Microsoft IT has been partnering with Microsoft Treasury and Azure Engineering to migrate the entire Treasury app portfolio to the cloud. We moved all the company’s treasury functions (managing more than US $100 billion) to Microsoft Azure from on-premises systems. The Treasury app portfolio includes apps managed by Microsoft IT, those supplied and managed by third-party providers, and the trading floor infrastructure. To make the move to Azure, we needed to:
- Migrate Treasury apps to Azure IaaS.
- Assess Treasury apps to move to Azure PaaS.
Planning and executing the migration took nearly eight months and was successful, and today Microsoft Treasury runs on Azure. We made the decision to move 100 percent of the Microsoft IT-managed apps and infrastructure from on-premises datacenters to the cloud to provide a unified, scalable, and resilient Treasury app platform. Moving Microsoft Treasury to Azure has:
- Reduced infrastructure costs by 20 percent year over year.
- Reduced infrastructure footprint by 61 percent.
- Gained infrastructure agility. Resources are scalable within minutes instead of weeks or months.
Realizing opportunities for innovation
Microsoft Treasury is responsible for managing financial assets of the company, and it manages two-thirds of the balance sheet. The high-level functional teams include Capital Markets, Capital Management, and Risk and Credit Services. Microsoft Treasury supports:
- Operations in 191 countries and in more than 30 currencies.
- More than US $300 billion annual cash movement.
- Approximately 2,000 bank and custody accounts and relationships with 95 banks.
- 18,000 annual portfolio trades per year totaling approximately US $600 billion.
- More than 10,000 wire transfers processed per year.
Identifying opportunities to improve with Microsoft Azure
We want our business users to be able to take advantage of apps hosted in the cloud, so we committed to Microsoft Azure as the core of our IT environment. Azure platforms are the target for all IT infrastructure and are our first consideration for new app deployments. The combined team of Microsoft IT, Microsoft Treasury, and Azure Engineering chose infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) functionality in Azure to support Treasury applications. When we analyzed Treasury’s app and data structure, we recognized several improvements that are available using cloud-based solutions:
- Many apps and data solutions that contained similar data were redundant. Many of the data sources for these solutions were disconnected and isolated from each other.
- Data volumes were progressively increasing, nearly doubling every year, increasing the cost of maintaining storage infrastructure.
- A complex, manual process was required for disaster recovery and high availability.
- The financial nature of the business causes seasonal peaks in app and data use. Apps that support periodic high volumes at certain times of the year were running on architecture that wasn’t fully utilized for the rest of the year.
- Integrating business processes relied on manual tasks, such as email, file sharing, and data copying.
Driving migration with business-first decision making
We wanted the migration process to be business-focused, not merely a technical shift. Each app, as well as the overall migration, was always considered based on business importance and value.
We assessed the current Treasury environment and established high-level goals to create a specific set of qualities in the Azure-based solution. These guiding principles focused on using the elasticity, availability, and scalability of Azure to:
- Provide a complete view of Treasury data.
- Reduce isolation and duplication of data and processes.
- Provide business insights with integrated, real-time business data.
- Provide a scaled architecture to support seasonal demand.
- Use the built-in resiliency of Azure architecture wherever possible.
Although cloud adoption was a high-level goal, we understood early that the approach and methodology must consolidate and unify data for Treasury business processes. We established a high-level approach to analyze business processes and apps, and to consider the solutions that we manage separately from those managed by third-party vendors.
The goal of our migration was to move our existing infrastructure into to the cloud, and to use the migration as an opportunity to redesign how we present the entire Treasury experience to our users. We didn’t want our business operations dictated by IT infrastructure limitations. We wanted to use Azure PaaS to create new and better ways to provide the Treasury environment to our users. We considered the entire Treasury experience, not simply its components.
Planning Azure migration
The primary consideration for any app, regardless of who manages it, is suitability for migration to PaaS. We wanted to take advantage of the built-in resiliency, scalability, and manageability of PaaS solutions. Those apps deemed suitable for Azure PaaS underwent an additional evaluation for how they would be redesigned. Through this evaluation, we identified opportunities to improve these apps and to move them to the modern app stack.
We understood that redesigning apps for Azure PaaS would take time. Our engineering and development needed to address the redesign of our user experience, evaluate the Treasury experience, and evaluate apps for migration. We knew the entire migration would stretch out over several months. Many Treasury apps were hosted in one of our datacenters that was scheduled to be decommissioned. We wanted to avoid moving infrastructure to a new data center if possible, but it was clear that we would not be able to migrate all of our apps to the cloud before the data center was decommissioned.
