Tag: azure cloud

Prepare Windows 10 Master Image & Deploy Windows Virtual Desktop

Microsoft announced Windows Virtual Desktop and began a private preview. Since then, we’ve been hard at work developing the ability to scale and deliver a true multi-session Windows 10 and Office 365 ProPlus virtual desktop and app experience on any device.

Windows Virtual Desktop will also be extended and enriched by leading partners in the following ways:

  • Citrix can extend Windows Virtual Desktop capabilities with their Citrix Cloud services.
  • Through our partnership with Samsung, Windows Virtual Desktop will provide highly mobile First line Workers access to a full Windows 10 and Office 365 ProPlus experience with Samsung DeX.
  • Software and service providers will extend Windows Virtual Desktop to offer targeted solutions in the Azure marketplace.
  • Microsoft Cloud Solution Providers (CSPs) will deliver end-to-end desktop-as-a-service (DaaS) offerings and value-added services to their customers.

Prepare Image

Prepare Windows 10 Ent Golden Image to be used for Windows Virtual Desktop in Azure Cloud. Execute the following steps on the Windows 10 Ent master image.

Step1: Remove Persistent Routing using this command, route delete

Step2: Remove Proxy Server using this Command, netsh winhttp reset proxy

Step3: Set the disk SAN policy to Onlineall using this command, diskpart then san policy=onlineall

Step4: Set time zone to Windows Automatic

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation’ -name “RealTimeIsUniversal” -Value 1 -Type DWord -force

Set-Service -Name w32time -StartupType Automatic

Step5: Setup Power Profile using this command powercfg /setactive SCHEME_MIN

Step6: Setup TEMP and TMP and location to default

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment’ -name “TEMP” -Value “%SystemRoot%\TEMP” -Type ExpandString -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment’ -name “TMP” -Value “%SystemRoot%\TEMP” -Type ExpandString –force

Step7: Setup Windows Services to automatic

Set-Service -Name bfe -StartupType Automatic

Set-Service -Name dhcp -StartupType Automatic

Set-Service -Name dnscache -StartupType Automatic

Set-Service -Name IKEEXT -StartupType Automatic

Set-Service -Name iphlpsvc -StartupType Automatic

Set-Service -Name netlogon -StartupType Manual

Set-Service -Name netman -StartupType Manual

Set-Service -Name nsi -StartupType Automatic

Set-Service -Name termService -StartupType Manual

Set-Service -Name MpsSvc -StartupType Automatic

Set-Service -Name RemoteRegistry -StartupType Automatic

Step8: Setup Remote Desktop registry

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server’ -name “fDenyTSConnections” -Value 0 -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “fDenyTSConnections” -Value 0 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “PortNumber” -Value 3389 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “LanAdapter” -Value 0 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1 -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “SecurityLayer” -Value 1 -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “fAllowSecProtocolNegotiation” -Value 1 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveEnable” -Value 1  -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveInterval” -Value 1  -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “KeepAliveTimeout” -Value 1 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveEnable” -Value 1  -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveInterval” -Value 1  -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “KeepAliveTimeout” -Value 1 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “fDisableAutoReconnect” -Value 0 -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “fInheritReconnectSame” -Value 1 -Type DWord -force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “fReconnectSame” -Value 0 -Type DWord –force

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “MaxInstanceCount” -Value 4294967295 -Type DWord –force

Remove-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “SSLCertificateSHA1Hash” –force

Step9: Setup Firewall

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Enable-PSRemoting -force

 Set-NetFirewallRule -DisplayName “Windows Remote Management (HTTP-In)” -Enabled True

Set-NetFirewallRule -DisplayGroup “Remote Desktop” -Enabled True

Set-NetFirewallRule -DisplayName “File and Printer Sharing (Echo Request – ICMPv4-In)” -Enabled True

