Your target end-state: Azure landing zones conceptual architecture
By: DomAllen, Senior Program Manager and Jeff_Mitchell_MSFT, Principal Cloud Solution Architect Customers today recognize the cloud enables digital transformation for the enterprise, while consistently meeting unique requirements for business growth. Cloud services are deployed at hyperscale, allowing you to consistently manage and optimize governance and operations management controls beyond on-premises environments—extending unified management across any infrastructure to multicloud and the edge. To help you prepare for your cloud adoption journey, we are excited to announce the availability of Azure landing zone conceptual architecture—your environment's strategic design path and target technical state. It represents scale and maturity decisions based on experiences and feedback from customers who have successfully adopted Azure. To realize the value of the agility the cloud can provide, we recommend that environments be implemented to enable consistent scale—while meeting your business needs by creating consistent ways to govern and manage resources, not just by type, but also by organization, cost, and security. Besides designing an architectural platform, you must implement and maintain the platform and design a systematic architectural and technical delivery approach to building patterns for success on the platform. We recommend developing a continuous engineering loop to ensure that environment lifecycles align with the Azure roadmap. Your process should validate new services in the context of enterprise controls—and it should deliver its learnings back to the platform, inputs for future iterations. Azure landing zone conceptual architecture Through a landing zone accelerator approach and a reference implementation, you enable the effective construction and operationalization of landing zones on Azure—at scale, aligned with the Azure roadmap and Microsoft Cloud Adoption Framework for Azure. Landing zone accelerator architecture represents the strategic design path and target technical state of your Azure environment. The architecture will continue evolving with the Azure platform, ultimately shaped by design decisions that are aligned with the architectural implementation best practices to safeguard your Azure journey. Not all organizations adopt Azure in the same way. Enterprise-scale landing zone architectures, (as illustrated in Figure 1 below) might vary between customers, depending on enterprise requirements. Varied design considerations and recommendations might yield different trade-offs, depending on your organization's cloud adoption path. Variation along your path is expected—but if you follow core recommendations, the target architecture that results will set you on a path to sustainable scale on Azure. Figure 1 You can download PDF files of the Azure landing zone conceptual architecture diagrams with: Virtual WAN (PDF) network topology Traditional Azure network topology based on hub-and-spoke (PDF) architecture or download a Visio diagram (VSDX) file with a diagram of both Virtual WAN and hub-and-spoke architectures. Getting your environment ready, faster: Azure landing zone accelerator Azure landing zone accelerator enables your organization to make templatized landing zone deployments, with baked-in, repeatable best practices for governance, security, and compliance and it comes with a set of design principles for managing the platform at scale. These principles serve as a compass for subsequent design decisions across critical technical domains. Deploy the Azure landing zone accelerator (see Figure 2, below) directly within the Azure portal to speed up your implementation—allowing you to customize environment configurations for compliance, security, and operations management controls. GitHub integration will help your team to set up CI/CD pipelines—if your cloud operating model includes Infrastructure as Code (IaC) DevOps practices for infrastructure management. Figure 2 While your organization may have already adopted third party automation toolchain products, you may need to start with a smaller implementation of the Azure landing zone conceptual architecture. Explore more open source and partner landing zone implementation options. Start, align, and enhance your landing zone Our conversations with customers and partners help us recognize that organizations may be at different stages along their cloud journey when reviewing landing zone implementation options. The deployment recommendations that advance your specific, strategic design path and target technical state will match the stage you're in along your cloud path. Get started with the best next steps for your own cloud adoption path, and review your journey to the target architecture. Some organizations with a conceptual architecture matching the