cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Move on-prem environment to Azure migration

Ivarious90
Copper Contributor

‎Jun 29 2022 05:36 AM

‎Jun 29 2022 05:36 AM

Move on-prem environment to Azure migration

Hi there,

 

I'm working on a customer with a traditional Windows AD domain. The customer wants to have all their Windows VMs (now running on VMWare) to Azure.

 

For the clients we recently managed to make all devices Azure AD Joined only.

M365 suite is used for Teams/SharePoint/ExchangeOnline, Defender for endpoint and Endpointmanager for client management.

 

We have no domain joined computers anymore. All the users are still in Azure AD Connect that syncs to Azure AD. 

 

Printers are on universal print and files to Teams/SharePoint.

 

We now have a large file share that we could not migrate to sharepoint. We would like to have this on Azure Files. 

 

Right now we are in the start of creating an Azure subscription. What should be the best route to take for this? On-prem there are a couple Windows (apps) VMs that we would like to 'lift and shift' to Azure. These app servers are used for legacy/history checking... 

 

If there is any clear path or documentation that we can consult, would like to know.

Thanks in advance!

Labels:
2,368 Views
0 Likes
3 Replies
Reply
3 Replies
KonradWrobel

‎Jul 06 2022 05:59 AM

‎Jul 06 2022 05:59 AM

Re: Move on-prem environment to Azure migration

@Ivarious90, well it all depends, however it's a little bit too small number of details.

 

Putting VMs directly in Azure as lift-and-shift without preparing some infrastructure might expose you to risk.

 

First of all you should review a Landing Zone recommended architecture in Azure as it seems that you will be using multiple services:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/

 

This documentation will help you to understand:

- basic (and advanced) architecture of Azure,

- networking in Azure,
- connectivity to resources in Azure,
- foundation services potentially required (identity, management etc.),
- security requirements,

- and many others,

- services onboarding,

- and many others.

 

I would suggest to start from:

  • Determining your OPEX... well getting some services might be costly :)
  • checking how many VMs is about to be migrated and what are their requirements, how they are separated from each other, how sensitive is the data etc. More VMs will require a bit more configuration.
  • checking what are the requirements for reaching the resources. Is it internal network or connections over the internet? This will help you to determine the connectivity services required.
  • determine requirements for internet facing. Should the resources face the internet? If yes - you definitely wants to secure them.
  • determine if you need Domain Controllers / Identity services for mentioned VMs - this will help you to decide if you need Identity Subscription with identity services or not. Maybe moving the DC to the cloud, together with AD connect is something which you would like to do.
  • get requirements for Azure Files access. We are getting back here to to connectivity - should it be available through internal network or Internet? If internal - configuration of Private Endpoints would be required.

 

However... for smaller configuration and cost saving you might want to split it into 2 separate streams:

  1. For VMs:
    1. Create a VNET + required subnets: https://docs.microsoft.com/en-gb/azure/virtual-network/
    2. Create Azure Bastion for secure connectivity to those VMs: https://azure.microsoft.com/en-gb/services/azure-bastion/
    3. Use Azure Migrate to migrate VMs: https://azure.microsoft.com/pl-pl/services/azure-migrate/
  2. For Azure Files, just set it up and secure, granting connectivity over internet but with some best practices: https://blog.cloudboost.io/azure-files-security-best-practices-1c4e6afd145b

 

 

1 Like
Reply
KelvinYeo

‎Jul 20 2022 09:58 PM

‎Jul 20 2022 09:58 PM

Re: Move on-prem environment to Azure migration

@KonradWrobel something to add on.

 

You might want to take a look at the best practices in Management Group management as well as that will help to simplify the way you organize your customer's Subscriptions/Workloads in Azure as things can start to get messy when their subscriptions/workloads increase significantly in future.

 

I would suggest to create a "Management Group Design" and "Subscription Design" by using Microsoft CAF "Design Principles" as the basis for your designs.

 

You can find the list of design considerations in the following articles:

- Management Group Design Considerations

- Subscription Design Considerations

 

Lastly, do take note on the limitations for Management Group and Subscription as that may affect your design and planning in organizing the workloads too.

 

Hope that helps and do feel free to share the challenges that you experienced along the way too! =)

 

 

 

2 Likes
Reply
KelvinYeo

‎Jul 30 2022 07:09 AM

‎Jul 30 2022 07:09 AM

Re: Move on-prem environment to Azure migration

@Ivarious90, appreciate if you could mark the response that provides the information that you are looking for as correct answer/best response, that will help us better understand what kind of information actually helps.

0 Likes
Reply