We’re delighted to introduce you to guest blogger Gabriel Mora, a Microsoft Certified Azure Administrator who has worked on multiple migration projects using Azure Site Recovery and other third-party tools like Zerto and Movere.
Migrating to Azure: Tips, Tricks and Tools
By Gabriel Mora
Hi everyone, my name is Gabriel Mora and today I will be giving you some tips on migrating to Azure using a few helpful tools. Microsoft allows a range of third-party tools to interact with Azure for cloud migrations of a client’s infrastructure (check out the full list here). In this blog, we will be focusing on three migration tools on the list that I know to be very useful:
- Azure Site Recovery
- Movere (Acquired by Microsoft on 2019)
Read on to learn how to make them work best for you when migrating to Azure. Let’s get started!
1. Azure Site Recovery
What is Azure Site Recovery?
Azure Site Recovery offers infrastructure replication, failover, and recovery processes to help keep your applications running during planned and unplanned outages. It provides us with the perfect tools we need to jump from on premise to the cloud.
Tips and tricks:
Here are some helpful tips to keep in mind during the migration process that are always key to achieving a successful replication:
A. Service Account requirements:
- Have at least one Account, per Configuration Server, with access to install agents on the target machines (VMs or physical) and to shutdown the servers when required.
- In the case of VMWare, you will need to
- Create a role (for example Azure_Site_Recovery) at the vCenter level with permissions to discover, install agent and shutdown VMs.
- Create a new user on the vSphere host or vCenter server and assign the role to the user.
B. Server Configurations:
- Ensure the ASR Configuration server can reach portal.azure.com with no cert errors (you will need a need trusted root).
- Allow Windows Management Instrumentation (WMI) in the Windows Firewall. Under Windows Firewall settings, select the option “Allow an app or feature through Firewall” and select WMI for all profiles.
C. Services on the server to be migrated:
- If Volume Shadow Copy(VSS) service Startup Type is set to Disabled, change it to Automatic.
- If COM+ System Application(COMSysApp) service Startup Type is set to Disabled, change it to Automatic.
- If the Distributed Transaction Coordinator Service (MSDTC) Startup Type is set to Disabled, change it to Automatic.
- If the service Startup Types were already set to Automatic, check if COM+ enumeration succeeds. (a) You can check COM+ enumeration by Component Services (comexp.msc) (b) Browse to Component Service -> Computers -> My Computer -> COM+ Application. You should be able to expand the System Application node and see the contents under that node. (c) Ensure that Volume Shadow Copy Service is listed under Component Service -> Computers -> My Computer -> DCOM config
What is Zerto?
Zerto is an all-in-one IT Resilience Platform, converging Disaster Recovery, Backup and Cloud Mobility in one simple, scalable platform. It’s great for moving applications or entire datacenters in a matter of minutes - with minimal downtime.
You may find the full list of the Interoperability Matrix for All Zerto Software Versions here.
Tips and tricks:
Here are some helpful tips and tricks to keep in mind during the migration process that are always key to achieving a successful replication:
A. Site-to-Site VPN configuration:
Is highly recommended to check the routing between on premise to ZCA, when configured to make sure it can successfully communicate between the required subnets.
* Zerto Virtual Replication does not support NAT (Network Address Translation) firewalls.
If you are still having issues pairing a site, I recommend checking the proxy settings.
Zerto Cloud Appliance (ZCA) requires the following ports to be open in the Azure site firewall, set in the Azure network security group:
TCP communication between the ZVM and VRA and the VBA on the same site
TCP control communication between protecting and recovering VRAs
TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site
TCP communication between the ZVM and site VRA to handle checkpoints
HTTP communication between the ZVM and Zerto internal APIs and cmdlets, and a VSS Agent
TCP communication between paired ZVMs
Communication between the VBA and VRA
HTTPS communication between the Zerto User Interface and a ZVM, and for invoking Zerto RESTful APIs
B. Best Practices
- Install Zerto Virtual Replication on a dedicated virtual machine with a dedicated administrator account.
- It is required to exclude the Zerto Virtual Replication folder from antivirus scanning. Failure to do so may lead to the ZVR folder being incorrectly identified as a threat and, in some circumstances, corrupt the ZVR folder.
C. Some limitations when protecting to Azure
- You cannot protect machines that have a disk larger than 4 TB.
- The protected virtual machines need to have at least one NIC.
- Reserve at least 2 CPUs and 4GB RAM for the machine using a subnet accessible by other Zerto Virtual Replication sites.
What is Movere?
Movere is a SaaS solution residing in Azure, utilizing the latest technology and security standards. It is designed to be a research platform that enables users to find exactly what they are looking for, without having to constantly export, integrate and analyze data outside of the system that gathered it.
Movere provides 4 key features:
Within hours, understand what infrastructure and applications you have, where you have it, how it’s being used, by whom and when.
- Cloud Readiness:
Plan your migration journey wisely based on actual resource and consumption use, not on your current on-premise footprint.
- Optimization and Transformation:
The ARC (Actual Resource Consumption) tool provides detailed consumption and usage data enabling you to optimize and transform your IT environment.
Identify security gaps and risks with the insight of how your environment is being used — regardless of platform, application or geography.
Tips and tricks:
Here are some helpful tips to keep in mind while using this migration assessment tool:
A. Log’s used for troubleshooting:
- Movere maintains two log files, Console.csv and Log.Service.csv.
- Console.csv contains a log for all activities conducted by the Movere console.
- Service.csv contains the log for all payload-related activities.
- Both files are present in the same folder from where the console is being run from.
B. Key information to have in mind:
- Network Bandwidth: The bandwidth consumption is limited to first delivering the bot payload (<4MB) on the target server and then returning the encrypted file (<10KB).
Memory: Movere will scan the server in less than 60 seconds with 10% CPU, and this time is further reduced if it’s allowed to consume more CPU.
- Yes, it is possible, but the precaution needs to be taken that they’re not scoped to the same servers. Recommended is to run the console only from one device at a time.
- The Export button is only visible on the website for the pages containing tabular data.
- WMI scans are significantly slower than the local .net scans and should be avoided as much as possible.
- Movere will upload the scan data to the website in batches, so there might be some delay in uploading to let the current scan cycle complete.
I hope this information will be useful as you begin your journey into the Azure cloud. We always run into new issues when going through the migration process so it’s always handy to have this kind of information available for easy consumption.