Clouds In Focus

Using Public Cloud Services for Increased Availability in Universities during COVID-19

The COVID-19 pandemic has presented numerous educational challenges – from requiring university personnel to continue providing services, but from home, to requiring allowing remote learning and access to training labs.

In this post, we will review some of the alternatives for increasing the level of service availability in universities that have continued working and providing services remotely in case where the universities internal systems become unavailable.

Short term alternatives (over several weeks)

Building a hybrid DNS architecture

In the current era, remote access to resources depends on DNS service availability.

In the past we relied on local DNS servers for providing response to internal customers within the campus and remote access to university resources from the Internet (such as access to a university’s public web sites). The COVID-19 crisis has made the need for high availability of DNS services, even in cases of network communication outages. This has created a need to find alternatives to increase DNS services availability.

Building a build hybrid DNS architecture is one solution. This is a combination of managed DNS services in the cloud, which will respond to DNS queries from the Internet, and on-premise DNS servers, which will contain read/write copies of the DNS zones and will be deployed on-premise.

Managed DNS services are the only cloud services that offer 100% SLA for availability.

Examples of hybrid DNS architecture can be found on:

Managed email services in the cloud

Email is considered the most fundamental communication service that exists today.

To allow maximum availability of email infrastructure while working from the university campus or connecting remotely (from a computer or mobile phone), it is necessary to migrate the entire email infrastructure to a managed environment in the public cloud (assuming this infrastructure has not already migrated to the cloud and on-premise Exchange servers are still in use).

The process will allow maximum availability from everywhere, while transferring the responsibility of infrastructure maintenance to a cloud provider with expertise in the field.

Examples of managed email services in the cloud:

Sync user accounts from the on-premises Active Directory to the cloud

Today, with more and more organizations using cloud services, the need to synchronize user accounts from on-premises Active Directories to the cloud becomes a routine task. This provides the benefit of authenticating and authorizing access to cloud services.

The de-facto standard in the global industry is Azure AD Connect, even for organizations who wish to authenticate to non-Microsoft cloud services (such as Dropbox, Salesforce, etc.)

The process will allow continuous management of single user identity, with a single password, and when an employee leaves the organization, we can easily lock the user account from a central console and centrally revoke all access rights to cloud resources.

In cases where we wish to deploy an infrastructure, based on Microsoft services (such as Windows servers, SQL servers, etc.) or even legacy applications, based on on-premise authentication protocols (such as Kerberos), we can always add additional services called Azure Active Directory Domain Services in the future. These allow us to continue authenticating using common protocols (such as Kerberos) and managing servers as part of an Active Directory domain, as well as using advanced authentication services (such Azure Active Directory or other authentication protocols such as SAML / OAuth).

Further information can be found here: Integrate on-premises Active Directory domains with Azure Active Directory

Mid-term alternatives (several months)

Migrating Moodle infrastructure to the public cloud

Moodle infrastructure is most common among universities. The COVID-19 crisis has made it clear that Moodle infrastructure availability is vital. Access from everywhere, for both remote learning and exam management is now required to have an infrastructure to support large number of students in a very highly available infrastructure.

Communication outages, while trying to access on-premises Moodle infrastructure will severely affect an entire university’s curriculum routine.

For this reason, it is highly recommended to migrate the entire Moodle infrastructure to the public cloud. Hybrid Moodle solutions are too complex, due to the need for constant data sync between the on-premises and the cloud Moodle environment. They also depend on constant and uninterrupted network communications and demand constant maintenance of two separate environments.

Examples of Moodle infrastructures that can be deployed in the public cloud:

Important note: Due to the complexity of the Moodle infrastructure, it is highly recommended to contact a Moodle expert partner who brings to the table a lot of practical experience building complex environments in the cloud, with high resiliency and scalability, based on changing customer demands.

Deploying classrooms in the public cloud

Remember lecture halls? Desks and whiteboards? Today, universities need to provide remote platforms for classroom learning and exams.

For deploying classrooms based on managed services in the cloud, we can use one of the following alternatives:

For full desktop access on a managed environment (for either remote learning by students or for university administrative personnel), one of the following alternatives can be used:

Long-term alternatives (Many months)

Systems / services for supporting the university activities

For the on-going administrative activities of the university, for long-term connectivity from home, it is highly recommended to consider migration of core systems to managed solutions in a SaaS model.

This is a complex step and requires detailed planning in advanced, review of the information security aspects, user account management, large amounts of data migration (sometimes in a different data scheme from the ones that exist on-premise), and creating interfaces between the cloud and on-premise systems.

It is highly recommended to migrate systems to a SaaS model, with the assistance of a partner with expertise in the field.

Examples managed CRM solutions in a SaaS model:

Examples managed ERP solutions in SaaS model:

Examples managed HR solutions in SaaS model:

Building Disaster Recovery environments in the public cloud

The demand for uninterrupted provision of services, in any scenario, raises the importance of preparing organizations for possible disasters.

In-order to achieve this goal, it is important to map all the systems that support the university’s activity and conduct a thorough risk assessment that covers issues such as how much time the university can survive without providing services from a specific system, or how much time is required in-order to restore activities of a crashed system, etc. Then a disaster recovery environment in an alternate and remote site must be built. The public cloud can serve as an alternate site, which will survive even the event of a network communication outage on the campus or in the event of network communication failure to a backup site in the same country region.

Examples of disaster recovery architectures in the public cloud can be found at:

Summary

The need to allow continuous, uninterrupted university activity, even in the event of a disaster, requires thorough planning.

Immediate solutions for all the issues raised in this post might take a considerable amount of time. So it is recommended to review all topics based on the time it will take the university to define and deploy the solutions, and then move forward based on priorities dictated by the university’s management.

This was originally published on the IUCC Cloud blog.
https://www.iucc.ac.il/en/blog/public-cloud-for-increased-availability-covid-19/

About the author

Eyal Estrin

Eyal Estrin is a cloud architect, working in the Inter-University Computation Center in Israel. He has more than 20 years of experience in infrastructure, information security and public cloud services. He is a public columnist and shares knowledge about cloud services. You can follow him on Twitter at @eyalestrin