Matthias Mertens: [00:00:00] It make no sense to run a Docker container on a virtual machine in production. Yeah, no way we would do that. Regarding Kubernetes, at that time there was no resources to manage a Kubernetes cluster. There was no good reason to try to use Kubernetes. How did that fit into serverless? We use, uh, ECS Fargate.

Ah, okay.

Ashish Rajan: Okay.

Matthias Mertens: And with this one, we can run containers without having to manage any underlying infrastructure.

Ashish Rajan: What was the project about and where were you migrating from to where

Matthias Mertens: we decided that we would migrate out of these data centers and move all public clouds like AWS and Azure. The first idea was to perform the integration within one year.

It's 200 applications one year, and we decided for lift and shift approach. The idea is we needed to empty our data center as fast as possible to be able to stop the leases.

Ashish Rajan: For people who are starting this today, are there any milestones or stages you would think that, Hey, you know what, you don't have to boil the ocean

Matthias Mertens: first. What I would advise is [00:01:00] to find a partner that is, uh, used to. And that has experience because you do not this kind of of projects just, oh yeah. Let's start.

Ashish Rajan: Let's try. Hello, and welcome to another episode of Cloud Security Podcast. I've got Matthias with me. Hey man. Thanks for coming on the show. Hello. Could you tell us a bit about your professional background?

Matthias Mertens: So I'm cloud solution architect working for Insurances, which is a Swiss insurance company. Founded in 1858 in Lan. Oh, wow. Way older than me as well. And um, I'm working in a cloud enablement team. Yeah. Which means that we are, uh, providing cloud, uh, accounts or subscription to our internal, uh, customers.

Ashish Rajan: Yeah.

Matthias Mertens: If some team wants to, uh, deploy some, uh, resources in, uh, in the cloud, uh, we are providing them the account with all the base assets, like networking policies and, uh, access, uh, management.

Ashish Rajan: Oh, wow. And 'cause I think this kind leads well into the migration conversation where you, which you've had a, we're obviously recording this at HashiConf in terms of migration.

Can you tell us about the migration project? What was the project about, and [00:02:00] uh, where were you migrating from to where?

Matthias Mertens: So basically initially we had a data center, several data centers. Yeah. And, uh, for some, some license and lifecycle, uh, dining issues.

Ashish Rajan: Yeah.

Matthias Mertens: We, uh, decided that we would, uh, migrate out of these data centers and move all public clouds like AWS and Azure.

Ashish Rajan: Oh, okay. So you went, you did migration from data center to AWS and Azure?

Matthias Mertens: Yes, for several reasons. First because of we want to have things in the different, uh, locations. Yeah. Different data centers.

Ashish Rajan: Yeah.

Matthias Mertens: And having different, uh, cloud providers also helps this. Oh, right.

Ashish Rajan: Oh, you can spread your risk as well from that perspective.

Yeah, exactly.

Matthias Mertens: For regulation issues. Yeah, because it's good to have workloads separated again, physically and also legally. Oh, yeah. Okay. And also sometimes it makes sense to, uh, put some, uh, workload in some, uh, specific cloud. Like for example, if you're using Microsoft products, it [00:03:00] could make sense to, uh, run them on Azure for pricing.

Ashish Rajan: Uh, and licensing. Licensing as well. Licensing becomes a lot more easier. E5 or E7 whatever license you go for. Oh, it's interesting. And outta curiosity, and you can be honest about this, which one was harder to migrate to? Was it Azure or AWS?

Matthias Mertens: I don't think there is one which was, uh, more harder than the other.

Okay. Every cloud provider has its pros and cons. Yeah. And at the end, uh, we don't have big difference between both.

Ashish Rajan: And did you guys use cloud native automation? Like cloud formation or arm templates?

Matthias Mertens: No. As we are using, um. Multi, uh, multi-cloud architecture.

Ashish Rajan: Yeah.

Matthias Mertens: We decided to go to, uh, for a cloud diagnostic tool, which is, uh, Terraform to deploy our infrastructure.

