Modernizing Your Infrastructure with Hybrid Cloud – Migrating VMware & Amazon AWS to Microsoft Azure with Microsoft Migration Accelerator (Part 20)
Today’s topic focuses on migrating existing server workloads to the Microsoft Azure public cloud platform as a secure extension of your on-premises datacenter. Along the way, we’ll discuss several migration tools that can help to streamline the process, including the recently announced Microsoft Migration Accelerator for Azure, which is currently available in limited preview to customer organizations located in North America.
This article is part 20 in our continuing series on Modernizing Your Infrastructure with Hybrid Cloud by our US IT Pro team. After reading this article, be sure to catch up on the whole series!
- READ IT! Modernizing Your Infrastructure with Hybrid Cloud – the whole series!
Why Migrate to Microsoft Azure?
As part of the migration planning for the upcoming Windows Server 2003 End-of-Support date, lots of organizations are thinking beyond tactical server migrations to the longer-term benefits that can be realized by a Hybrid Cloud that combines the benefits on an on-premises datacenter with the elastic capacity of a public cloud platform, such as Microsoft Azure.
When evaluating cloud platforms, the common reasons that I’ve heard IT Pros cite for selecting Microsoft Azure include:
- Hybrid Cloud VM Portability – Easily move Windows Server and Linux Applications between the Microsoft Azure cloud and on-premises Hyper-V hosts without requiring time-consuming conversion of virtual machines, empowering IT Pros to choose how best to leverage on-premises datacenter investments together with Azure cloud capacity in a manner that can easily adapt to changing business requirements.
- Unified Hybrid Cloud Management – Consistently provision and manage on-premises VMs side-by-side with Azure VMs using System Center 2012 R2 and Azure Pack – no need to invest in separate tools and training for on-premises vs cloud platforms.
- Strong Service Level Agreement – Microsoft Azure provides a financially-backed SLA scoped to the specific availability of the cloud infrastructure supporting your applications, instead of being scoped broadly to the availability of only an overall datacenter region/sub-region boundary.
- Competitive Costs – Microsoft Azure provides an attractive month-to-month pay-as-you-go cost structure for VMs, Networking and Storage that is on-par or less depending on configuration - even lower costs are available via volume licensing agreements. Check out our Azure Pricing Calculator to determine costs for your specific configuration.
As further research, Cloud Spectator has also published an independent study using standard Unixbench testing - Comparative IaaS Report: Analysis of 5 Large IaaS Providers - that concluded the following verbatim results regarding the Azure cloud platform:
"On average, the highest-performance provider over the test period is Windows Azure, and the lowest performance provider is Amazon EC2."
"The difference in performance: Windows Azure scores 3 times higher than Amazon EC2 on average"
"Windows Azure, the highest-value provider in this scenario, provides 5x more value than on average throughout the 5-day test period than the lowest-value provider, Rackspace"
What Migration Tools are Available?
I’ve previously written about migrating VM’s from VMware and Amazon AWS using free tools such as MVMC, Disk2VHD and, of course, PowerShell. I also just finished publishing a new course on Microsoft Virtual Academy that provides step-by-step instructions for VM migration from Amazon AWS. And, Symon Perriman and Matt McSpirit have recently recorded another great MVA course on VMware migration tools for moving VMs to Hyper-V and Azure. Be sure to check out these resources if you haven’t yet done so.
These tools and approaches can be a great way of migrating some environments to Microsoft Azure, but if you’ve got a more complex environment with lots of data to migrate, that’s where the new Microsoft Migration Accelerator for Azure comes in!
What is the Microsoft Migration Accelerator?
The Microsoft Migration Accelerator (MMA)is a slick new migration tool that can perform orchestrated VM migrations to Microsoft Azure from VMware vSphere, Hyper-V and Amazon AWS. In addition to migrating VMs, it can also migrate physical servers to Azure VMs, which you might think of as Physical-to-Cloud, or “P2C”, migrations. The tool is currently available as part of a limited preview for customers in North America. Last week, Srinath Vasireddy, Principal Program Manager on the Cloud + Enterprise team, published a great article over on the Azure blog that outlines this new tool in more detail:
Using MMA, the migration process from multiple sources, including on-premises physical servers, VMware hosts, Hyper-V hosts and Amazon AWS clouds, can be initiated and managed from a single web-based portal. Having a single, centralized migration portal to manage across all of these source technology stacks makes it super-easy to coordinate the bulk migration of server workloads to the cloud.
Microsoft Migration Accelerator – Web-based Management Portal
But, I’ve got lots of data to migrate!
Moving data in a timely fashion during a maintenance window can be a big hurdle when migrating existing applications to the cloud. Some applications may have large datasets that could take hours or days, in some cases, to completely copy to cloud-based storage. Even weekend maintenance windows may not provide enough time to move all of that data! The MMA solves this challenge by replicating these datasets to the cloud in advance of your migration date, and then employs incremental continuous replication to keep these datasets up-to-date until cutover occurs.
MMA replicates all data into your Microsoft Azure subscription over standard Internet connections using HTTPS to provide secure, firewall-friendly network communication channels. Compression can also be enabled to reduce network bandwidth requirements and accelerate the replication process. Along the way, the MMA portal provides reporting capabilities so that you can easily confirm how much data is being transferred via replication.
If you have so much data to replicate that you’ve outstripped the capacity of your Internet connection, you should consider Azure ExpressRoute as an alternative for connecting to Microsoft Azure. ExpressRoute provides low-latency, high-speed private network paths to the Microsoft Azure cloud via fiber or WAN connectivity. You can learn more about ExpressRoute in the following article:
How do I prepare my environment for MMA?
As outlined in Srinath’s article referenced above, to optimize MMA for migrating lots of VMs to the cloud, it requires that a few components be added in both your source location and target Microsoft Azure subscription.
