Migrating to the cloud doesn’t have to be difficult, but many organizations struggle to get started. Before they can showcase the cost benefits of moving to the cloud or determine if their workloads will lift and shift without effort, they need deep visibility into their own environment and the tight interdependencies between applications, workloads, and data. Azure Migrate, Azure Database Migration Service, and Azure Cost Management provides a frictionless approach to moving VMware VMs to Azure.
Microsoft – Cloud Security Certification
Microsoft Azure has been certified by Australian Signals Dicrectorate (ASD), Department of Defence. Check your region to verify Azure certification by the regulator if you have regulatory compliance requirements.
- Microsoft has undergone an Information Security Registered Assessors Program (IRAP) assessment of Australian Signals Directorate (ASD) and been certified on the Certified Cloud Services List (CCSL) by ASD for Azure, Dynamics 365, and Office 365
- Microsoft Azure has been awarded PROTECTED classification level by the Australian Signals Directorate (ASD). Microsoft Azure is the first global cloud provider which has been awarded PROTECTED
- Azure, Cloud App Security, Intune, Office 365, Dynamics 365 and Power BI are awarded certification after rigorous independent assessments of cloud providers by the Cloud Security Alliance (CSA)
- Azure, Cloud App Security, Intune, Office 365, Dynamics 365 and Power BI are awarded ISO/IEC 27001 certification meeting criteria specified in the ISO certification
Licensing Cost & Azure Hybrid Benefit
- customers with Software Assurance to run Windows Server VMs on Azure at a lower rate.
- save up to 40 percent on Windows Server VMs
- Use existing SQL Server licenses toward SQL Database managed instances
- Azure Reserved Virtual Machine Instances to further reduce costs—up to 72% on PAYG prices per year or per three years terms on both Windows and Linux virtual machines.
- pay only for the underlying compute and storage for SQL VM
- 82% savings over PAYG rates on Azure and up to 67% compared to AWS RIs for Windows VMs.
- 49% cost savings estimated using the Azure TCO calculator comparing on-premsies VMware VMs. Actual savings may vary based on region, instance type and usage. Reference Nucleus Research
- You can specify whether you’re enrolled in Software Assurance and can use the Azure Hybrid Use Benefit.
Microsoft offers an end-to-end solution to provide you with a proven framework and tools to migrate your first workload and give you a complete roadmap for discovery, migration, and continual optimization, including better insights and strategies for running your entire datacenter portfolio on Azure. Migrating to Azure is simple three-stage process and focuses on how to identify virtual machines, applications, and data that can easily be moved to the cloud.
- VMware vCenter Server 5.5, 0 and later version managed virtual machines
- Any On-premises Storage (vSAN, FC SAN, NFS or iSCSI)
- Appliance-based, agentless, and non-intrusive discovery of on-premises virtual machines.
- Currently Azure Migrate supports only Locally redundant storage (LRS). However, once you migrated to Azure, you can use Geo-redundant storage.
- Lift & Shift migration to Azure IaaS Cloud
- Azure migrate will recommend the use of Azure Database Migration Service
- Use Azure Site Recovery Manager to migrate business critical and large VMs to Azure Cloud
Stage 1 – Assess Your VMware vSphere Environment
Use these four steps to discover and assess your on-premises workloads for migration to Azure.
- Prepare your environment.
- Discover virtual machines.
- Group virtual machines.
- Assess the groups of virtual machines.
Step 1: Prepare your environment
- To get started with Azure Migrate, you need a Microsoft Azure account or the free trial.
- Assess VMware Virtual machines located on vSphere ESXi hosts that are managed with a vCenter server running version 5.5 or 6.0.
- The ESXi host or cluster on which the Collector VM (version 8.0) runs must be running version 5.0 or later.
- To discover virtual machines, Azure Migrate needs an account with read-only administrator credentials for the vCenter server.
- Create a vCenter virtual machine in .ova format. Download an appliance and import it to the vCenter server to create the virtual machine. The virtual machine must be able to connect to the internet to send metadata to Azure.
- Set statistics settings for the vCenter server to statistics level 2. The default Level 1 will work, but Azure Migrate won’t be able to collect data for performance-based sizing for storage.
