Migrating to a Hybrid Server Environment with Microsoft Azure
Business Case Study
Microsoft IT needed to migrate applications and server workloads from a large number of servers located in traditional data centers. With infrastructure replacement costs close to US$200 million, Microsoft IT wanted to leverage the capabilities and benefits of Microsoft Azure to replace the existing infrastructure. Microsoft IT assessed server workloads, created migration plans, and transferred workloads from their existing server infrastructure to Microsoft Azure virtual machines. The migration process enabled Microsoft IT to capture vital lessons and best practices to use in future migration projects, and the migration provided cost and efficiency benefits for Microsoft IT and the business groups it supports.
Business Case Study, 412 KB, Microsoft Word file
Products and Technology
Microsoft IT wanted to implement the Microsoft vision for cloud computing, “All Microsoft runs in the cloud,” and support adoption of cloud computing, specifically with Microsoft Azure. To achieve these goals, Microsoft IT wanted to migrate applications from servers in traditional datacenters to Microsoft Azure in order to realize financial, logistic, and business benefits.
|Stratus is the internal Microsoft Azure adoption team at Microsoft. Stratus is responsible for identifying applications and workloads for migration to Microsoft Azure, and for guiding the migration process for these applications. Stratus at Microsoft IT ensures that Microsoft Azure migration is beneficial both to internal business units and to Information Technology (IT) teams.|
Microsoft IT is responsible for the management of the internal IT infrastructure at Microsoft. IT infrastructure at Microsoft covers a large technology and user scope, with datacenters that span the globe and serve over 190,000 users in 107 countries.
Microsoft strives to be its own first and best customer. This initiative involves Microsoft adopting its own technologies internally, wherever possible. The early adoption of Microsoft products enables Microsoft IT to establish lessons learned and best practices for Microsoft products early in the product development cycle. Microsoft can then pass these lessons learned and best practices on, providing customers with added value when adopting products in their respective organizations.
Microsoft IT has adopted a cloud-first approach to applications and workloads, which supports the corporate vision “All Microsoft runs in the cloud.” The cloud platform of choice at Microsoft is Microsoft Azure. Microsoft IT has been using Microsoft Azure as the default infrastructure for new applications and workloads to further this cloud strategy. In addition to implementing this policy for new workloads, Microsoft IT continues to extend the cloud-first vision by assessing existing infrastructure for cloud-migration.
“The journey to Microsoft Azure is strategic. For Microsoft IT, this strategic journey will fundamentally change how we enable a hybrid cloud and increase agility and scalability, while moving away from the traditional datacenter model.”
General Manager – Microsoft IT Service Deployment and Operation
Evaluating Available Technology
Cloud computing types are defined by how and where the resources used for cloud computing are hosted. The two most common choices are the public cloud and the private cloud:
- Private cloud. Private clouds must exhibit the five main characteristics of cloud computing: self-service, broad network access, resource pooling, elasticity, and measured service. In a private cloud scenario, infrastructure resources are hosted within the customer’s datacenter. Microsoft supports private clouds through a combination of Hyper-V in Windows Server 2012 and Microsoft System Center 2012. The Windows Azure Pack is a collection of Microsoft Azure technologies that integrate with System Center and Windows Server to help provide a self-service portal for administrators managing private cloud functionality and resource clouds.
- Public cloud. The key difference between a public and a private cloud is the use of corporate multi-tenancy. Private clouds host only one company or enterprise, and public clouds host multiple companies on the same infrastructure. The main advantage to a public cloud is economy of scale. Microsoft currently offers public cloud services to customers. Microsoft cloud services include several different service options, such as Microsoft Azure, Windows Intune, Microsoft Dynamics, and Microsoft Office 365.
The primary benefits of an on-premises private cloud deployment are security, physical control, and autonomy. The primary benefits of an off-premises public cloud deployment are economy of scale and automation.
Microsoft Azure is an open and flexible public cloud platform that enables customers to build, deploy, and manage applications and server infrastructure across a global network of data centers managed by Microsoft. All Microsoft Azure products offer rapid deployment, scalable resources, and an open management environment hosted on a reliable, always available, and globally accessible platform. Microsoft Azure provides several different categories of cloud computing, including:
- Infrastructure as a Service (IaaS). IaaS provides a cloud-based infrastructure for customers to build their own server infrastructure upon. The primary IaaS component in Microsoft Azure is the Microsoft Azure Virtual Machine. Virtual machines in Azure can be provisioned and deployed almost instantly, and they can be configured to provide varying levels of computing resources.