- Target Microsoft Azure subscription – MMA Configuration Server (CS) and Master Target (MT) components to handle orchestration and inbound replication of data to Microsoft Azure.
- Source datacenter/cloud – MMA Process Server (PS) components to perform configuration tasks and outbound replication from source servers/VMs.
I’ve depicted how these MMA components sit within the overall logical architecture in the diagram below.
Microsoft Migration Accelerator for Azure – Logical Architecture
These components can be easily added as VM’s to existing Hybrid Cloud environments in a non-disruptive manner. The official documentation for configuring these components is well-written and straight-forward, but there were a few additional considerations that I encountered along the way:
Prepare your Azure IaaS foundation before building VMs.
The Config Server (CS) and Master Target (MT) components expect to run as VMs in an Azure subscription that is already prepared with an Affinity Group, Storage Account, Virtual Network and Cloud Service. If you don’t have these cloud resources already setup, be sure to configure them prior to building VMs for the MMA components.
To learn more about provisioning and managing Azure IaaS, be sure to check out our Early Experts hands-on study track for Hybrid Cloud.
DO IT! Become an “Early Expert” in Hybrid Cloud
Reserve a Public IP address for the Config Server (CS) component.
During the configuration of the MMA components, there’s several areas in which you’ll need to enter the public IP address for the MMA Config Server (CS). To eliminate the potential for this public IP address to change if the Config Server VM is stopped/started, you may wish to consider reserving a public IP address in your Azure subscription for the Config Server.
To learn more about reserving public IP addresses for Azure cloud services and virtual machines, reference this article in our series by Brian Lewis:
DO IT! Step-by-Step: Reserve a Public IP Address in Azure
Don't "skimp" on Azure VM Sizes for Config Server (CS) and Master Target (MT) components.
The MMA official documentation recommends using at least an A3 VM size (4 cores, 7.5GB memory) for the Config Server component and an A4 VM size (8 cores, 14GB memory) for the Master Target component. Be sure to follow these recommendations! You may be tempted to use smaller VM sizes for these components in Azure to save on compute costs, but you'll likely encounter challenges when trying to do so. In particular, the MT requires a larger VM size to support mounting multiple virtual hard disks simultaneously, because a virtual hard disk is mounted on the MT for each volume on each source VM/server being replicated as part of the migration process.Configure and Test Site-to-Site VPN prior to migration cutover.
The MMA does not require a Site-to-Site VPN to be configured for it’s replication and migration tasks – it’s quite happy using it’s own protected HTTPS tunnels for carrying that traffic. However, if you’re migrating enterprise applications to Azure as part of the process, chances are that a Site-to-Site VPN will be required post-migration to permit on-premises users to continue to access these applications in their new cloud location. Be sure to setup and test your Site-to-Site VPN to Azure in advance so that your not “under fire” on migration day with getting this connectivity working.
To learn more about configuring Site-to-Site VPN connectivity to Azure, reference this article in our series by Kevin Remde:
DO IT! Step-by-Step: Cross-Premises Connectivity to Azure with Site-to-Site VPN
Of course, if you’re using Azure ExpressRoute as a high-speed alternative for connecting directly to Azure, that can also serve as your cross-premises connection for users.Join Process Server (PS) to source Active Directory.
In this limited preview release, for the Process Server to successfully push the installation of the migration agent to each source VM/server, it should be joined as a member server to the Windows Server Active Directory forest in the source network environment.Review OS versions for your source VMs/servers.
In the current limited preview release of the MMA, Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2 are supported as operating systems for source VMs and/or physical servers. Your source servers will need to be running one of these operating system versions prior to migrating with the MMA tool.Review disk layouts of your source VMs/servers in advance.
Microsoft Azure VMs support operating system virtual hard disks up to 127GB in size and data disks up 1TB in size. The MMA expects that your source VMs and/or physical servers conform to these disk requirements. If your source servers have larger disks, you’ll need to address this prior to configuring replication. In this case, if your source servers have disks with lots of free space, you may be able to quickly shrink these volumes prior to getting started with MMA.Review Windows Firewall settings on your source VMs/servers.
As part of the normal migration steps, MMA will instruct the Process Server (PS) component running in your source network environment to push a migration agent to each of the source VM/server. This push installation process requires that the source VMs/servers have Windows Firewall rules that permit the Process Server to communicate remotely via WMI/Remote Management protocols with each source server being migrated. If these firewall settings are not permitted in your environment, you can also manually install the migration agent from the console of each source server.
Let’s migrate to the Azure cloud!
After the MMA components listed above are installed and configured in your environment, you’re ready to replicate and migrate to the Azure cloud by performing the steps below from the central MMA web-based portal.
- Add source servers to migrate to the MMA portal from existing VMware, Hyper-V, Amazon AWS or physical server environments.
- Install the mobility services migration agent on each source server.
- Configure replication options for each source server to begin replicating to your Azure subscription.
As part of this step, you can enable compression of replication traffic and specify the target Azure subscription and storage account.
- On the MMA dashboard, confirm that initial replication has completed and that your source servers are now “protected” to Azure storage.
- Migrate the replicated copies of the source servers to Azure.
As part of this step, you can customize the migration plan to use a specific replication recovery point and map each target Azure VM to an appropriate VM size, cloud service and virtual network. For VMs that should have particular applications exposed to the public Internet, you can also define custom firewall endpoints that will be provisioned on target VMs upon migration Azure.
- In the Azure Management Portal, confirm the migrated servers are now running as Azure VMs.
SUCCESS! Your application servers are now running as Microsoft Azure virtual machines.
Get ready to migrate to the cloud!
To get started with MMA for yourself, be sure to visit Microsoft Migration Accelerator and sign-up for the preview.