with increasingly stringent data security and privacy regulations, including GDPR, CCPA, and industry-specific standards.
    • The legacy infrastructure limits the ability to enforce security policies consistently across locations and lacks robust threat detection capabilities.
  4. Data Silos and Limited Collaboration:
    • The reliance on regional servers and decentralized data storage leads to data silos, impacting collaboration and data accessibility across teams.
    • File and print services are challenging to maintain and do not support cross-functional collaboration effectively.
  5. High Operational Costs and Limited IT Resources:
    • Maintaining and upgrading hardware and backup and disaster recovery efforts have become financially and operationally unsustainable.
    • The need for specialized on-premises support has increased SportCo’s IT budget without corresponding gains in service efficiency.
  6. Lack of Modern Tools for Workforce Productivity:
    • The on-premises environment lacks integration with modern cloud-based productivity and security tools increasingly essential for business agility.

Strategic Objectives for Cloud Migration

By migrating to a hybrid cloud infrastructure, SportCo aims to address these challenges while capitalizing on the benefits of cloud technology:

  1. Scalability and Agility:
    • The hybrid approach enables SportCo to scale resources up or down based on seasonal demand, avoiding over-investment in hardware.
    • Cloud-based resources will provide flexibility for hosting applications that require high-performance computing, such as GPU-enabled workloads, especially for design and product development.
  2. Enhanced Security and Compliance:
    • Integrating Azure’s security features, including Microsoft Defender for Cloud and Conditional Access, will enhance SportCo’s security posture.
    • Centralized security policy management, monitoring, and compliance support will help SportCo meet regulatory obligations across North America.
  3. Centralized Identity and Access Management:
    • Azure AD Connect and Conditional Access will enable secure, seamless access across locations and devices, while single sign-on (SSO) will improve employee productivity.
    • Role-based access control will enforce appropriate employee access policies, minimizing security risks.
  4. Optimized Remote Access:
    • Migrating RDS to Azure Virtual Desktop (AVD) will improve access reliability and performance for remote teams.
    • Employees will benefit from faster, GPU-enabled desktop sessions and applications that enhance productivity.
  5. Cost Optimization:
    • SportCo expects significant cost savings by shifting from CAPEX-intensive on-premises infrastructure to a more predictable OPEX model.
    • Reduced dependency on hardware management and support costs and consolidated backup and recovery options in Azure will help optimize IT spending.
  6. Unified Data and Collaboration Tools:
    • Migrating file storage to Azure Files and setting up Universal Print will improve cross-functional collaboration.
    • Centralized storage in the cloud will make it easier to implement consistent access and data management policies across departments.
  7. Resilience and Business Continuity:
    • Azure’s disaster recovery and backup solutions will ensure business continuity with minimal impact on operations.
    • Critical applications such as Microsoft Exchange, SQL databases, and the corporate website will be migrated to resilient, high-availability cloud instances, reducing downtime risks.
  8. Enhanced User Experience and Productivity:
    • SportCo will improve employees’ mobile productivity and security by utilizing Intune for device and application management.
    • Migration to Office 365 and integration with AVD will enable smoother, modernized workflows for a remote and mobile workforce.

 

I’m interested in your thoughts and comments on this.   The first run is scheduled for spring 2025.

 

Thanks,

Dave