Step10: Check VM disk on next boot

Chkdsk /f

Step11: Set the Boot Configuration Data (BCD) settings

 bcdedit /set {bootmgr} integrityservices enable

 bcdedit /set {default} device partition=C:

 bcdedit /set {default} integrityservices enable

 bcdedit /set {default} recoveryenabled Off

 bcdedit /set {default} osdevice partition=C:

 bcdedit /set {default} bootstatuspolicy IgnoreAllFailures

 #Enable Serial Console Feature

 bcdedit /set {bootmgr} displaybootmenu yes

 bcdedit /set {bootmgr} timeout 5

 bcdedit /set {bootmgr} bootems yes

 bcdedit /ems {current} ON

 bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200

Step11: Setup Crash dump

# Setup the Guest OS to collect a kernel dump on an OS crash event

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl’ -name CrashDumpEnabled -Type DWord -force -Value 2

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl’ -name DumpFile -Type ExpandString -force -Value “%SystemRoot%\MEMORY.DMP”

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl’ -name NMICrashDump -Type DWord -force -Value 1

#Setup the Guest OS to collect user mode dumps on a service crash event

$key = ‘HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps’

if ((Test-Path -Path $key) -eq $false) {(New-Item -Path ‘HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting’ -Name LocalDumps)}

New-ItemProperty -Path $key -name DumpFolder -Type ExpandString -force -Value “c:\CrashDumps”

New-ItemProperty -Path $key -name CrashCount -Type DWord -force -Value 10

New-ItemProperty -Path $key -name DumpType -Type DWord -force -Value 2

Set-Service -Name WerSvc -StartupType Manual

Step12: Verify that the Windows Management Instrumentations (WMI) repository

winmgmt /verifyrepository

Step14: Do not remove or modify access for the following accounts

  • Administrators
  • Backup Operators
  • Everyone
  • Users

Step13: Install Azure VM Agents

Install the Azure VMs Agent.

Step14: Setup Pagefile to different location

Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management’ -name “PagingFiles” -Value “D:\pagefile.sys” -Type MultiString –force

Generalise Golden Image

  1. Boot a PC into Audit Mode. When Windows boots into Audit Mode, System Preparation Tool will appear on the desktop. You can choose to either close the System Preparation Tool window or allow it to remain open.
  2. Customize Windows by adding drivers, changing settings, and installing programs. Do not install any Microsoft Store apps using the Microsoft Store.
  3. Run Sysprep. %WINDIR%\system32\sysprep\sysprep.exe /generalize /shutdown /oobe

Convert disk using Hyper-V Manager

  1. Open Hyper-V Manager and select your local computer on the left. In the menu above the computer list, click Action > Edit Disk.
  2. On the Locate Virtual Hard Disk screen, locate and select your virtual disk.
  3. On the Choose Action screen, and then select Convert and Next.
  4. If you need to convert from VHDX, select VHD and then click Next.
  5. If you need to convert from a dynamically expanding disk, select Fixed size and then click Next.
  6. Locate and select a path to save the new VHD file to.
  7. Click Finish.
  8. You can do the same using PowerShell Convert-VHD –Path c:\test\MY-VM.vhdx –DestinationPath c:\test\MY-NEW-VM.vhd -VHDType Fixed

Export Windows 10 Enterprise VHD

  1. On Hyper-V Manager, right-click the virtual machine and select Export.
  2. Choose where to store the exported files, and click Export.
  3. When the export is done, you can see all exported files under the export location.

Upload VHD to Azure Blob Storage

You can also upload a VHD to your storage account using one of the following:

  • AzCopy
  • Azure Storage Copy Blob API
  • Azure Storage Explorer Uploading Blobs
  • Storage Import/Export Service REST API Reference
  • PowerShell

Use the Add-AzVhd cmdlet to upload the VHD to a container in your storage account.