Ashish Rajan: Yeah. And do you find, actually, I'm curious, did you start with both at the same time in paddle or was it AWS first and then Azure?

Matthias Mertens: So it's a little bit complicated. We started, basically the idea was we put everything on bs. Yeah. [00:04:00] But we still had some workload on Azure.

Ashish Rajan: Oh right. Okay. Right.

Matthias Mertens: And uh, so we always had both running in

Ashish Rajan: parallel.

Matthias Mertens: Yes. We always had both, uh, providers use, but the main integration was done to, uh, to AWS and, uh, now we are looking where to put which workload, if it makes sense to be, uh, on Azure or not.

Ashish Rajan: Ah, okay. Fair. Okay. So. Now that I understand between a Ws and Azure, you guys obviously had some workload in Paddle because you were trying to figure out whether it's AWS more or Azure.

Were, I'm curious what, how do you pick workloads? What kind of workload? Like there's obviously these days you have containers, you have compute sensor like EC2, EKS, the list goes on. Was there some thought process around what kind of applications or what? I'm thinking more for the people on the other end who would listen or watch this episode.

Some of them may be on that journey for migrating to data center, to a multi-cloud or a single cloud. What kind of workload do you pick up?

Matthias Mertens: What we did is we had machines in our data [00:05:00]center, virtual machines, and uh, we decided for lift and shift approach. Okay. In the beginning. Okay. Because the idea is we needed to empty our data center as fast as possible to be able to stop the leases and stop the licenses.

Yeah. So we decided we do. Lift and shift everything as fast as possible to, uh, to the cloud provider.

Ashish Rajan: Okay.

Matthias Mertens: And afterwards, the idea is to modernize the, the application. Yeah. Whenever possible. But this is. Ongoing. Ongoing. Yeah. It's a future project, so Of course. Yeah. We are not yet there. We finished the migration.

Ashish Rajan: Okay.

Matthias Mertens: Has lift and shift and, uh, now we are going, we are looking forward to what we're doing. Also, how did Terraform help in the migration if it was lift and shift? Several things. So first we have several cloud accounts and subscriptions Okay. That have each their network connection. Policies and so on.

Oh, so to deploy these, uh, these accounts and subscriptions, we are, we use Terraform to automate this and [00:06:00] allowed us to, um, create an account within minutes.

Ashish Rajan: Yeah.

Matthias Mertens: And then also for the migration itself, we have a partner which helped us in this, uh, for this migration. So we were not able to use the migration ourself.

Yeah. And, uh, this partner used Terraform to, uh, create a tfor models for this describing, basic virtual machine, for example, which is using their ATE images and all their tools around, for example, connecting it to their monitoring system and so on.

Ashish Rajan: Yeah.

Matthias Mertens: And, um, they created these modules and use the modules to deep, to deploy the machines and to, uh, to migrate them.

Ashish Rajan: Oh, okay. So you had different modules being created for Terraform, which almost, to your point, each module would've a specific purpose for why. That module exists, and then you can use that to automate across multiple workloads. Exactly. Instead of just one.

Matthias Mertens: We had to migrate around 200 applications, 200 applications.[00:07:00]

So we needed to have this automated as much as possible. Yeah. Okay. It was one, it was in the deal with our partner. Yeah. Which is the integration we will use. They, they will use Terraform to manage infrastructure.

Ashish Rajan: Interesting. And. Yes. I'm curious in terms of automation, and obviously I can understand because you had 200 applications, so you definitely needed some automation.

I'm curious, how much did the time reduce in terms of if you did not have the automation with Terraform and when instead if you had to do it one by one yourself, what would've been the time difference? Can you even imagine like, I'm just curious as to,

Matthias Mertens: I cannot imagine because it would not have been possible.

Ashish Rajan: Yeah. Or I mean, 'cause we had a very short deadline to move. From data center to like how, when was the LI license? I mean six months. One year.

Matthias Mertens: Like the idea, the first idea was to perform the immigration within one year. It's 200 applications in one year.