operating model and resource structure they plan to use can launch the ready-to-deploy experience with the Azure landing zone accelerator. Picture Azure landing zone guidance as a large highway that leads to the cloud (your target architecture). You're whizzing down this long and spacious-laned highway, and you see on-ramps and exits flashing by. Your highway will have several onramps feeding into its large asphalt path towards cloud adoption. Three points reflect the most common customer journeys—customer experiences centering on three landing zone implementation stages: Start, Align, and Enhance. Start is for those beginning their cloud adoption journey—who wish to develop a new cloud environment, without dependencies—where no production workloads are deployed. Perhaps, to begin with—your organization might have a blank sheet of paper, and you're looking for the best route to get to your target end-state— the target technical state and strategic design path that guides the very beginning of your cloud adoption—always in alignment with the conceptual architecture. Launch the ready-to-deploy experience with the Azure landing zone accelerator, explore various other design area topics that help you determine where you need to customize, and explore other implementation options within Azure landing zones. Align is for those who have already implemented services in Azure. Perhaps your organization is looking for ways to change your environment to more closely resemble the conceptual architecture. We see a growing trend of organizations that might undergo requirements to introduce controls or design patterns because of a new workload being deployed. This would require specific environment configurations able to meet business or compliance requirements. We recognize cloud environments are never static implementations. As your unique business requirements change (or your team's capabilities expand), configurations of landing zones may need to iterate. For example, as your organization begins its cloud journey, it may choose to run with a baseline security configuration (made necessary by business requirements) to run a workload in the cloud. This may expand over time to require more sophisticated security services like Azure Sentinel to address more detailed security requirements. Enhance represents the cusp of the Ready methodological approach and the continuous deployment of consistent, unified security, governance, and operational management controls supported by the methodologies of Secure, Manage, and Govern within the Microsoft Cloud Adoption Framework for Azure. We’re excited about new updates to our Azure landing zone guidance in the Cloud Adoption Framework—about its potential to prepare for, and unlock, your successful and balanced digital transformation. Some organizations with conceptual architectures matching the operating model and resource structure they plan to use will launch the ready-to-deploy Azure landing zone accelerator experience—with baked in governance, compliance, and security. Other organizations, already in line with best practices—looking to add additional controls or features, may forge ahead and enhance guidance for management, governance, or security. These technical considerations are part of maturing key ongoing processes for cloud environments, like management, governance, and security. Learn more about Azure landing zone conceptual architecture—or get started deploying the Azure landing zone accelerator (see Figure 2, above) directly within the Azure portal to accelerate your implementation, and customize environment configurations for compliance, security, and operations management controls. Or, simply benefit from deployments providing a full implementation of the conceptual architecture, with ready-to-deploy configurations for key components such as management groups and policies. Check out our Channel 9 episodes on Azure landing zones today, on IT Ops Talk and the Azure Enablement Show!Migrate or modernize your applications using Azure Migrate
Introduction The journey to the cloud is an essential step for modern enterprises looking to leverage the benefits of security, innovation (AI), scalability, flexibility, and cost-efficiency. To help unlock these benefits migration or modernization to Azure is critical for reasons such as colocation of IT assets. A crucial part of this transformation is understanding the current state of your IT infrastructure, including workloads, applications, and their interdependencies. Often, organizations aim to set their migration goals based on the applications they want to move to the cloud, rather than focusing on individual servers or databases in isolation. In our endeavour to both simplify and enrich your cloud adoption journey. We are introducing new capabilities in Azure Migrate to help you achieve your goals. About Azure Migrate