Stockholm-based Hexagon is a global leader in providing information technology for industrial and geospatial applications to create autonomous connected systems. With over 20,000 employees across the globe, they are a major provider of asset life cycle solutions for the design, construction, and operation of hyperscale industrial facilities such as nuclear submarines and plants.
Hexagon needed an easier way to deploy a large virtual machine (VM) infrastructure (Windows servers, development machines, databases and more) that would standardize VM disk imaging, support developer skills, and simplify development and testing. To address these goals and promote a broader strategy to move IT systems to the cloud, Hexagon also adopted Microsoft Azure DevTest Labs. Wintellect led the effort making broad use of Microsoft Azure services, as well as leveraging the discipline of the Microsoft Cloud Adoption Framework (CAF).
Networking and ExpressRoute Infrastructure
As part of the core infrastructure, ExpressRoute connectivity was deployed to create a hybrid network that enabled the on-premises systems to communicate efficiently with the cloud-hosted resources. A site-to-site VPN was deployed to provide additional failover support in the event of a failure with the ExpressRoute provider. A hub-and-spoke network topology was deployed, with production and development resources isolated in separate subscriptions. VNET Peering was used to unify the networking. Because VNET Peering is not transitive, a network virtual appliance (NVA) was used to handle the routing, and each subnet was configured with user-defined routes (UDRs) to provide connectivity between spokes where required. The NVA provided advanced firewall capabilities for the combined network, while subnets within the spokes relied on Azure Network Security Groups (NSGs) to limit traffic. For the Dev/Test environment, virtual machines were restricted to being provisioned within specific IP ranges. Similarly, the networks were restricted to limit access to DevTest Labs environments, requiring access to originate from on-premises machines that are in the corporate domain.
Figure 1 - Azure Network Routing
The new solution demanded a very quick VM creation time (minutes at most), however, some VM’s – especially those requiring legacy versions of Visual Studio – required significantly more time. To solve this, Wintellect implemented the Image Factory pattern (an image factory builds and distributes images automatically on a regular basis). Utilizing Infrastructure-as-Code practices, Wintellect created templates that automatically create a base disk image by combining a Marketplace image with specific Artifacts. This image was then generalized and distributed to the environments used by each team.
The migrated systems included a range of Windows client images (from Windows 7 to Windows 10) and Windows Server images (Windows Server 2008 R2 to 2016) migrated from on-premise and rehosted on Azure. Database servers that were rehosted from on-premise included SQL Server Standard, SQL Server Enterprise, and Oracle. Finally, both modern versions of Visual Studio and legacy Visual Studio 6 versions were also installed.
System configurations were created as DevTest Labs Artifacts and stored in Git repositories in Azure DevOps. This enabled Hexagon to centrally manage updated installation definitions for the most commonly used tools and software packages. For the users, this ensured that installations were consistent, automated, and configurable.
Because the pattern is repeatable, additional base images can be created and deployed by committing new template code definitions into Azure DevOps. With these additional techniques, the new solution enabled the launching of VMs in just minutes, a large jump in performance. Hexagon has now used our solution to implement more than 200 environments that are dynamically supported by about 2,000 VMs active at any given time. Staff use these to develop and test apps for handling everything from QA and support, to business development, to internal and external training.
Key to creating and deploying changes was the use of Azure DevOps Pipelines. Once committed to the Git repository in Azure DevOps, images would be automatically built and tested. A release management pipeline then automatically distributed these images to multiple DevTest Labs environments. The most common images and Artifacts were continuously recreated and distributed, minimizing the time users needed to wait for a configured virtual machine to be provisioned.
To ensure the latest marketplace images were always in use, a regular deployment schedule was used to build and release new images. At the same time, older images were automatically cleaned up, ensuring continuous security and access to the latest custom images. Users could take advantage of these images and the available Artifacts to quickly and easily define new environments on-demand.
The use of DevTest Labs enables Hexagon teams to dynamically provision machines in resilient fashion while ensuring that they are automatically stopped when not in use. Teams are now able to create configurations that were not previously possible, enabling them to support more complex customer situations. Rather than spending their time hand-patching machines, IT staff now manages code in source-control, which both automatically provisions the images and distributes the supported software packages.
Hexagon can now easily take advantage of the rich VM capabilities in Azure rather than use their own resources to write custom software. For internal training, Hexagon instructors can now set up their own cloud-based environments complete with textbooks and class templates that they can access anywhere: onsite, in a training facility, or in the field.
Figure 2 – Hexagon Azure Automated Infrastructure
The DevTest Lab environments ensured that each team had a completely independent workspace which could not affect other Hexagon teams. In addition, the dedicated environment simplified the process of accounting for the costs incurred by the development and support work ocurring within each product group. For teams that had budget constraints, quotas and limits were utilized to ensure that the team could not create or utilize Azure resources beyond a specified dollar threshold. Because each environment was completely isolated, special networking considerations were required to limit access to the virtual environments to Hexagon’s on-premises networks. This ensured that no development resources were publicly visible. This was accomplished by creating a dedicated virtual network for the DevTest Labs environment, restricting the traffic to internal IP addresses accessing the virtual machines over the ExpressRoute or by utilizing a VPN.
High availability was a key business requirement for the new Azure-based system. Hexagon is a global company, and approximately 200 teams would need to rely on this infrastructure across multiple countries around the world. Staff would leverage the system for everything from development, QA and support; to business development; to internal and external training. The system accomplished all of this and more. In particular, for internal company training, Hexagon instructors can now set up their own cloud-based environments complete with textbooks and class templates that they can access anywhere – onsite, in a training facility, or in the field.
Hexagon needed a partner that was expert at providing the architectural skills needed to take the complex business logic required and translate that into a technical design that was flexible and performant, as well as the implementation expertise to develop the production system.
- Wintellect has deep experience in developing intelligent and configurable decision solutions.
- Wintellect is a Microsoft Gold Cloud Platform, Application Development, Data Platform, and Data Analytics partner.
- Wintellect is a recognized leader in software architecture and implementation on the web, mobile, and cloud platforms.
The solution involved streamlining Hexagon’s global internal, on-premise dev, testing, and training processes via a very-large-scale (thousands of VMs) virtual machine infrastructure solution to the Azure cloud, while also leveraging Azure DevOps and Azure DevTest Labs. Hexagon needed a simple solution for deploying VM infrastructures that would standardize VM disk image usage, be resilient and adaptive to change, shorten deployment times, lower costs, and simplify development, testing, and training processes. The solution as implemented would save Hexagon millions of dollars over time, and it set the stage to move the rest of Hexagon’s on-premise apps and infra to the cloud.
Hexagon has eliminated 6,000 on-premise VMs and their supporting hardware, replacing them with 2,000 VMs in the Azure cloud which are dynamically provisioned and de-provisioned as needed, leading to cost savings over time in the millions of dollars.
By the end of 2019, the entire new system – including the supporting VNets – was in place and provisioned using infrastructure-as-code techniques. Consequently, the process is fully repeatable and continues to support development teams in new and ongoing endeavors. Wintellect now uses this new toolset (Azure DevOps + DevTest Labs + Image Factory + Artifacts) for other customers, providing unique capabilities and expertise to provide innovative solutions compared to our competitors.