What Is the Best Way to Handle the Unknowns During Cloud Migration?

StudentOfInfoTechLeave a comment

IMAGINE THIS . . .

You had engaging conversations with leadership to better understand the specific goals this Azure Cloud migration is slated to provide. Furthermore, you have hired a team to handle each piece of the migration. Each person hired has done migrations to Microsoft Azure Cloud in the past in their hired silo with success in other projects. The project is currently 20% under the estimated budget for what was projected at this point in the runbook.

And you even have a runbook tailored by an accounting firm—specifically for this migration!

To be concise, the migration is going as expected (a.k.a. like a well-oiled machine). The project is on schedule. The Project Managers are happy with the progress thus far. Everything is going according to schedule!

But wait . . .

MURPHY’S LAW STRIKES AGAIN!

Apparently, the CISO has put a halt on the migration—they are stating all migrating systems need to be reviewed as confidential data could be put in the cloud, potentially violating multiple HIPPA statutes.

TWO WEEKS PASS.

They are still reviewing the project’s data scope to make sure potential HIPPA violations are addressed! Multiple daily Microsoft Teams meetings are being had with the project managers and the key project stakeholders. An outside consulting firm has even been contracted to use their tools to help expedite the data review.

Finally, the clear-all is given, and the project can begin where it left off . . .

FOUR WEEKS LATER!!!??!!

As a result, timetables have been decimated! The project’s runbook completion times are now all wrong. The team is only 40% complete, and according to the original project timeline, This project should have been 100% done . . .

IN THE NEXT 8 DAYS!

Ok, you can stop the horror story from running through your head now. I just wanted to paint a picture to illustrate a point:

MORAL OF THE STORY:
You strive to use the right tools, people, and plans to execute every migration ahead of schedule (even by just as little as an hour) and under budget (if only just one US dollar). However, you should expect unexpected events to transpire. After all, there is always the possibility that major unknowns will negatively impact the project.

How do you handle this? A few pointers:

  1. Remain calm and polite.
    People will scream, argue, and be angry. Just keep calm and positive—in any way.
  2. Focus on how to work more efficiently when you can begin again.
    Can tasks be run in parallel? Can money be spent on tools to make things run more efficiently?
  3. Increase the strength of communication lines!
    The better communication is throughout the process, the better you can handle adverse situations as they arise.
  4. Keep focused on the end goal.
    As mentioned in my post about How to Think With the End in Mind for Cloud Migration, doing so helps you decide on actions that help you accomplish your goal more efficiently.

If you can do all of this, the ‘tides’ will not wash your migration away.

How to Think With the End in Mind for Cloud Migration

StudentOfInfoTechLeave a comment

I remember reading the book, “Think and Grow Rich” by Napoleon Hill. One “law” that always stuck in my head was related to goal setting:

“Think with the end in mind.”

In short, this law stipulates that the focus of any successful task is the condition at its ending. It ensures that the correct actions are taken in real-time as your mindset is directed subconsciously to actions that best assure you accomplish your chosen outcome.

Which brings me to my point:

THIS TYPE OF FOCUS HELPS IN THE CLOUD MIGRATION PROCESS.

I will now speak from experience.

As I have implemented this mindset in my cloud migration activities, it has helped a lot. When you face decisions on what technology to use, it helps to keep the primary objective in mind.

Answers become much clearer and arise more quickly when you think this way. You can quickly evaluate the options and decide which is best suited for the stated goal. Further, you ask questions such as:

• Which option gets the project to the goal the quickest?
• Which choice has the best chance of bringing the project to the stated goal?
• How soon can we start executing the options?
• Which option(s) are low cost (can be paid for using already-established accounting)?

With these specific questions and objectives in mind, the answers are much clearer, and you can make decisions much faster.

In summation, think with the end in mind . . . it will make the cloud migration process faster and more (positively) impactful.

What Is Meant by “Cloud Migration Triggers”?

StudentOfInfoTechLeave a comment

In a previous post, you learned that the two main reasons a cloud migration is initiated are to improve performance and/or to reduce costs. While this is true, cloud migration is not a regular discussion for the bulk of Information Technology departments within enterprises worldwide.

