Your Resource for All Things Apps, Ops, and Infrastructure

Azure Migrate: A ‘Suite’ Ride to the Cloud

Introduction

Migrating on-prem workloads used to be quite challenging, as it called for extensive planning, time, and resources based on several independent toolsets that required complex coordination. Today, however, there are a range of available tools—such as Azure Migrate—that can simplify this process and allow organizations to migrate on-premises workloads to the cloud more easily while saving both time and resources.

Microsoft developed and released Azure Migrate in July 2019 as a single tool that initially only included a VMware integration component for on-prem vSphere assessments. Since then, Azure Migrate has grown into a centralized hub that provides a full suite of discovery, assessment, and migration tools. Azure Migrate also integrates with other Azure services and third-party tools, such as independent software vendor (ISV) offerings, to provide a wide range of support capabilities.

While Azure Migrate is not as well-known as other Microsoft product offerings like Office or O365, it continues to gain popularity due in large part to its ability to easily migrate on-prem or cloud provider workloads into the Azure cloud. Below, we’ll discuss the functionality of Azure Migrate and explore the initial steps required to leverage the tool’s advanced capabilities.

How Does Azure Migrate Work?

Azure Migrate’s comprehensive suite of infrastructure tools includes Discovery and Assessment and Server Migration—both of which feature optional integration components, such as other Azure services and tools as well as ISV offerings.

Azure Migrate overview

Based on the suite of tools available within Azure Migrate, there are five key scenarios or assessment use cases that can be utilized independently for migration planning and execution:

  • Windows and Linux: Discover, assess, and migrate on-premises VMware and Hyper-V virtual machines (VM) or physical servers to Azure.
  • SQL and other databases: Assess and migrate on-premises databases to Azure SQL Database Managed Instance or Azure SQL Database.
  • Databox: Migrate data to Azure using the Databox storage device.
  • Virtual Desktops: Assess virtual desktop infrastructure (VDI) for migration.
  • Web Apps: Assess and migrate .Net web apps to Azure’s PaaS or app service.

Leveraging Azure Migrate along with (built-in) partner ISV tools, users have access to an extensive range of features that are essential for migration planning, including:

  • Discovery of virtual and physical servers
  • Performance-based rightsizing
  • Cost planning
  • Import-based assessments
  • Dependency analysis of agentless applications

Getting Started

To begin, you must first find the Azure Migrate tool within your Microsoft Azure portal and create a project. Next, you’ll have the option of selecting one or more tools (as needed) to discover and assess your target workloads. Discovery tools are either agent-based or agentless depending on the workload type and/or level of detail required.

Typically, a pre-configured lightweight appliance is downloaded (OVA template or VHD) from the Azure Migrate project and deployed on a single host (agentless) with permissions to gather surrounding infrastructure details for virtualized hosts (vSphere, Hyper-V) and physical servers (standalone or cluster) with either Windows or other Linux-based operating systems (OS). Once the appliance is deployed, there is an initial three-step process to follow:

  1. Enable public cloud access (adding a public IP to allow for internet access)
  2. Register the appliance using a secure key from your Azure project
  3. Add/enter any required credentials for accounts with appropriate permissions to access the target systems during the scanning process (e.g., domain admin, root admin, DBA, etc.)

Please note that the initial setup can only be configured one time. Once step three has been submitted, there are no options to re-run the discovery setup without deploying a new Azure Migrate appliance. For additional localized application-specific details, individual agents (per host) must be deployed.

At minimum (for Windows Server systems), accounts with appropriate permissions can directly or remotely establish common information model (CIM) connections to pull all required configuration and performance metadata from the local Windows management instrumentation (WMI) classes. In order to overcome potential user account control (UAC) filtering that may trigger error responses (blockers), the selected user account(s) require permissions for the “CIMV2 Namespace” and “sub-namespaces” for each target server. On Linux-based server systems, either a root account and/or an account with ‘sudo’ permissions is required to allow for access and data extraction.

Once the appliance has completed the discovery scanning process, it will automatically send metadata and performance data from all discovered servers up to the Azure Migrate project that was initially used to register the appliance (step two) during the three-step setup process. It is important to note that during the data upload process, there are no credentials or password details included within the metadata.

What Permissions Are Required for Azure Migrate?

For basic ‘agentless’ appliance discovery scanning, there are at least two out of three permissions (account types) required to fetch data:

  • Domain Credentials: Domain Administrator (not directly recommended by Microsoft, but definitely preferred)
  • Non-domain Credentials: Virtual Host Administrator (vCenter, Hyper-V, etc.) and all non-Windows accounts (e.g., Linux root user)
  • SQL Server Credentials: SQL Administrator (SA) or a domain account with DBA permissions

Although all permissions must be added during step three of the initial setup for the Azure Migrate appliance, the scanning function will still run if no permissions are added. However, there will be little-to-no data transmitted within the metadata uploaded to Azure. Since the discovery scan can be performed only once per host, a new appliance will have to be built along with the appropriate credentials in order to re-run the discovery process.

