1. Summary

SIRAS is transitioning its application infrastructure from the Ventura County Office of Education (VCOE) private cloud to an Azure cloud environment managed by SIRAS and MBT. The migration includes production SQL databases, web servers, load balancing, firewalls, VPN access, and secure file transfer services.

The move ensures SIRAS/MBT has direct ownership, control, and scalability of its infrastructure while maintaining high availability, security, and compliance. This migration aligns Ventura County users’ SIRAS infrastructure with the rest of the SIRAS platform, streamlining management and simplifying operations. It also fulfills the direction of our new company owners, MBT, who strongly support this consolidation as a strategic priority.  

Target dates for this are anytime before Fall 2026.

VCOE will retain limited involvement, primarily in DNS redirection and SFTP hosting. 

2. Scope of Migration

On VCOE's end, setup and test before migration

• File Exchange SFTP to continue to be hosted by VCOE as it is currently
• External access should be granted via certificate and permission for SIRAS to upload and download
• On the cutover date, provide a backup copy of the production database
  - Successful trial database transfer completed Nov 2025
• VCOE should provide redirects from the old to new domains:
  • siras.vcoe.org → siras-vcoe.org (Production Server)
  • sirastraining.vcoe.org → training.siras-vcoe.org (Training Server)

On SIRAS' end:

• Deployment of SQL database on Azure cloud
• Deployment of application web servers to virtual machines
• All VMs behind Firewall and Load Balancer

3. Target Architecture (Azure)

1. Compute:
   • 4–8 Azure VMs for web servers (scalable set, behind load balancer).
2. Database:
   • Azure SQL Database or SQL Server on Virtual Machine (IaaS)
   • Hourly SQL backup schedule to Azure geo-replicated private storage.
3. Networking & Security:
   • Azure VPN Gateway for secure admin access.
   • PFsense and HAProxy Load Balancer for traffic distribution.
   • Azure Firewall + Network Security Groups (NSGs) for protection.
4. File Transfer:
   • Secure FTP (Azure-hosted VM or Azure Storage with SFTP enabled).
   • Secure files exchange may be provided by VCOE
5. Domains & DNS:
   • New domains: siras-vcoe.org, training.siras-vcoe.org

4. Migration Timeline and Approach

1. Parallel Build: Azure environment is built fully in parallel to the VCOE environment.
   Two weeks before the planned cutover, SIRAS will deploy the webservers and database.
2. Trial Migration: Full dress rehearsal with test database migration, new domains running, external SFTP file sharing, all tested the week before the cutover
3. Final Cutover:
   • Weekend downtime window; application is brought offline.
   • Stop writes on VCOE database.
   • Transfer latest database backup to Azure SQL (lift-and-shift, single .bak file is adequate).
   • Bring up webservers in Azure and validate application function.
   • Update DNS to point to new domains.
   • Validate redirect rules at VCOE DNS.

6. Risks & Mitigations

7. Success Criteria

• All applications accessible via siras-vcoe.org and training.siras-vcoe.org.
• SQL database fully functional in Azure with no data loss.
• Secure VPN access for authorized users.
• Secure FTP available and tested.
• Performance equal to or better than current VCOE-hosted environment.

8.  Costs

• VCOE will be able to deallocate the 8 webservers, SQL databases and networking, likely significant cost savings
• The infrastructure costs on SIRAS/MBT's end are estimated $11,000 annually.