Nonprofit IT Executives Talking Azure
In a recent case study about his organization’s journey to the Microsoft cloud, a nonprofit leader stated, “Technology can be the great equalizer.”
That evidence was again on display in a recent panel hosted by Microsoft and eGroup | Enabling. Panelists included IT leaders representing four non-profit organizations, with topics ranging from cost justification to global agility. Read on for some terrific tales from the trenches!
About the Panelists
Our panel included:
Michael Mazza, Head of IT Solution Services from FHI 360. Michael has the “great fortune” of working at FHI 360, where we focus on the “360 degrees of human development.” Their strongest business unit is in health. “We receive a lot of funding to fight HIV,” explained Mazza. “We have received significant funding to establish a COVID prevention network around the world. We also have a large educational business unit.” He added that “If any of you are in corporate America, you might think about your second career being at a not-for-profit. It’s been very rewarding!”
Matt Birnie, Enterprise Architect at Trans World Radio. Matt took that path after spending years in IT for Wall Street broker dealers, banks, and credit card processors. Now he supports Trans World Radio, a “Christian media and broadcast company in around 200 countries or so, broadcasting in about 300 languages.” With a worldwide presence, Birnie’s job is to “keep all that going on the shoestring budget.”
JoJo Almario, Senior IT manager at IntraHealth International. JoJo is the Senior Manager of IT at IntraHealth International. “We’re an international and profit NGO,” Almario explained, “building capacity for health workers in low bandwidth areas.” With presence mainly in sub-Saharan African, Central America, and Asia, “We deal with areas like HIV interventions and disease prevalence,” he said.
John Berar, CIO Emeritus and current Strategic Advisor. John is currently a Strategic Advisor with eGroup | Enabling Technologies. Most relevant to the conversation was his prior role as CIO for an international, not-for-profit operating in about 20 countries, including Africa, South America and the U.S.
The Business Case for Action
The panelists described some of the reasons they took the plunge in Azure at the pace they did.
For Michael Mazza, the cloud is about “Doing things faster.” He opened by telling a story of the inefficiencies of IT before the cloud, compared to the efficiency of using the cloud today.
In 2011, when South Sudan became a country, “FHI 360 was awarded $30 million over three years to strengthen the health systems there,” Mazza explained. “I spent $500,000 on information technology to set up an office with Cisco VoIP, a satellite, WAN optimization, and an e-mail server.” After spending all that money, “FHI struggled to find enough local people to hire for the program, so the funding was greatly reduced. We had to shut down the office and the technology we had implemented. The money that was spent for equipment, network contracts, staff time, etc. was gone.”
Sensitive to the US taxpayer dollars being spent, Mazza declared “We’ve got to come up with a faster way.”
Now, with the cloud, “We can work literally anywhere in the world,” Michael claimed. “I don’t even have to send a laptop. All our critical systems are in the cloud.” That velocity enables us to get projects up quicker and thus provides faster results for our funders like the US government or Gates Foundation. “With cloud-based systems FHI can begin work immediately after receiving the award and we can have people on the ground working on day one. FHI does not need to worry about setting up all this infrastructure. Microsoft makes it easy to get things up and running.”
Trans World started by using Azure as a backup for their data centers to improve availability. “Since then, we’ve moved all our critical workloads are in Azure,” Matt Birnie explained. TWR still has data centers around the world, but “Critical workloads, finance and things that we need operational 24 hours a day run in Azure.” That includes SQL servers, Windows servers and terminal servers, which have now been “rolled into the Microsoft’s VDI environment, which has worked really well.”
TWR is also improving identity security. “We utilize the Microsoft Entra ID (formerly known as Azure AD) app proxy to provide single sign-on for all sorts of internal applications that we want to make available to vendors, or to people without the need of a VPN,” Matt articulated. “That’s been really nice, because MFA is probably the most important security solution that you should implement right away.”
Like Birnie, Jojo Almario agreed that “The cloud helps IntraHealth in our security strategy.” IntraHealth moved services more rapidly into Azure. “We emptied out our data center around 2017,” he said. “We now have about 15 virtual machines, some app services, platform services, and a couple of Azure SQL databases.” With a large data set of donor and research data, “We also have an implementation of a data factory as our data warehouse which is also coupled with some databases. We’re using Power BI dashboards for reporting about our programmatic efforts.”