Note: The discovery process can take anywhere from a few hours up to one day to be completed. All provided credentials are stored locally on the appliance server and encrypted using Data Protection API (DPAPI). The Azure Migrate appliance never transmits credentials publicly to the Azure Cloud.

In order to gather specific application dependency mapping data, a Microsoft Monitoring Agent (MMA) must be downloaded from the Azure Migrate project and deployed separately on each individual server (physical or virtual) before running an ‘agent-based’ scan. For data accuracy, ensure that the credentials used to install the MMA have adequate permissions to all local applications.

Viewing & Accessing the Collected Metadata

Once the discovery data is uploaded into your Azure project, the next step will be to open the project, create a point-in-time data snapshot assessment, and add the desired assessment tools (Azure + ISV) for VMs, DBs, VDI, or Web Apps scenarios. For VM assessments, the data displayed within the tool will be based on the source platform (VMware, Hyper-V, AWS, GCP, on-prem hosts) and each has a set of sub-type options (properties) that include target location, VM series (PAYG/Reserved), hybrid benefit, storage type, and comfort factor:

Creating a new assessment in Azure Migrate
Editing assessment properties in Azure Migrate

What is an Azure Migrate Discovery Assessment?

Once the data collection process is complete and the data has been uploaded, new items should appear under Discovered Servers within your Azure appliance. From there, you’ll need to create and run an assessment where Azure Migrate will evaluate your discovered items and provide sizing recommendations. Creating an assessment can be done in two ways:

  1. From the ‘Discovery and Assessment’ page, click on the ‘Assess’ dropdown
  2. Click on ‘Discovered Servers’ and select ‘Create Assessment’ from the dropdown
Discover and Assess within Azure Migrate
Create assessment in Azure Migrate

There are four basic types of assessments for an agentless Azure Migrate appliance discovery:

  • Azure VM
  • Azure SQL
  • Azure App Service
  • Azure VMware Solution (AVS)

For each assessment, there are multiple options to consider and an easy workflow guide to help you navigate through the process to completion.

For example, whenever you run an Azure VM assessment, you’ll start with the following:

Under ‘Assessment Properties,’ click on ‘edit’ in order to select any preferred options, such as target location, storage type, reserved instance, VM type, or comfort factor. Once you’ve completed the additional tabs, you’ll be able to quickly look through the results and export the details into an Excel file.

Edit assessment properties
VM assessment results example

Azure Migrate vs. Azure Site Recovery: What’s the Difference?

Azure Site Recovery (ASR) v1.0 was originally released in February 2017 and was initially designed for ‘VMware to Azure’ disaster recovery (DR) scenarios. While ASR was launched a few years prior to the general availability release of Azure Migrate tools, there have been significant upgrades within ASR that now include a DR planner and DR scenarios for other IT infrastructure platforms.

Azure Site Recovery

Occasionally, there are questions about the difference between what ASR provides versus what the Azure Migrate discovery tools provide. In the case of the ASR deployment planner tool, data is gathered based on the ASR ‘profiling mode,’ where it specifically connects to vCenter server/vSphere ESXi host(s) and uses 15-minute intervals for queries to collect performance data about virtual machines (rather than causing any performance load or impact by directly connecting to individual guest OS VMs). On the other hand, Azure Migrate discovery tools provide a wider range of capabilities that include VMs, raw data, database assessments, and applications with an optional dependency mapping component for more in-depth analysis.

In other words, the ASR deployment planner is simply a planning tool designed to address recovery procedures and standards for planned or un-planned ‘worst case’ DR outage scenarios by installing infrastructure playbooks to quickly re-hydrate production workloads (from backups) on Azure cloud-hosted infrastructures. Azure Migrate is built on a series of tools designed to simplify the real-time workload migration process for moving on-premises servers, virtualized infrastructure, applications, and data to cloud-based resources.

Conclusion

Leveraging its full suite of system discovery, assessment, and migration tools, Azure Migrate is a great way to safely and cost-effectively begin your cloud transformation journey based on business and technology strategies necessary for your organization to succeed in the cloud. In a nutshell, Azure Migrate is purpose-built, centralized hub designed to help organizations make key decisions on how to assess, review, and migrate on-prem application workloads to Azure Cloud Services with minimal technical or financial investment on the front-end.

Additional Resources

Defend against ransomware with our resiliency health checks.

Subscribe to the AHEAD i/o Newsletter