A comprehensive guide for workload migration to the cloud with the Elasticsearch Platform, ElastiFlow, and Kyndryl

The transition from on-premises infrastructure to cloud environments is no longer just an option, but a necessity for businesses seeking to stay competitive in a rapidly evolving digital world. A well-executed cloud migration strategy can deliver compelling benefits like enhanced flexibility, scalability, efficiency, and cost-effectiveness. However, the journey to the cloud is often complex and presents several challenges, making it crucial for organizations to understand the entire migration process and prepare adequately.

Cloud migration typically follows a distinct set of phases, each with its unique objectives and potential hurdles. These include:

1. Assess:

• Planning: This initial phase involves a comprehensive evaluation of the existing IT infrastructure, applications, and data to identify which elements are suitable for cloud migration and in what order. The planning stage also involves selecting the appropriate cloud service model (IaaS, PaaS, or SaaS) and provider.
• Business case development and cost calculation: The economic feasibility of the migration project is assessed in this stage. It involves calculating the total cost of ownership (TCO) for both the current on-premise setup and the proposed cloud environment. This analysis will help justify the migration project to stakeholders and plan for the financial commitment involved.

2. Mobilize: During the assessment phase, a thorough analysis of the applications, workloads, and data to be migrated is carried out, identifying any potential compatibility issues or integration difficulties. The mobilization phase then involves preparing the organization and the IT environment for the upcoming migration.

3. Migrate and Modernize: This is the execution phase, where the actual migration takes place. Applications and data are moved to the cloud, often in a phased approach to minimize disruption. Post-migration, applications are often modernized to leverage the full potential of the cloud environment.

4. Steady State: After successful migration and modernization, continuous optimization is necessary to ensure that the cloud environment is delivering the expected benefits and cost savings. This might involve performance tuning, cost optimization, or adopting new cloud-native approaches.

As straightforward as these phases might seem, cloud migration is often accompanied by an array of challenges at every stage, and even post-migration. Common challenges include compatibility and integration issues, data security and privacy concerns, potential downtime and service disruptions, cost overruns, technical expertise gaps, vendor lock-in risks, compliance and legal requirements, organizational change management, performance and latency issues, and data migration complexities.

• Choosing the right migration strategy and cloud provider: Organizations must decide on a suitable migration strategy and choose a cloud provider that aligns with their business needs.
  
  Solution: Kyndryl can provide expert guidance on selecting the right cloud provider and migration strategy. Insights from the Elastic platform and ElastiFlow can aid in this decision-making process.

Business case and cost calculation
In this phase, organizations struggle with:

• Cost estimation: Organizations struggle with predicting the costs associated with cloud migration and the potential savings post-migration.
  
  Solution: The Elastic platform can facilitate the business case development by providing detailed insights into your current IT infrastructure’s cost and performance. ElastiFlow can help identify potential cost savings from network optimization.

• Data security and privacy: Ensuring the security and privacy of data during and after migration is a critical concern.
  
  Solution: Implement strong security measures like encryption, access control, and multi-factor authentication. Use insights from Elastic and ElastiFlow to monitor network traffic for unusual patterns, indicating security threats.
  
• Technical expertise: Cloud migration requires specialized skills and expertise that may not be readily available within an organization.
  
  Solution: Kyndryl’s team can support the mobilization phase, providing expert guidance and coordination.

• Change management: Managing organizational and cultural changes effectively is crucial to ensure a smooth transition and minimize resistance from employees.
  
  Solution: Develop a well-defined change management plan, with Kyndryl providing resources for communication, training, and employee support.

• Cost management: Migrating to the cloud can involve unforeseen costs. Organizations must accurately estimate and manage these costs to ensure a cost-effective migration.
  
  Solution: Develop a comprehensive cost model for cloud migration, including data transfer, storage, and licensing fees. Use ElastiFlow to monitor network usage and identify cost-saving opportunities.

• Continuous monitoring and observability: Post-migration, it’s essential to continuously monitor your applications, workloads, and network performance to maintain operational efficiency, security, and compliance. It’s here that the need for a comprehensive observability solution becomes apparent.
  
