Bringing together two or more organizations is not easy, and merging multiple IT environments is no different. However, there are ways to simplify this process. In this two-part article, I will tell you just how to do it, from identity management to collaboration, based on our own experience with many such projects. Let’s get to it!
Change is the only constant in the universe. This principle also applies to business entities and their structures. Although it might not be apparent from the outside, there is constant change in the business world: organizations are continually being bought and sold.
The process begins with legal proceedings and negotiations. But when both sides come to their various agreements, there is an inevitable impact on technology and processes. We call this the merger and acquisition (or M&A for short) process.
Mergers and acquisitions are complex beasts, no matter whether you look at them from a legal, cultural, organizational or technological perspective.
The merger problem
When two or more companies merge, you as IT face multiple decisions and challenges:
- How to get all parties to communicate seamlessly? Ideally, both sides feel like they’ve always worked for one organization.
- How to share information and application access across both entities? Typically, this is something you need to provide immediately for the stakeholders and VIPs on both sides.
- Should you join both infrastructures or keep them separate? How do you make this decision? How to make migration easy for users?
Interestingly enough, we also found that M&As don’t just affect the organizations at the time that they are being transacted. We discovered that some choose to run newly acquired business as completely separate business units for many years. Eventually, due to changing business landscape, cost savings, or even complexity they decide to consolidate their assets.
Even though M&As are generally standard practice, they can still pose a technical challenge for someone who has not been through one. What more, we now have the cloud to contend with. Cloud services like Office 365 and Azure require a new approach and tools to properly execute a merger. But there is good news! The cloud can actually simplify the process. Our experience has been that cloud-based processes and tools are easier to merge, making the whole process smoother.
In this two-part article, I am going to share six lessons that we learned from delivering M&A projects last year. After all, we’ve merged a total of over 100,000 users and employees–and that counts for something.
We’ve done it, we’ve learned it, now we share it!
What to Expect: Scenarios
First of all, how do you end up in a M&A scenario? Typical cases we’ve seen are as follows:
- Your organization has bought another entity or entities, and you need to merge them into your environment
- Your organization has bought a spin-off from another entity; you don’t merge the entire company but only a part of it. It sounds similar, but technical implications are slightly different
- Your organization grew through acquisitions in the past and now you have a matrix of independent companies that you want to bring under control.
From a technical point of view, you will be executing one of two scenarios:
- Merging users from the incoming organization into the tools and workflow of your current organization, or
- Building a greenfield environment and merging everyone into it.
The latter case is less common. We see when we are consolidating organizations within a single group. In many cases, this is done to clean up the technical debt in the organization and leave behind what was already there.
Do any of these scenarios sound familiar? If so, let’s dive into how a typical scenario unfolds with the cloud in the picture.
#1 Think about Day One!
You know it has to be done. There is usually a set date for the M&A to go into effect. “Go into effect” is the operative term here.
A typical M&A scenario for an on-premises infrastructure took months to execute. Mostly because there was a lot of networking and security issues to be covered (i.e. network readdressing, establishing direct links, NATs, making sure all firewalls are in place and configured). What if I told you that we can make an M&A scenario effective and in place for 50k+ people in less than a month? Yes – it can be done.
To achieve this, you need to start with planning for Day One! Day One is the first time that users from the merging entities will be working in a new structure, with new services, and will need access to each other’s applications and data.
What are the main things to get ready for?
There are a lot of pieces, but from our experience, a typical set of services required for Day One are as follows:
- Address books exchange and visibility. It is unlikely that you will be merging email addresses, but you do need to establish address book visibility on both ends of the M&A.
- Calendars and free & busy information availability. People will book meetings, rooms, and schedule their time. They are going to want visibility of the other side.
- E-mail address flow between organizations within a single e-mail namespace. One of the early requirements for your organization will be to provide everyone with a unified address space, where each person still exists in a separate e-mail organization. Nothing to worry about. This piece is typically well covered.
