Microsoft Azure Hybrid Cloud Architecture HUB-Spoke Model
Microsoft Azure Hub-Spoke model
This blogpost about Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift” is part of a Datacenter transition to Microsoft Azure Intelligent Cloud. It’s talking about Azure Architecture, Security, Assessment, Azure Policy, and implementation of the design. Here you find the first blogposts :
- Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
- Microsoft Azure Policy and BluePrints Overview (Extra Blogpost)
It’s important for your business to have your Azure Architectural design with Security in place before you start your “Lift and Shift” actions, think about Identity Management and Provisioning, RBAC for your Administrators and Super Users with Two-Factor Authentication. Security with Network Security Groups and FirewallsΒ
Azure Multi-Factor-Authentication (MFA)
Microsoft Azure Hub-Spoke model : “Lift and Shift”
Microsoft Azure HUB subscription for “Lift and Shift”
To “Lift and Shift” to the Azure HUB Subscription we have the following in place by Design :
- Azure Scaffold and Hierarchy (Governance)
- Virtual Networks (VNET) with the Subnets and IP-Number plan
- ExpressRoute VPN Connection with a backup failover Site-2-Site VPN connection to Azure.
- Resource Groups, like Active Directory, ADFS Farm, Authentication, SQL Backend.
- Resource Policies
- Resource Locks
- Network Security Groups (NSG)
- DNS
- Azure Firewall
- Azure internal Load Balancers.
- Azure Storage Accounts
- Azure Virtual Machine sizes
- Azure Virtual Machine Image
- Managed Disks and Encryption.
- Redundancy for Virtual Machines
- Azure Key Vault for Encryption.
- Azure Recovery Vault ( Backup)
- Azure Policy
- Managed Identities, Azure MFA, RBAC,ADFS
- Azure Monitor
- Azure Naming Convention
- Azure Tagging
- Azure Cost Management
- ARM (JSON) Deployment template (for New requests)
To help you more with your Azure Virtual Datacenter have a look here
Azure Hierarchy
Azure Scaffold
When creating a building, scaffolding is used to create the basis of a structure. The scaffold guides the general outline and provides anchor points for more permanent systems to be mounted. An enterprise scaffold is the same: a set of flexible controls and Azure capabilities that provide structure to the environment, and anchors for services built on the public cloud. It provides the builders (IT and business groups) a foundation to create and attach new services keeping speed of delivery in mind. Read more here
I did the “Lift and Shift” between quotes because it’s important to follow the process workflow to be successful in your Datacenter transition to the Microsoft Azure Cloud.
Here you find all the Microsoft Azure Migration information
App Migration to Azure: Your options explained by Jeremy Winter
The Azure Migrate service assesses on-premises workloads for migration to Azure. The service assesses the migration suitability of on-premises machines, performs performance-based sizing, and provides cost estimations for running on-premises machines in Azure. If you’re contemplating lift-and-shift migrations, or are in the early assessment stages of migration, this service is for you. After the assessment, you can use services such as Azure Site Recovery and Azure Database Migration Service, to migrate the machines to Azure.
In your datacenter you got all kind of different workloads and solutions like :
- Hyper-V Clusters
- VMware Clusters
- SQL Clusters
- Print Clusters
- File Clusters
- Web Farm
- Two or three tiers solutions
- Physical Servers
- Different Storage solutions
When you do your Datacenter Assessment it’s important to get your workloads visible, because “Lift and Shift” with Azure Site Recovery (ASR) of a Virtual Machine is an different scenario then SQL database migration to Azure. That’s why Microsoft has different tooling like :
- Azure Site Recovery Deployment Planner for Hyper-V and VMware
- Microsoft Assessment and Planning Toolkit
To get your dependencies in your Datacenter on the map, Microsoft has Azure Service Maps.
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
This is very handy to get insides of your Datacenter communication workloads.
More information on using Azure Service Maps here
Installation example of Hyper-V Virtual Machines with ASR
In the following step-by-step guide we will install the Azure Site Recovery Agent on a Hyper-V host and migrate a virtual machine to Microsoft azure in a “Lift and Shift” way.
First create a Recovery Services Vault => Click Add.
Then you go to your new created Recovery Vault and click on Getting started for Site Recovery. => Prepare infrastructure and follow the steps.
When you have selected Hyper-V VM to Azure, the next step is the ASR Deployment Planner tool kit. Here you find more information onΒ Azure Site Recovery Deployment Planner user guide for Hyper-V-to-Azure production deployments.
Then in step 3 you will make your Hyper-V Site in Microsoft azure with the Right Hyper-V Servers.
Give your Hyper-V Site the right name, especially when you have a lot of Hyper-V Clusters with Different workloads.
Here is where the registration begins with the Azure Site Recovery (ASR) Agent installation on your Hyper-V Host.
Follow the five steps and make sure your Hyper-V Node can access Azure via secure port 443(https) via Proxy or firewall rules.
Install as Administrator the AzureSiteRecoveryProvider.exe file on the Hyper-V host.
Click on Next
Choose your Installation location and Click on Install.
The Azure Site Recovery agent is installed and need to be registered with your Azure Recovery Vault.
For this you need the key file from the Azure portal to download at step 4. Click on Register.
Browse to your downloaded key file from the Azure Portal Recovery Vault and click on Next.
When you have a proxy you can select that, otherwise select Next.
Now your Azure ASR Agent on Hyper-V is registered with your Azure Site Recovery Vault.
In the Azure Portal you will see your Hyper-V Node, in my Demo LAB it’s WAC01.MVPLAB.LOCAL.
In the next step you can choose an existing Storage account, or a new one with different specifications.
Check also after storage your network in azure.
In this step we create the replication policy.
Set your own settings.
The Replication policy is added to the configuration.
When you click on OK the Infrastructure is done.
We are now going to enable the replication :
Select your Source and location.
here you select your target Storage account, Resource Group and Network.
The connections are made between Hyper-V, ASR Vault and Storage.
Select the Virtual Machine(s) from the Hyper-V host to replicate for migration with ASR
Configure the properties.
Click on OK
From here the Replication will begin from Hyper-V Host to AzureΒ π
Azure Sire Recovery Replication Job status.
Replicated item(s)
To make your recovery plan and do the failover for migration to azure, you have to wait until the first replication is done for 100%.
Azure Site Recovery Plan for failover (Migration)
Make recovery Plan.
Click OK
The Target in the recovery plan can only be selected when the first replication is done.
Overview of the Azure Site Recovery Migration failover.
From the Hyper-V Host you can pause or see the replication health status.
Azure Migrate Virtual Machines using Azure Site Recovery video with Microsoft Jeff Woolsey
Microsoft Azure Data Migration Assistant
To migrate your SQL Backend to Microsoft Azure, use thisΒ step-by-step instructions help you perform your first assessment for migrating to on-premises SQL Server, SQL Server running on an Azure VM, or Azure SQL Database, by using Data Migration Assistant.
Conclusion :
“Lift and Shift” Migration of your complete datacenter exists of different scenarios for your workloads to Microsoft Azure. With that said, Microsoft has for each scenario tooling available to get the job done. It’s all about a good Architectural Design, Security in place, People and process to get your Intelligent Azure Cloud up and running for your Business.
Next BlogpostΒ Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 :
SQL assessment and Data Migration to Azure