Azure Migrate is Microsoft’s free platform for migrating to and modernizing in Azure. It provides IT resource discovery, assessment, business case analysis, planning, migration, and modernization capabilities in a workload agnostic manner. You can run and monitor your migration/ modernization journey from a single, secure portal. Currently, Azure Migrate's application aware experience supports the discovery of following workloads: Windows Server, Linux, SQL Server, .NET webapp on IIS, and Java on Tomcat running on various platforms including, VMware, Microsoft, Bare-metal, AWS EC2, GCP CE, and Xen. Further, it will support migration assessments for Azure VM, Azure VMware Solution (AVS), Azure SQL Managed Instance, Azure SQL Database, App Service Code, App Service Containers, and Azure Kubernetes Service. Last, it will support in-line Lift and Shift migration to Azure VM. Note: MySQL discovery and assessment is available in the classic experience only. Introducing Application awareness in Azure Migrate A key step in any cloud transformation plan is a current state analysis of the entire IT estate covering workloads and applications, and relationships/ dependencies among them. We are excited to announce the preview of application aware experiences in Azure Migrate – across every phase of the migration journey. This allows you to gain insights into the total cost of ownership, identify suitable IaaS and PaaS targets, and receive tailored migration and modernization guidance. To get started with Azure Migrate, simply create an Azure Migrate project on Azure portal, and leverage Azure Migrate’s wide-ranging discovery capabilities, including the Azure Migrate appliance or importing inventory via RVTools to discover your environment. Azure Migrate allows you to explore inventory across Infra-Data-Web tiers and use the updated dependency analysis to identify application boundaries. As part of the application aware experiences, we are introducing the concept of tags within Azure Migrate. So once dependencies are identified, you can group the dependent workloads comprising an application via tags. “Tagging has significantly streamlined the assignment of applications name and its environment associations with discovered servers. We consider this feature to be highly advantageous, as it will assist in generating an application-based inventory and assessment. Furthermore, it will be instrumental in organizing a high-level migration move group.” - Tata Consultancy Services (Engineering Practice (Azure) | AI.Cloud) Next, Azure Migrate can be used to create application-specific business cases to identify savings and ROI, assess ideal migration strategies, and get recommendations for Azure services, SKUs, resource costs, and migration/modernization tools. Further, as part of executing the migration and onboarding to Azure, customers can use the recommended tools to modernize via re-platform and refactor (out of band) techniques or use the integrated rehost migration experience to rehost to Azure VM. Complemented with a refreshed user experience As part of delivering application awareness and sustainability insights, Azure Migrate will also feature a refreshed user interface. The new experience is designed to help you in every step of your migration journey – across Decide, Plan and Execute phases. The experience provides you with a new intuitive table of contents and overview page to allow easy navigation. You can explore discovered workloads and their relationships through effective search, sort, and seamless transition from Azure Migrate to other specialized migration tools, depending on your specific goals and requirements. Finally, you can quickly create and visualize different migration and modernization strategies side-by-side. “There has been a notable improvement in User Experience, where with the help of Overview page I can Explore and run assessment, Business case once I access Azure Migrate. Action Centre feature will be highly beneficial to track the issues, which was quite useful in our customer validation.” - Tata Consultancy Services (Engineering Practice (Azure) | AI.Cloud) Interested in trying the new feature-set and experience? The capabilities described above are currently in preview. You can try the new feature-set and experience by selecting the banner shown below from the classic Azure Migrate experience, or by using the URL https://aka.ms/AzureMigrate/Preview. These enhancements in Azure Migrate underscore our commitment to providing comprehensive, user-friendly, and efficient migration solutions. Curious to learn more? Here are key links – Documentation - https://aka.ms/AzureMigrate/Documentation Training videos - Seismic - https://aka.ms/AzureMigrate/Recipes* YouTube - https://aka.ms/AzureMigrate/QuickBytes* *Training videos will be available shortly on the respective sites/ applications.
