As advisors to our 100+ private equity clients who use M&A activity to provide positive returns to their investors, WMP helps establish platforms, processes, and technology that can enable rapid EBITDA growth. Within the world of M&A, carve-outs and divestitures are some of the most complex situations when it comes to quickly getting the newly acquired business on the right track post-close.
WMP is often engaged to lead and/or execute large, complex carve-outs for our clients. Especially in corporate carve-outs, IT is usually the most costly and challenging aspect of the business to separate and establish on its own: one-time IT separation costs are typically 1-3x the annual IT run rate. Therefore, our Security & Infrastructure team is comprised of IT experts with deep experience in executing IT carve-outs after the transaction has closed.
Recently, I had the opportunity to assist a financial services client (hereafter, NewCo) with a complex migration of their large custom SaaS products from a traditional IT datacenter to Microsoft’s Public cloud, Azure. The premise of this post is to share, at a high-level, the key technical aspects that made this greenfield build a success. For the readers who want to know about the nuts and bolts that made this carve-out a success, great news! Subsequent posts will dive into the details of executing a clean carve-out, and I will update this post with links as we publish the posts.
For this specific project, I actively participated in the requirements gathering, current state assessment, future state planning, pilot, and build activities to migrate NewCo’s products to the cloud – all while keeping the accelerated timeline top of mind. The client needs dictated standing up three net-new IT environments in Azure for Internal IT, Development, and Production. Naturally, regulations play a vital role when designing and implementing IT environments so NewCo’s production environment was built to satisfy PCI DSS 3.1 regulations. Another key part to the success of this carve-out was that the fact that the SaaS platform’s architecture did not need to be re-architected in order to move to the cloud. Due to the immense pre-work and detailed planning prior to go-live, all that was needed post the build and configuration was an import of 10+TB of production data.
So now that you have some background on the overall project scope, below are some of the other specific carve-out activities that were conducted to successfully migrate NewCo’s SaaS products to Azure. Effectively delivering the items below, on schedule, was key to the overall success of this complex carve-out. Future posts will go into more details on these specific activities, but I hope the list below gives you a sense of the scope of this effort:
- Configured all production SQL Servers to use SQL TDE for encryption
- Implemented Microsoft Security Baselines. This created a secure foundation and enabled the IT service desk to administer various environments through a common denominator
- Configured Incapsula WAF to protect all public facing URLs from Layer 7 attacks such as DDoS
- Implemented Tripwire FIM for all folder structures to monitor for unauthorized changes
- Implemented AlertLogic Log manger to monitor
- Configured a two-tier PKI with Enterprise CA
- Deployed User State Migration Tool (USMT) that automatically migrated data from Parent-issued workstations to NewCo’s newly issued workstations
- Implemented Microsoft Azure Backup Vaults for on-premises and Azure-hosted systems
- Implemented a VPN between Azure and the office location
- Migrated roughly 300GB of .PST data into Office 365
- Implemented a monitoring and alerting system to enable the service desk to not only receive critical alerts but to also be proactive by early warning indicators
- Implemented a secure file transport program that enabled numerous clients to share files
- Scripted an export/import process that applied Microsoft Security Baselines to the correct OU, in the correct link order, along with applying the correct WMI filters
- Built a Windows 10 image with Microsoft Office 2016 that was deployed to roughly 110 laptops using a WMP-customized version of Microsoft Deployment Toolkit (MDT) 2013
- Data migration completed for ~100 users and ~20 remote employees to NewCo’s laptops
- Researched, tested, and presented a potential Azure-to-Azure DR solution including a high-level architecture
- Enabled Microsoft BitLocker and configured encrypted machines to archive recovery keys to Active Directory (AD)
- Implemented Microsoft Intune to allow for over-the-internet application deployments
Be on the lookout for the next post that will cover: Classic vs ARM objects, Azure licensing, and benefits to having multiple subscriptions. In the meantime, if you have any questions please leave a comment below and I’ll be glad to answer them!