How to Migrate VMware VMs to Azure (4): Migrate VMs to Azure

In this final part of my four-part series, you’ll learn how to migrate your on-premises VMware VMs to Azure using the Migration and Modernization tool.

The Migration and Modernization tool is a lightweight vCenter VM appliance that discovers VMware VMs, replicates them to Azure, and performs migration.

Deploying the vCenter appliance is similar to the steps we completed in the discovery part of this guide.

Task 1: Review Migration Prerequisites

Before proceeding with the steps below, ensure that you have:

1. Completed the steps in parts 1, 2, and 3 of this series.
2. Created an Azure Migrate project. You would have created one if you completed the preceding parts of this guide.
3. An Azure account with permission to create VMs and write to an Azure-managed disk.

Task 2: Create Azure RG, vNET and NSG

When you migrate VMs to Azure, you must place them in an Azure resource group and create an Azure Virtual Network to allow connection to and from the VM. Moreover, you require an Azure Network security group to configure firewall rules to and from the vNET.

In the following sub-tasks, you’ll create these resources.

Task 2.1: Create an Azure Resource Group

When you create an Azure Resource Group, you need to place it in an Azure region. To determine the name of the region in your location:

1. Sign in to Azure and open the Azure Cloud Shell PowerShell. When Cloud Shell opens, maximize it by clicking the expand icon.

2. Then, on the PowerShell console, run the Get-azLocation command.

Change UK to anything you believe should be in the Display name of the Azure Region.

Get-azLocation | Where-Object {$_.DisplayName -like "*UK*"} 

Note the Location of the region in which you want to migrate your VMs. In my example, I want to deploy to “UK South,” so my location is uksouth.

Once you have the region name, run the PowerShell commands below to create the Azure Resource Group.

#1. Set location and RG name variables
$RGlocation = 'uksouth'
$RGName="VMware-migration-RG"
#2. Create the Resource Group
New-AzResourceGroup -Location $RGlocation -Name $RGName

Task 2.2: Create an Azure Network Security Group

To create a network security group, run these PowerShell commands:

#1. Set variables
$NSGName="VMware-NSG"
$NSGLocation = 'uksouth'
$NSGRGName="VMware-migration-RG"
#2. Create the Network Security Group
New-AzNetworkSecurityGroup -Name $NSGName -ResourceGroupName $NSGRGName  -Location $NSGLocation

Task 2.3: Configure Firewall Rules on the NSG

Based on the information you compiled in your dependency mapping, create inbound and outbound rules on the newly created NSG. In the example below, I will create an inbound rule allowing TCP/IP port 3389 (RDP port).

1. Search Network security groups and open it from the results. After that, open the NSG you created in Task 2.2.

2. Then, expand the NSG’s Settings and click Inbound security rules > +Add.

3. Finally, configure the inbound rule using my screenshot below.

After creating the inbound rule with the above steps, it will display an alert. If you open the inbound rule, Azure displays the reason for the amber alert. In my example, the reason for the alert is that “RDP port 3389 is exposed to the Internet.”

If you’re migrating Linux VMs, you must also create another Inbound rule allowing access to port 22 so you can SSH to the VMs after migrating them.

Task 2.4: Create an Azure Virtual Network

When you create an Azure vNET, you must specify the AddressPrefix. Furthermore, after creating the vNET, you must create a subnet defining the VM network in the vNET.

This sunset must not overlap with the vNET Address or your on-premises network. Similarly, you must also create an Azure Virtual Network Gateway subnet, which VMs need to connect to external resources.

Run the PowerShell commands below to create these resources.

Change the names of the resources and IP networks to yours. For production migration, I recommend creating a separate vNET and subnet for test migration.

#1. Set Variables
$AzVirtualNetworkName="VMware-vNET"
$AzResourceGroup = 'VMware-migration-RG'
$AzRegion = 'uksouth'
$AzVMSubnet="VMsubnet"
#2. Create the virtual network
New-AzVirtualNetwork -Name $AzVirtualNetworkName -ResourceGroupName $AzResourceGroup -Location $AzRegion -AddressPrefix '172.17.0.0/22'
#3. Create VMsubnet
Add-AzVirtualNetworkSubnetConfig -Name $AzVMSubnet -AddressPrefix '172.17.0.0/24' -VirtualNetwork (Get-AzVirtualNetwork -Name $AzVirtualNetworkName -ResourceGroupName $AzResourceGroup) | Set-AzVirtualNetwork
#4. Create GatewaySubnet - the name MUST be called GatewaySubnet
Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix '172.17.1.0/27' -VirtualNetwork (Get-AzVirtualNetwork -Name $AzVirtualNetworkName -ResourceGroupName $AzResourceGroup) | Set-AzVirtualNetwork

Task 2.5: Associate the Subnet to the NSG

You must associate the vNET subnets with the NSG to apply the network security group rules. Here are the steps:

1. Search Network security groups and open it from the results, then open the NSG you created earlier.
2. Then, expand Settings on the NSG’s page and click Subnets > +Associate.