Migration planning of MySQL workloads using Azure Migrate
In our endeavor to increase coverage of OSS workloads in Azure Migrate, we are announcing discovery and modernization assessment of MySQL databases running on Windows and Linux servers. Customers previously had limited visibility into their MySQL workloads and often received generalized VM lift-and-shift recommendations. With this new capability, customers can now accurately identify their MySQL workloads and assess them for right-sizing into Azure Database for MySQL. MySQL workloads are a cornerstone of the LAMP stack, powering countless web applications with their reliability, performance, and ease of use. As businesses grow, the need for scalable and efficient database solutions becomes paramount. This is where Azure Database for MySQL comes into play. Migrating from on-premises to Azure Database for MySQL offers numerous benefits, including effortless scalability, cost efficiency, enhanced performance, robust security, high availability, and seamless integration with other Azure services. As a fully managed Database-as-a-Service (DBaaS), it simplifies database management, allowing businesses to focus on innovation and growth. What is Azure Migrate? Azure Migrate serves as a comprehensive hub designed to simplify the migration journey of on-premises infrastructure, including servers, databases, and web applications, to Azure Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) targets at scale. It provides a unified platform with a suite of tools and features to help you identify the best migration path, assess Azure readiness, estimate the cost of hosting workloads on Azure, and execute the migration with minimal downtime and risk. Key features of the MySQL Discovery and Assessment in Azure Migrate The new MySQL Discovery and Assessment feature in Azure Migrate (Preview) introduces several powerful capabilities: Discover MySQL database instances: The tool allows you to discover MySQL instances within your environment efficiently. By identifying critical attributes of these instances, it lays the foundation for a thorough assessment and a strategic migration plan. Assessment for Azure readiness: The feature evaluates the readiness of your MySQL database instances to migrate to Azure Database for MySQL – Flexible Server. This assessment considers several factors, including compatibility and performance metrics, to ensure a smooth transition. SKU recommendations: Based on the discovered data, the tool recommends the optimal compute and storage configuration for hosting MySQL workloads on Azure Database for MySQL. Furthermore, it provides insights into the associated costs, enabling better financial planning. How to get started? To begin using the MySQL Discovery and Assessment feature in Azure Migrate, follow this five-step onboarding process: Create an Azure Migrate Project: Initiate your migration journey by setting up a project in the Azure portal. Configure the Azure Migrate Appliance: Use a Windows-based appliance to discover the inventory of servers and provide guest credentials for discovering the workloads and MySQL credentials to fetch database instances and their attributes. Review Discovered Inventory: Examine the detailed attributes of the discovered MySQL instances. Create an Assessment: Evaluate the readiness and get detailed recommendations for migration to Azure Database for MySQL. For a detailed step-by-step guidance check out the documentation for discovery and assessment tutorials. Documentation: Discover MySQL databases running in your datacenter Assess MySQL database instances for migration to Azure Database for MySQL Share your feedback! In summary, the MySQL Discovery and Assessment feature in Azure Migrate enables you to effortlessly discover, assess, and plan your MySQL database migrations to Azure. Try the feature out in public preview and fast-track your migration journey! If you have any queries, feedback or suggestions, please let us know by leaving a comment below or by directly contacting us at AskAzureDBforMySQL@service.microsoft.com. We are eager to hear your feedback and support you on your journey to Azure.Azure VMware Solution Broadcom VMSA-2025-0004 Remediation
With continuous monitoring and security intelligence gathering, Microsoft ensures proactive identification and mitigation of security threats. By leveraging advanced analytics, Microsoft is able to detect vulnerabilities early, empowering organizations to stay ahead of potential risks and safeguard their digital assets effectively. Recently, Microsoft discovered a critical ESXi vulnerability and has been collaborating with Broadcom to develop and qualify a secure patch to address this issue. With Microsoft’s commitment to the security of our platform and our improved lifecycle management process, we were able to quickly assemble a global team to work on the acceleration and validation of the ESXi 8.0 U2d Build 24585300 security patch. We have successfully qualified the security patch that will mitigate VMSA-2025-0004 across our fleet. As a result, with the public release of this vulnerability we are ready to patch your existing Azure VMware Solution infrastructure. We are committing to completing the remediation within 30-days. Microsoft will communicate the scheduled date of patching over the next three weeks. Any Azure VMware Solution private cloud deployed after March 4, 2025 will be provisioned with the patch already applied to the environment. Microsoft takes an in-depth approach to vulnerability and risk management. With our new and improved partnership with Broadcom, this allows us to enhance our overall security and quickly address vulnerabilities in VMware solutions. If you are interested in the Azure VMware Solution, please use these resources to learn more about the service: Homepage: Azure VMware Solution Documentation: Azure VMware Solution SLA: SLA for Azure VMware Solution Azure Regions: Azure Products by Region Known Issues: Azure VMware Solution Software Versions: Azure VMware Solution Security Advisories: Broadcom Release Notes: ESXi 8.0 U2d Build 24585300 Author Bios Ricky Perez is a Senior Technical Program Manager in the Azure VMware Solution product group at Microsoft. His background is in solution architecture with experience in public cloud and core infrastructure services. Chastidy Harris is a Senior Program Manager in the Azure VMware Solution product group at Microsoft. Rahi Patel is a Senior Technical Program Manager in the Azure VMware Solution product group at Microsoft. René van den Bedem is a Principal Technical Program Manager in the Azure VMware Solution product group at Microsoft. His background is in enterprise architecture with extensive experience across all facets of the enterprise, public cloud & service provider spaces, including digital transformation and the business, enterprise, and technology architecture stacks. René works backwards from the problem to be solved and designs solutions that deliver business value with the minimum of risk. In addition to being the first quadruple VMware Certified Design Expert (VCDX), he is also a Dell Technologies Certified Master Enterprise Architect, a Nutanix Platform Expert (NPX), and a VMware vExpert.What's new in Azure Migrate?
