Migrate machines as physical servers to Azure
This article shows you how to migrate machines as physical servers to Azure, using the Migration and modernization tool. Migrating machines by treating them as physical servers is useful in a number of scenarios:
- Migrate on-premises physical servers.
- Migrate VMs virtualized by platforms such as Xen, KVM.
- Migrate Hyper-V or VMware VMs, if for some reason you're unable to use the standard migration process for Hyper-V, or VMware migration.
- Migrate VMs running in private clouds.
- Migrate VMs running in public clouds such as Amazon Web Services (AWS) or Google Cloud Platform (GCP).
This tutorial is the third in a series that demonstrates how to assess and migrate physical servers to Azure. In this tutorial, you learn how to:
- Prepare to use Azure with Migration and modernization.
- Check requirements for machines you want to migrate, and prepare a machine for the Azure Migrate replication appliance that's used to discover and migrate machines to Azure.
- Add the Migration and modernization tool in the Azure Migrate hub.
- Set up the replication appliance.
- Install the Mobility service on machines you want to migrate.
- Enable replication.
- Run a test migration to make sure everything's working as expected.
- Run a full migration to Azure.
Tutorials show you the simplest deployment path for a scenario so that you can quickly set up a proof-of-concept. Tutorials use default options where possible, and don't show all possible settings and paths. For detailed instructions, review the How-tos for Azure Migrate.
If you don't have an Azure subscription, create a free account before you begin.
Before you begin this tutorial, you should:
- Review the migration architecture.
- Review the limitations related to migrating Windows Server 2008 servers to Azure.
Prepare Azure for migration with the Migration and modernization tool.
|Create an Azure Migrate project||Your Azure account needs Contributor or Owner permissions to create a new project.|
|Verify permissions for your Azure account||Your Azure account needs permissions to create a VM, and write to an Azure managed disk.|
Assign permissions to create project
- In the Azure portal, open the subscription, and select Access control (IAM).
- In Check access, find the relevant account, and click it to view permissions.
- You should have Contributor or Owner permissions.
- If you just created a free Azure account, you're the owner of your subscription.
- If you're not the subscription owner, work with the owner to assign the role.
Assign Azure account permissions
Assign the Virtual Machine Contributor role to the Azure account. This provides permissions to:
- Create a VM in the selected resource group.
- Create a VM in the selected virtual network.
- Write to an Azure managed disk.
Create an Azure network
Virtual Networks (VNets) are a regional service, so make sure you create your VNet in the desired target Azure Region. For example: if you are planning on replicating and migrating Virtual Machines from your on-premises environment to the East US Azure Region, then your target VNet must be created in the East US Region. To connect VNets in different regions refer to the Virtual network peering guide.
Set up an Azure virtual network (VNet). When you replicate to Azure, Azure VMs are created and joined to the Azure VNet that you specify when you set up migration.
Prepare for migration
To prepare for physical server migration, you need to verify the physical server settings, and prepare to deploy a replication appliance.
Check machine requirements for migration
Make sure machines comply with requirements for migration to Azure.
When migrating physical machines, the Migration and modernization tool uses the same replication architecture as agent-based disaster recovery in the Azure Site Recovery service, and some components share the same code base. Some content might link to Site Recovery documentation.
- Verify physical server requirements.
- Verify that on-premises machines that you replicate to Azure comply with Azure VM requirements.
- There are some changes needed on VMs before you migrate them to Azure.
Prepare a machine for the replication appliance
The Migration and modernization tool uses a replication appliance to replicate machines to Azure. The replication appliance runs the following components.
- Configuration server: The configuration server coordinates communications between on-premises and Azure, and manages data replication.
- Process server: The process server acts as a replication gateway. It receives replication data; optimizes it with caching, compression, and encryption, and sends it to a cache storage account in Azure.
Prepare for appliance deployment as follows:
- You prepare a machine to host the replication appliance. Review the machine requirements.
- The replication appliance uses MySQL. Review the options for installing MySQL on the appliance.
- Review the Azure URLs required for the replication appliance to access public and government clouds.
- Review port access requirements for the replication appliance.
The replication appliance shouldn't be installed on a source machine that you want to replicate or on the Azure Migrate discovery and assessment appliance you may have installed before.
Set up the replication appliance
The first step of migration is to set up the replication appliance. To set up the appliance for physical server migration, you download the installer file for the appliance, and then run it on the machine you prepared. After installing the appliance, you register it with the Migration and modernization tool.
Download the replication appliance installer
In the Azure Migrate project > Servers, in Migration and modernization, select Discover.
In Discover machines > Are your machines virtualized?, select Not virtualized/Other.
In Target region, select the Azure region to which you want to migrate the machines.
Select Confirm that the target region for migration is region-name.
Click Create resources. This creates an Azure Site Recovery vault in the background.
- If you've already set up migration with Migration and modernization, the target option can't be configured, since resources were set up previously.
- You can't change the target region for this project after clicking this button.
- All subsequent migrations are to this region.
If you selected private endpoint as the connectivity method for the Azure Migrate project when it was created, the Recovery Services vault will also be configured for private endpoint connectivity. Ensure that the private endpoints are reachable from the replication appliance. Learn more
In Do you want to install a new replication appliance?, select Install a replication appliance.
