Hybrid cloud migration, modernization and unified management with Azure - read the full article about cloud migration, Cloud Consulting and Data migration, Cloud infrastructure management from Microsoft Mechanics on Qualified.One
- Coming up, were joined again by Matt McSpirit to look at your options for migrating your apps to a hybrid state with Azure Migrate and also Azure Arc, so that your resources in the Cloud can work seamlessly with resources on premises under a single management plane.
So Matt welcome back to Mechanics with another migration topic.
- Thanks, its good to be back on.
- And thanks so much for joining us today.
So we really wanted to do this show because we cover migration a lot, but it really isnt an all-or-nothing proposition.
- Thats right, it isnt. And at the end of the day, hybrid is going to be a reality for most organizations, especially for those workloads that you have to keep on-premises for whatever reason.
And the good news is with Azure Migrate now, not only do we help you migrate, we help you to assess your on-prem environment and potentially place those resources under management so that your entire environment, whether on-prem or in the Cloud can come under unified management with Azure Arc that extends the Azure control plane to your hybrid environment.
- So why dont we get straight into an example then to make all of this real.
- Sure. So what I have here is an asp.net app, and this runs on Windows Server, and its got a SQL backend that also runs on Windows Server.
Its an online retail app for an auto parts store.
Now what Im going to show you is how you can migrate the resources you want to to Azure, and leave what you need to on premises.
We want to start by first moving the backend database as a VM, then well modernize the front-end using containers so that we can easily scale up and down based on demand and not worry about managing the underlying server infrastructure.
Finally, well make sure that we bring everything under Arc management.
Now in advance, weve run an assessment with Azure Migrate across this app and many others.
And if you want a detailed step-by-step guide for doing that, you can check out our show on aka.ms/MechanicsAzureMigrate.
Now Ive filtered our assessment on Woodgrove, which is the name of our app.
And youll see here all of the related VMs.
If I click into view dependencies on this front-end VM, this view is what we call the dependency map in Azure Migrate.
And you can see that not only do we have our two primary servers, Woodgrove StoreApp1, and this ones communicating over port 1433, our database, but we also have a couple of dependent servers that are communicating with them.
So Ill open up the details in port 443, and youll see six more resources and another six communicating over port 80.
These are payment processing and ERP systems that were not ready to move yet to Azure and thats okay.
So that means when we migrate our front-end and backend app servers to the Cloud, they still need to be able to talk to our resources on premises.
- Really the dependency map here is important because it shows you all the connections that you need to maintain to be able to retain all the current functionality then of your app.
- Yeah, thats right.
And being able to visualize those dependencies makes it significantly less likely that youre going to break things.
So lets go into Azure Migrate and Im going to click Replicate.
Im going to choose my existing virtualization platform in this case, VMware.
Select my appliance and hit Next.
And since Im just migrating this one VM, Im going to specify my settings manually.
So Ill filter on Woodgrove Store and youll see our four servers.
Now we know our database has a lot of customization, so were going to move it up as a virtual machine and well deal with our front-end later in the next step.
So here in target settings, I need to enter standard options in Azure as the targets settings, like location, subscription, VNet, etc.
Ill choose the hybrid benefit to save on licensing costs as well.
And once Im finished, Ill hit Next.
Now I can choose my VM size to match my existing VM.
Im just going to pick a standard DS4 v2 and hit Next.
And Ill keep the All selected in the Disk Type here.
Choose Premium for this one and hit Next.
Now Im ready to replicate.
So lets go ahead and do that.
Thatll save the contents of my VM into my storage account.
And back on the Azure Migrate tab, youll see our replications just started.
If I click into it, I can test from here, but to save a step, Ill go straight into Migrate.
Im going to select my server and hit Migrate.
And in just a moment, its now a running clone of my original VM.
And as you can see, its running now in Azure.
So now we have the database backend successfully running in Azure.
- Okay. So now you still need to make sure though that you can reach your dependent services like your payment processing and the ERP systems we saw before.
- Yeah, exactly right.
And for that, Ive set up a virtual network connection to my on-prem environment.
And as you can see here in Azure Networking, weve got a few options, for example, basic connectivity over a VPN.
And this is going to ensure that all of our services across Azure and on premises can talk to each other.
- Right. And of course, you can also use Azure Express Route as a more direct connection depending on your performance needs.
So now you just need to bring over that asp.net front-end.
- Yeah. In fact, what were going to containerize our app in this case directly from our on-prem VM to an Azure Kubernetes Service or AKS cluster.
And the nice thing here is that we can do this without rewriting the app and well retain its current functionality.
And well still be able to reach our backend in Azure and our dependent services on-prem.
So Im still in Azure Migrate, now under Explore More in the Web apps to Container section Ill click into App Containerization.
And youll see this works with Java web apps or asp.net apps.
And from there, Ill download the tool, with it running, I need to specify the app type in our case, asp.net.
Ill walk through the pre-recs and make sure everything we need is enabled and continue.
Now, I need to log in with my Azure credentials, select my tenant and subscription and continue.
And now I can enter the IP address or fully qualified domain name of my server.
Ill use the FQDN here and enter the username and password.
And once I validate connectivity, I can continue and that will discover the apps running on my server.
And youll see here, it found our front-end app.
So I just need to enter the target container, Woodstoreapp v1.
Ill select it.
And here Ill take a look at the parameters.
Ill select the default connection string for now, but Ill need to change this over to our VM later and then hit apply.
And now we can move on to the build, and I just need to choose my Azure container registry and select my container.
I can review and even make edits here if I needed to, but Im going to keep it as is and close it.