Ashish Rajan: Oh wow. Okay. And you guys managed to finish it? Just all of it.

Because of Terraform. Just in time

Matthias Mertens: we [00:08:00] managed to migrate most of it.

Ashish Rajan: Oh yeah. Okay. Fair. Yeah. And

Matthias Mertens: um, and this is mainly due to, um. Technologies like Terraform because having to do them this manually, it would not be possible.

Ashish Rajan: Yeah. I'm curious in terms of, I guess, using Terraform across multiple cloud providers and obviously I guess Terraform being an open source and multi-cloud, cloud Agnos language definitely helps.

You were, when before this we were talking about how you were using cloud native applications being built as well. Uh, in terms of you had gone down the path of making, building an application purely in cloud native. You share a bit about that as well? What was that project about? Yeah,

Matthias Mertens: so basically what happened is one of our branches, yeah.

Uh, wanted to, uh, run uh, a software that was provided by a vendor.

Ashish Rajan: Yeah.

Matthias Mertens: And this vendor, uh, gave them Docker image that they could run

Ashish Rajan: appliance, basically. Okay.

Matthias Mertens: Go on. And, uh, they said you can run this on a virtual machine with a container runtime [00:09:00] installed or run it on the Kubernetes cluster. So. Um, for testing maybe.

Yeah. It could be good, but it make no sense to run a in production Yeah. A docker container on a vertical machine in production. Yeah. No way we would do that.

Ashish Rajan: Yeah. You don't go into cloud to put something into virtual machine again. Exactly. That's why. Yeah.

Matthias Mertens: And, uh, regarding Kubernetes, uh, at that time there was no resources to manage a Kubernetes cluster.

Okay. And we just had one application that we want to run there. Yeah. So it. Yeah, there was no good reason to try to use Kubernetes Fair. And we were there. What do we do? Yeah. And we tried to find a, a way to run this with cloud, uh, native tools only.

Ashish Rajan: Okay. If

Matthias Mertens: possible serverless tools. So we don't have to manage the capacity.

We are paying only, uh, as we go. And, uh, we do not, we, uh, didn't have to think too much about, uh, what we would deploy.

Ashish Rajan: Oh, but. Because it was an [00:10:00] appliance that was given, which was like a, a server or contain to your point, but you were given a container os. Mm-hmm. How did that fit into serverless? 'cause isn't Lambda Oh, can Lambda, oh sorry.

You, did you use Lambda? What did you use? No, we didn't use Lambda.

Matthias Mertens: We use,

Ashish Rajan: uh, ECS,

Matthias Mertens: Fargate from S Oh, okay.

Ashish Rajan: Okay.

Matthias Mertens: And with this one we can run containers without having to manage any, uh, underlying infrastructure. Yeah. We just put, the image of this container number of CPU Ram, do we need some, uh, database?

Do, do we need some, um,

Ashish Rajan: storage?

what was the, uh, what was the learning that you came out of doing this cloud native deployment of the application where I guess someone was asking you to move a traditional, for lack of a better word. Yeah. So traditional appliance, they wanted you to deploy into cloud using cloud native.

A, I'm curious to know what was either, was there some challenges and B, what were some of the learnings and what were some of the challenges that you came across?

Matthias Mertens: So the challenges were to get this running on a [00:11:00]production grade.

Ashish Rajan: Yeah.

Matthias Mertens: So because running a container, everyone can do it. Yeah. As I said, on the on, even on the virtual machine. But here we had to have some surrounding services.

Like load balancing certificate. Yeah. H-G-T-P-S endpoint.

Ashish Rajan: Yeah.

Matthias Mertens: Where are the logs? How do we store secrets? Yeah. So we had to find, um,

Ashish Rajan: and do you, do you find that with the, uh, regulatory standards as well, was there any, does that make any difference if you are looking at a regulated workload versus a non-regulated workload?

Because I imagine there's difference, or is it just everything has to be regulated?

Matthias Mertens: We know we have regulated workloads which have some special needs. Yeah. Especially regarding backup.

