You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Internal systems documentation > VCOE / SIRAS Infrastructure Migration Plan
VCOE / SIRAS Infrastructure Migration Plan
print icon
Oct 03, 2025

Project: Migration from VCOE Private Cloud to SIRAS Azure Cloud

1. Executive Summary

SIRAS is transitioning its application infrastructure from the Ventura County Office of Education (VCOE) private cloud to an Azure cloud environment hosted directly by SIRAS and MBT. The migration includes production SQL databases, 4–8 web servers, load balancing, firewalls, VPN access, and secure file transfer services.

The move ensures SIRAS/MBT has direct ownership, control, and scalability of its infrastructure while maintaining high availability, security, and compliance. This migration aligns Ventura County users’ SIRAS infrastructure with the rest of the SIRAS platform, streamlining management and simplifying operations. It also fulfills the direction of our new company owners, MBT, who strongly support this consolidation as a strategic priority.

VCOE will retain limited involvement, primarily in DNS redirection and (optionally) FTP hosting if they choose to continue providing it. Target cutover is late December 2025, following a trial migration and validation in early December.

2. Scope of Migration

In Scope

  • Migration of production and training databases (SQL) from VCOE to Azure SQL.
  • Migration of application web servers (4–8) to Azure VMs behind an Azure-hosted Load Balancer.
  • Replacement of VCOE FTP with secure FTP hosted in Azure (or continue to use VCOE FTP if preferred; would require remote access).
  • DNS changes:
    • siras-vcoe.org → Production server
    • training.siras-vcoe.org → Training server
    • Redirects from vcoe.org and sirastraining.vcoe.org handled by VCOE.

3. Target Architecture (Azure)

  1. Compute:
    • 4–8 Azure VMs for web servers (scalable set, behind load balancer).
  2. Database:
    • Azure SQL Database or SQL Server on IaaS.
    • Hourly SQL backup schedule to Azure geo-replicated private storage.
  3. Networking & Security:
    • Azure VPN Gateway for secure staff/vendor access.
    • PFsense and HAProxy Load Balancer for traffic distribution.
    • Azure Firewall + Network Security Groups (NSGs) for protection.
  4. File Transfer:
    • Secure FTP (Azure-hosted VM or Azure Storage with SFTP enabled).
  5. Domains & DNS:
    • New domains: siras-vcoe.org, training.siras-vcoe.org

4. Migration Timeline

Phase Target Dates Activities
Planning & Design Oct 1–15, 2025 Finalize Azure architecture, network layout, domain/DNS plan, resource sizing.
Environment Buildout Oct 16–Nov 15, 2025 Deploy Azure VMs, SQL, load balancer, firewall, VPN, and SFTP. Configure monitoring and backups.
Testing & Validation Nov 16–30, 2025 Functional testing of applications, load testing, failover validation, user access verification.
Trial Migration Early Dec 2025 Perform dry run migration of databases and web servers. Validate DNS, VPN, and application performance.
Production Cutover Late Dec 2025 (weekend) Freeze changes, migrate production database, re-point DNS, go-live in Azure. Estimated downtime: < 24 hours.
Post-Cutover Support Jan 2026 Monitoring, issue remediation, decommission old VCOE infrastructure.

5. Migration Approach

  1. Parallel Build: Azure environment is built fully in parallel to the VCOE environment.
  2. Trial Migration: Full dress rehearsal with test database migration and DNS cutover in early December.
  3. Final Cutover:
    • Weekend downtime window; application is brought offline.
    • Stop writes on VCOE database.
    • Transfer latest database backup to Azure SQL (lift-and-shift single .bak file is adequate).
    • Bring up webservers in Azure and validate application function.
    • Update DNS to point to new domains.
    • Validate redirect rules at VCOE DNS.

6. Risks & Mitigations

Risk Mitigation
Downtime exceeds 24 hours Perform full trial migration to ensure timing. Have rollback plan to VCOE if needed.
Performance issues on Azure Run load tests during trial migration. Scale VM size or SQL tier accordingly.
DNS propagation delays Schedule cutover during low-traffic weekend.
FTP disruption Setup SFTP well ahead of cutover.  Integration could be migrated prior to shift.

7. Roles & Responsibilities

  • SIRAS IT Team: Azure architecture, migration execution, application validation, VPN setup, user support.
  • VCOE IT Team: Provide life-and-shift backup of database (100-200GB) for trial and production shifts.  DNS redirects, legacy FTP decision, assist with legacy infrastructure during cutover.

8. Communication Plan

  • Regular updates to stakeholders during October–November buildout.
  • Migration trial report circulated in early December.
  • Migration weekend: live updates on cutover progress.
  • Post-cutover: incident tracking and user support hotline.

9. Success Criteria

  • All applications accessible via siras-vcoe.org and training.siras-vcoe.org.
  • SQL database fully functional in Azure with no data loss.
  • Secure VPN access for authorized users.
  • Secure FTP available and tested.
  • Performance equal to or better than current VCOE-hosted environment.

 

10.  Costs

  • VCOE will be able to deallocate the 8 webservers and SQL databases
  • The infrastructure costs on SIRAS/MBT's end are estimated $11,000 annually. 
  • TBD 

 

Notes:
  • Confirm whether VCOE will maintain FTP or if SIRAS will host the SFTP endpoint.
  • Ensure backups are secure in transit for the database transfer.
     
Version: 1.0
Prepared on: 10/3/2025
close button
scroll to top icon