- Platform as a Service (PaaS). PaaS products provide customers the ability to develop and host their own applications within the cloud platform. Microsoft Azure enables customers to host their applications in an environment where infrastructure maintenance is handled within the Microsoft Azure datacenters. PaaS customers can focus solely on application funcitonality, and do not have to worry about the infrastructure that supports the application.
- Software as a Service (SaaS). SaaS provides pre-developed applications that are delivered over the Internet to customers. Application platforms, such as Office 365, Microsoft Exchange Online, and Microsoft SharePoint Online are hosted and provided to customers, typically on a per-user or pay-per-use model.
Assessing the Traditional Datacenter
IT infrastructure at Microsoft operates at a global scale. Microsoft has eight major datacenters in locations across the world that provide services to Microsoft employees and Microsoft business processes. Managing IT infrastructure on this scale requires a proportionately large IT support organization.
Microsoft IT had plans to close four different datacenters across three locations in the near future. These locations contained traditional datacenter infrastructure that hosted a variety of server workloads and applications. While migration of these applications and workloads was not an emergency, planning an efficient and effective migration was important. Microsoft IT determined that more than US$200 million in capital costs were required to replace end-of-life hardware and move the physical infrastructure to other datacenters. Migration to Microsoft Azure was, therefore, the first choice for Microsoft IT for hosting the workloads from the closing datacenters. As a result, Microsoft IT faced a large potential migration pool, many of which needed to be migrated soon. As mentioned earlier, Microsoft IT considered Microsoft Azure first for newly deployed applications and infrastructure needs. Microsoft IT knew that a comprehensive strategy for assessment, migration, deployment, and management was necessary for its Microsoft Azure implementation.
Migrating an entire organization to ”the cloud” is not an endeavor undertaken lightly, and very few organizations can make such a significant change in a week, a month, or even a year, especially not an organization the size of Microsoft. The primary requirements established for a Microsoft Azure migration strategy were that it was carefully planned, considered the goals of the business before technical advancement, and that it was sustainable by Microsoft IT.
Adopting a Hybrid Cloud Strategy
Microsoft IT understood that, while Microsoft Azure would be an excellent infrastructure platform for many workloads, other business-critical or dependent roles would not be well suited to the cloud immediately. Specifically, core network services were selected to remain in on-premises datacenters, including the following:
- Active Directory Domain Services (AD DS).
- Domain Name System (DNS).
- Windows Server Update Services.
- Microsoft System Center 2012 Configuration Manager.
In addition, any applications or workloads that Microsoft IT considered high business impact, such as financial information, protected corporate information, or personal information, should be among the last to be migrated. This would allow Microsoft Azure to be effectively assessed and prepared to host this highly sensitive information.
Even though a complete migration to Microsoft Azure was the idealistic goal, the decision to retain these components in traditional datacenters for the near future meant that Microsoft IT would run some components of their business in Microsoft Azure, and some within traditional datacenters. This resulted in a hybrid cloud.
Hybrid Cloud at Microsoft IT
For Microsoft IT, migrating to Microsoft Azure and deploying a hybrid cloud meant establishing two primary components:
- Public cloud. The public cloud would host Microsoft Azure services, primarily IaaS in the form of the Microsoft Azure Virtual Machines.
- Private Cloud. The private cloud would host the infrastructure roles and other services listed above in on-premises datacenters, running primarily on virtual machines within Hyper-V in Windows Server 2012 and Microsoft System Center 2012.
Moving Applications to Microsoft Azure
The Microsoft Azure migration process that Microsoft IT developed addresses more than simply the technical migration. Numerous factors must be considered when migrating an application or workload, including technical suitability, network connectivity, dependence on other services, business unit impact, and how the application is used.
Microsoft IT involves three key groups in the Microsoft Azure migration process, each playing an important role in the migration lifecycle:
- Service and Deployment Operations (SDO). SDO is the group at Microsoft that builds the technology used at Microsoft IT for Microsoft Azure migration. SDO oversees the migration process, ensures that technical infrastructure is in place for the migration, and develops tools and methods to help different business units migrate to Microsoft Azure.
- Project Stratus. The Project Stratus team members connect SDO and the business units that are migrating to Microsoft Azure. Stratus helps business units make informed, data-driven decisions about the migration process. Stratus ensures that critical information, such as important business considerations, is presented effectively to SDO during the migration process. Stratus uses a deep set of data collected from Microsoft IT and communication with key business unit stakeholders to evaluate cloud-readiness for an application or workload.
