Cloud Migration Challenges and Solutions

What a surprise for the EU 😱 😉 A recently published expert opinion commissioned by the German Federal Ministry of the Interior has sparked a pivotal discussion on data governance and sovereignty. According to the report, US authorities can exert far-reaching access rights to cloud data managed by US-based companies, even when that data is stored in European data centers and administered through local subsidiaries. This is because legal instruments such as the Stored Communications Act extended by the Cloud Act and Section 702 of FISA focus on the provider’s control, not the physical location of the servers. This finding is a firm reminder that simply hosting data on European soil does not guarantee protection from extraterritorial legal claims. It reveals structural risks in relying on dominant foreign cloud providers for sensitive data and critical digital infrastructure. For Europe to truly uphold its data protection principles and strategic autonomy, the conversation must go beyond compliance checklists and contractual assurances. We need stronger investment in #opensource digital infrastructure and indigenous technologies that reduce dependency on non-European platforms. Open source fosters transparency and auditability while enabling communities and businesses to build on systems that are not bound by foreign legal systems. If #digitalsovereignty is to mean more than a buzzword, we must accelerate our efforts towards resilient, interoperable, and locally governed alternatives. Only then Europe can ensure that its data is governed by the laws and values that its citizens and organisations expect. Source: https://lnkd.in/dtpXiwYN

Lift and shift is the most expensive way to avoid real cloud transformation. Moving your mess to the cloud just gives you an expensive mess. At Mayfair IT, we have built cloud platforms using fundamentally different approaches. The difference in outcomes is dramatic. Lift and shift is seductive. Take existing servers, virtualise them, run them in Azure or AWS. Call it cloud migration. Declare victory. The infrastructure is now in the cloud. The problems are unchanged. Applications still assume they run on dedicated hardware. Scaling requires manual intervention. Failures cascade because nothing was designed for distributed failure. You pay cloud prices for on premises architecture. What cloud native actually means, We have built greenfield platforms on Azure designed from the beginning for cloud. Platform as a Service and Software as a Service components doing what they do best. Azure Data Factory orchestrating data pipelines instead of custom ETL running on virtual machines. Cosmos DB providing distributed databases instead of clustered SQL servers. Serverless functions handling event driven workloads instead of always on application servers. The difference is economic and operational. What changes with cloud native architecture: → Scaling happens automatically based on demand, not manual capacity planning → Failures in individual components do not bring down entire services → You pay only for resources actually used, not capacity provisioned for peak load → Updates deploy without downtime because architecture assumes continuous change We have also migrated legacy systems to cloud where complete refactoring was not feasible. The challenge is knowing which approach fits which situation. Greenfield builds should always be cloud native.  Legacy migrations require honest assessment of whether lift and shift provides enough value to justify the effort. Sometimes the answer is yes.  Moving a stable system with known workloads to cloud can reduce operational overhead even without refactoring. But presenting lift and shift as cloud transformation is dishonest.  You moved the location. You did not change the architecture. The organisations getting real cloud value are the ones willing to rebuild applications to use cloud capabilities properly. How much of your cloud spending is on virtualised servers that could be replaced by managed services? #CloudNative #Azure #DigitalTransformation