In Download and install the replication appliance software, download the appliance installer, and the registration key. You need to the key in order to register the appliance. The key is valid for five days after it's downloaded.
Copy the appliance setup file and key file to the Windows Server 2016 machine you created for the appliance.
After the installation completes, the Appliance configuration wizard will be launched automatically (You can also launch the wizard manually by using the cspsconfigtool shortcut that is created on the desktop of the appliance). In this tutorial, we'll be manually installing the Mobility Service on source VMs to be replicated, so create a dummy account in this step and proceed. You can provide the following details for creating the dummy account - "guest" as the friendly name, "username" as the username, and "password" as the password for the account. You will be using this dummy account in the Enable Replication stage.
After the appliance has restarted after setup, in Discover machines, select the new appliance in Select Configuration Server, and click Finalize registration. Finalize registration performs a couple of final tasks to prepare the replication appliance.
It may take some time after finalizing registration until discovered machines appear in the Migration and modernization tool. As VMs are discovered, the Discovered servers count rises.
Install the Mobility service
On machines you want to migrate, you need to install the Mobility service agent. The agent installers are available on the replication appliance. You find the right installer, and install the agent on each machine you want to migrate. Do this as follows:
- Sign in to the replication appliance.
- Navigate to %ProgramData%\ASR\home\svsystems\pushinstallsvc\repository.
- Find the installer for the machine operating system and version. Review supported operating systems.
- Copy the installer file to the machine you want to migrate.
- Make sure that you have the passphrase that was generated when you deployed the appliance.
- Store the file in a temporary text file on the machine.
- You can obtain the passphrase on the replication appliance. From the command line, run C:\ProgramData\ASR\home\svsystems\bin\genpassphrase.exe -v to view the current passphrase.
- Don't regenerate the passphrase. This will break connectivity and you will have to reregister the replication appliance.
In the /Platform parameter, you specify VMware if you migrate VMware VMs, or physical machines.
Install on Windows
Extract the contents of installer file to a local folder (for example C:\Temp) on the machine, as follows:
ren Microsoft-ASR_UA*Windows*release.exe MobilityServiceInstaller.exe MobilityServiceInstaller.exe /q /x:C:\Temp\Extracted cd C:\Temp\Extracted
Run the Mobility Service Installer:
UnifiedAgent.exe /Role "MS" /Platform "VmWare" /Silent
Register the agent with the replication appliance:
cd C:\Program Files (x86)\Microsoft Azure Site Recovery\agent UnifiedAgentConfigurator.exe /CSEndPoint <replication appliance IP address> /PassphraseFilePath <Passphrase File Path>
Install on Linux
- Extract the contents of the installer tarball to a local folder (for example /tmp/MobSvcInstaller) on the machine, as follows:
mkdir /tmp/MobSvcInstaller tar -C /tmp/MobSvcInstaller -xvf <Installer tarball> cd /tmp/MobSvcInstaller
- Run the installer script:
sudo ./install -r MS -v VmWare -q
- Register the agent with the replication appliance:
/usr/local/ASR/Vx/bin/UnifiedAgentConfigurator.sh -i <replication appliance IP address> -P <Passphrase File Path>
Now, select machines for migration.
You can replicate up to 10 machines together. If you need to replicate more, then replicate them simultaneously in batches of 10.
In the Azure Migrate project > Servers, Migration and modernization, click Replicate.
In Replicate, > Source settings > Are your machines virtualized?, select Not virtualized/Other.
In On-premises appliance, select the name of the Azure Migrate appliance that you set up.
In Process Server, select the name of the replication appliance.
In Guest credentials, please select the dummy account created previously during the replication installer setup to install the Mobility service manually (push install is not supported). Then click Next: Virtual machines.
In Virtual Machines, in Import migration settings from an assessment?, leave the default setting No, I'll specify the migration settings manually.
Check each VM you want to migrate. Then click Next: Target settings.
In Target settings, select the subscription, and target region to which you'll migrate, and specify the resource group in which the Azure VMs will reside after migration.
In Virtual Network, select the Azure VNet/subnet to which the Azure VMs will be joined after migration.
In Cache storage account, keep the default option to use the cache storage account that is automatically created for the project. Use the drop down if you'd like to specify a different storage account to use as the cache storage account for replication.
In Availability options, select:
- Availability Zone to pin the migrated machine to a specific Availability Zone in the region. Use this option to distribute servers that form a multi-node application tier across Availability Zones. If you select this option, you'll need to specify the Availability Zone to use for each of the selected machine in the Compute tab. This option is only available if the target region selected for the migration supports Availability Zones
- Availability Set to place the migrated machine in an Availability Set. The target Resource Group that was selected must have one or more availability sets in order to use this option.
- No infrastructure redundancy required option if you don't need either of these availability configurations for the migrated machines.
In Disk encryption type, select:
- Encryption-at-rest with platform-managed key
- Encryption-at-rest with customer-managed key
- Double encryption with platform-managed and customer-managed keys
To replicate VMs with CMK, you'll need to create a disk encryption set under the target Resource Group. A disk encryption set object maps Managed Disks to a Key Vault that contains the CMK to use for SSE.
