Cloud-Native Migration Service: 4-Month Implementation

Cyclotron Inc.

With Cyclotron's Cloud-Native Migration (CNM) service, organizations can leverage our expertise in planning and executing the shift from Active Directory to Azure AD.

As enterprise organizations increasingly adopt cloud-based tools in favor of legacy on-premises tools, IT and Security teams become encumbered by the architectural burden of on-premises-reliant processes slowing the organization's productivity and security growth. Relying on Active Directory requires VPN complexity, hardware maintenance, less stability, app access complexity, increased attack surface, and slow updates.

Many organizations have approached Cyclotron with a simple ask: "Can you help us remove Active Directory and use Azure AD only?"

What we do: With Cyclotron's Cloud-Native Migration (CNM) service, organizations can leverage our expertise in planning and executing the shift from Active Directory to Azure AD. Our team of security experts helps navigate the complexities of migration, ensuring a smooth transition to a more modern, secure, and cloud-first infrastructure.

Scope: To remove Active Directory from an environment, Cyclotron helps enterprise IT teams assess & migrate the following areas:

-User identities, or a user's AD object. The only way to convert a user from on-premises sync to cloud-only is to delete the user on-premises and restore them from the Azure AD Recycle Bin, which is the very last step of this project.

-Identity lifecycle management, including any provisioning, deprovisioning or update processes for accounts. To migrate, orgs must shift to a different Source of Authority (such as Azure AD or an HR system) to create, update, or remove accounts rather than AD. Most IT teams don't like managing via AD, so this is a net positive change.

-Security groups, which govern access and membership to on-premises systems. To migrate, groups must be manually recreated in the cloud.

-Application access to any on-premises applications, whether web-based or client-server. To migrate, applications may either be modernized (re-coded), lifted-and-shifted to Azure AD Domain Services, replaced with a cloud application, or deprecated.

-​​​​​​​Workstation identities, the device object in Active Directory resulting from domain join. To migrate new devices, the domain join process must be replaced with cloud-native endpoints (otherwise known as Azure AD Join). To migrate existing devices, a migration tool such as Quest or ForesniT must be used, or existing devices can be wiped and reprovisioned via Autopilot (device wipe may frustrate users - avoid this).

-Workstation management such as Group Policy Objects (GPOs), Configuration Manager, or another on-premises device management tool. To migrate workstation management to the cloud, Cyclotron recommends Microsoft Intune as the lowest-complexity solution for cloud-native device management. It's usually owned by the org in Microsoft 365 E3 or E5 licenses.

-File share migration, in one of two approaches: Migrate data to SharePoint Online with our Collaboration team. Migrate data to Azure Files with our Azure team.

-Server migration, in conjunction with our Azure team. Server migration includes any servers that must be maintained without Active Directory. Our Azure team can help with lift-and-shift to Azure VMs, or translate workloads into cloud-native PaaS services.

-VPN dependencies, including security tools or productivity requirements that require access to on-premises resources. To migrate away from VPN, no resource access should require on-premises connections. Cyclotron recommends not using a VPN for cloud-native access unless absolutely required by the org, as all cloud-based traffic should be secured via HTTPS, leverage the Windows Firewall for client firewall security, and have web traffic monitoring using MDE & MDCA.

-Certificate provisioning from Active Directory Certificate Services (ADCS), used to authenticate to company resources like VPN, WiFi, or applications. To migrate, companies can deploy Intune's NDES Certificate Connector to provision from on-prem ADCS to cloud-based devices, shift to web-based public certificates in place of ADCS, or remove ADCS entirely and use the built-in certificate that comes from Azure AD to cloud-native devices.

-Print services, though Cyclotron does not yet scope migration of print services to cloud tools. Microsoft cloud-based Universal Print solution can help here, but some customers choose third-party cloud print tools.

-Security system integration, including any on-premises keycard systems or other security systems that might rely on an AD user object, group object, or device object.

-Employee experience, including our Change Leadership practice to manage the end-user experience for shifting from on-premises to cloud tools.

De un vistazo