$rgName = “myResourceGroup”

$urlOfUploadedImageVhd = “https://mystorageaccount.blob.core.windows.net/mycontainer/myUploadedVHD.vhd”

Add-AzVhd -ResourceGroupName $rgName -Destination $urlOfUploadedImageVhd

    -LocalFilePath “C:\Users\Public\Documents\Virtual hard disks\myVHD.vhd”

Create a managed image from the uploaded VHD

$location = “Australia East”

$imageName = “Windows10EntGoldImage”

$imageConfig = New-AzImageConfig -Location $location

$imageConfig = Set-AzImageOsDisk -Image $imageConfig -OsType Windows -OsState Generalized -BlobUri $urlOfUploadedImageVhd -DiskSizeGB 20

New-AzImage  -ImageName $imageName -ResourceGroupName $rgName –Image $imageConfig

Create the VM

New-AzVm -ResourceGroupName $rgName  -Name ” VM1″ -ImageName $imageName -Location $location -VirtualNetworkName “myVnet” -SubnetName “mySubnet” -SecurityGroupName “myNSG” -PublicIpAddressName “myPIP” -OpenPorts 3389

Deploy Windows Virtual Desktop Host Pool from the Azure Managed Image.

Use the below KBs to create Windows Virtual Desktop host pool.

KB1 and KB2. Follow the KBs except when selecting an image select Managed Image you created using above how to. 

Migrate Alibaba ECS VM to Azure Cloud using Azure Site Recovery Services

In my previous blog, I have written how to migrate workloads from VMware to Azure Cloud.  In this tutorial, I am going to elaborate you how to migrate Amazon Web Services (AWS) EC2 virtual machines (VMs) to Azure VMs by using Azure Site Recovery.

Supported Workloads Which can be migrated:

  • Windows Server 2016 or later version
  • Red Hat Enterprise Linux 6.7

Prerequisites

  • The Mobility service must be installed on each VM that you want to replicate. Site Recovery installs this service automatically when you enable replication for the VM.
  • For non-domain joined Windows VMs, disable Remote User Access control on the local machine at the registry, under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, add the DWORD entry LocalAccountTokenFilterPolicy and set the value to 1.
  • A separate VM in AWS subscriptions to use as Site Recovery Configuration Server. This instance must be running Windows Server 2012 R2.

Credential Requirements

  • root credential on the source Linux server
  • A Domain Admin Credentials for Windows VM.
  • A Local Admin Account for non-domain joined VM.

Prepare Azure resources (Target)

Step1: Create a Storage Account

  1. In the Azure portal, in the left menu, select Create a resource > Storage > Storage account.
  2. Create a Storage Account in your region.

Step2: Create a Recovery Vault

  1. In the Azure portal, select All services. Search for and then select Recovery Services vaults.
  2. Add new Recovery Vault in your region.

Step3: Add a separate network for migrated VM

  1. In the Azure portal, select Create a resource > Networking > Virtual network.
  2. Add new Network and Address Space.

Step4: Prepare Recovery Goal

  1. On your vault page in the Azure portal, in the Getting Started section, select Site Recovery, and then select Prepare Infrastructure.
  2. Create a protection goal from On-prem to Azure.
  3. When you’re done, select OK to move to the next section.

Step5: Create a Replication Policy

  1. To create a new replication policy, click Site Recovery infrastructure > Replication Policies > +Replication Policy. Create replication policy, specify a policy name.
  2. In RPO threshold, specify the recovery point objective (RPO) limit. This value specifies how often data recovery points are created. An alert is generated if continuous replication exceeds this limit.
  3. In Recovery point retention, specify how long (in hours) the retention window is for each recovery point. Replicated VMs can be recovered to any point in a window. Up to 24 hours retention is supported for machines replicated to premium storage, and 72 hours for standard storage.
  4. In App-consistent snapshot frequency, specify how often (in minutes) recovery points containing application-consistent snapshots will be created. Click OK to create the policy.

Prepare Source Environment (Alibaba Cloud)

Step6: Deploy an Alibaba ECS Instance (this is similar steps like OpenStack or AWS)

  1. Log on to the ECS console.
  2. In the left-side navigation pane, click Instances.
  3. On the Instances, list page, click Create Instance.
  4. Complete the Basic Configurations such as region, billing method, instance type, key pair, storage type and VPC to create an ECS instance.