Tag your virtual machines in vCenter (optional)
Use these steps to tag your virtual machines in vCenter server.
- In the VMware vSphere Web Client, navigate to the vCenter server instance.
- To review current tags, click Tags.
- To tag a virtual machine, click Related Objects > Virtual Machines, and select the virtual machine.
- In Summary > Tags, click Assign.
- Click New Tag, and specify a tag name and description.
- To create a category for the tag, select New Category in the drop-down list.
- Specify a category name and description and the cardinality, and click OK.
Step 2: Discover virtual machines
Using Azure Migrate to discover on-premises workloads involves these steps.
- Create a Project.
- Download the Collector appliance.
- Create the Collector virtual machine.
- Run the Collector to discover virtual machines.
- Verify discovered virtual machines in the portal.
Create a Project
Azure Migrate projects hold the metadata of your on-premises machines and enables you to assess migration suitability. Use these steps to create a project.
- Log on to the Azure portal and click New.
- Search for Azure Migrate in the search box, and select the service Azure Migrate (preview) in the search results, and then click Create.
- Select the Azure Migrate service from the search results.
- Click Create.
- Specify a name for the new project.
- Select the subscription you want the project to get associated to.
- Create a new resource group, or select an existing one.
- Specify an Azure location.
- To quickly access the project from the Dashboard, select Pin to dashboard.
- Click Create. The new project appears on the Dashboard, under All resources, and in the Projects blade.
Download the Collector appliance
- Select the project, and click Discover & Assess on the Overview blade.
- Click Discover Machines, and then click Download.
- Copy the Project ID and project key values to use when you configure the Collector.
Deploy the Collector virtual machine
In the vCenter Server, import the Collector appliance as a virtual machine using the Deploy OVF Template wizard.
- In vSphere Client console, click File > Deploy OVF Template.
- In the Deploy OVF Template Wizard > Source, specify the location for the .ovf file.
- In Name and Location, specify a friendly name for the Collector virtual machine, the inventory object in which the virtual machine will be hosted.
- In Host/Cluster, specify the host or cluster on which the Collector virtual machine will run.
- In Storage, specify the storage destination for the Collector virtual machine.
- In Disk Format, specify the disk type and size.
- In Network Mapping, specify the network to which the Collector virtual machine will connect. The network must be connected to the internet to send metadata to Azure.
- Review and confirm the settings, and then click Finish.
Run the Collector to discover virtual machines
- In the vSphere Client console, right-click the virtual machine > Open Console.
- Provide the language, time zone, and password preferences for the appliance.
- In the Azure Migrate Collector, open Set Up Prerequisites, and then
o Accept the license terms, and read the third-party information.
o The Collector checks that the virtual machine has internet access. If the virtual machine accesses the internet via a proxy, click Proxy settings, and specify the proxy address and listening port. Specify credentials if proxy access needs authentication.
o The Collector checks that the Windows profiler service is running. The service is installed by default on the Collector virtual machine.
o Select to download and install the VMware PowerCLI.
- In Discover Machines, do the following:
o Specify the name (FQDN) or IP address of the vCenter server and the read-only account the Collector will use to discover virtual machines on the vCenter server.
o Select a scope for virtual machine discovery. The Collector can only discover virtual machines within the specified scope. Scope can be set to a specific folder, datacenter, or cluster, but it shouldn’t contain more than 1000 virtual machines.
o If you’re using tagging on the vCenter server, select tag categories for virtual machine grouping. Azure Migrate automatically groups virtual machines based on tag values in the category. If you’re not using tagging, you can group virtual machines in the Azure portal.
- In Select Project, specify the Azure Migrate project ID and key you copied from the Azure portal. If didn’t copy them, open Azure in a browser from the Collector virtual machine. In the project Overview page, click Discover Machines, and copy the values.
- In Complete Discovery, you can monitor the discovery status, and check that metadata is collected from the virtual machines in scope. The Collector provides an approximate discovery time.
Verify discovered virtual machines in the portal
- In the migration project, click Manage > Machines.
- Check that the virtual machines you want to discover appear in the portal.
Step 3: Group virtual machines
Enterprises typically migrate virtual machines with dependencies together at the same time to ensure their functionality after migration to Azure. Azure Migrate allows you to categorize the virtual machines by group so you can assess all the virtual machines in a group.
