Forum Discussion
What's the best practise regarding IP ranges for migrating on-prem servers to Azure?
Our On-Prem IP range for our servers is 192.168.102.0/24.
I plan to migrate some but not all of our servers to Azure.
- Should I create a VNet with the same range and migrate to that?
- What If I want to add Windows Virtual Desktops to the same VNet so they can access the servers?
- And what if I have a VPN connection back to On-Prem servers?
- What's the best practice for this scenario?
I have searched for the answers but there seems to be multiple solutions, none of which seem to fit my scenario, so I'm grateful for any advise/suggestions
4 Replies
In my opinion it really comes down to how fast you want to move all those on prem servers. Best practice if you wanted to have connectivity back to the local servers is to come up with another IP scope for the Azure environment. The reason for a different scope is with the VPN you cannot have overlapping network scopes, or you will never route traffic correctly. You could still implement network segmentation with different subnets and Network Security groups inside of Azure but allow the needed traffic to flow between the two. By default the traffic is allowed to flow between subnets inside of Azure but I would recommend configuring the NSG’s to only allow the necessary traffic. Lastly if you do end up creating a Virtual Network Gateway to allow traffic back to on prem keep be mindful of the VNET gateway subnet you create as this cannot be modified after its creation.
Thankyou Bryan Haslip This is useful.
My concern is what I should do with VMs that I migrate to Azure.
Right now the VMs have static Its set. After migration, I would need to change each one to be dynamic so I can set the IPs using Azure.
Alternatively, and this just crossed my mind, I add a second NIC to the VM and connect that to the appropriate VNet and finally remove the old NIC.
Would this work?In this scenario if you are using Azure site recovery to replicate the VM's from on premise up to Azure part of the recovery process is Azure removes the static IP and sets it dynamic. What I would recommend is setting this static in the machine configuration pre-fail over. Alternatively you can fail the machine over then set it static and restart the VM. Please let me know if you have any questions or if that does not make sense.