Step7: Prepare Source ASR Configuration Server

  1. Log on to the Alibaba ECS instance (Step6) where you would like to install Configuration Server
  2. Configure the proxy on the EC2 instance VM you’re using as the configuration server so that it can access the service URLs.
  3. Download the Microsoft Azure Site Recovery Unified Setup. You can download it to your local machine and then copy it to the VM you’re using as the configuration server.
  4. Select the Download button to download the vault registration key. Copy the downloaded file to the VM you’re using as the configuration server.
  5. On the VM, right-click the installer you downloaded for Microsoft Azure Site Recovery Unified Setup, and then select Run as administrator.
  6. Under Before You Begin, select Install the configuration server and process server, and then select Next.
  7. In Third-Party Software License, select I accept the third-party license agreement and then select Next.
  8. In Registration, select Browse, and then go to where you put the vault registration key file. Select Next.
  9. In Internet Settings, select Connect to Azure Site Recovery without a proxy server, and then select Next.
  10. The Prerequisites Check page runs checks for several items. When it’s finished, select Next.
  11. In MySQL Configuration, provide the required passwords, and then select Next.
  12. In Environment Details, select No. You don’t need to protect VMware machines. Then, select Next.
  13. In Install Location, select Next to accept the default.
  14. In Network Selection, select Next to accept the default.
  15. In Summary, select Install. Installation Progress shows you information about the installation process. When it’s finished, select Finish. A window displays a message about a reboot. Select OK. Next, a window displays a message about the configuration server connection passphrase. Copy the passphrase to your clipboard and save it somewhere safe.
  16. On the VM, run cspsconfigtool.exe to create one or more management accounts on the configuration server. Make sure that the management accounts have administrator permissions on the EC2 instances that you want to migrate.

Step8: Enable Replication for an Alibaba ECS VM

  1. Click Replicate application > Source.
  2. In Source, select the configuration server.
  3. In Machine type, select Physical machines.
  4. Select the process server (the configuration server). Then click OK.
  5. In Target, select the subscription and the resource group in which you want to create the Azure VMs after failover. Choose the deployment model that you want to use in Azure (classic or resource management).
  6. Select the Azure storage account you want to use for replicating data.
  7. Select the Azure network and subnet to which Azure VMs will connect when they’re created after failover.
  8. Select Configure now for selected machines, to apply the network setting to all machines you select for protection. Select Configure later to select the Azure network per machine.
  9. In Physical Machines, and click +Physical machine. Specify the name and IP address. Select the operating system of the machine you want to replicate. It takes a few minutes for the servers to be discovered and listed.
  10. In Properties > Configure properties, select the account that will be used by the process server to install the Mobility service on the machine automatically.
  11. In Replication settings,> Configure replication settings, verify that the correct replication policy is selected.
  12. Click Enable Replication. You can track the progress of the Enable Protection job in Settings > Jobs > Site Recovery Jobs. After the Finalize Protection job runs the machine is ready for failover.

Test failover at Azure Portal

Step9: Test a Failover

  1. On the page for your vault, go to Protected items > Replicated Items. Select the VM, and then select Test Failover.
  2. Select a recovery point to use for the failover:
  3. Latest processed: Fails over the VM to the latest recovery point that was prepared by Site Recovery. The time stamp is shown. With this option, no time is spent preparing data, so it provides a low recovery time objective (RTO).
  4. Latest app-consistent: This option fails over all VMs to the latest app-consistent recovery point. The time stamp is shown.
  5. Custom: Select any recovery point.
  6. In Test Failover, select the target Azure network to which Azure VMs will be connected after failover occurs. This should be the network you created in Prepare Azure resources.
  7. Select OK to begin the failover. To track progress, select the VM to view its properties. Or you can select the Test Failover job on the page for your vault. To do this, select Monitoring and reports > Jobs > Site Recovery jobs.
  8. When the failover finishes, the replica Azure VM appears in the Azure portal. To view the VM, select Virtual Machines. Ensure that the VM is the appropriate size, that it’s connected to the right network, and that it’s running.
  9. You should now be able to connect to the replicated VM in Azure.
  10. To delete Azure VMs that were created during the test failover, select Cleanup test failover in the recovery plan. In Notes, record and save any observations associated with the test failover.