- If you provided a tag category—which was an optional step while configuring the Collector—groups will be automatically created for the workloads based on the tag values.
- If a tag category is not provided while configuring the Collector, you can create groups of virtual machines in the Azure Migrate portal.
Optional: Assess machine dependencies before adding them to a group
- In Manage > Machines, search the Machine for which you want to view the dependencies.
- In the Dependencies column for the machine, click Install agent.
- To calculate dependencies, download and install these agents on the machine: o Microsoft Monitoring agent
o Dependency agent
- Copy the workspace ID and key to use later when you install the Microsoft Monitoring agent on a machine.
- After you install the agents on the machine, return to the portal and click Machines. This time the Dependencies column for the machine should contain the text View dependencies. Click View dependencies.
- By default, the dependency time range is an hour. Click the time range to shorten it, specify start and end dates, or change the duration. Press Ctrl + Click to select multiple machines on the map, and then click Group machines.
- In Group machines, specify a group name. Verify the machines you added have the dependency agents installed and have been discovered by Azure Migrate. Machines must be discovered to assess them. We recommend that you install the dependency agents to complete dependency mapping.
- Click OK to save the group settings. Alternatively, you can add machines to an existing group.
Create a Group
You can create groups of virtual machines from the Machines blade or from the Groups blade, using a similar process.
Create a group from the Machines blade
- Navigate to the Dashboard of a project and click the Machines tile.
- Click Group Machines.
- Specify a name for the group in the Name box, and then select the machines that you want to add to the group.
- Click Create.
Add/Remove machines to/from an existing group if you require
- Navigate to the dashboard of a project and click the Groups tile.
- Select the Group you want to add/remove machines to/from.
- Click Add Machines or Remove Machines.
- Select the machines that you want to add/remove to/from the group.
- Click Add or Remove.
Step 4: Assess groups of virtual machines
Create an assessment
Follow these steps to generate an assessment for the group.
- Select the project you want under Project.
- On the project dashboard, click Groups.
- Create a new group or select an existing group to assess under Group.
- Click Create Assessment to create a new assessment for the group.
The assessment includes these details.
- Summary of the number of machines suitable for Azure which is referred to as Azure Readiness.
- Monthly estimate of the cost for running the machines in Azure after migration.
- Storage monthly cost estimate.
Azure Migrate performs three checks on virtual machines in this order:
- Azure Suitability Analysis
- Performance-based sizing
- Monthly cost estimate
Stage 2: Migrate virtual machines using Azure Site Recovery
Before you start deployment, review the architecture and make sure you understand all the components you need to deploy.
Next, make sure you understand the prerequisites and limitations for a Microsoft Azure account, Azure networks, and storage accounts. You also need:
- On-premises Site Recovery components
- On-premises VMware prerequisites
- Mobility service component installed on the virtual machine you want to replicate.
These are the general steps to migrate:
- Set up Azure services such as Virtual Networks, Availability Group, Network Load Balancer, Address Space, Subnets, Resource Group, Storage Accounts, Public IPs.
- Connect to VMware servers.
- Set up the target environment.
- Complete migration.
I assume, you have completed the step1. So I am moving on to step 2.
Create a Recovery Services vault
- Sign in to the Azure portal > Recovery Services.
- Click New > Monitoring & Management > Backup and Site Recovery.
- In Name, specify a friendly name to identify the vault. If you have more than one subscription, select one of them.
- Create a resource group, or select an existing one. Specify an Azure region. To check supported regions, see geographic availability in Azure Site Recovery Pricing Details.
- If you want to quickly access the vault from the dashboard, click Pin to dashboard, and then click Create.
- The new vault will appear on Dashboard > All resources and on the main Recovery Services vaults blade.
Select a protection goal
In this task, select what you want to replicate, and where you want to replicate to.
- Click Recovery Services vaults > vault.
- In the Resource Menu, click Site Recovery > Prepare Infrastructure > Protection goal.
- In Protection goal, select To Azure > Yes, with VMware vSphere Hypervisor.
Set up the source environment
In this task, set up the configuration server, register it in the vault, and discover virtual machines.