While this topic is discussed more often than five years ago, it’s not as common as discussions about server decommissioning or system patching. So, it’s not common, just more common than usual (now say that ten times fast … No prize, sorry).

These conversations are more likely to happen after a trigger event. Basically, they take place after events that open the cloud as a potential solution. Common events that can lead to discussions about cloud migration are called ‘cloud migration triggers’.

Cloud migration triggers are the events that are likely to happen to an enterprise, which will commonly lead to a discussion about cloud migration as a solution to the issue(s) at hand.

So, what are some of these ‘cloud migration triggers’?

Some of those triggers are:

  1. Threats to the security of computers and computing resources
  2. Need for the ability to quickly scale up/down for the needs of specific applications/data sets
  3. Cost concerns, aka reductions of the going-forward budget
  4. Needs for redundancy of data sets or computational power across multiple geographies
  5. Options for avoiding renewal of datacenter contracts (e.g., the renewal comes with a substantial increase in cost for similar services)

What will happen is that one or more of the above will become a trigger for the enterprise. As a result, the company will start having internal discussions about the cloud being a possible solution to the problem(s). So, in short, cloud migration triggers are common situations that lead to a discussion about moving a company’s computer-related assets to the cloud.

What Is Meant By “Guest Machine” and “Host Machine”?

StudentOfInfoTechLeave a comment

Imagine that you are hired to help migrate 20 servers to a Microsoft Azure cloud tenet. The servers are all VMware virtual machines running on two separate 4-host clusters and are accessible via the local vSphere 6.7 install.

At the initial team meeting, everyone introduces themselves to the group. Primary assignments are distributed afterward. Your primary assignment is to compile a list of all the guests and hosts in that instance of vSphere.

Additionally, you are to compile the following information for all the guest machines (per guest):

vCPU count
Memory size
Hard Disk 1 size (primary boot drive)
Whether the most recent VMWare Tools are installed on it

You instinctively know this is nothing more than a table. You can research this data and put together a simple Excel spreadsheet with this information … you only have one problem:

WHAT IS A GUEST MACHINE?

You pull a colleague to the side at the breakfast counter before the next workday and ask them this question. You also explain you are new to VMware and are learning the terminology.

They respond with, “It can get confusing, I know. Just remember: the guests run on hosts.”

They then run … cold vegetarian omelets are not a great way to start the day, as you know from your college dorm years.

OK, WHAT IS A HOST MACHINE?

Think of it this way. Let’s imagine you have a friend over to visit your home. You are the host, and they are the guest.

The host owns most of the stuff inside the home and also the house itself (assume homeownership). The guest can gain access to many things in the host’s home, but at that moment, the guest and what they can do is limited in some way to what the host has to offer.

This is similar to guest and host machines. The host has all the resources, and the guest is utilizing the host’s resources as much as possible and as needed. In this sense, the host is the hardware, and the guest is the combined operating system and applications.

So, in short, a guest is the operating system and the things that run on it, and the host is the computer hardware and parts that the operating system is running on.

Another way to think of this is to say, “the operating system and applications (guest) are hosted on the hardware.”

What Does the Phrase “Migrations Are Not in a Silo” Mean?

StudentOfInfoTechLeave a comment

Imagine this…


You have joined a team that will migrate an entire (one) VMware vSphere instance to Azure with the Azure VMware Solution. It has been six months, but a lot of progress has been made with the team (including you, of course).

You have:

  1. Created a scope of all servers included and cross-referenced those servers to applications each supports
  2. Designated Azure Infrastructure tenet admins and created co-contributor access accounts in Azure AD to support this project
  3. Created a special owner group in Azure AD called “Security Oversight Azure” and included everyone who is a current member of the “SECOps Private Share 1” group
  4. Created a Windows 10 VM ‘jump box’ and ensured all team members could access it
  5. Worked with the IT Network Engineering Team to construct a valid design for access to the new private cloud for the AVS (Azure VMware Solution) vSphere instance
  6. Had Microsoft start a new AVS Private Cloud instance in the company production Azure tenet
  7. Coordinated with the Network Engineering Team to have Express Route devices and configurations set up from the physical datacenter where the hosts are located (in this instance, let’s say the datacenter is located in Ohio, United States) to the Azure datacenter where you are going to have AVS ‘stood up’ in (in this instance, let’s say the target AVS’s primary location is Virginia, United States)
  8. Used the information provided by the Network Engineering Team to configure the AVS instance in Microsoft Azure
  9. Downloaded and installed the HCX appliance in your local vSphere instance with the proper configurations
  10. Performed a test migration using HCX on some legacy “not in use/scheduled to be decommissioned” virtual machine guests in the vSphere at the Ohio datacenter. The guests contained a mixture of operating systems — including Microsoft Windows 2019 DataCenter and Oracle Linux 8.x.