3. On the Associate subnet flyout, select the virtual network from the Virtual network drop-down menu. Then, choose the VMsubnet from the Subnet drop-down menu and click OK.

Note that Network security groups cannot be attached to Gateway subnets.

You can also enable this association from the vNET’s Settings > Subnets menu (click the subnet to associate).

Task 3: Download the Appliance OVA File

Having prepared the Azure environment, it is time for the main action.

In the following tasks, you’ll create an Azure Migrate discovery to prep the appliance’s OVA file. Then, you’ll use the OVA file to create the Azure Migrate appliance in vCenter.

Task 3.1: Create an Azure Migration Discovery

1. Sign in to Azure, open Azure Migrate, and click Servers, databases, and web apps.
2. After that, click Discover under Migration and modernization.

3. Then, on the Azure Migrate Discover page, select the options in my first screenshot below. Then, scroll down to the second part of the page.

Task 3.2: Download the Appliance OVA File

4. On the “1: Generate project key,” enter a name for the Azure Migrate appliance and click Generate key.

5. Once the key is generated, copy it. Then, in 2: Download Azure Migrate appliance, select “.OVA file. 12GB” and click the Download button to download the appliance’s vCenter OFA file.

Task 4: Deploy the Azure Migrate Appliance

1. Sign in to vCenter, right-click the location where you want to deploy the Azure Migrate appliance and choose Deploy OVF Template.

2. Then, on the Select an OVF template page, choose the Local file option, use the UPLOAD FILES button to select the Azure Migrate appliance OVA file, and click Next to proceed to the next page.

3. In the Select a name and folder page, give the appliance the same name as you used in Azure, then, confirm the location and click Next. After that, review the settings and select a datastore to deploy the VM.

4. Finally, select a VM network and create the VM. It will take a while to create the VM.

Task 5: Setup the Azure Appliance in vCenter

Task 5.1: Complete the Appliance’s OS Setup

Power the VM and use the steps below to configure the Azure Migrate appliance.

When you create the Azure Migrate appliance VM in vCenter, it has 32 GB of RAM and 4 CPUs. Since I am running this test deployment in my home lab, I adjusted the RAM to 16 GB and 2 vCPUs.

1. To Power on the VM, right-click it, point to Power, and choose Power On. 4

2. After that, launch the VM’s console by clicking LAUNCH WEB CONSOLE and wait for the final stages of the Windows Server deployment to load.

The getting ready screen might take a while. The VM will restart during the process.

3. When the license agreement page loads, accept the agreement. Then, type the administrator password.

4. Sign in to the appliance (Windows), assign the server a static IP address, and configure DNS servers.

When you sign in, the Azure Migrate appliance opens in the Edge browser. Minimize it. RDP is enabled by default on the applainace’s OS.

Task 5.2: Configure and Register the Appliance in Azure

1. RDP to the Azure Migrate appliance VM and login to Windows. Then, open the Azure Migrate appliance in the Edge browser.

Connecting to the server via RDP lets you copy and paste the project key in step 2 below.

Click Agree to accept the license agreement and load the appliance’s interface.

2. Scroll to Configure and Register the Appliance in Azure, enter the project key you generated in Task 3.2, and click Verify.

Once the key is verified, the appliance will check for updates and initiate registration in Azure.

3. You’ll be notified and prompted to reload the page if updates are installed. Click the Refresh button and wait for the page to reload.

After that, click the Verify button again to re-verify the project key with Azure. Then, wait for the auto update service to start.

4. When the previous step is completed, the Login button will become available. Click Login to sign in to Azure.

5. Then, click Copy code & Login on the Continue with Azure Login pop-up. Then, paste the code into the Azure sign-in page that opens in a new browser tab.

After that, log in to Azure with the account you created in part 1 of this guide. When you finish signing in, close the browser and return to the Azure Migrate appliance’s browser tab.