  Solution: The Elasticsearch platform, along with ElastiFlow, provides a complete observability solution, offering real-time insights into your cloud environment’s performance. By monitoring logs, metrics, traces, and cloud workloads across your stack, you can quickly identify and respond to performance issues, security threats, and other anomalies. Additionally, Kyndryl’s expertise can augment your in-house capabilities, helping you leverage Elastic’s Observability features to their full extent.

In conclusion, the combination of the Elasticsearch platform, ElastiFlow, and Kyndryl helps overcome these migration challenges. Together, they provide a comprehensive, effective, and efficient cloud migration solution that can guide organizations through each phase of the process.

The ElastiFlow Unified Flow Collector can be installed natively on Linux. Docker containers are also available. The following example explains the installation process on Debian/Ubuntu Linux.

Downloading the .deb package
The package can be easily downloaded using wget or curl:

Installing the package
The collector requires that libpcap-dev also be installed. This dependency will be installed automatically when using apt.

Configuration
The Unified Flow Collector will be installed to run as a daemon managed by systemd. Configuration of the collector is provided via environment variables and, depending on the enabled options, via various configuration files that by default are located within /etc/elastiflow.

To configure the environment variables, edit the file /etc/systemd/system/flowcoll.service.d/flowcoll.conf. For details on all of the configuration options, please refer to the Configuration Reference.

1. Request a Basic or Trial license
The ElastiFlow Basic license is available at no cost and supports standard information elements. A license can be requested on the ElastiFlow website. Alternatively a 30-day Premium trial may be requested, which increases the scalability of the collector and enables all supported vendor and standard information elements.

License keys are generated per account. EF_ACCOUNT_ID must contain the Account ID for the Licence Key specified in EF_FLOW_LICENSE_KEY. The number of licensed units will be 1 for a Basic license and up to 64 for a 30-day trial. The ElastiFlow EULA must also be accepted to use the software.

2. Enable the Elasticsearch output
Set EF_OUTPUT_ELASTICSEARCH_ENABLE to true to enable the Elasticsearch output.

3. Specify a schema
The Unified Collector outputs data using ElastiFlow's CODEX schema. To output data in Elastic Common Schema (ECS), set EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE to true.

4. Index shards and replicas
For a small single node install, set the number of shards to 1 and replicas to 0.

The optimum value for these settings will depend on a number of factors. The number of shards should be at least 1 for each Elasticsearch data node in a cluster. Larger nodes (16+ CPU cores) and higher ingest rates can benefit from 2 shards per node. In a multi-node cluster, 1 or more replicas may be specified for redundancy.

5. Index lifecycle management
Index lifecycle management (ILM) can be used to rollover the indices that store the ElastiFlow data, preventing issues that can occur when shards become too large. Enable rollover by setting EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD to rollover. When enabled, the collector will automatically bootstrap the initial index and write alias.

The default ILM lifecycle is elastiflow. If this lifecycle doesn't exist, a basic lifecycle will be added, which will remove data after 7 days. This lifecycle can be edited later via Kibana or the Elasticsearch ILM API.

6. Elasticsearch server and credentials
Define the elasticsearch environment to which the collector should connect and the credentials for which the password was defined during the Elasticsearch installation. When sending the data to Elastic Cloud, use the Cloud ID for your deployment.

Instead of specifying a username and password, API Keys are also supported.

7. Encrypted communications with TLS
Enable TLS and either specify the path to the CA certificate or disable TLS verification.

8. Enable and start the Unified Collector
Execute the following commands:

Confirm the service started successfully by executing:

The collector is now ready to receive flow records from the network infrastructure.

Import the Kibana Dashboards
Download the latest Kibana dashboards for ElastiFlow from the documentation page here. You will need the dashboards for the ECS schema.

To import the dashboards, in Kibana go to Stack Management → Saved Objects and click Import in the upper right corner.

NOTE: For the best experience, it is recommended that you enable filters:pinnedByDefault under Stack Management → Kibana → Advanced Settings. Pinning a filter allows it to persist when navigating between dashboards. This is very useful when drilling down into something of interest and you want to change dashboards for a different perspective of the same data.