Migrate an Alibaba ECS Instance to Azure Cloud

Step10: Trigger Azure Migration

  1. In Protected items > Replicated items, select the AWS instances, and then select Failover.
  2. In Failover, select a Recovery Point to failover to. Select the latest recovery point.
  3. Select Shut down the machine before beginning failover if you want Site Recovery to attempt to do a shutdown of source virtual machines before triggering the failover. Failover continues even if shutdown fails. You can follow the failover progress on the Jobs
  4. Ensure that the VM appears in Replicated items.
  5. Right-click each VM, and then select Complete Migration. This finishes the migration process, stops replication for the AWS VM, and stops Site Recovery billing for the VM.

Migrate SQL Server to Azure SQL Database using Database Migration Services (DMS)

The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. The Data Migration Service (DMA) lets you migrate on-premises SQL Server or SQL Database hosted in AWS or GCP migrate to Azure SQL Database. There are three simple steps require to migrate Database to Azure SQL. There are two migration approach you can take, Offline and Online migration.

  1. Assess on-premises SQL Server instance(s) migrating to Azure SQL database(s).
  2. Discover issues that can affect an upgrade to an on-premises SQL Server.
  3. Migrate an on-premises SQL Server instance to Azure SQL Server
Azure SQL Database Migration Steps

Prerequisites:

  • SQL Server sysadmin role
  • distributor role for source SQL Server
  • SQL Server Management Studio (SSMS)
  • Co-Administrator or Contributor role in Azure cloud
  • Source Database is SQL Server 2005 or later version
  • Target database is Azure SQL Database and Azure SQL Database Managed Instance
  • Azure Virtual Network (VNET) for the Azure Database Migration Service by using the Azure Resource Manager deployment model.
  • Ensure that your VNET Network Security Group rules don’t block the following communication ports 443, 53, 9354, 445, 12000.
  • Download and install the Data Migration Assistant v3.3 or later.

Prepare Target Database:

A single database has a defined set of compute, memory, IO, and storage resources using one of two purchasing models.

  1. Log on to Azure Portal
  2. Select Create a resource in the upper left-hand corner of the Azure portal.
  3. Select Databases and then select SQL Database.
  4. In the Create SQL Database form, type or select Database name, Subscription, Resource group, Select source>select OK.
  5. Under Server, select Create new.
  6. In the New server form, create Server name, location, admin Name and password
  7. Choose Select.
  8. On the SQL Database form, select Pricing tier. Explore the amount of DTUs and storage available for each service tier.
  9. For this quickstart, select the Standard service tier, and then use the slider to select DTUs (S0) and GB of storage.
  10. Select Apply.
  11. On the SQL Database form, select Create to deploy and provision the resource group, server, and database.
  12. Deployment takes a few minutes. You can select Notifications on the toolbar to monitor deployment progress.
  13. On the SQL Database page for your database, select Query editor (preview) in the left menu.
  14. Enter your login information, and select OK.
  15. Enter the following query in the Query editor pane. Select Run, and then review the query results in the Results pane.

SELECT TOP 20 pc.Name as CategoryName, p.name as ProductName

FROM SalesLT.ProductCategory pc

JOIN SalesLT.Product p

ON pc.productcategoryid = p.productcategoryid;

Assess your on-premises database:

  1. In the Data Migration Assistant, select the New (+) icon, and then select the Assessment project type.
  2. Specify a project name, in the Source server type text box, select SQL Server, in the Target server type text box, select Azure SQL Database, and then select Create to create the project.
  3. When you’re assessing the source SQL Server database migrating to a single database or pooled database in Azure SQL Database, you can choose one or both of the following assessment report types: Check database compatibility, Check feature parity, Both report types are selected by default.
  4. In the Data Migration Assistant, on the Options screen, select Next.
  5. On the Select sources screen, in the Connect to a server dialog box, provide the connection details to your SQL Server, and then select Connect.
  6. In the Add sources dialog box, select AdventureWorks2012, select Add, and then select Start Assessment.