Ashish Rajan: Yeah.

Matthias Mertens: But this one was not a regulated one. Okay. Right, right. So, uh, we didn't have to take that in consideration. Ah, perfect.

Ashish Rajan: Yeah. I guess those are most of the questions I had, but in terms of people who are trying to migrate, what would be if you were to put a maturity map to it? 'cause I think it's easy for us to look at, I have 200 application [00:12:00] data center. That I have to migrate and it can be quite overwhelming to where to even start.

For people who are starting this today, are there any milestones or stages you would think that, Hey, you know what, you don't have to boil the ocean in the first go if, if there are things like, I don't know if you have one or two things in mind that. If you see this, this is a great milestone.

You'll go in the right direction or start here. Are there some tips you can give to people on different maturity?

Matthias Mertens: First, what I would advise is to find a partner that's. Is, uh, used to that and that has experience because you do not this kind of, of project just, uh, oh yeah, let's start, let's try. Yeah. Just like bertes, just let, just deploy it.

Get a few clusters. Yeah. Yeah. This is not how it should be done. So yeah, we had a good partner, which help us to first assess, uh, which workload should be integrated when. So first prioritize assess the risk and, uh, check what. Has to be done.

Ashish Rajan: Okay. Also, [00:13:00] make sure, to your point, the first step should not be just, let's start deploying.

It should be more about let's figure out what applications are suitable to be deployed in the first place. Oh, interesting. And would you say, would you go for more modern applications like Microsoft applications first instead of the thick clients? Which one do you think is better to start with in your experience?

Matthias Mertens: So in our case, we decided to do a block move. Whatever application it was. There was no modernization. Oh, yeah. You picture shift.

Ashish Rajan: Yeah, that's right. Yeah, yeah, yeah.

Matthias Mertens: So that's here. Uh, there are some workloads which are not suited at all Yeah. For for the cloud. And this ones were excluded. Like for example, as every old insurance company, we have some mainframes.

Yeah. This one? Uh, we are still having them,

Ashish Rajan: but on of course. Yeah. I mean, I don't, I don't think mainframes are going anywhere anytime soon, I guess. I mean, I think they were there before I joined IT, and it'll be there after I leave IT as well. I don't think they're gonna go [00:14:00] anytime, but I mean, those are the technical questions I have.

I've got three fun questions as well. First one being, what is something that you're proud of that is not on your social media?

Matthias Mertens: I'm very proud of my, uh, two little daughters. Oh, church three and five.

Ashish Rajan: Oh, wow. I mean that, yeah. That's really cute. Thank you for sharing that. Final question. What's your favorite cuisine or restaurant that you can share with us?

Matthias Mertens: I like the French cuisine.

Ashish Rajan: Oh, like the French cuisine? Like, wait, uh, as escargot or what's your favorite dish? Meat with some sauces. I love that. I love that dude. Uh, and for people who want to connect with you and know more about. Say some of the challenges you had with migration mm-hmm. Of workload from data center to cloud.

Where can people connect with you? Are you on LinkedIn or? I'm on LinkedIn, yes. Okay. I can put the link for LinkedIn. But dude, thank you so much for coming on the show. It was great chatting with you as well and I hope you all enjoy it too. And, uh, connect with Matthias to know more about migration. Thanks.

Thank you for listening or watching this episode of Cloud Security Podcast. This was brought to you by Tech riot.io. If you are enjoying episodes on cloud security, you can [00:15:00] find more episodes like these on Cloud Security Podcast tv, our website, or on social media platforms like YouTube, LinkedIn, and Apple, Spotify.

In case you are interested in learning about AI security as well. To check out a sister podcast called AI Security Podcast, which is available on YouTube, LinkedIn, Spotify, apple as well, where we talked. To other CISOs and practitioners about what's the latest in the world of AI security. Finally, if you're after a newsletter, it just gives you top news and insight from all the experts we talk to at Cloud Security Podcast.

You can check that out on cloud security newsletter.com. I'll see you in the next episode,

please.

‍