Next Ill hit build, and after a moment it succeeds.
So now I can move on to the deployment specifications.
And here I need to select my AKS cluster called Contoso AKS, then continue.
Now in the deployment configuration, I need to configure the app.
Heres where I can check the prefix string, certificates, ports, replicas, load balancer type, and Ill keep whats there.
And now I need to paste in our new connection string for the VM now running our database in Azure, and then Ill hit Apply.
And now were ready to deploy and I can edit the deployment spec if needed, its the YAML file.
Ill keep it as is and hit Deploy.
So Ill do that and once its finished, Ill click into the link here and see the public IP and resources.
Now lets try this in the browser with our IP address, Ill paste in the IP address there, and theres our app.
And Ill make sure everything works and is looking good.
- Great. So now your app is actually working in a hybrid state.
You got some components that are running in Azure and a few still on-prem, but if I wanted visibility maybe into management, across everything in my app, how would I do that? - Well thats where Azure Arc comes in.
Azure Arc is a recently launched, free Azure service that can extend the Azure control plane to parts of my IT estate still running on-prem or even across other clouds.
So today Arc can manage service and Kubernetes clusters.
And now that weve gotten the initial migration complete with Azure Migrate, we can onboard our on-premises servers to the Arc service.
Azure Arc seamlessly integrates into your Azure Migrate workflow, and as part of the Azure Migrate server discovery and evaluation process, you can onboard your on-premises servers and virtual machines to the Arc service.
The Azure Migrate appliance is already running on premises.
And if I log into it, I can scroll down from the Azure Migrate appliance configuration manager, when I get to the onboard to Azure Arc section, to save time, Ill show you all of the standard fields imported.
Ive also created a service principle in Azure to use for onboarding.
And as you can see, Ive pasted in the secret.
Now I can start onboarding.
Arc and Azure Migrate will then verify a few connectivity requirements.
And once complete, youll see all of our on-prem servers have been onboarded into Azure Arc.
- And by the way, any VM thats already running in Azure is managed in the same way by default.
But things are a little bit different for our AKS cluster, which needs to be enrolled into Azure Arc management.
So how would we then get our front-end Kubernetes cluster to be under management? And would it work the same way if that was on-prem or in the Cloud? - Yeah, thats right. We need to onboard them as well.
So in the Arc blade, we can see all of our on-premises managed resources.
And if we had any on-premises Kubernetes clusters, they would appear here.
The onboarding process is very similar to the process for an on-premises server.
So Ill add a Kubernetes cluster with Azure Arc, and thats going to show me a few prerequisites, make sure they can access ports 443 and 9418, and in onboarding I need to add the standard details as well as a cluster name.
Then I can move on to adding tags, which will help with things like filtering or scoping policies later.
Im going to add a tag for workload with the new value of new web app for our front-end cluster.
Next, Azure is going to generate a script that we can run using the CLI to onboard our cluster into Azure Arc.
- So what does it look like then to manage all those resources? - Well, once our servers are onboarded, they get the same management capabilities as VMs in Azure, which means access to Azure security tools, Azure policy update management, Azure monitor, and some Azure VM extensions.
So we can use Azure Arc to extend our Azure management practices on premises and maintain consistency, so that your resources dont drift from compliance, which is a common challenge with hybrid environments.
Now normally Id have to use an on-prem configuration tool.
But now I can use the same services and processes that are used to manage my Azure VMs.
In this case, I want to make sure that my service certificates are properly configured.
So Ill click into policies.
Azure policy together with Azure Arc provides a simple way to define configuration requirements and apply them across both Azure and on-premises resources.
Now Ill assign a policy.
There are several pre-made policies, including one that verifies certificate expiration dates.
Ill search for certificate, choose this one to audit Windows machines that contains certificates expiring within a number of days.
Ill hit Select, add a description.
Ill review my policy, then create it.
And in a moment, youll see the policy appears on our list and there it is.
I can click into it and see the compliance state and be able to show anything out of compliance, whether its in Azure, on-prem or in any other cloud.
- By the way, this is totally new.
Weve always had the ability to see our servers current state from Azure, but now we can actually write back to those same on-premises servers in an auditable and secure way.
So what are some of the other things you can do now? - So Arc enabling our servers also gives us access to Azures cloud native monitoring tools.
Using Azure Arc and Azure VM extensions I can set up Azure monitor on my managed servers and stream that data into a single Azure monitor workspace for visualization and analysis.
For example, this workspace is called traffic comparison.
It shows metrics and reports for all my servers and containers and not just those running in Azure.
Also using the same extension framework, we can monitor our hybrid security posture with Azure security center.
Once the agent is configured and installed by Arc, we can see security alerts and recommendations for our entire IT estate.
I can even filter using my resource type, by VMs running outside of Azure, and managed by Azure.
And I have a complete view and management controls across my estate, no matter where the resource is running.
And thats really what Azure Arc is all about.
- Good stuff, Matt.
So if anyones watching and they want to get started with migrating and modernizing and really managing everything from one place, what do you recommend? - Once youre ready to test out a migration, you can get to Azure Migrate at aka.ms/azuremigrate and to find out more about Azure Arc go to aka.ms/AzureArc.
And weve got a ton of learning content available on Microsoft Learn.
- Thanks so much Matt, for the comprehensive look at hybrid migration, and of course, keep watching Microsoft Mechanics for all the news and deep dives into the latest tech.
Be sure to subscribe if you havent already yet.
And well see you soon.
Microsoft Mechanics: Hybrid cloud migration, modernization and unified management with Azure - Cloud Consulting