Create a Database Migration Services instance:

  1. In the Azure portal, select + Create a resource, search for Azure Database Migration Service, and then select Azure Database Migration Service from the drop-down list.
  2. On the Azure Database Migration Service screen, select Create.
  3. On the Create Migration Service screen, specify a name for the service, the subscription, and a new or existing resource group.
  4. Select the location in which you want to create the instance of the Azure Database Migration Service.
  5. Select an existing virtual network (VNET) or create a new one.
  6. Select a pricing tier.
  7. Select Create to create the service.

Create a migration project:

  1. In the Azure portal, select All services, search for Azure Database Migration Service, and then select Azure Database Migration Services.
  2. On the Azure Database Migration Services screen, search for the name of the Azure Database Migration Service instance that you created, and then select the instance.
  3. Select + New Migration Project.
  4. On the New migration project screen, specify a name for the project, in the Source server type text box, select SQL Server, in the Target server type text box, select Azure SQL Database, and then for Choose type of activity, select Offline data migration or Online data migration.
  5. Select Create and run activity to create the project and run the migration activity

Specify Source On-premises SQL Database:

  1. On the Migration source detail screen, specify the connection details for the source SQL Server instance e.g. FQDN of SQL Server, admin name (domain name\username) and password.
  2. Click Encrypt Connection. Click Save.

Specify Target Azure SQL Database:

DMS Wizard
  1. On the Migration target details screen, specify the connection details for the target Azure SQL Database Server.
  2. Select Save, and then on the Map to target databases screen, map the source and the target database for migration.
  3. Select Save, on the Select tables screen, expand the table listing, and then review the list of affected fields.
  4. Select Save, on the Migration summary screen, in the Activity name text box, specify a name for the migration activity.
  5. Expand the Validation option section to display the Choose validation option screen, and then specify whether to validate the migrated databases for Schema comparison, Data consistency, and Query correctness.
  6. Select Save, review the summary to ensure that the source and target details match what you previously specified.
  7. Select Run migration.
  8. After the migration completes, select Download report to get a report listing the details associated with the migration process.
  9. Verify the target database(s) on the target Azure SQL Database server.

Monitor & Cutover to Azure SQL Database:

Data migration using SQL Management Studio
  1. On the migration activity screen, select Refresh to update the display until the Status of the migration shows as Running.
  2. Click on a specific database to get to the migration status for Full data load and Incremental data sync operations.
  3. When you’re ready to complete the database migration, select Start Cutover.
  4. Make sure to stop all the incoming transactions to the source database; wait until the Pending changes counter shows 0.
  5. Select Confirm, and the select Apply.
  6. When the database migration status shows Completed, connect your applications to the new target Azure SQL Database.

Build DMZ in Azure Cloud

Azure routes traffic between Azure, on-premises, and Internet resources. Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table. You can override some of Azure’s system routes with custom routes, and add additional custom routes to route tables. Azure routes outbound traffic from a subnet based on the routes in a subnet’s route table.

You can a DMZ in Azure Cloud within your subscription or tenant. The concept of a DMZ or perimeter network is not new; DMZ is a layered network security approach to minimize the attack footprint of an application.

A DMZ architecture is comprised with either two layers or three layers of security and protection concept with additional user-defined routes and firewall rules. Azure network traffic to and from resources in a virtual network using network security groups and network virtual appliances.

Workload Placement in simple DMZ:

  1. Untrusted Network (Layer 1- Frontend NSG) – WAP Server, Non-domain joined computer, Exchange Edge Server
  2. Trusted Network (Layer 2 – Backend NSG) – Domain Controller, File Server, Print Server, RDS, Database and ADFS Server.

 

Simple DMZ
Simple DMZ Example Source Microsoft

Workloads Placement in advanced DMZ:

  1. Extranet (Layer 1 – External Public Facing) A Firewall Appliance
  2. Untrusted Network (Layer 2- Frontend NSG) – WAP Server, Non-domain joined computer, Exchange Edge Server
  3. Trusted Network (Layer 3 – Backend NSG) – Domain Controller, File Server, Print Server, RDS, Database and ADFS Server.

