I sat down with Chris Harms, one of our Solution Architects here at Sentinel Technologies in Grand Rapids. Chris holds a variety of certifications from Cisco, HPE and VMware and has familiarity with many data center related technologies including Microsoft Active Directory, Exchange/Office 365, VEEAM and NetApp. We talked about the process of merging companies together after acquisition from a technical perspective.
Josh:
All right, so, Chris, let's talk about a situation where one company is merging with another, purchasing another, perhaps are of similar size, and there's all of the traditional I.T. resources, data centers, networking, you know, network operating systems with user accounts and applications and all that stuff.
The process of bringing those two organizations together: Where do you start with that? What's kind of a high level approach to begin thinking through all the different technologies there are, where does it begin in your eyes?
Chris:
So the first step you have to take is you have to decide on how you want to merge the organizations. Is one organization going to be the parent organization? You have to decide, you know, is there one environment that's going to be the one that gets migrated into the other? Once you decide that, then assuming you're using Active Directory for your user access controls and managing your environment, which most organizations are, then the first thing you do is set up a domain trust between the two organizations.
As part of the trust, you have to set up a site to site tunnel between both organizations from firewall to firewall. And then once that's established, you create an Active Directory Federation Trust between the two organizations. This will allow permissions and access to be passed back and forth between the organizations from there. Then the organization needs to sit down and determine what all of the information that exists in an account in the environment that is getting migrated into the into the parent organization. What needs to come across? What do they want to do? What do they need to keep from each side? Do they want to, you know, just create new accounts for everyone, give them new accounts and then just delete everything? Or is there inherent data or knowledge that needs to be transmitted or migrated from the environment that's going away into the new combined environment?
Click here for more information on AD Federation Services.
Josh:
Regarding that tunnel between the two organizations that allows that Microsoft Active Directory domain trust to be established, does that assume that both of these networks internally are unique? And if you have a situation where you have maybe some network overlap, does that have to be addressed first or are there ways to kind of get around some of that?
Chris:
As long as the domain controllers for both organizations are unique, that does not need to be addressed at this time. To establish the trust if there is an overlap of an IP address on the domain controllers then other steps need to be taken prior to the trust.
Josh:
Ok, so once the trust is in place, that allows you to leverage user accounts on both sides, essentially to make it a little more easy to transition applications, is that right?
Chris:
It makes it easier to transition access, not necessarily applications, but access. So people from organization one will be able to access resources on organization two and vice versa. There are a couple of different ways to set up the trust to limit that access, but essentially it is to allow access to flow between the two organizations.
Josh:
Ok, so after that is established then, are we looking at just general connectivity so that you can then look into how applications will be leveraged or what is the next step?
Chris:
So, yeah, once you've established the trust then the next major step is you need to start looking at how you're going to merge or migrate the environment into into one larger environment. So you have to go through the process of identifying what needs to come from the environment that's going away and what needs to be moved into the future environment, because that will that dictate a lot of other application security and a lot of other resource constraints that need to be identified through the project.
For example, if you know an organization that has been acquired has no on premise servers or applications, database servers, no financial applications, no H.R. systems that they have to migrate, do you need to migrate any access permissions crossed for those user accounts? Do you need to migrate user accounts? Can you just create new accounts in the environments that is remaining?
So what you want to do is identify what needs to be migrated across. If there's nothing else from an applications standpoint, then that means you most likely don't need to migrate any objects either. So it's all about looking at this from a holistic approach and see what's there today and what you want to keep and what you don't, depending on what you want to keep, will dictate the next steps
Josh:
So in some ways it might be, even though you've chosen a primary organization versus the secondary organization, you may still be picking and choosing applications from both of them to ultimately become the new environment?
Chris:
Exactly. It's important to note that these are not technological decisions that we as a VAR (Value Added Reseller) can make for an organization. These are business decisions that the organizations need to make. We have Advisory services that can help guide them through that process, but it's a business decision that really drives the direction here.
Josh:
That process in and of itself may also steer the future number of data centers and locations? If both organizations have a couple of data centers, maybe some hybrid cloud - when they come together - where will those applications live, which ones need to live through the merger, are going to dictate which data centers stay, what cloud applications continue to stay, right?
Chris:
Yeah, absolutely. From a Sentinel perspective, we have Advisory Services to consult with C-level individuals to help make those business decisions and then we have Solutions Architects, PMO and Engineering talent to implement the movement of resources between data centers and into and across hybrid cloud instances.
Josh:
It wouldn't be uncommon for some manner of consolidation to follow, bringing data centers together, choosing one cloud platform, maybe over another?
Chris:
Absolutely. Consolidation is the ultimate goal here. You don't want to have to manage four data centers when you only need two. You don't want to have to manage two or three cloud providers when you only maybe need one or two. So a consolidation will come about because of this whole process and that ultimately that will help, you know, reduce overall costs for the organization. Sure.
There is a lot more to consider when merging whole network infrastructures - Chris and I continue the conversation in Part II.
If you are facing a challenge similar to this in your IT organization, we are prepared to help get you moving in the right direction. Feel free to reach out to me and we can get the conversation started.
No comments:
Post a Comment