“Adopting Microsoft Azure is a core part of the Microsoft Treasury vision to drive innovation and productivity.”
– George Zinn, Microsoft Treasurer
Enabling cloud efficiency with Azure IaaS
We recognized the scalability, elasticity, and reliability of Azure IaaS as enablers of a more efficient and effective Treasury environment. Migration to Azure IaaS was also a potential solution to an impending data center shutdown. With Azure IaaS, we could take our existing data center infrastructure and import it into Azure IaaS Virtual Machines and Virtual Networks, replicating our infrastructure design in Azure IaaS. This “lift and shift” process allowed us to quickly get our apps out of the data center and into the cloud. We could immediately take advantage of the benefits of hosting our environment in Azure, and we had time to properly plan for migrating the Treasury environment into Azure PaaS.
“Only Microsoft Azure has the third-party/AIG network interruption endorsement.”
– George Zinn, Microsoft Treasurer
Establishing pilot Azure IaaS migration criteria
The Azure IaaS migration process was planned on an app-by-app basis. At first, we were careful to choose apps that were best suited to pilot our lift and shift process, based on the following criteria:
- A small user base that was available for feedback. We wanted to be in close communication with users, to catch any issues that might occur and to develop procedures and best practices for subsequent migrations.
- A simple, preferably small, infrastructure footprint. We wanted to start with apps that had a simple design, simple network requirements, and that used fewer servers.
- Limited dependencies and business impact. We focused on apps that did not have many external dependencies and tried to avoid apps that were critical to operations. We did not want delays or other migration issues to negatively impact day-to-day business tasks.
Migrating using lift and shift
After we established the migration order, we began the lift and shift process, which was relatively simple. We needed to ensure apps were ready for IaaS, migrate the infrastructure, test it, and then transition. Each app migration followed these steps:
- Pre-engineer. We evaluated each app to determine whether it would operate within Azure IaaS in the current app configuration. Changes were made to the app infrastructure, if required.
- Configure IaaS environment. We provisioned and configured the required Azure IaaS infrastructure. This consisted mostly of virtual machines and virtual networking components.
- Migrate infrastructure. We migrated on-premises operating systems, data, and infrastructure configuration to the corresponding Azure IaaS components.
- Test compatibility and regression. We tested the app for proper functionality and usability. We involved app users in this testing, which was done in a test environment that did not affect our production environment. The production environment was still on-premises at this point.
- Run parallel operations. We transitioned users to the Azure IaaS production environment. We ran the Azure IaaS version of the app in parallel with the on-premises version until the Azure IaaS app was ready for complete takeover.
- Decommission on-premises infrastructure. After the on-premises app was completely removed from the production environment, we decommissioned any on-premises infrastructure.
Lift and shift provided a simple migration method to get our Treasury infrastructure onto the Azure platform quickly, which immediately reduced data center infrastructure. The migration allowed us to decommission the on-premises servers immediately and realize the cost savings.
Identifying candidates for PaaS migration
After an app was transitioned into Azure IaaS, we began analyzing the app to determine whether it was suitable for moving to Azure PaaS. Azure PaaS provides more scalability and elasticity, and it reduces administration and maintenance requirements. The migration approach was business-focused, so we first established business-based objectives for the PaaS migration. These objectives helped clarify why we were moving to Azure PaaS and what qualities were expected of apps using Azure PaaS. These qualities included:
- Procure and scale systems and resources quickly and as needed.
- Release code and realize business value faster by flighting to specific roles as well as automated deployments cycles.
- Migrate apps and processes to a modernized environment to take advantage of new opportunities.
- Consolidate isolated databases into a functional whole.
- Minimize cost by reducing on-premises infrastructure.
- Combine processes that can be brought together more seamlessly and executed with faster results.
- Build analytical systems on top of a data solution that provides a comprehensive view of business data.
- Use machine learning and analytics capabilities in Azure to lead with business impact as a first consideration.
Creating criteria to analyze migration approach
We focused on specific criteria when analyzing apps for PaaS suitability. Generally, we wanted to migrate the apps that required the least amount of effort for migration first, while also considering business and technical impact. We created the following criteria to use in assessing Treasury apps:
- How critical is the app to Microsoft business processes?
- What is the level of impact that the app’s data would have on Microsoft?
- How many people use the app?