- First and Best. The First and Best team at Microsoft IT is responsible for enabling Microsoft IT teams to incorporate and effectively use Microsoft technology within the organization. The First and Best team works with SDO to ensure that Microsoft Azure, as a product, is providing the functionality that Microsoft IT requires. First and Best connects SDO to the product group at Microsoft that creates and develops Microsoft Azure, and enables SDO to get the most out of Microsoft Azure. This also enables the Microsoft Azure product group to continue to evolve the product and develop new features and functionalities that can be incorporated into Microsoft Azure.
Implementing Selection Assessment Tools
Microsoft IT uses several different tools to determine if an application or workload is suitable for migration to Microsoft Azure.
- Microsoft Assessment and Planning Toolkit (MAP). MAP is a solution accelerator that provides a large feature set for assessing existing IT environments. MAP enables the automated inventory and assessment of applications to determine basic suitability and virtual machine sizing requirements.
- FactFinder Enterprise. FactFinder, by BlueStripe Software, Inc., enables Microsoft IT to track individual transactions across the enterprise, including cloud platforms. FactFinder helps Microsoft IT to determine the complete scope of an application, including dependencies, network communication, and required infrastructure.
- System Center 2012 Configuration Manager. Microsoft IT uses Configuration Manager to inventory and configure its entire infrastructure. SDO uses custom-built reports in Configuration Manager to extract important data from existing infrastructures. SDO uses this data alongside the information gathered from other tools to provide a comprehensive view of the migration process.
Assessing Applications for Microsoft Azure
After the assessment tools have gathered the technical data, a more-detailed phase of the assessment process begins. Microsoft IT compares the data gathered in the tools above to real-life experiences within the business unit that is migrating the application. SDO works with Stratus and the business unit to determine if all elements of the migration are captured in the data, and to verify that the data represents the application or workload accurately.
Developing Guidance for Application Migration
Once the assessment phase is complete and SDO confirms the assessment data, SDO analyzes the application or workload to develop guidance for performing the migration. There are two migration methods that SDO uses for applications or workloads moving to Microsoft Azure:
- Lift and shift. In a lift and shift scenario, SDO takes existing virtual machines in the private cloud, or a non-virtualized server infrastructure, and shifts them to the cloud. In the case of an existing private cloud infrastructure, virtual machines are exported from the private cloud and imported to Microsoft Azure. For physical infrastructure, SDO performs a physical-to-virtual conversion that captures the physical server to a virtual machine. The resulting virtual machine can then be imported into Microsoft Azure.
- Build in the cloud. When lift and shift is not technically feasible, SDO prebuilds the core solution in Microsoft Azure, and then migrates the application or workload. SDO uses traditional methods during the migration phase, such as backup and restore or copy over network. The build in the cloud scenario often requires more administrative overhead. Building in the cloud has several benefits, including:
- Fully-automated virtual machine builds are available in approximately 20 minutes.
- Azure Virtual Machines are CorpNet-connected.
- Virtual machine builds are standards-compliant.
- Providing a unified service experience to the customer.
- Consistent change, manageability, and support services are available to the customer.
- Virtual machine placement is determined by business unit alignment.
One of the most critical parts of the migration process is timing each step in the migration sequence. Many of the applications migrated by Microsoft IT have significant impact on the business unit that owns them. Microsoft IT plans by studying several factors:
- Examining business practices. If a business unit routinely experiences busy periods, such as at the end of the month or during specific seasons, customers should avoid those periods. In contrast, slow periods and non-production times for a business unit are excellent migration windows.
- Planning resource availability. Resources, both human and technical, need to be available throughout the migration period. Microsoft IT ensures that all critical resources are available and that human resources are prepared to dedicate the required time to the migration process.
- Assessing automation availability. Automation of the migration process can save considerable time and effort in the migration. However, automation also has a set of requirements that must be met in order for a migration to be successful.
In many cases, careful orchestration and scheduling was required to perform the migration without negatively affecting business processes.
In the hybrid cloud scenario, connectivity is a very important consideration. For Microsoft IT, all core networking services – AD DS and DNS, for example – are hosted on-premises in traditional datacenters. When an application or workload that requires these services is migrated to the cloud, it needs to be able to communicate back to the on-premises network. Microsoft IT uses two different methods for connectivity between Microsoft Azure and an on-premises infrastructure:
- Site-to-site virtual private network (VPN). Site-to-site VPN encrypts the data between the Microsoft Azure virtual network and the on-premises network. This method uses the public internet for connectivity, and can be subject to traffic bottlenecks.