𝐄𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐀𝐳𝐮𝐫𝐞 𝐋𝐚𝐧𝐝𝐢𝐧𝐠 𝐙𝐨𝐧𝐞 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞 Most enterprises treat Azure like a single subscription. The ones that scale treat it like a multi-region, multi-environment platform with strict boundaries. Here is the landing zone architecture that separates production-ready deployments from chaos: 𝟏. 𝐆𝐥𝐨𝐛𝐚𝐥 𝐋𝐚𝐲𝐞𝐫 • Azure Container Registry stores container images centrally. • Azure Front Door with WAF protects applications at the edge. • Azure Cosmos DB provides globally distributed database access. • Azure Log Analytics and Storage centralize logging and telemetry across all regions. This layer is shared across all regions and environments. 𝟐. 𝐑𝐞𝐠𝐢𝐨𝐧 𝟏 𝐚𝐧𝐝 𝐑𝐞𝐠𝐢𝐨𝐧 𝐧 • Each region is subdivided into Stamps for independent deployment units. • Website hosts the application frontend. • Azure Key Vault secures secrets and credentials. • Azure Event Hubs handles event streaming. • Checkpoints Storage persists processing state. • Azure DNS manages domain resolution. 𝟑. 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐋𝐚𝐲𝐞𝐫 • Self-hosted build agents run CI/CD pipelines. • Jump Boxes provide secure access to private resources. • Azure Bastion enables browser-based SSH and RDP without exposing VMs. • All management traffic runs through vNet. Access is locked down. No direct internet access to production workloads. 𝟒. 𝐂𝐨𝐧𝐧𝐞𝐜𝐭𝐢𝐯𝐢𝐭𝐲 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐩𝐭𝐢𝐨𝐧 • Hub VNet in each region connects to spoke VNets via vNet peering. • Azure Firewall, Express Route, and VPN control traffic between on-premises and cloud. • Azure DDoS Standard protects against volumetric attacks. • Role Assignment, Policy Assignment, Network Watcher, and Defender for Cloud enforce compliance and security. This is the central hub that routes all traffic and enforces security policies. 𝟓. 𝐑𝐞𝐠𝐢𝐨𝐧𝐚𝐥 𝐌𝐨𝐧𝐢𝐭𝐨𝐫𝐢𝐧𝐠 • Azure Log Analytics aggregates logs from all resources. • Azure Application Insights tracks application performance. • Storage archives telemetry for long-term analysis. Monitoring is regional but feeds into a global view. 𝟔. 𝐎𝐧-𝐏𝐫𝐞𝐦𝐢𝐬𝐞𝐬 𝐈𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐢𝐨𝐧 • Express Route or VPN connects on-premises systems to Azure. • Hub VNet bridges cloud and on-premises environments. Landing zones are not optional for enterprise scale. Without them, you get sprawl, security gaps, and inconsistent deployments across regions. 𝐖𝐡𝐢𝐜𝐡 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐲𝐨𝐮𝐫 𝐀𝐳𝐮𝐫𝐞 𝐚𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞 𝐧𝐞𝐞𝐝𝐬 𝐭𝐡𝐞 𝐦𝐨𝐬𝐭 𝐚𝐭𝐭𝐞𝐧𝐭𝐢𝐨𝐧? ♻️ Repost this to help your network get started ➕ Follow Anurag(Anu) Karuparti for more PS: If you found this valuable, join my weekly newsletter where I document the real-world journey of AI transformation. ✉️ Free subscription: https://lnkd.in/exc4upeq ##AzureArchitecture #LandingZone #EnterpriseCloud Reference: https://lnkd.in/e3ujruqt

💡There’s an interesting trend I observed with organizations recently: they are choosing to save money and simplify their operations by using slower but cheaper storage systems. This is especially true when they handle large amounts of data and sub-second latency isn't critical. Let’s find out what’s motivating this. Data loses its value over time. Once data becomes older and rarely accessed, real-time performance becomes less crucial. While developers need to access historical data for analysis, ad hoc queries, and compliance requirements, they can accept some latency. Their priority now shifts to storing this older data most cost-effectively and efficiently. Compute-storage decoupling is something that we inherited from the Hadoop era, allowing storage systems to use tiered storage for improved cost-efficiency and scalability. ✳️ Object stores became the de facto tiered storage Amazon S3 was officially launched in 2006. Almost 20 years later and with trillions of objects stored, we now have reliable infinite storage. People started to call this cheap, infinitely scalable storage a Data Lake(or Lakehouse nowadays). For developers, it offers a simple path to disaster recovery. When you upload a file to S3, you immediately get eleven nines of durability—that's 99.999999999%. To put this in perspective: if you store 10,000 objects, you might lose just one in 10 million years. As object stores like S3 become more affordable, databases and OLAP systems have increasingly utilized deep object storage to enhance cost efficiency and durability. For example, PGAA, the EDB’s analytics extension for Postgres, allows you to query hot data and cold data with a single dedicated node, ensuring optimal performance by automatically offloading cold data to columnar tables in object storage, reducing the complexity of managing analytics over multiple data tiers. ✳️ Not only databases, but streaming data platforms are evolving too Redpanda and WarpStream show how modern streaming platforms can save money while maintaining good performance. They do this by using a mix of fast local storage (SSDs) for quick access and cloud storage for most of their data, avoiding costly cross-AZ data transfers. ✳️ Why not make the object stores Iceberg compatible? That will transform simple storage solutions into powerful data management systems like data lakehouses. This compatibility brings essential features like schema evolution, time travel capabilities, ACID transactions, and performance optimizations—all while maintaining the cost benefits of object storage. This gives organizations the flexibility to choose their own query engine and catalog, making data platforms more modular and composable.

𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗻𝗴 𝗖𝗹𝗼𝘂𝗱-𝗡𝗮𝘁𝗶𝘃𝗲 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲𝘀 𝘄𝗶𝘁𝗵 𝗟𝗲𝗴𝗮𝗰𝘆 𝗦𝘆𝘀𝘁𝗲𝗺𝘀: 𝗟𝗲𝘀𝘀𝗼𝗻𝘀 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗙𝗶𝗲𝗹𝗱 In a recent engagement with a large financial services company, the goal was ambitious: 𝗺𝗼𝗱𝗲𝗿𝗻𝗶𝘇𝗲 𝘀𝘆𝘀𝘁𝗲𝗺𝘀 𝗼𝗳 𝗲𝗻𝗴𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝘁𝗼 𝗽𝗿𝗼𝘃𝗶𝗱𝗲 𝗮 𝗰𝘂𝘁𝘁𝗶𝗻𝗴-𝗲𝗱𝗴𝗲 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲. 𝙏𝙝𝙚 𝙘𝙖𝙩𝙘𝙝? Much of the critical functionality resided on mainframes—reliable but inflexible systems deeply embedded in their operations. They needed to innovate without sacrificing the stability of their legacy infrastructure. Many organizations face this challenge as they 𝗯𝗮𝗹𝗮𝗻𝗰𝗲 𝗺𝗼𝗱𝗲𝗿𝗻 𝗰𝗹𝗼𝘂𝗱-𝗻𝗮𝘁𝗶𝘃𝗲 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲𝘀 𝘄𝗶𝘁𝗵 𝗹𝗲𝗴𝗮𝗰𝘆 systems. While cloud-native solutions promise scalability and agility, legacy systems remain indispensable for core processes. Successfully integrating these two requires overcoming issues like 𝗴𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲, 𝗰𝗼𝗻𝘁𝗿𝗼𝗹, and 𝗰𝗼𝗺𝗽𝗮𝘁𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗴𝗮𝗽𝘀. Drawing from that experience and others, here are 📌 𝟯 𝗯𝗲𝘀𝘁 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 I’ve found valuable when integrating legacy functionality with cloud-based services: 𝟭 | 𝗔𝗱𝗼𝗽𝘁 𝗮 𝗛𝘆𝗯𝗿𝗶𝗱 𝗠𝗼𝗱𝗲𝗹 Transition gradually by adopting hybrid architectures. Retain critical legacy functions on-premises while deploying new features to the cloud, allowing both environments to work in tandem. 𝟮 | 𝗟𝗲𝘃𝗲𝗿𝗮𝗴𝗲 𝗔𝗣𝗜𝘀 𝗮𝗻𝗱 𝗠𝗶𝗰𝗿𝗼𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 Use APIs to expose legacy functionality wherever possible and microservices to orchestrate interactions. This approach modernizes your interfaces without overhauling the entire system. 𝟯 | 𝗨𝘀𝗲 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 𝗧𝗼𝗼𝗹𝘀 Enterprise architecture tools provide a 𝗵𝗼𝗹𝗶𝘀𝘁𝗶𝗰 𝘃𝗶𝗲𝘄 of your IT landscape, ensuring alignment between cloud and legacy systems. This visibility 𝗵𝗲𝗹𝗽𝘀 𝘆𝗼𝘂 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗲 with Product and Leadership to prioritize initiatives and avoid redundancies. Integrating cloud-native architectures with legacy systems isn’t just a technical task—it’s a strategic journey. With the right approach, organizations can unlock innovation while preserving the strengths of their existing infrastructure. _ 👍 Like if you enjoyed this. ♻️ Repost for your network.  ➕ Follow @Kevin Donovan 🔔 _ 🚀 Join Architects' Hub!  Sign up for our newsletter. Connect with a community that gets it. Improve skills, meet peers, and elevate your career! Subscribe 👉 https://lnkd.in/dgmQqfu2 Photo by Raphaël Biscaldi  #CloudNative #LegacySystems #EnterpriseArchitecture #HybridIntegration #APIs #DigitalTransformation

