An Atlassian Application's Migration to AWS
In the realm of a business environment, growth can simultaneously be a gift and a curse. Typically, this is when an abundance of work items and opportunities consume us for a sustained period of time, or in some cases "overtime" compared to a level flow of activity. More hands, eyes, thoughts, and processes are needed internally to support the business comprehensively. Throughout history and specifically to business, evidence has shown that organizations who proactively forecast and address their support needs as it pertains to growth, allow the ability to soundly match, scale and critically deliver to the business demand at disparate levels. Therefore, allowing the gift of growth to serve as a tangible asset.
This scenario proved to be true for our Mass Media Enterprise client, who at the time of our initial engagement was experiencing high growth in the internal adoption of Atlassian applications, which included Jira, Confluence, Bamboo, Bitbucket, and FeCru (Fisheye/Crucible). Our client sought out professional services to help them deploy Atlassian in AWS to support rapid scaling 40+ application development teams distributed across the United States and India.
Our client shared with us priority objectives they wanted to accomplish:
- Move their Production-only Atlassian Server applications to AWS (Jira, Confluence, Fisheye/Crucible, Bamboo, and Bitbucket)
- Migrate the applications to Postgres; Upgrade their Atlassian products from versions three-years End of Life (EOL)
- Convert Jira Software, Confluence, and Bitbucket Server to Data Center.
Because of Praecipio's long standing relationships and proven track record of delivering successful, world-class migration solutions with deep process competency, we came in highly recommended.
With our deep process consulting experience, we knew the typical challenges that were ahead of us as we prepared to engage with yet another large Enterprise client. Our assiduous methodologies would again be put to the test as the scope of work was sizable in time and effort for all parties involved. As one may conclude, working with an enterprise client can present unique challenges, but our innate ability to effectively plan, communicate, and execute would be game changing with such a project that involved upgrades and migrations which naturally come filled with contingencies.
Although we assumed there would be some unforeseen challenges, many of them made us critically think like never before. Organizationally, decoupled processes and ownership of the Atlassian products was virtually unknown as we discovered our client lost their Atlassian Admin a month before we were to engage. This role is crucial for reference, especially when performing upgrades and migrations in order to obtain critical information. In addition, the client also had critical Atlassian applications that were at three (3) years EOL across the entire tool stack.
During the initial discovery and design, we learned that our client's AWS Load Balancers were not equipped to handle the Data Center distributions of the Atlassian products as easily as other technologies. Identifying this issue early allowed us to determine the correct types (ALB v ELB) and even enable Synchrony and Elasticsearch for Confluence and Bitbucket, respectively. We also had to understand the Internal Security Team's expectations and account for integration with Okta and to convert to LDAP-S for authentication.
During the project, we had to overcome and swiftly adapt to communication challenges with our client as they didn't fully utilize Atlassian tools in this capacity, but instead had a variety of tools they used internally, which our delivery team quickly acclimated to for full support of our client. There was no UAT environment and the change control process was restrictive. We also encountered a lot of technical learning around their VPC controls. To remedy this, we worked closely with our client's SMEs to determine the exact type and settings of each AMI (Amazon Machine Image) being that control was a challenge for us due to the tight security parameters.
With any migration, maintenance windows can easily prolong the effort, especially with this client as there is not an "ideal" time to bring supporting applications down. Our client had teams who were geographically in different time zones nationally and globally that would be impacted. Their business was in need of 24/7 support, so it was critical that we coordinated and managed the migration properly in order to minimize downtime.
As a collective unit, we scoped and decided the best route for our approach would be to value stream delivery to our client in five (5) separate phases where our day-to-day interactions would consist of two (2) Atlassian application owners, Secure Content Delivery Services Lead, and a Project Manager from our client.
While the original timeline was stretched, we created a UAT environment (which didn't previously exist), added security features, installed NewRelic for all products for Production and UAT, and updated the base URLs so that other parts of the enterprise would have the ability to onboard into the instance long term. Our value stream, the phased approach is highlighted below:
Phase 1: Move Internal Infrastructure to AWS
During this phase, it was important that we successfully move the client from their infrastructure and get them onto a standard database as an initial step to get the client closer to the end goals. We also created tailored runbooks provided clear procedures both for the client and internally.
Phase 2.1: Upgrade Atlassian Stack Applications
The main objective was to get the client back into a current version of their products and away from End of Life versions to maintain Atlassian as well as Praecipio support. It is also important to note that during this phase we were able to meet their security requirements that surrounded their supporting applications.
Phase 2.2: Convert select Applications to Data Center
This is where we executed Data Center conversions of Jira, Bitbucket, and Confluence. We methodically executed clear communications with our client's AWS teams to get proper infrastructure. During the conversion, we encountered some issues with load balancers but were able to walk through what we needed to pass through with git as well as Synchrony and Elasticsearch.
Phase 2.3: Atlassian Stack Base URL Changes
Our team worked to edit the base URL in the admin console while creating application links in each application along with apache redirects.
Phase 2.4: Atlassian Stack LDAP change | SAML SSO Okta | Operational Support & Managed Services
Resources from Praecipio executed LDAP-S change for the active directory as well as configuring the SSO services to support exchanging authentication and authorization of data points.
Since this effort was executed in phases, there were several sessions with the Secure Content Delivery Services Team as well as the new Atlassian administrator to help them understand the new instances. The application teams were also provided a "What's new in Atlassian" focused on Jira and Confluence due to the plethora of new features available from their original versions. For example, Jira was upgraded from 6.2.6 to 7.6.2. As we are continuing with Managed Services, we had the foresight to schedule one of the Operations resources as a project resource to ensure the smooth hand-off internally to Managed Services.
Providing both a UAT and Production environment proved critical to the project effort which gave our client the confidence to continue with Atlassian as well as a path to expanding its use within their organization. Our flexibility, awareness, composure, and buoyancy allowed our client the ability to deploy the exact AWS infrastructure needed at each phase.
Not only did our superior solutions provide stable environments, but also saved costs and minimized downtime for our client during the intensive project. Another standout achievement during our time on the project was getting the client on supported versions of the Atlassian suite, transferring ownership with manageable processes, all while helping them get back into security compliance.
Praecipio's combined expertise with Atlassian and AWS was a key factor in providing a stable and scalable Atlassian solution for our client. Our open communication and understanding of complex processes were key factors in the success of our client's move to AWS, upgrades to supported version's, and the conversion of critical applications to Data Center.