- ExpressRoute. ExpressRoute is a new technology that Microsoft developed in conjunction with telecommunications providers. In the ExpressRoute scenario, the Microsoft Azure customer works directly with their telecommunications provider to facilitate a connection to Microsoft Azure. Microsoft provides the telecommunications provider with the services they need to create a secure, private connection that does not use the public internet between the customer and Microsoft Azure data centers.
Network Bandwidth Considerations
Procuring network bandwidth provided an infrastructure challenge to Microsoft IT during early migrations to Microsoft Azure. Virtual hard drive files are often several hundred gigabytes, and uploading that much data from on-premises servers to Microsoft Azure overloaded the available bandwidth at the edge of the corporate network. To remedy this, Microsoft IT procured a connection that was dedicated to Microsoft Azure, and then segregated the connection from typical corporate network traffic flow.
SDO’s migration process is a multi-step process. This process might be adapted slightly to meet the requirements of a particular migration. The following high-level steps are the key components of the migration process:
- A business unit submits a migration request.
- SDO gathers the environment data for the migration assessment.
- SDO exports any on-premises virtual machines.
- Export from Microsoft System Center 2012 - Virtual Machine Manager.
- Convert disks to fixed virtual hard disks.
- SDO uploads virtual disks to Microsoft Azure.
- SDO creates an Azure virtual machine deployment using existing disks.
- SDO performs quality checks.
- SDO hands off to application owner.
SDO has also developed automated migration procedures that enable a business unit to request Microsoft Azure resources and have the virtual machine automatically provisioned in the cloud. This automation is the cornerstone of the Microsoft IT plan for Microsoft Azure because it enables user-driven adoption of Microsoft Azure, without requiring Microsoft IT resources to facilitate the virtual machine resources.
SDO has developed an automation solution, based primarily in Microsoft Azure, for new virtual machine builds. The cloud-driven architecture of the automation solution makes it easier for Microsoft IT to leverage automation capabilities across its network. Automation is used primarily for virtual machines that are built in the cloud. Due to the complex nature of migrating an on-premises virtual machine to Microsoft Azure, SDO prefers to create new virtual machines, and then transition services to the Microsoft Azure-hosted virtual machine. This preference exists because legacy virtual machines could have existing problems or misconfigurations that would carry over to the Microsoft Azure virtual machine. To date, SDO has created 180 virtual machines by using new virtual machine creation, and has directly migrated only four virtual machines from on-premises virtual hosts.
Determining Suitability for Migration
Microsoft IT uses a set of requirements and a decision tree to determine high-level suitability for its migration process. The decision tree evaluates solution targets for existing on-premises servers, in this order of preference:
- Microsoft Azure.
- Private cloud.
- Virtualization in a non-private cloud.
- A physical server.
The following diagram outlines the high-level process for deciding how an application or server workload will be migrated.
Figure 1: Server migration decision tree.
Microsoft Azure Management
The management of a Microsoft Azure migration and the ongoing management of applications and workloads hosted in Microsoft Azure are critical to both the effective use of Microsoft Azure resources, and to the continuing adoption of Microsoft Azure for new and existing Microsoft IT applications.
There are two key aspects of technical management with Microsoft Azure:
- Subscription setup and configuration. For both automated and manual migrations, Microsoft Azure subscriptions must be set up for application owners. Microsoft IT has established a specific set of standards and processes for configuring Microsoft Azure subscriptions to ensure that they operate within a standardized environment.
- Enabling features. While the initial configuration and creation of Microsoft Azure virtual machines can be automated, the process for enabling new features and performing configuration cannot be automated. Microsoft IT has created a request process that results in the SDO team performing any necessary configuration changes for the application owner.
Business management processes ensure that application owners have a complete understanding of their Microsoft Azure environment. Two of the processes that ensure that Microsoft Azure availability and functionality are clearly communicated to business units at Microsoft are:
- Central Microsoft Azure registration and commitment management. These processes give Microsoft IT the ability to understand the scope of a business unit’s involvement with Microsoft Azure and to manage Microsoft Azure migration requests. This ensures that Microsoft IT resources are available and migration requests are addressed in the most efficient way possible.
- Standards for cloud services and subscription placement. Microsoft IT has specific standards and processes set for Microsoft Azure migration. This ensures that both SDO and business units are properly informed on how the migration process works, and what general factors make an application or workload suitable for migration.
Microsoft IT forsees several opportunities to move forward with the transition to Microsoft Azure, and to more aggressively manage current and future costs. Rapidly enabling Microsoft Azure features for the enterprise and for the development and management teams means taking more measured risks, but may result in accelerating the transition to Microsoft Azure. Additionally, Microsoft IT has to change its operating model and evolve the organization around cloud computing. Cloud computing has the potential to improve agility and provide efficiencies to Microsoft IT operations, and thus contribute additional savings beyond reduced infrastructure costs.