CONGRATULATIONS! IT WORKED!!!

Now, you are tasked with assisting the team in moving more servers. In compliance with the schedules of the application portfolio sub-team, you are going to migrate five more servers next weekend. In this instance, these servers (guests) are:

1. OHDCFileServGP1 File Server in Ohio Datacenter for non-executives 1

2. OHDCFileServGP2 File Server in Ohio Datacenter for non-executives 2

3. OHDCFileServGP3 File Server in Ohio Datacenter for non-executives 3

4. OHDCFileServGP4 File Server in Ohio Datacenter for non-executives 4

5. OHDCFileServEX1 File Server in Ohio Datacenter for C-Suite executives 1

As a proactive migration professional, you make sure all the servers above are currently listed in vSphere as running, and you can currently log into them.

WAIT! PROBLEM! OHDCFILEServEX1 is now titled “OHDCFILEServEX1(LEGACY_DELETE03272025)”…

WHAT IS THIS?!

Well, you start asking your team members about this via group chat in Microsoft Teams. Furthermore, you provide pictures of what you see (THANK YOU, SNIPPING TOOL). The team was not aware of this, so they use the team liaison to reach out to the onsite System Engineering team.

YOU GET AN ANSWER:
Change Management Record CR010272008 was completed 33 days ago. The fileserver was moved to Azure Storage and placed in a blob storage container with multi-factor authentication. Apparently, an executive’s account was compromised, and swift and decisive action was taken to assure the future security of all executive data.

Why was the team not aware of this emergency change, and WHO IS RESPONSIBLE FOR UPDATING THE TEAM ON SUCH WORK?!

Questions are asked, and in the future, team members are designated to join the Change Management weekly approval call to keep aware of the changes coming for anything that might impact the project plan.

Now — Here’s how that whole story fits into the question:

What does the phrase “migrations are not in a silo” mean?

In the illustration above (as with many special projects in general), the team was focused on the objective at hand — migration to Azure VMware Solution. They spent time and resources to make sure they were continually moving towards that goal. In this respect, the team was doing what they should have done.

However, Information Technology is a continually changing entity in corporations.

While the team is working hard to accomplish the goal(s) at hand, other information technology projects and initiatives are being accomplished in real-time. Any IT project team needs to keep an eye on other projects that can potentially impact the project at hand. Failure to do so can potentially bring CATASTROPHIC results to the project, for instance:

  1. Task accomplishment delays
  2. Significant increase in cost waste for the project
  3. Required redesign of the project plan
  4. COMPLETE INVALIDATION OF THE PROJECT — Basically, making the project irrelevant

Essentially, you have to keep an eye on other projects that are going on while you work on your own project(s). MIGRATIONS ARE NOT IN A SILO — other projects and changes can affect the migration in multiple ways.

What Is Meant by “Tenet Admin”?

StudentOfInfoTechLeave a comment

Let’s assume you are working on a new project with a team of 10 Information Technology professionals.

A company (let’s call it Nickison II, LLC) is buying part of another company (we’ll call this company Marty’s). The deal includes a total transfer of ownership for six applications. Let’s call these applications Quickbooks Desktop, WordPress (local install and configuration], Office 365, Dynamics CRM, Microsoft SQL Server 2016, and Teams (with the phone service add-on).

The team is now assembled, and the work on planning begins. Everyone (including yourself) is excited to start this major company initiative.

In the initial discussions, the election of tenet admins takes place. No one volunteers for the task, so you and the resident Microsoft Azure cloud guru are nominated to be tenet admins.