Disasters Catalyze Some Migrations
Trans World’s journey into Azure began with a Disaster Recovery plan. “Our main data center was in Cary, NC, which once in a while experiences a hurricane,” he started. “It was quite an ordeal to move all of our services to another site, so we set up an Azure tenant and started with a traditional Active Directory server and our hybrid Exchange Server.” Once seeing the operational efficiency, and considering future needs of the global organization. “We made the decision that we were going to move all our critical workloads into Azure over one really scary weekend,” recalled Matt. “We went all in pretty quickly and we really have been served very well with it. As time goes on, we utilize Azure more and more.”
At IntraHealth, Almario had even more urgency. “Before we started working with eGroup and FastTrack on Azure Site Recovery, we had two ransomware attacks within a year– about six months apart.” Legacy storage technology could do little to protect against such disasters. “Our backup storage area was iSCSI connected. That means that if the bad actors attacked our servers, they also had access to our backups– so they chewed through all that and we were down for a whole week.” Azure Site Recovery not only provides Disaster Recovery (DR) as-a-Service, but also provided IntraHealth a low-risk way to transition from running a backup in the cloud to running production services. That’s the state that IntraHealth is in now, putting Almario in a (relatively) safer position. “Now that we’re in Azure, and in Office 365, I understand there are other vulnerabilities that can do us in. But with the resources we have in Azure, it’s easier to have an immutable backup. We have multiple versions of data because storage is elastic. I don’t have to worry about my backup hard drives getting full and having to budget for more. You just click a button and expand your storage. That ease gives us so much more time to concentrate on the security of many more things.”
Mazza summarized FHI 360’s journey by starting with some critical services in Azure, determining that it worked, and then choosing not to build a data center when they moved offices. “We just have a couple of network closets (onsite), and we have not looked back since,” Michael stated.
Berar echoed common themes as he described his organization’s first move into Azure. “All of us here around the table have to be very careful of dollars, need to move quickly, and we’re all global companies.” He too got started by using Azure as a disaster recovery site. After moving domain controllers and IT ticketing systems, “That’s when we went from having a data center in one of our offices to doing a collocated data center, to moving 100% to Azure.” Berar shared his low-risk approach to migration. “We moved development environments first, then production environments. The easiest migration we ever had was shifting our data center to Azure, in terms of downtime. Then instead of worrying if a disc failed or if there’s not enough memory in a server, we could really help support the business initiatives.”
Domain Controller Consolidation
“I think this is one of the lowest hanging fruits,” asserted Berar. “We had twelve domain controllers scattered across the globe. We ended up moving two domain controllers into Azure and then a third in one of our offices in case something happened in Azure. Then, we’re not worrying about connectivity across the globe to get to a domain controller that ‘tomb-stoned’ and can’t be reached anymore.”
Trans World’s Birnie agreed. “We’ve decommissioned most of our domain controllers,” Matt started,
“and where we have them, we usually have one domain controller instead of two.” Taking a proactive, ‘cloud-first’ philosophy, “Our new computers aren’t joined to Active Directory anymore,” continued Birnie. “They’re all joined to Microsoft Entra ID (formerly known as Azure AD) only, and as all the old devices that were hybrid joined are replaced, we really won’t have the need for domain controllers.”
A prior blog outlines more detail, including the approximate cost of a domain controller in Azure.
Finances Pan Out For All
On limited budgets, our nonprofit panelists had to make the leap to an operational expense model and make commitments to Microsoft about cloud expenses. They shared their experiences in justifying the expense, along with some unexpected benefits.
IntraHealth’s Almario started by saying “Overall, there was a downtrend in spending, but most gains came in our level of effort. In other words, where we were spending our time. We aren’t spending our time as much on setting up offices, setting up services in our field offices.” That saves time not only in setup but also operationally. “Anytime anything goes down or fails, it’s not easy to get something drop-shipped there. So you paid your budget, you get as many spares as you can at that office but then things happen, and wait a while before we can get a spare there. Now, that just doesn’t happen. Any issues with drives or memory or expanding storage, it just kind of happens on the fly.”
That tangible time and expense savings is additive with a ‘softer’ improvement. “There’s also a perception of less downtime,” said Almario. “There are no e-mails saying, ‘We have to work on this, or please stand by while we update something.’ Our stakeholders see less of that now and actually perceive ‘Oh you guys are up all the time because there’s been no warning’ That’s helped us show how valuable the IT department is and how we spend our time. We are able to spend more time looking at things like security and expanding services for our stakeholders and our users.”
Berar took a hard look at the total cost of ownership (TCO) of cloud services, and found advantages that offset the Azure invoice. “We used to have infrastructure in our country offices,” John explained. “If we go to set up an office it may take months, but now we ship an air card and simple network gear to connect to the Internet. We’re up and running in minutes, hours, days versus many months. Part of it is the speed, and what’s the benefit of that speed? What’s the cost of the less administrative overhead of even tracking those assets? So that’s how we did it… by looking at the total cost of ownership and how can we better serve the organization.”