In the ideal migration scenario, Microsoft IT hopes to migrate all compatible legacy infrastructure, including the 60 percent that will soon reach end-of-life (EOL), to hybrid cloud by the end of the 2018 fiscal year.
Figure 2: Projected Microsoft Azure and hybrid cloud adoption.
Changing How IT Spends
A significant component of public cloud adoption through Microsoft Azure is the impact it has on how Microsoft IT funds its IT infrastructure. Traditional datacenters require a large capital investment to purchase facilities, networking infrastructure, servers, and staff to manage the datacenter. With the migration to Microsoft Azure, Microsoft IT is significantly changing the way the cost structure of IT infrastructure.
Capital cost avoidance through public cloud adoption enables Microsoft IT to maintain a more consistent budget cycle, enabling more accurate cost forecasting. It also makes Microsoft IT more financially flexible. The anticipated impact on capital cost will depend on how aggressive the Microsoft Azure adoption plan is, and how many operating system instances (OISs) are migrated to Microsoft Azure.
Figure 3: Capital cost avoidance by adoption strategy.
The reduction of infrastructure costs, including the capital purchase of new servers and equipment, is an obvious benefit of public cloud adoption. Additional capital cost savings that are available to business groups include:
- Lower-cost infrastructure options, including storage and networking.
- Increased efficiency of server virtualization.
In addition, migration to Microsoft Azure enables Microsoft IT to improve operational cost efficiency in the following ways:
- Reduced on-premises power demand.
- Lower depreciation expenses.
- Efficiency gains through process automation.
Microsoft IT has realized some benefits from its Microsoft Azure migration processes, and anticipates realizing additional benefits as the migration process continues.
Improved agility is a result of faster provisioning, testing, and proving of concepts. This reduction in infrastructure friction helps Microsoft IT meet its business demands.
When critical problems occur in production, the ability to create a consistent environment rapidly enables the engineering team to respond quickly to critical problems. Having multiple environments available on demand, such as development and test, ensures that ongoing applications and workloads are not affected.
Teams are able to implement complex and real-world testing environments to perform their testing efforts at scale. This results in more robust and functional applications.
Redundancy and Resiliency
Hosting applications and workloads in the public cloud in Microsoft Azure data centers leverages economies of scale. Microsoft Azure provides redundancy, failover, and disaster recovery services to all Microsoft Azure tenants.
With faster provisioning and greater test coverage, Microsoft IT is now able to address issues more quickly, resulting in a resilient IT environment with more predictable outcomes.
A consistent and predictable foundation environment—including the base operating system, packaged software, security, patches, and all base configurations—enables everyone to focus on their core tasks, without being distracted by creating test environments or troubleshooting environmental issues.
While adopting and implementing a cloud computing strategy can be an imposing task, ensuring participation and buy-in throughout Microsoft has provided Microsoft IT with an outcome that is both successful and educational. Successful implementation of a cloud computing strategy requires involvement from everyone across Microsoft IT. Advanced virtualization and private cloud capabilities address most barriers to adoption. In time, these barriers to adoption will also come down for the public cloud. An organization implementing a cloud computing strategy should adhere to these specific practices:
Production Application Support and Networking
- Enable the core infrastructure services of cloud connectivity and manageability.
- Deliver new on-premises virtualization infrastructure solutions.
- Advance operational readiness to migrate to cloud services.
Security and Risk Management
- Provide appropriate security policies and oversight for both private and public clouds.
- Deploy applications to appropriate cloud services.
- Participate in self-testing programs to test new cloud features.
- Take calculated risks when business value is anticipated.
- Provide funding to acquire necessary infrastructure resources and implement operating model changes.
- Provide guidance for cloud innovation, deployments, shared components, and architectural designs.
Microsoft IT has leveraged the capabilities and benefits of Microsoft Azure to replace a traditional datacenter infrastructure. Microsoft IT has assessed server workloads, created migration plans, and transferred workloads from their existing server infrastructure to Microsoft Azure virtual machines. The migration process enabled Microsoft IT to capture vital lessons and best practices to use in future migration projects, and the migration results provided cost and efficiency benefits for Microsoft IT and business groups it supports.
For More Information
For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre at (800) 933-4750. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to:
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Azure, Hyper-V, Microsoft Dynamics, Office 365, SharePoint, Windows, Windows Intune, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.