 

Advanced dmz
Advanced DMZ Example Source Microsoft

 

 Example Address Spacing

Location vNET Address Space Connectivity  to other region
Azure Australia East vNET1 10.11.0.0/16

10.12.0.0/16

 Azure Australia Southeast

ExpressRoute or S2S VPN
Australia East On-premises On-prem 10.41.0.0/16

10.41.0.0/16

 S2S VPN to Azure Australia East
Azure Australia Southeast vNET2 10.51.0.0/16

10.51.0.0/16

 Azure Australia East

ExpressRoute or S2S VPN
Australia Southeast On-premises On-prem 10.100.0.0/16

10.101.0.0/16

 S2S VPN to Azure Australia Southeast

Hybrid Network Workloads Placement

Hybrid Network.JPG
Hybrid Network Example Source Microsoft

Best Practices

Follow Azure Networking Best Practices. Follow three basic principal of Azure Networking- Segment, Control and Enforce.

  • Segment- Multiple Azure Networks within a single vNET with large IP Address space. The private IP address spaces available are in the Class A (10.0.0.0/8), Class B (172.16.0.0/12), and Class C (192.168.0.0/16) ranges. Use Trusted IP Address range (x.x.x.x/22), Untrusted IP Address Range (x.x.x.x/22).
  • Control- Create multiple NSGs, associate FrontEnd NSG and Backend NSG with untrusted and trusted network respectively to control to and from Azure. NSGs are simple, stateful packet inspection devices that use the 5-tuple (the source IP, source port, destination IP, destination port, and layer 4 protocol) approach to create allow/deny rules for network traffic.
  • Enforce – Enforce user-defined rules to allow only desired TCP & UDP traffic to the vNET, Use Virtual Network Appliance and Perimeter Networks at all times for Enterprise Azure deployment. Disable RDP at the VM level and allow RDP at the FrontEnd NSG. Use a jump box in the DMZ to access workloads.

Azure Stack Pricing Model

Azure Stack is sold as an integrated system, with software pre-installed on validated hardware. Azure Stack comes with two operational modes—Connected and Disconnected. Connected Mode use Azure metering services with the Microsoft Azure Cloud. The Disconnected Mode does not use Azure metering services. The Disconnected Mode is based on capacity pricing model. The Connected Mode is a Pay-as-you-use software pricing model.

Azure Stack.png

Licensing Model

Payment Method Description License Type
PAYG No upfront cost EA or CSP
Capacity Model Fixed Fees per annum EA Only

Windows and SQL License

You have to use licenses from any channel (EA, SPLA, Open, and others), as long as you comply with all software licensing and product terms.

Linux Licenses

You have to use RedHat or other Linux licenses on the Azure Stack if you choose to use Linux Operating Systems. You have to pay to the software vendor for use of their software on the Azure Stack.

Connected Mode for Cloud Service Provider (CSP)

Azure Stack offers pay-as-you-use pricing, just like you get with Azure. Run infrastructure as a service (IaaS) and platform as a service (PaaS) on Azure Stack with no upfront fees, and use the same subscriptions, monetary commitments, and billing tools as Azure. The pay-as-you-use package is available through Enterprise Agreements (EA) and the Cloud Solution Provider program (CSP).

Service Type Description Hourly Rate Monthly Rate
Compute Base VM $0.011/vCPU $8 vCPU
  Windows VM $0.059/vCPU $43 vCPU
Storage Storage   $0.008/GB
  Table & Queue   $0.023/GB
  Unmanaged Disk   $0.015/GB
App Services Web Apps, API, Functions $0.072/vCPU

 

 $53 vCPU

The Connected Mode is available through both Enterprise Agreement (EA) and Cloud Service Provider (CSP) partner channel. Azure MSDN, Free Trial, and Biz Spark subscription IDs cannot be used in conjunction with Azure Stack.