In Azure Hybrid Benefit:
- Select No if you don't want to apply Azure Hybrid Benefit. Then click Next.
- Select Yes if you have Windows Server machines that are covered with active Software Assurance or Windows Server subscriptions, and you want to apply the benefit to the machines you're migrating. Then click Next.
In Compute, review the VM name, size, OS disk type, and availability configuration (if selected in the previous step). VMs must conform with Azure requirements.
- VM size: If you're using assessment recommendations, the VM size dropdown shows the recommended size. Otherwise Azure Migrate picks a size based on the closest match in the Azure subscription. Alternatively, pick a manual size in Azure VM size.
- OS disk: Specify the OS (boot) disk for the VM. The OS disk is the disk that has the operating system bootloader and installer.
- Availability Zone: Specify the Availability Zone to use.
- Availability Set: Specify the Availability Set to use.
In Disks, specify whether the VM disks should be replicated to Azure, and select the disk type (standard SSD/HDD or premium managed disks) in Azure. Then click Next.
- You can exclude disks from replication.
- If you exclude disks, won't be present on the Azure VM after migration.
In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
In Review and start replication, review the settings, and click Replicate to start the initial replication for the servers.
You can update replication settings any time before replication starts, Manage > Replicating machines. Settings can't be changed after replication starts.
Track and monitor
- When you click Replicate a Start Replication job begins.
- When the Start Replication job finishes successfully, the machines begin their initial replication to Azure.
- After initial replication finishes, delta replication begins. Incremental changes to on-premises disks are periodically replicated to the replica disks in Azure.
You can track job status in the portal notifications.
You can monitor replication status by clicking on Replicating servers in Migration and modernization.
Run a test migration
When delta replication begins, you can run a test migration for the VMs, before running a full migration to Azure. We highly recommend that you do this at least once for each machine, before you migrate it.
- Running a test migration checks that migration will work as expected, without impacting the on-premises machines, which remain operational, and continue replicating.
- Test migration simulates the migration by creating an Azure VM using replicated data (usually migrating to a non-production VNet in your Azure subscription).
- You can use the replicated test Azure VM to validate the migration, perform app testing, and address any issues before full migration.
Do a test migration as follows:
In Migration goals > Servers > Migration and modernization, click Test migrated servers.
Right-click the VM to test, and click Test migrate.
In Test Migration, select the Azure VNet in which the Azure VM will be located after the migration. We recommend you use a non-production VNet.
The Test migration job starts. Monitor the job in the portal notifications.
After the migration finishes, view the migrated Azure VM in Virtual Machines in the Azure portal. The machine name has a suffix -Test.
After the test is done, right-click the Azure VM in Replicating machines, and click Clean up test migration.
You can now register your servers running SQL server with SQL VM RP to take advantage of automated patching, automated backup and simplified license management using SQL IaaS Agent Extension.
- Select Manage > Replicating servers > Machine containing SQL server > Compute and Network and select yes to register with SQL VM RP.
- Select Azure Hybrid benefit for SQL Server if you have SQL Server instances that are covered with active Software Assurance or SQL Server subscriptions and you want to apply the benefit to the machines you're migrating.hs.
After you've verified that the test migration works as expected, you can migrate the on-premises machines.
In the Azure Migrate project > Servers, databases and web apps > Migration and modernization, click Replicating servers.
In Replicating machines, right-click the VM > Migrate.
In Migrate > Shut down virtual machines and perform a planned migration with no data loss, select No > OK.
For minimal data loss, the recommendation is to bring the application down manually as part of the migration window (don't let the applications accept any connections) and then initiate the migration. The server needs to be kept running, so remaining changes can be synchronized before the migration is completed.
A migration job starts for the VM. Track the job in Azure notifications.
After the job finishes, you can view and manage the VM from the Virtual Machines page.
Complete the migration
- After the migration is done, right-click the VM > Stop replication. This does the following:
- Stops replication for the on-premises machine.
- Removes the machine from the Replicating servers count in the Migration and modernization tool.
- Cleans up replication state information for the machine.
- Verify and troubleshoot any Windows activation issues on the Azure VM.
- Perform any post-migration app tweaks, such as updating host names, database connection strings, and web server configurations.
- Perform final application and migration acceptance testing on the migrated application now running in Azure.
- Cut over traffic to the migrated Azure VM instance.
- Remove the on-premises VMs from your local VM inventory.
- Remove the on-premises VMs from local backups.
- Update any internal documentation to show the new location and IP address of the Azure VMs.
Post-migration best practices
- For increased resilience:
- For increased security:
- Lock down and limit inbound traffic access with Microsoft Defender for Cloud - Just in time administration.
- Restrict network traffic to management endpoints with Network Security Groups.
- Deploy Azure Disk Encryption to help secure disks, and keep data safe from theft and unauthorized access.
- Read more about securing IaaS resources, and visit the Microsoft Defender for Cloud.
- For monitoring and management:
- Consider deploying Azure Cost Management to monitor resource usage and spending.
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.