- Click Site Recovery > Step 1: Prepare Infrastructure > Source.
- If you don’t have a configuration server, click Configuration server.
- In Add Server, check that Configuration Server appears in Server type.
- Download the Site Recovery Unified Setup installation file.
- Download the vault registration key. You need this when you run Unified Setup. The key is valid for five days after you generate it.
Register the configuration server in the vault
The next task requires you to run Unified Setup to install the configuration server, the process server, and the master target server. First however, do these three steps.
- On the configuration server virtual machine, make sure that the system clock is synchronized with a Time Server. It should match. If it’s 15 minutes in front or behind, setup might fail.
- Run setup as a Local Administrator on the configuration server virtual machine.
- Make sure TLS 1.0 is enabled on the virtual machine.
Now you are ready to run Setup.
- Run the Unified Setup installation file.
- In Before You Begin, select Install the configuration server and process server.
- From the Third-Party Software License screen, click I Accept to download and install MySQL.
- From the Registration screen, select the registration key you downloaded from the vault, and then click Next.
- From the Internet Settings screen, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet.
- If you want to connect with the proxy that’s currently set up on the machine, select Connect to Azure Site Recovery using a proxy server.
- If you want the Provider to connect directly, select Connect directly to Azure Site Recovery without a proxy server.
- If the existing proxy requires authentication, or if you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings. o If you use a custom proxy, you need to specify the address, port, and credentials.
- From the Prerequisites Check screen, run a check to make sure that installation can run. If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.
- In the MySQL Configuration screen, create credentials for logging on to the MySQL server instance that is installed.
- From the Environment Details screen, select whether to replicate VMware virtual machines. If you will, Setup checks that PowerCLI 6.0 is installed.
- From the Install Location screen, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of available space.
- From the Network Selection screen, specify the listener (network adapter and SSL port) on which the configuration server sends and receives replication data. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment’s requirements. In addition to the port 9443, we also open port 443, which is used by a web server to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic.
- In the Summary screen, review the information and click Install. When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location. After registration finishes, the server is displayed on the Settings > Servers in the vault.
Step 2: Connect to VMware servers
To allow Azure Site Recovery to discover virtual machines running in your on-premises environment, you need to connect your VMware vCenter Server or vSphere ESXi hosts with Site Recovery. Note the following before you start:
- If you add the vCenter server or vSphere hosts to Site Recovery with an account without administrator privileges on the server, the account needs these privileges enabled:
o Datacenter, Datastore, Folder, Host, Network, Resource, Virtual machine, vSphere Distributed Switch.
o The vCenter server needs Storage views permissions.
- When you add VMware servers to Site Recovery, it can take 15 minutes or longer for them to appear in the portal.
Step 3: Set up the target environment
Before you set up the target environment, make sure you have an Azure storage account and a virtual network set up.
- Click Prepare infrastructure > Target, and select the Azure subscription you want to use.
- Specify whether your target deployment model is Resource Manager-based, or classic.
- Site Recovery verifies that you have one or more compatible Azure storage accounts and networks.
Create replication policy
You need a replication policy to automate the replication to Azure.
- To create a new replication policy, click Site Recovery infrastructure > Replication Policies > Replication Policy.
- Under RPO threshold, specify the RPO limit. This value specifies how often data recovery points are created. An alert is generated if continuous replication exceeds this limit.
- Under Recovery point retention, specify (in hours) how long the retention window is for each recovery point. Replicated virtual machines can be recovered to any point in a window. Up to 24 hours retention is supported for machines replicated to premium storage, and 72 hours for standard storage.
- Under App-consistent snapshot frequency, specify how often (in minutes) recovery points containing application-consistent snapshots will be created.
- Click OK to create the policy.
- When you create a new policy it’s automatically associated with the configuration server. By default, a matching policy is automatically created for failback. For example, if the replication policy is rep-policy then the failback policy will be rep-policy-failback. The failback policy isn’t used until you initiate a failback from Azure.
Prepare for push installation of the Mobility service
The Mobility service must be installed on all virtual machines you want to replicate. There are several ways to install the service, including manual installation, push installation from the Site Recovery process server, and installation using methods such as System Center Configuration Manager. Here you can review prerequisites and installation methods for the Mobility Service.