As soon as flow records are received from your network devices, the dashboards will allow you to begin to investigate and analyze your network traffic.

1. Create a policy
First, we need to create a policy. One or many policies will be assigned to Elastic Agents. That way, you can manage integrations used in Agents.

To create a policy, go to the Fleet management in Kibana, and then click on Create agent policy:

Give it a name (e.g., Migration Policy):

2. Add Osquery integration
At the time of writing, Elastic has made more than 300 integrations available. Two of them are based on Osquery. These integrations help to query an operating system like a database. That way you can enumerate processes running on the OS, memory used, storage available, and many more. The data will be persisted in Elastic and usable in our dashboards. This is one of the ways to retrieve host-level insights.

To add an integration, click on the Add Integration button.

Search for Osquery:

Select Osquery Manager. It allows you to schedule queries.

Click on Add Osquery Manager.

Give the integration a name, and at the bottom select the integration for Existing hosts.

Click on Save and continue.

3. Add Elastic Agent to your hosts
Since there are no Elastic Agents deployed yet, Kibana will prompt this screen.

Click Add Elastic Agent to your hosts.

Follow the instructions there and deploy an Agent on your target hosts. All major operating systems are supported. Kubernetes as a deployment option is supported as well.

After a while, you should be able to see a confirmation of Agent enrollment in step 3.

If you have more hosts to be monitored, be sure to install the agent on them as well.

4. Query hosts
In the search box, search for Osquery. Select “Osquery Management.”

Click on New live query.

Select Single query and agents or policies you want to use for query execution.

Enter this query:

After a while, you should be able to see results that will be persisted in an index.

5. Import Kibana Dashboards 
Import the overview dashboard from this repository.

Now paste the contents of the script and run it. NOTE: The pipeline and field names must not be changed.

You should then receive a positive response:

You can now use the burger menu in the top left corner of the screen and select Management>Stack Management and then select Ingest>Ingest Pipelines. Now search for “metrics-system.diskio” and you should see the pipeline we have created.

Elastic will now create the extra fields we need for our TCO analysis when ingesting data from Elastic Agent.

Now select Kibana>Saved Objects.

You will need to select the Import option toward the top right of the Saved Objects screen.

You can now import the .ndjson files.

Once you have finished importing the files, you will now be able to visualize your data.

2. Visualize and download data
Use the burger menu in the top right of Kibana and select Analytics>Dashboard.

Now browse and find Elastic to MPA Dashboard.

Use the Dashboard to visualize your data. Then, you can use the three dots in the top right of the Elastic to MPA export panel to use the Options menu, select More, and now download the table contents as a .csv file.

We can then use this file to import the data into the Migration Portfolio Assessment portal for TCO calculation.

3. Import data and calculate TCO
NOTE: To perform a TCO analysis, you will need to be an Amazon employee or be an AWS partner and have an AWS Partner Central account.

The TCO analysis is performed using the MPA portal from AWS. We will create a portfolio and upload the metrics data we have collected in Elastic. To do this, log in to the site using your Midway or APN credentials.

Select Get Started.

Then select Create Portfolio.

Now complete the details required and select Create a new portfolio.

Before you can do any analysis, you will need to import your data. Select Import from file.

Leave the data type as Servers and upload the .csv file you downloaded from Kibana earlier.

Go through the list of mappings and ensure you select the correct unit of measurement. In order to make this simple, our field mappings in Elastic use the same name as the fields in MPA.

Scroll to the bottom of the list and then select Next.

Now select TCO>Summary to see your TCO analysis. You can use the Modify Assumptions option to review the default assumptions and adjust to your own values. You can then download the TCO using the Download option on the top right.

Conclusion

With the combined power of Elastic, ElastiFlow, and Kyndryl to support them, organizations can ensure their migration to the cloud is seamless and efficient, providing a solution for any variables that may arise. They can begin their cloud journey confident that it will allow them to reap the full benefits of their new cloud environment and set them, their employees, and their customers up for even greater success.

Ready to get started? Begin a free 14-day trial of Elastic Cloud to create your own deployment.