Introduction The journey to the cloud is an essential step for modern enterprises looking to leverage the benefits of scalability, flexibility, and cost-efficiency. A crucial part of this transformation is understanding the current state of your IT infrastructure, including workloads, applications, and their interdependencies. Often, organizations aim to set their migration goals based on the applications they want to move to the cloud, rather than focusing on individual servers or databases in isolation. I am thrilled to share that Azure Migrate is evolving to both simplify and enrich your cloud adoption journey. We are introducing new capabilities in Azure Migrate to help you achieve your goals. Introducing Application awareness in Azure Migrate [limited preview] A key step in any cloud transformation plan is a current state analysis of the entire IT estate covering workloads and applications, and relationships/ dependencies among them. I am excited to announce the limited preview of application aware experiences in Azure Migrate – across every phase of the migration journey. This allows you to gain insights into the total cost of ownership, identify suitable IaaS and PaaS targets, and receive tailored migration and modernization guidance. To get started with Azure Migrate, simply create an Azure Migrate project on Azure portal, and leverage Azure Migrate’s wide-ranging discovery capabilities, including the Azure Migrate appliance or importing inventory via RVTools to discover your environment. This allows you to explore inventory across Infra-Data-Web tiers and use the updated dependency analysis to identify application boundaries. As part of the application aware experiences, we are introducing the concept of tags within Azure Migrate. So once dependencies are identified, you can group the dependent workloads comprising an application via tags. Then, Azure Migrate can be used to create application-specific business cases to identify savings and ROI, assess ideal migration strategies, and get recommendations for Azure services, SKUs, resource costs, and migration/modernization tools. Further, as part of executing the migration and onboarding to Azure, customers can use the recommended tools to modernize via re-platform and refactor (out of band) techniques or use the integrated rehost migration experience to rehost to Azure VM. Complemented with a refreshed user experience As part of delivering application awareness and sustainability insights, Azure Migrate will also feature a refreshed user interface. The new experience is designed to help customers across every step of the migration journey – across Decide, Plan and Execute phases. The experience provides you with a new intuitive table of contents and overview page to allow easy navigation. You can explore discovered workloads and their relationships through effective search, sort, and seamless transition from Azure Migrate to other specialized migration tools, depending on your specific goals and requirements. Finally, you can quickly create and visualize different migration and modernization strategies side-by-side. Expanded support for workloads and platforms In addition to the capabilities described above, Azure Migrate continues to evolve to support capabilities provided by Azure for customers to evaluate and execute as part of their cloud adoption journey. As part of this effort, I am pleased to announce public preview of the following capabilities. These capabilities are available for customers, partners and sellers to try today! ROI/TCO of Azure Arc in Azure Migrate Business Case [public preview] We understand that customers are looking to understand the best path as they evaluate the cloud. This includes continuing to stay on-premises in their current environment while benefiting from Azure services such as Azure Arc. Knowing the varying needs of every customer and with the goal to meet customers where they are, we are introducing the envisioning of ROI for Azure Arc in Azure Migrate Business Case. This includes - Azure Migrate business case to help you compare the Total Cost of Ownership (TCO) for on-premises estates versus Azure, including year-on-year cash flow analysis. With this new capability, the Azure Migrate Business Case now includes the added value of Azure Arc for resources remaining on-premises during the customer’s migration journey. You can now visualize cost savings and other benefits of using Azure security and management tools via Azure Arc for your on-premises servers and see licensing