You are now thinking, “What in the world did I just get signed up for?!”

The good news is this:
What you need to accomplish this task is not work-intensive.

The bad news is this:
Once you become a tenet admin, you have the rights to do almost ANYTHING in the tenet rights assignment arena … and with such privilege comes massive amounts of responsibility and accountability.

So, what exactly is meant by “tenet admin”?

Basically, you will grant rights in the Microsoft Azure tenet to assign rights to any resource (people, deployment, services, and so much more) and be able to change the assignment rights level at any time as you wish. In most cases, your user account to the specific Azure tenet will have its rights increased to Owner role access (in some more restrictive deployments, the account will be elevated to co-contributor level).

So, in essence, you have volunteered to be a top-level admin for the tenet.

Others will now call you when new account access to the tenet needs to be established (for new users or services). Additionally, expect to have emails sent to you when access needs to be adjusted or removed. The latter, for example, could be the result of people leaving the project or company altogether.

To be frank, a tenet admin is someone who has owner or co-contributor access to a tenet. With this right in place, the person in question can now administer access to the tenet.

What Is Meant by “The Migration Is Not Done Once All the Servers Are Migrated”?

StudentOfInfoTechLeave a comment

Congratulations!

You have migrated the last of the servers from the datacenter into Azure VMware Solution’s Azure Private Cloud. You can see all of the migrated VMware guests listed on the new vSphere instance with three ‘virtual’ hosts load-balancing the full load of all servers that have been migrated (for now, let’s say you migrated a total of ten virtual machines). The servers are all running without operational issues in the AVS vSphere. Furthermore, you don’t see any alerts in the details tabs.

CONGRATULATIONS! YOU ARE NOT DONE!

WHAT?
WHAT GIVES?!

For anyone who plans to move into cloud migration engineering or architecture, please keep the following phase locked into your memory: “THE MIGRATION IS NOT DONE, JUST BECAUSE ALL THE SERVERS ARE MIGRATED.”

…let me explain.

Yes, getting the physical servers migrated is a major accomplishment! You should feel like a load has been lifted off of your back. However, do not be tempted to think you’ve completed your migration work just because the servers are up and running in the new environment.

Here’s the key: the migration is done when the clients are operational in the new environment.

The difference is the presence of post-migration workloads. Once the servers and related infrastructure are migrated and tested while working, you have to ensure the clients can get to the new location and that the testing results align with pre-migration results.

Specifically, the migration is done when the clients are working the way they used to before migration into the new environment with few changes to the overall work approach and execution.

Remember, we are migration engineers and architects who work to serve the clients’ needs (company, customers, etc.). IT’S ONLY WHEN THE END-USERS ARE WORKING ‘NORMALLY’ IN THE NEW ENVIRONMENT THAT WE CAN START TO CONSIDER THE CLOSURE OF THE PROJECT WITH SUCCESS.

…NEVER forget the above.

What Is Meant by “Patch Management” When Discussing Migrations?

StudentOfInfoTechLeave a comment

Congratulations!

You have successfully migrated (in this instance) 10 Windows 2016 DataCenter servers. Each runs part of the Supply Chain ecosystem. They are all VMWare Virtual Servers, each with 8 GB of vRam, 2 vCPUs, and a 200 GB Hard Disk.

You migrated the systems to a private cloud instance in the Microsoft Azure subscription using AVS (Azure VMware Solution). This utilized the HCX appliance installed in the common vSphere instance that hosted these guests.

Additionally, an Edge Router was successfully installed at the company’s datacenter. The Edge router was configured with an Express Route set up to transfer migration traffic ALONE. Finally, the Edge Routers at both the local and Microsoft datacenters were set up with Microsoft Enterprise Edge for Express Route Global Reach.

You are now able to log into the newly-created vSphere instance. You see three hosts in this vSphere, and each VMware virtual guest is listed under the hosts.

In the next meeting, you demonstrate this success on a network laptop connected to the room projector. You feel that you have climbed Mount Everest! You are ready to get the ‘GREAT JOB’ and plan the celebration…

…it’s at this time that the CyberSecurity professional on the project asks you, “So, how are we going to keep these new environments patched?”

