Case Study: Public sector Azure Landing Zone and Server refresh

Challenge

The client’s infrastructure originally operated from the central datacentres. Based on a deadline, it was necessary to migrate to Microsoft Azure to reduce the need for regular and expensive hardware refresh and associated datacentre costs. The new solution enables the client to adopt a cloud-first strategy.

The critical success factors for the project were to develop a Microsoft Azure environment that meets the performance, security, and management needs for workloads and clients hosted in the environment, to validate the project’s technical delivery and migration approach, and to provide secure and performant connectivity to existing clients.

Subsequently, during 2022 and 2023 it was necessary to build 118 Azure Virtual Machines to upgrade from Windows 2012R2 to Windows 2019.

Solution

Trustmarque designed and deployed an Azure Landing Zone provided the central communication links, firewalls and shared services for the environment and helps reduce costs by sharing core services, allowing the client to migrate from the on-premises datacentres.

The design consisted of one core Azure Landing Zone and 14 secure spokes for the different customer environments. The VM’s were built to an O/S level compliant with NCSC, PSN and Microsoft best practice. Utilising Azure, they were able to maintain their requirements for 99.9% availability and provide 4-hour Recovery Time Objective (RTO) and a 1-hour Recovery Point Objective (RPO).

A high-level approach set the goals to design and deploy an Azure Landing Zone located in UK South, with the secondary datacentre in UK West for DR purposes.

Key Deliverables of the Azure landing Zone

• The deployment and migration should be completed within tight deadlines.
• Disruption and change to the customers must be minimised.
• Existing links and the Integrated Communications Hub should be maintained where appropriate.
• Migration will not impact recoverability of legacy archives.

With the need to refresh the Azure Virtual Machines, Trustmarque undertook the following activities:

Key Deliverables of the new Virtual Machines

• Build 118 Azure Virtual Machines to replace the existing Azure Virtual Machines.
• Documented and updated Firewall/Network Security rules to allow the new Azure virtual machines to have access to the same services as the old virtual machines.
• Enabled monitoring on the new 118 Azure Virtual Machines and disable monitoring and decommission old Azure Virtual Machines.

“Trustmarque have consistently worked closely with the team, developing a tight day to day working relationship. Again and again the Trustmarque team have gone above and beyond”

IT Director

Outcome

Following the original provision of an Azure Landing Zone, along with all connectivity and virtual machines required, the client was able to exit the on-premises data centres by the deadline set, and successfully migrating to the Cloud with minimal disruption and downtime.

The refresh of the 118 virtual machines allowed the client to continue to operate in Azure on supported windows operating systems and reduces the need for expensive hardware refresh and datacentre hosting costs.

Expand your capabilities with Azure Managed Services

In March 2023, out of 400,000 global organisations in the Microsoft Partner Network, Trustmarque received the sixth designation in ‘business applications’. By succeeding in all six designations, we unlocked the highest tier of the program and receive the seventh designation for overall excellence in the Microsoft Cloud.

Building on this, our Managed Services build on our partner-led approach, giving you access to technical expertise, innovative solutions and best practice approaches that bring real benefits, not least cost optimisation.