benefits such as Extended Security Updates and SQL Pay-As-You-Go. In addition to visualizing the business case for Arc, customers can identify and at-scale onboard machines that are not yet Arc-enabled directly from the Azure Migrate portal. Additional details and step by step instructions can be found here. Support for migrations to Azure Stack HCI [public preview] Azure Stack HCI enables customers to run workloads in the private cloud or edge and offers an ideal platform for modernizing workloads with enhanced performance, scalability, simplified management, and cost efficiency. To support this modernization, we have introduced the ability to migrate virtual machines from Hyper-V and VMware environments to Azure Stack HCI using Azure Migrate: Server Migrations. Like Azure migrations, you can leverage Azure Migrate to discover virtual machines from VMware and Hyper-V environments at scale, without needing prior agent installation. After discovery, you can migrate virtual machines to Azure Stack HCI through an easy-to-use Azure Migrate portal experience, ensuring zero data loss and minimal downtime. This migration keeps data flow locally from on-premises to Azure Stack HCI. Learn more about this capability here. Expanded OSS Support in Azure Migrate [public preview] Azure Migrate has been diligently expanding its capabilities to better support customers using Linux. We are thrilled to highlight three significant updates that enhance your migration experience: Support for newer Linux Distributions [public preview] Azure Migrate now supports a range of newer Linux distributions, including Rocky Linux, Alma Linux, SLES 15, RHEL 9, and Ubuntu 22.04. This enhancement ensures a broader compatibility for Linux workloads, allowing you to migrate seamlessly, whether using agentless or agent-based migrations. Azure Hybrid Benefit (AHB) for Enterprise Linux [public preview] We've integrated Azure Hybrid Benefit (AHB) for Enterprise Linux (RHEL and SLES) into the migration process. Customers can visualize the savings from AHB directly in Azure Migrate business case assessments, maximizing their return on investment. To leverage AHB, you can directly enable the appropriate licenses for migrating Enterprise Linux machines within Azure Migrate. This integration eliminates the need for manual installation of the AHB extension post migrations, streamlining the migration workflow and ensuring compliance. Discovery and Assessment of MySQL Databases [public preview] In our endeavor to increase coverage of OSS workloads in Azure Migrate, we are announcing discovery and modernization assessment of MySQL databases running on Linux servers. Customers previously had limited visibility in their MySQL workloads and often received generalized VM lift-and-shift recommendations. With this new capability, you can now accurately identify the MySQL workloads and assess them for right-sizing into Azure Database for MySQL: Flexible Server. CSV Import powered discovery for SQL Servers [limited preview] We understand that deploying an appliance may not be the quickest way to generate migration assessments to enable planning. Further, many times customers can’t provide credentials for SQL Server instances, to allow Azure Migrate to capture relevant details and provide accurate readiness and right-sized recommendations. Hence, we are now adding the ability to import SQL Server details which can then be used to discover SQL Server instances and databases and generate accurate assessment reports. Use existing repositories such as SQL Server Dynamic Management Views, SCOM etc. to populate the CSV schema required to discover SQL Server. Interested in trying the limited preview experience? The capabilities described above are currently in limited preview. To take advantage of these capabilities for your environment, please share your interest here. Conclusion The enhancements in Azure Migrate underscore our commitment to providing comprehensive, user-friendly, and efficient migration solutions. Stay tuned for more updates and join us at Ignite 2024 for a detailed demo of these exciting new features. Curious to learn more? Here is a sneak peek of what we plan to announce at Ignite - https://youtu.be/aquRVLvau7cVMware Site Recovery Manager is now Available for Azure VMware Solution
Azure VMware Solution (AVS) customers are now able to take advantage of VMware Site Recovery Manager (SRM) for disaster recovery scenarios including on-premise VMware to AVS, and Primary AVS to Secondary AVS private cloud environments.