YIKES!!!

In a fit of panic, you try to review what you remember of the project planning sessions. Was this even discussed? You start looking in the Microsoft Sharepoint repository with all the company contracts for IT — you want to see if that was included in the scope of work — NOPE !!

Ok, so what does this mean for the project?

In an attempt to keep things simple, “patch management” refers to the overall system/process that will successfully ensure all involved hardware and software updates and patches are installed regularly with as little manual intervention as possible.

This presents some challenging questions. How will the following be updated in a timely manner?

⦁ Windows operating systems
⦁ VMWare vSphere operating
⦁ VMWare ESXi on the hosts
⦁ Microsoft Dynamics supply chain (the supply chain base software)

Many answers CAN work, but each solution needs to be presented concerning success rate, cost, budgeting, and testing — POTENTIAL SOLUTIONS can include:

  1. Microsoft Intune (how Microsoft pushes updates for all their software; this includes Windows and Dynamics)
  2. Microsoft AVS (they maintain updates for their hosts ESXi and vSphere instances)

A discussion of options and their plus/delta needs to happen for the next steps to proceed properly.

To conclude, “patch management” refers to the overall system/process that will successfully ensure all involved hardware and software updates and patches are installed.

DISREGARD THIS, AND HACKING RISK INCREASES TREMENDOUSLY!

What Is Meant By “On-Prem Application”?

StudentOfInfoTechLeave a comment

In my last piece, I talked about cloud-based applications. We discussed that when an infrastructure is being migrated, it’s essential to understand the soon-to-be-migrated environment’s architecture. As you recall, you need to know about the following:
servers
networks
backup schemas
databases
application
client-access routines
…for all involved devices.
You can plan more effectively for a successful migration when you have a good understanding of the general scope of the migrating entities.

One of the many questions that you should ask for clarity on is, “Where is the application housed”? You will be given one of two answers for most applications: cloud-based or on-prem.

Now, let’s clarify the meaning of the second answer — ‘on-prem.’

When an application/suite is declared to be on-prem (on-premise, if you will), the majority of the network/servers/code/configurations/data warehouses needed for the application to perform as expected are located in a data center that is owned or partially controlled by your company.

Additionally, on-prem applications are customarily maintained by company support professionals. Sometimes these professionals are not direct employees of the company but can be directly hired via contracts or part of a support firm that the company hires to offer as-needed support for the application and infrastructure.

Supporting the application can include:
updating
resolving operational issues
adjusting and updating configurations
maintaining the server hardware
keeping the operating systems that the application ‘sit’ on up to date
verifying and maintaining the security of the entire application and its data footprint
…and much more.

So, in short, ‘on-prem’ applications reside in locations usually owned (fully or partially) by the specific company in question.

What Is Meant By “Cloud-Based Application”?

StudentOfInfoTechLeave a comment

When an infrastructure is being migrated, one of the main goals is to clearly understand the architecture of the environment that will be migrated. Specifically, you want to know about the servers, networks, backup schemas, databases, applications, and client-access routines for all devices involved. When you have a good understanding of the general scope of migrating entities, you are in a much better position to plan the migration effectively and execute it with success.

One of the many questions that you should ask for clarity on is, “Where is the application housed?” For most applications, you will get one of the following responses: cloud-based or on-prem.

So, let’s quickly clarify the meaning behind the first answer — ‘cloud-based.’

When an application is defined as cloud-based, it has the majority of its code and related operational assets (e.g., data warehouses, related applications, licensing structures, update schemas, etc.) located in a network/data center that is both logically and geographically separated from your ‘on-prem’ network.

Other popular names for cloud-based applications include:
SaaS [Software as a Service]
Hosted Applications
Paid Service

One popular example of a cloud-based application you may be familiar with is Microsoft Office 365. For this application, you pay a rate (yearly, monthly, etc.) to use all the software and underlying infrastructure located in datacenters owned by Microsoft (servers, databases). The rate includes technical support and guarantees that you are running the ‘latest’ updated and secure program.

To keep this short, a ‘cloud-based application’ refers to an application and related data infrastructure located in a data center usually owned by the software vendor or one of their sister companies.