- Document collaboration space. There needs to be an easy way for teams to share documents (think legal, marketing, sales, VIPs in the beginning).
- Selected applications access. Some applications will need to be shared between both parties. These are usually on-premises apps (think SharePoint and reporting as first targets).
This pretty much covers the must-have list for Day One.
Of course, you can add more elements, and you probably will. Here are a few things that I can throw in based on our past experience:
- Wi-Fi roaming across offices and buildings (it’s hard to convince people to use a network cable, gosh – they might not even have a port for it anymore)
- Printer access (believe it or not, there are still lots of printed documents around)
- Remote access services like VPNs or remote desktops / VDIs
- Physical office access
… the list can go on.
It is imperative that you determine what is critical on Day One. By no means does your list have to be complete. You still need a comprehensive plan to migrate the rest of the enterprise. It is fair to assume that on Day One everyone will continue to work in the way they used to, with additional access to those elements that are on your list!
Gather Day One requirements from your business organizations and plan for the day!
#2 Identity is the new black!
Or, as Alex Simons better states, “identity is the new control plane.”
Anyone who finds themselves in a M&A or a consolidation scenario will appreciate this. Identity is one of the very first things you’ll need to tackle: how to enable users to access services across the organization.
Consider the scenario of network connectivity in the on-premises world. You need to merge the local networks of both organizations (VPN?) and establish a trust relationship between AD forests or domains. Not to mention, clearing network address spaces and ensuring that everything is secured.
What we’ve learned from the last 12-months of merging organizations is that Azure and AD as a service makes this process much easier and faster.
So, how can Azure AD help?
Just a quick reminder: Azure AD is a cloud-based service that provides authentication and access control to the cloud, and in some cases, on-premises resources (we will explore this further on).
How does Azure AD help in M&A scenarios? Let’s go over the benefits:
- Azure AD can provide authentication to online services and on-premises apps. Since you don’t need to build anything, you can save time by starting to plan your access scenario right away.
- You don’t need to connect your networks or establish a full trust relationship. Instead, you establish directory synchronization on both sides to a single tenant or make multiple tenants of Azure AD authenticate people against each of them. No VPNs, AD trusts or solving network issues – it works. Obviously, the assumption is that both parties have Azure AD.
So, no networking work upfront, no AD trusts. Plan the scenario for Azure AD authentication and configure it to establish identity service for both organizations.
What does it mean to “plan the scenario”?
Here is a quick cheat sheet for your planning session:
- Will there be a single tenant of Azure AD for both organizations or will each of them use a separate one?
- Do those organizations have already established tenants and are you going to use them?
- What use names (UPN suffixes) will be used on Day One? Do you need to unify them?
- How to synchronize on-prem directory data to target configuration (of course it will be done with AAD Connect, but the topology of AAD tenants might vary and thus AAD Connect configuration as well)?
- What will be the authentication method for each side of the M&A? Remember, you can have different authentication methods for different user namespaces (think UPNs again). Your choices at the moment are:
- Federated access (think AD FS, SecureAuth or a similar solution)
- Password hash synchronization (we recommend you do it anyway)
- Pass-through authentication
- If you are going to a single Azure AD tenant, what will be the authentication flow for each of the sides and where will auth happen?
- What are your MFA solutions in place? Are these aligned regarding requirements? Do they need additional infrastructure or data sources?
Typical scenarios we have encountered so far are:
- Organizations decide to share a single Azure AD tenant with various authentication schema for each side of the M&A
- Azure AD tenants are already in place, and Azure AD B2B is being used to allow people to work across the boundaries of organizations on both sides of the M&A.
This is only the beginning
Now you know your how to start plan for a successful merger project. In the event that you have a more unique scenario or need a bit of help to get started, please reach out and ask us a question!
Once you’ve got your plan and a security configuration in place, you can move on to the next phase. We still need to cover communication and collaboration, so stay tuned for part 2!