The Bundeswehr, Google/SAP Cloud – and Europe’s urgent digital sovereignty question The recent decision by the Bundeswehr to adopt Google and SAP cloud services has reignited one of Europe’s most pressing strategic debates: how to secure digital sovereignty in critical infrastructure while remaining competitive. On the surface, the technical solution sounds robust: two fully isolated, highly secure, air-gapped Google Cloud instances, hosted physically in Bundeswehr-owned data centers in Germany. Technically sound – but politically fragile. The long-term risk remains: even isolated, Google, as a U.S. company, is still subject to U.S. laws like the CLOUD Act. The core problem is not new, but now impossible to ignore: Europe lacks scalable, sovereign cloud alternatives. The Bundeswehr’s decision reflects a pragmatic, short-term necessity – but exposes long-term strategic vulnerabilities. This decision should be a wake-up call for Europe to accelerate its path to true digital autonomy. What’s needed is not another debate but coordinated action: #1 Investment in European cloud and AI infrastructure #2 Market-ready sovereign platforms that go beyond pilot initiatives like Gaia-X #3 Strengthening open-source ecosystems under European governance #4 True public-private partnerships to create European tech champions #5 Unified security standards across critical infrastructure Europe must adopt a clear technology consensus if it wants to remain economically and politically resilient. We can’t afford to be passive spectators while digital ecosystems consolidate elsewhere. The Bundeswehr decision exposes the urgency. Now Europe must act – and not only demand digital sovereignty, but finally build it. #DigitalSovereignty 

🚀 New paper out! Excited to share my policy paper for the IE University Center for the Governance of Change “Towards Competitive Cloud Ecosystems: Strategic Responses for Europe’s Digital Future.” Cloud computing is the backbone of Europe’s digital economy — but without effective competition, we won’t be able to fully capture its competitiveness gains. Lower adoption rates among firms and public administrations, and less efficient and secure cloud strategies, will hold Europe back. I explore: 🔹 The contractual, technical, strategic, and structural barriers that limit effective competition in EU cloud markets 🔹 Strategic adaptation by dominant players through software licensing and product bundling, often circumventing new regulations 🔹 The urgent need to strengthen enforcement of Articles 101 and 102 TFEU to tackle evolving market practices 🔹The importance of identifying and covering blindspots in the Data Act and DMA 🔹 How smart public procurement can help level the playing field and enhance competition 🔹The strenghts, weaknesses, opportunities and threats the EU is facing in cloud computing 📌 Final takeaway: this is not about excluding non-EU companies — it’s about ensuring real competition, so Europe can be more competitive and innovative. Read the full paper here 👉 https://lnkd.in/d4GnGN9e Thanks to Irene Blázquez Navarro and Carlos Luca de Tena Piera for the opportunity and to Alex Roche, Irene Pujol Chica and Darío García de Viedma for very good cooperation. Juan Espinosa García Jorge Morillo Renata Sánchez de Lollano Caballero Juan Luis Redondo Maillo Nuria Talayero Adrián González Bahamonde CEPS (Centre for European Policy Studies) Andrea Renda María Canal Fontcuberta Beatriz Alvargonzalez Largo #CloudComputing #CompetitionPolicy #EUtech #Competitiveness #PolicyInnovation

🌍 The Shift in Europe: Moving Away from US Hyperscalers 🌩️ As geopolitical concerns, data sovereignty, and pricing instability grow, European companies are making bold moves in their cloud strategies—and the implications are massive. Over the past 15 years, reliance on public cloud giants like AWS, Microsoft, and Google has skyrocketed. But now, we’re seeing a strategic pivot unfolding across Europe, as organizations mitigate risks and embrace alternative solutions to protect their future. 🎯 Why the shift? ✅ Data Sovereignty: Stricter data protection laws like GDPR and fears over compliance with laws like the US CLOUD Act are driving demand for European-managed cloud solutions and sovereign cloud providers. Organizations are prioritizing control over their sensitive data and leaning into platforms that support their unique privacy needs. ✅ Security and Trust: Concerns over potential government interference, espionage, and vendor lock-in are making European businesses rethink their current reliance on US-based hyperscalers. The rising interest in diverse, multi-cloud strategies and locally governed services reflects the growing importance of trust in cloud decisions. ✅ Economic Predictability: Increasing costs from hyperscalers have raised concerns about long-term pricing stability. Enterprises are recognizing that forward-looking cloud strategies need to include providers that prioritize pricing transparency and tailored solutions. 🎯 What’s the result? A diverse and dynamic cloud ecosystem is emerging in Europe, leaning on open-source technologies, sovereign cloud providers, and tailored private cloud solutions. Platforms like OpenStack and others are paving the way for digital transformation without compromising on compliance or strategy. As businesses explore these new approaches, multi-cloud strategies, hybrid environments, and innovative pricing models are becoming essential for mitigating risks and staying competitive within an ever-evolving cloud landscape. 📢 This shift isn’t just about technology—it’s about geopolitics, trust, and long-term business resilience. Let’s embrace a future where diversity in cloud ecosystems fosters innovation, enhances security, and ensures sovereignty. What are your thoughts on this shift towards sovereign and multi-cloud solutions? 💭 Let’s discuss! #CloudComputing #DataSovereignty #SovereignCloud #MultiCloud #Geopolitics #Innovation