If you want to use push installation from the Azure Site Recovery process server, you need to prepare an account that Azure Site Recovery can use to access the virtual machine.
The following describes the options:
- You can use a domain or local account
For Windows, if you’re not using a domain account, you need to disable Remote User Access control on the local machine. To do this, in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, add the DWORD entry LocalAccountTokenFilterPolicy, with a value of 1.
- If you want to add the registry entry for Windows from a CLI, type: REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1.
- For Linux, the account should be root on the source Linux server.
Install Mobility Service manually by using the GUI
- Copy the installer executable to the virtual machine that is being migrated to Azure, and then open the installer.
- On the Installation Option pane, select Install Mobility Service.
- Select the install location and click Install to being the installation procedure.
- You can use Installation Progress page to monitor the installer’s progress.
- Once installation is complete, click the Proceed to Configuration button to register the Mobility Service with your Configuration server.
- Click on the Register button to complete the registration.
After you have installed and configured both the Process Server and the Mobility Service agents, continue configuring replication in Azure.
- In the Azure portal, navigate to Site Recovery > Step1: Replicate Application > Enable Replication, and then click Step 1: Source Configure > Source.
- In Source, select On-Premises.
- In Source location, select your Configuration Server.
- In Machine type, select Virtual Machines.
- In vCenter/vSphere Hypervisor, select the vCenter server that manages the vSphere host, or select the host.
- Select the process server or the configuration server if you haven’t created any additional process servers, and then click OK.
- In Target, select the subscription and the resource group in which you want to create the migrated virtual machines. Choose the deployment model for the migrated virtual machines that you want to use in Azure (classic or resource manager).
- Select the Azure storage account you want to use for replicating data. If you don’t want to use an account you’ve already set up, you can create a new one.
- Select the Azure network and subnet to which Azure Virtual Machines will connect when they’re created after migration. Select Configure now for selected machines to apply the network setting to all machines you select for protection, or select Configure later to select the Azure network per virtual machine.
- Point to Virtual Machines > Select, select each enabled machine you want to replicate, and then click OK.
- In Properties > Configure properties, select the process server account that will automatically install the Mobility service on the machine.
- By default, all disks are replicated. Click All Disks and clear any disks you don’t want to replicate, and then click OK. You can set additional virtual machine disk properties later if needed.
- In Replication settings > Configure replication settings, verify that the correct replication policy is selected. If you modify a policy, changes will be applied to the replicating machine and to new machines.
- Enable Multi-VM consistency if you want to gather machines into a replication group, specify a name for the group, and then click OK.
- Click Enable Replication. You can track progress of the Enable Protection job in Settings > Jobs > Site Recovery Jobs. After the Finalize Protection job runs the machine is ready for failover.
Step 4: Complete migration
Because migration is different than failover, it is important to configure Site Recovery for a migration.
For migration, you don’t need to commit a failover or delete machines. Instead, select the Complete Migration option for each machine you want to migrate.
- In Replicated Items, right-click the virtual machine, and then click Complete Migration.
- Click OK to complete the migration.
You can track progress in the virtual machine properties by monitoring the Complete Migration job in Site Recovery jobs. The Complete Migration action completes the migration process, removes replication for the machine, and stops Site Recovery billing for the machine.
At this point, your virtual machine has been migrated to Azure and you can begin using the IP addresses you set up in Networking. If you must migrate a database, the next section outlines migrating SQL Server databases using Migration Data Assistant and Azure Database Migration Service. Otherwise, the migration process continues with
Stage 3: Optimize migrated workloads
Cloudyn helps ensure migrated virtual machines continue to deliver targeted resource utilization and best cost by recommending changes. Track costs against budget using spending reports that help identify which virtual machine types are consuming budget and support decisions on how to modify the Azure environment to maximize ROI. Cloudyn benefits include:
- Visibility into resource costs
- Visibility into application and departmental costs
- Cost optimization with right-sizing guidance
As organizations move on-premises virtual machines to Azure, a best practice is to move workloads through three stages: discover, migrate, and optimize. Microsoft and its partners offer tools to help increase the efficiency and reduce the complexity of those stages.