Mazza said that it was due to FHI’s “Very supportive leadership team” that “We never really had to cost justify it. If we don’t have people managing storage, managing servers, we can instead have business analysts supporting the business and information security people keeping us safe.”
Trans World Radio dove deep into cost analysis of Azure, and still came out in the black. “We were at the end of life of our HyperV environment and had to replace a pretty big SAN in our main data center,” explained Matt Birnie. “Originally the plan was to replace that with a new SAN or hyperconverged infrastructure.” During initial conversations with eGroup, Azure was discussed and “We were very surprised at the price point.” After spending days comparing the Azure calculations versus buying new hardware, Matt found that “Honestly, Azure was going to be cheaper for us, plus have all the future-proofing and benefits that we’ve been talking about.” Reallocating the budget for replacement hardware into an operational expense for Azure “Wound up saving us a fair amount of money as well as significantly upgrading our service availability.”
Advantages and Challenges
For Trans World, the advantage right away was high availability. Birnie quipped, “If a hurricane comes, it’s Microsoft’s problem, not mine.” Yet he recognized that maintaining new services and the security thereof as an ongoing challenge. “You can give people whatever control you want and have a huge amount of granularity in roles and in giving people rights to do only exactly what they need to, so that’s an advantage. But that’s then another thing that to manage and that’s another level of complexity. So I would say that the security options available is one of the greatest advantages, but also a disadvantage.”
For FHI 360, the advantage of distributing control to his global community is also a risk. Mazza explained, “We were a global organization operating in dozens of countries. We operate 24 hours a day.” Instead of waiting for people in the U.S. to make changes, FHI distributes the power to people across the world to spin up Azure servers, add storage space and the like. “All of them are great stewards of the organization’s money, but occasionally we have to sort through that and optimize our spend.” But overall, “The idea that you can get on and off really quickly makes Azure very powerful for us,” Mazza said.
For IntraHealth, global reach is a primary advantage. “When I had a physical server in South Sudan or Ethiopia,” said Almario, “it’s a prayer to get remote desktop protocol (RDP) access, and even more if I try and run it through an encrypted tunnel. Using an Azure bastion to any of my virtual machines is great. It’s so easy. I can protect it with MFA and it’s just like I’m right there in the data center.” This frees global organizations like his from a past problem: shipping equipment. “I don’t have to worry about things getting smashed or lost or held ransom at customs, and I don’t have to send somebody there to set it up.” As for a challenge, Jojo quipped, “It’s a bit addictive. It’s not only quick, but it’s very easy to set up VM’s and most Azure services.”
Berar summed up the group’s sentiment by saying “The speed at which you can operate is the advantage. The challenge that I found was the rate of change that things changed within Azure, whether it’s movement around a functions in the portal or new capability. Just keeping up with that was a bit of a challenge.”
Big Data: A Growing Theme
When asked what their next steps were in Azure, the panel shared some of their plans.
IntraHealth is continuing on the path with Platform-as-a-Service and more app services. “We’re looking at Docker containerization and utilizing more Azure databases. I’d like to reduce the need for domain controllers in any of our offices–so just further into the cloud and cloud services.”
“We’re actually starting a Microsoft engagement for Azure Synapse for data analytics and warehousing,” said Trans World’s Birnie.
For FHI, Mazza is looking to “Put computing power closest to our users, with local development in country (using Azure Virtual Desktop). If we can enable that through Microsoft, that’s a win all the way around.”
Global NGOs and other nonprofits are realizing the operational and financial advantages of Azure. They’re experiencing business improvements including quicker time to market in global regions, more reliable and highly available in-country services, and better overall security. Yet keeping up with the security options and tracking everchanging capabilities have been a challenge.
All of that is netting out to better returns for donors and more focus on stakeholders.
A common time to get started is when there’s a compelling event, like a disaster recovery plan, an impending renewal, or purchase of equipment.
Getting started typically involves a call with Microsoft or an Azure partner like eGroup | Enabling Technologies for a discovery session to uncover needs, constraints, and requirements. After some rough calculations to prove a financial case, a workshop and/or Planning and Design service will outline the detailed designs, roadmap for action, prerequisites, and specific investments needed. The current state typically defines the deployment and migration path, with services like Azure Site Recovery providing a smooth way to first use the cloud as a backup target, and eventually transitioning to production.
Connect with your eGroup | Enabling Technologies resource for more information on how to succeed in Azure!