6. The appliance will register with Azure and throw an error about the VMware Virtual Disk Development Kit not being installed.

You have downloaded this kit in part 1. Copy the file to C:Program FilesVMwareVMware Virtual Disk Development Kit. After copying the files, click the Verify button again, and it should return all green.

7. Also, add the vCenter account and account with admin permission on the VMs you’re migrating and a vCenter server to the appliance.
8. Finally, sign in to Azure, open Azure Migrate, and confirm that the appliance has been registered in the Azure project.

Task 6: Replicate VMware VMs to Azure

1. From the Azure Migrate > Servers, databases and web apps page, click Replicate under the Migration tools section.

2. In the Specify intent, Replicate page, select the options as shown in my screenshot below and click Continue.

3. In the Select the virtual machines to be migrated page, “Import migration settings from an assessment?” drop-down, choose No, I’ll specify the migration settings manually.

4. Then, on the Configure settings and target properties for migration page, choose the region and resource group you created in Task 2.1.

After selecting the region and resource group, choose the Virtual network and VM subnet you created in Tasks 2.24 and 2.5. When you finish, click Next.

Select the vNET and subnet you created for production migration in the Test Migration section.

5. On the next page, choose Automatically select matching configuration in the Azure VM Size. After that, select the disk replication options if required.

6. Finally, tag the VM if required, then review and start replication.

Task 7: Track and Monitor Replication

To track the replication job status:

1. Click the Overview button in the Migration and modernization section.

2. On the Azure Migrate: Migration and modernization page, click the Jobs menu.

3. Finally, to view the status of the replicated VMs, click the Replications tab. Wait for the VM’s replication status to reach 100% before proceeding to Task 8.

To check for replication events, including errors, click the Events menu.

Task 8: Run a Test VMware VM Migration

To run a test migration of a VM:

1. Right-click the menu button and choose Test Migration.

2. Finally, select the test migration vNET, subnet and click Test Migration.

Task 9: Migrate VMware VMs to Azure

1. From the Azure Migrate: Migration and modernization, Replications tab, click the menu of the VM you want to migrate and choose Migrate.

2. Then, on the VM’s Migrate page, select whether to shut down the source VM and click Migrate.

3. To view the migration’s progress, click the notifications icon, then click the job for more details.

Azure displays the status of each segment of the migration task.

4. When the migration is completed, proceed to Task 10 below.

Task 10: Review the Migrated VM

1. Search virtual machine and open the resource.

2. Then, click the VM you just migrated.

3. Expand Networking on the VM’s menu and click Network Settings. The VM should be assigned a Private IP address from the subnet you created earlier.

However, it will not have a public IP address. So, you cannot connect to the VM unless you have a Site-to-Site or Point-to-Site connection from your on-prem network to the Azure vNET.

To add a Public IP address, click the Configure button below Public IP address.

4. On the IP configurations page, click the IP resource, then, on the fly-out windows, check Associate public IP address and create a new public IP address or select an existing one.

5. After associating the public IP to the VM, open the VM and click Connect from the Connect menu. Then, choose whether to connect via the VM’s private or public IP and whether to connect via SSH using Azure CLI or Native SSH.

The validation failed because I did not open port 22 on the NSG. I will configure an Inbound rule allowing port 22, then repeat the connection configuration.

My validation worked after adding the inbound rule to allow port 22 via the NSG! Then, I could connect to the VM via Azure CLI SSH.

Once Azure finishes the configuration, it opens Azure CLI, and since my Azure CLI was on PowerShell, it prompted me to Switch to Bash in Cloud Shell.

And bingo, I’m connected to the VM’s session via Azure CLI using my Azure account.

Series Conclusion

Migrating VMware VM workloads to Azure is a four-step process. In the first step, you’ll deploy the Azure Discovery and Assessment appliance.

After deploying and configuring the appliance, you will perform a discovery of your VMware workload. Then, the workloads will be assessed to determine the Azure resources that the on-prem workload can be migrated into, and the cost of running the workload in Azure will be estimated.

The next step is performing a dependency analysis.

Once all these tasks are completed, you’ll deploy an Azure Migration and modernization appliance, configure the appliance, run a test migration, and finally, migrate the VMware VMs to Azure.

The easiest way to remember the four steps is by using the acronym DADM:

Discovery, Assessment, Dependency analysis, and Migration.