Understanding suitability and migration effort
- How complex is the app’s infrastructure?
- What is the size of the app and any related databases with terms of velocity, volume, and variety?
- What are the requirements for seasonal elasticity?
Using PaaS migration analysis to increase efficiency and add value
With the objectives and criteria in place, we proceeded to assess our first-party apps for migration. We realized early that most apps identified as PaaS candidates would require some level of redesign. Our development teams saw this as an opportunity to re-create the same functionality set in each app, and to consider how the app could be more functional, more streamlined, or even combined with another app. This analysis provided significant opportunities to build a better, more functional, and more unified Treasury app environment.
Understanding security considerations
We take security seriously. Protection of our business data is among our top priorities at Microsoft Treasury. When migrating Treasury apps to Microsoft Azure, we considered all of the compliance and data security aspects of hosting our data in the public cloud. Here’s what we learned:
- Make security a top consideration. There were apps and data that required additional considerations and Azure-specific configuration. For example, an app in the Treasury portfolio required reduced latency for extract, transform, and load operations, so we elected to use Azure Premium Storage, which supports higher input/output operations rates.
- Capture all app and data legal requirements. Complying with legal requirements for data safety and security can be a complex issue. We worked with the stakeholders and data owners for each app to capture all corporate and legal compliance requirements.
- Understand compliance status of Azure features and functionality. Azure changes on an ongoing basis, and that means new features and functionality are continually being added. At the beginning of our assessment, Azure compliance certification was a big concern, both for legal requirements, like Sarbanes-Oxley, and for our own internal corporate compliance. We reviewed the most recent Azure compliance information to understand which Azure IaaS and Azure PaaS components were Sarbanes-Oxley compliant, and how they could be used to create compliant solutions for many of our apps.
“For a highly secure financial system such as ours, using Microsoft Azure is helping us to operate an enterprise-grade infrastructure without having to build and maintain one ourselves.”
George Zinn, Microsoft Treasurer
Assessing business results
The migration of Treasury apps to the cloud using Azure is an ongoing process for Microsoft IT. To date, we have almost 100 percent of our infrastructure hosted in Microsoft Azure. The migration includes not only the app infrastructure, but also the required IT infrastructure for the entire environment, as well as test and development instances. We have realized many benefits to IT and our general business. Among the most significant benefits from our migration are:
- Clearer understanding of IT costs. By hosting all Treasury apps in Azure, we have created a single infrastructure cost—our Azure subscription. We can now succinctly quantify our infrastructure spending and use those numbers to further reduce costs and gain efficiency. From the beginning of the migration to the end, our changes to the Azure environment have saved us over 20 percent of our monthly Azure subscription costs.
- Reduction of on-premises infrastructure. We reduced our infrastructure footprint by 61 percent, from 54 servers to 21, along with the storage space and network infrastructure required by those servers.
- Agility in infrastructure management. Azure provides greater infrastructure management agility. Scaling resources for apps up or down takes only the minutes or hours required to create, deploy, and assign Azure resources, compared to the days, weeks, and potentially months it takes to procure and deploy physical server and network resources. In many cases, scaling and modifying Azure infrastructure is automatic according to load or scheduling, requires no maintenance, and is immediate for many of our apps.
- Business efficiency. The overall Treasury experience has become more reliable and business-oriented as a result of our migration to Azure. The reengineering of our app portfolio for Azure PaaS allowed us to revisit the Treasury experience and approach it as an entire solution, rather than a combination of individual apps. Now, our users are more effective and efficient, and our infrastructure is more streamlined and cost-effective.
Microsoft Azure has changed the way that Microsoft Treasury IT infrastructure operates. By using a combination of Azure IaaS and PaaS components, we were able to quickly migrate all on-premises apps to Azure except for one, which will be migrated before the end of the calendar year. The apps were migrated with minimal downtime and no business interruption. While we found some cost benefits by simply reducing the on-premises data center footprint, the significant benefits were realized in greater innovation and productivity as our engineers redesigned applications using Azure PaaS components to create much more cost-efficient, agile, and scalable Treasury app environment.
Overall, Azure has allowed Treasury IT to provide a better product to our customers—more agile, more accessible, more usable and more cost effective on a fully regulatory compliant Microsoft cloud.
“Our cloud solution has already lead to improved availability, reliability and is proving to be a very efficient computing environment for financial business.”
George Zinn, Microsoft Treasurer
For more information
© 2019 Microsoft Corporation. All rights reserved. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.