As a company, we are heavily deployed in the cloud (#MicrosoftAzure), and with most of our infrastructure running on Azure, our business continuity planning (BCP) has been very, very comprehensive!
But the COVID-19 situation threw a couple of twists into our BCP scenarios. First, there was the possibility of the whole company, with offices across the world, working from home – that is what a pandemic does to you! Second, the availability of sufficient bandwidth promised to be a big challenge – especially in specific areas and for high bandwidth requirement workloads like our source code control system.
The Situation
We have more than 1,000 people globally. Out of these, more than 400 are engineers with high network bandwidth requirements.
What We Lucked Out With
- We actually had a working,tested business continuity and disaster recovery plan! All of our systems are on the cloud or with a SaaS provider. For example, our customer ticketing system and HR systems are managed through cloud services. Office 365 takes care of email and storage, and Microsoft Teams is a critical collaboration tool.
- Pune, our largest office, is spread across two different sites, with a third site available on-demand according to our BCP, making isolation and redundancy that much easier.
What We Had to Prepare For
The first challenge was to ensure that we could be ready for all Icertians to be fully enabled to work from home if required – not 10% or 50% but everyone (you can find the press article here). As the COVID-19 situation evolved, we started putting together the nuts and bolts of a system that would allow us to seamlessly do that. Here are the cornerstones of the system:
Some of our systems, like our attendance system, were on-prem. To address this, we set up a Site-to-Site VPN from the on-prem data center to Azure:
- It took us less than a day to set up a viable Site-to-Site VPN, making our local network and resources in Azure appear exactly the same! This includes the design, routing, DNS, and all the changes necessary to get this built and tested! Traditionally, this would have taken days just to procure the hardware to enable this! This is the power of #Azure!
- The Site-to-Site VPN enables my private network to find other resources hosted on Azure in the same network! Essentially, except for the link that goes over the internet (encrypted, of course) there is no difference between a machine running in our office and a machine running in Azure. We were able to fully connect the few servers we had in the office to Azure seamlessly.
- You can find more information on Azure Site-to-Site VPN here.
We enabled Point-to-Site VPN for everyone:
- One of the challenges was to avoid our normal VPN, which routed everyone who connected remotely through an on-premise corporate firewall so that on-premise resources could be accessed. This was because the internet bandwidth available in our offices would constrain us if everyone started accessing the network remotely.
- With Azure Point-to-Site VPN, individual Icertians can now connect directly to resources in Azure safely and securely.
- The Point-to-Site VPN configuration and instructions setup was done in hours – end users can set it up in under a minute! The deployment was easy; the configuration was very simple. A single configuration file pushed to individual laptops did the trick.
- With a Point-to-Site connection, the bottleneck of our office internet connectivity was gone!
- You can find more information on Azure Point-to-Site VPN here.
We enabled Azure Virtual Desktop Infrastructure (VDI):
- VDI helps to have your own desktop in Azure. That means with a light-weight device (like a Netbook or iPad) and a limited-bandwidth internet connection, I can connect to a Virtual Machine (VM) in Azure. Once that happens, the bandwidth from the VM to Azure is massive, and the bottleneck for individual home internet connections is removed!
- VDI provides a great way to safely and securely provide people with machines in the cloud that are fully managed.
- Our critical users would be the first to go on to VDI.
We switched fully to Microsoft Teams!
- If you have ever been frustrated by Skype (and Lync, and all that came before it), you will be blown away by Microsoft Teams! People love it, and adoption has been viral (bad word, but I will still use it! Wish all viruses were like that!) Not that we were not using Teams before – but now we live and breathe it! When a tool like this becomes a habit, productivity soars!
Bottom line, our investment in the Azure infrastructure, our BCP and disaster recovery planning, our quick reaction to an emerging crisis, and a bit of luck that helped us on our way (you always need that bit!) helped us come out stronger and better in adversity.
Icertis' values are Fairness, Openness, Respect, Teamwork and Execution (#FORTE). The #teamwork and #execution required to carry out all of the above demonstrates why a value system is so critical in these times!
And not to forget a great partner in #Microsoft – we got incredible support from the India team and it was great to see our partner have our back!
I hope you find our experience useful and this post gives you some ideas and helps you on your way. Be safe out there, and if you have questions, Please do reach out.
Want to learn more about how Icertis is leveraging Azure? Watch this video from our CISO and VP of IT, Sandeep Kulkarni