While auditing an EU FinTech scale-up, I came across some surprising design choices: • Flat subscription sprawl • No Azure Policy enforcement • No Hub-and-Spoke network model • No Management Group hierarchy Clearly, they had grown fast but without structure. So I led a Landing Zone redesign based on Microsoft’s Cloud Adoption Framework and deployed: 👉🏻A Core Infrastructure Management Group with Policy-as-Code 👉🏻Spoke separation by app and environment 👉🏻Role-based access controls aligned with team structure So The result is 94% policy compliance in just 6 weeks & Clear cost ownership per team & A secure, scalable foundation ready for future growth Without Landing Zones, your Azure setup is just an expensive sandbox. #AzureCAF #EnterpriseLandingZone #ArchitectureReview #InfraGovernance #AzureBestPractices #CloudStrategy

Everyone wants the "German Cloud" – but what does reality tell us? We often talk about digital sovereignty and the preference for German or European cloud providers. That’s an important goal – a clear statement about trust and data ownership. But let’s get real for a moment – and make a quick comparison: Everybody says they’d prefer to drive German. Quality, safety, reliability – it's deep in our mindset. But just look around in traffic: today’s streets are more international than ever. At the end of the day, price, features, or performance often win the race. That’s exactly the kind of contradiction that shows up in the Bitkom #Cloud Report 2025 – and it’s something every company in DACH needs to address in their cloud strategy. Here’s what the report tells us: 🇩🇪 The preference is clear: 97% of companies care about the origin of their cloud provider. 100% prefer German and 96% EU data cetners in direct comparisson. The desire for digital sovereignty is massive. 💸 The reality is pragmatic: Only 12% would accept longer waiting time for services, only 7% will accept 10–20% higher costs for that preference. And just 6% would tolerate compromises on usability or service. ⛓️ Dependency is real: 53% feel locked in by providers regarding pricing and terms. 78% say "Germany is too dependent on U.S. cloud companies". So what does this mean for your cloud strategy? The Bitkom report doesn’t just show growing adoption (90% usage, rising investment) – it highlights a strategic dilemma: How do we align the push for digital sovereignty with real-world needs like scalability, innovation, cost efficiency, and global competitiveness? The good news: We’re starting to see movement. More and more companies are adapting their strategies toward European alternatives. I expect that within the next 12–18 months, we’ll start to see real shifts – major rollouts, migrations, and new sourcing models becoming visible. The real question isn’t if we go to the cloud – but how. To make it work, we need: 🔍 FinOps discipline: 51% expect rising costs. Without structured cost control, we’re burning potential. 🔁 Robust multi-cloud strategies: To avoid lock-in and get the best from multiple ecosystems. 🇪🇺 Competitive European offerings: Not just sovereign – but also powerful, user-friendly, and cost-attractive. We don’t just need the idea of a “German & European Cloud”. We need realistic and executable strategies to guide through the complexity of digital transformation – with sovereignty and innovation in mind. Because let’s face it: our IT landscapes will stay hybrid and diverse for a long time. What matters is how well we orchestrate and govern that mix. What’s your take? How do you navigate between sovereignty and the pragmatic realities? report: https://lnkd.in/eCjftxRx #cloudcomputing #CloudTransformation #DigitaleSouveränität #Bitkom #CloudStrategie #FinOps