This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft.
The cloud has democratized computing.
Today, companies big and small have equal access to powerful computing and data storage. The same goes for Microsoft, where different business groups now often run their own Microsoft Azure infrastructure.
To acknowledge that shift, the Microsoft Digital group, the engineering organization at Microsoft that builds and manages the products, processes, and services that Microsoft runs on, has been moving to a decentralized model of IT management for the past two years.
The goal is to create a more agile, responsive cloud infrastructure.
The model for this is called DevOps. An amalgam of “developers” and “operations,” organizations that embrace DevOps streamline software development by bringing together teams that formerly worked separately.
The result is better productivity, faster product cycles, and improved reliability.
For Microsoft Digital, that meant migrating away from an old friend: Microsoft System Center Configuration Manager (SCCM), a software product created to manage large computing networks. Since its launch in 1994, Microsoft SCCM has seen a number of major upgrades, and many large corporate clients continue to use it for software distribution, network access, operating system deployment, and much more.
[Learn how Microsoft uses Azure Monitor for enterprise monitoring. Learn how Microsoft moved its monitoring to Azure Monitor.]
MS Digital addresses a cloud-based world
Because so much of our workload is now Azure, we wanted to get to the point where we could decommission our SCCM infrastructure and not have these centralized teams. We want people to spin up their own Azure subscriptions and services so they have control over their own environments.
– Dana Baxter, a principal service engineer, Microsoft Digital
Though Microsoft SCCM is well-loved, Microsoft itself is moving past it because most of its own computing resources are now cloud-based. Microsoft SCCM is well adapted to the cloud environment; staying with it meant MS Digital would need to maintain a central control center to monitor system health, collect data on system usage, update security—all the IT housekeeping that a big enterprise needs if you evolve to a DevOps approach.
“Because so much of our workload is now Azure, we wanted to get to the point where we could decommission our SCCM infrastructure and not have these centralized teams,” says Dana Baxter, a principal service engineer with Microsoft, who has helped shepherd Microsoft into the DevOps world. “We want people to spin up their own Azure subscriptions and services so they have control over their own environments.”
The task of moving to DevOps is no mean feat: Baxter’s team was responsible for collecting configuration data from 16,000 on-premises and infrastructure as a service (IaaS) compute systems and 750 Microsoft Azure subscriptions.
Making the switch entailed four key components:
- Using Microsoft Azure management groups to deploy policies across a distributed cloud infrastructure. This method replaces large sets of servers and teams that support those services and creates a single management source.
- Partnering with the Microsoft Azure product group to create a set of custom policies to collect data from the hybrid environment using the Azure Guest Configuration extension for IaaS, virtual machines, and Azure Arc to include on-premises computing resources.
- Building a secure and native Microsoft Azure solution to collect and process data.
- Aligning to the DevOps cultural shift, which has transformed Microsoft Digital by bringing formerly siloed roles—such as development, IT operations, and quality engineering—together as a single team.
Reduced workload and more flexibility
Microsoft Digital sees several advantages to the move to DevOps, including simplifying its own workload.
“From an operational standpoint, we don’t have to maintain an SCCM infrastructure any longer,” says Matthew Raffaele, senior IT service engineer for Microsoft. “We’re not patching servers; we’re not managing new SCCM releases. And the operational cost of all the virtual machines we were running is gone.”
For MS Digital’s internal customers, the benefits include the flexibility to build a cloud infrastructure that best suits their needs. And they can do so without writing a lot of new code—Microsoft Digital gives them all the tools they need to build their own Microsoft Azure workplace.
“They can easily deploy the solution without worrying about maintaining it,” says Marcela Alvarez Rodriguez, a software engineer who helped create a Microsoft Azure solution that allows servers to securely report system configuration data to an Azure Functions app, then process the data into an enterprise data lake. This enables greater self-service for both tools and users to leverage the data.
“Our team will oversee keeping the ‘primary branch’ (a GitHub construct) up to date. Other teams can easily create a build pipeline and a release pipeline. They can attach those pipelines to our master branch and start consuming our code,” Rodriguez says.
Digital transformation isn’t easy, and we want to make sure we help them understand the different resources available in Azure.
– Marcela Alvarez Rodriguez, software engineer
A decentralized system also improves security, as it removes a bad actor’s ability to penetrate a single point and gain access to an entire network.
Perhaps most importantly, says Rodriguez, Microsoft Digital’s move to a decentralized cloud infrastructure reflects a commitment to putting its customers at the center of their work.
“Microsoft has done a really great job of making sure the technologies we offer meet the requirements of modern enterprises,” Rodriguez says. “Digital transformation isn’t easy, and we want to make sure we help them understand the different resources available in Azure.”
Learn how Microsoft uses Azure Monitor for enterprise monitoring.
Learn how Microsoft moved its monitoring to Azure Monitor.
Learn how Microsoft is monitoring end-to-end enterprise health with Microsoft Azure.