Your Azure Stack usage will be metered and integrated into one bill with your Azure usage.

Use cases:

The customer already has Azure Subscription. The customer wants to establish hybrid cloud in conjunction with Azure Cloud.

Disconnected Mode for Azure Stack On-premises

the App Service package, which includes App Service, base virtual machines, and Azure Storage ($400/core/year), and the IaaS package, which includes base virtual machines and Azure Storage ($144/ core/year.) With the capacity model, you use your existing on-premises licenses to deploy Windows Server and SQL Server virtual machines.

The capacity model is available via EA only. It is purchased as an Azure Plan SKU via normal volume licensing channels.

Use Cases

The customer wants to build their own private cloud platform and offer services to their departments and subsidiaries. The purpose of this exercise is to segregate billing of each department but maintain single ICT organisation.

Azure Stack Support

Azure Stack support is a consistent, integrated, hybrid support experience that covers the full system lifecycle. If you already have Premier, Azure, or Partner support with Microsoft, your Azure Stack software support is included. You need only make one call to the vendor of your choice (Microsoft or hardware partner) for any Azure Stack issue.

For up-to-date pricing visit Microsoft website.

Amazon EC2 and Azure Virtual Machine (Instance) Comparison

Both Amazon EC2 and Azure VM provide a wide selection of VM types optimised to fit different use cases. An instance or VM is combinations of virtual CPU, virtual memory, temporary storage, and networking capacity and give a customer the flexibility to choose the appropriate mix of resources for workloads. Both AWS EC2 and Azure offers instances at scale for the requirements of any target workload. Both EC2 and Azure provide the option to store VM in persistent storage called EBS in Amazon terminology or Blob Storage in Azure terminology.

EC2 vs Azure VM

Available Windows/Linux VM both Cloud Services Providers:

Type Description Azure VM

Windows & Linux

 AWS EC2

Windows & Linux
General purpose Balanced CPU-to-memory ratio. B, Dsv3, Dv3, DSv2, Dv2, Av2 T2, M4, M5
Compute-optimised High CPU-to-memory ratio. Fsv2, Fs, F C4, C5
Memory-optimised High memory-to-CPU ratio. Great for database servers Esv3, Ev3, M, GS, G, DSv2, Dv2 X1e, X1, R5, R4, Z1d
Storage optimised High disk throughput and IO. Ls H1, i3, D2
GPU Specialized for heavy graphic rendering and video editing NV, NC, NCv2, NCv3, ND P3, P2, G3, F1
High performance compute fastest and most powerful CPU H C4, C5

Both AWS and Azure are utility pricing model analogous to your gas, water or power bills. Both Amazon and Azure provide standard instance as PAYG model, and also some instances are available in the reserved pricing model. In a reserved pricing model, you pay upfront at a cheaper rate for instance but commit for certain months or years. In a reserved instance, you pay additional for -storage consumption and network utilisation if it’s cross-geo connectivity. Both AWS and Azure have vast marketplace from where you can pick up and deploy any instance of your requirements at Scale.

Here is where Microsoft differentiate from AWS, you can save up to 72% over pay-as-you-go pricing with an upfront one- or three-year commitment in Azure Cloud. You can also exchange or cancel the RI at any time. Microsoft also offers Hybrid benefits, i.e. 40% off when you bring in Microsoft Windows/Linux workloads from On-prem to Azure. You can use your on-premises Windows Server or SQL Server licences with Software Assurance to make big savings when migrating a few workloads or entire data centres to the cloud.

You can get discounted rates on Azure for your ongoing development and testing, including no Microsoft software charges on Azure Virtual Machines and special dev/test pricing on other services.

Microsoft also offers US$5000 credit for the validated Not-for-Profit organisation for the use of Azure Cloud whilst signing

Relevant References:

Azure Pricing Calculator

Azure TCO Calculator

Offset IT Cost with Azure Cloud

Microsoft Azure credits now available to eligible not-for-profit organisations

Azure 54 regions in 140 countries