Challenge 1: Organize your team and Backup On-Premises servers
Your challenge is to begin the initial planning for the migration of Contoso Mortgage's application to Azure. Remember that while your initial focus is on a subset of servers and applications within the current datacenter, you are tasked with validating that the process you use throughout this journey can be used for future migrations. Do not forget to review and adapt your plan as you encounter new aspects and considerations with each subsequent challenge. During the first minutes, you will discuss with your team the distribution of workloads, determine the process, tools, and technologies you will use to execute your migration to Azure. Based on your knowledge of the current infrastructure and the target platform, your team must work through the customer requirements to choose how you will migrate your applications, how you will determine the cost of the new environment, and how you will minimize downtime for the users of the applications as migrations occur.
Once that is ready lets begin with the hacking.
Section 1 -Back up Windows machines with the Azure Backup MARS agent
Note: On this challenge you will only be executing the backup off the folder “c:\users” in one of the following servers: cmweb1, cmapp1 or cmdb1.
Create a Recovery Services vault
A Recovery Services vault stores all the backups and recovery points you create over time, and contains the backup policy applied to backed up machines. Create a vault as follows:
Sign in to the Azure portal using your Azure subscription.
Search for and select Recovery Services vaults.
On the Recovery Services vaults menu, click +Add.
For Name, enter a friendly name to identify the vault.
The name needs to be unique for the Azure subscription.
It can contain 2 to 50 characters.
It must start with a letter, and it can contain only letters, numbers, and hyphens.
Select the Azure subscription, resource group, and geographic region in which the vault should be created. Backup data is sent to the vault. Then click Create.
It can take a while for the vault to be created.
Monitor the status notifications in the upper-right area of the portal. If after several minutes you don't see the vault, click Refresh.
Download the MARS agent
Download the MARS agent for installation on machines you want to back up.
If you've already installed the agent on any machines, make sure you're running the latest version.
The latest version is available in the portal, or using a direct download
In the vault, under Getting Started, click Backup.
In Where is your workload running?, select On-premises. You should select this option even if you want to install the MARS agent on an Azure VM.
In What do you want to backup?, select Files and folders and/or System State. There are a number of other options available, but these are only supported if you're running a secondary backup server. Click Prepare Infrastructure.
On the Prepare infrastructure, under Install Recovery Services agent, download the MARS agent.
In the download pop-up menu, click Save. By default, the MARSagentinstaller.exe file is saved to your Downloads folder.
Now, check Already download or using the latest Recovery Services Agent, and then download the vault credentials.
Click Save. The file is downloaded to your Download folder. You can't open the vault credentials file.
Install and register the agent
Run the MARSagentinstaller.exe file on machines you want to back up.
In the MARS Agent Setup Wizard > Installation Settings, specify where you want to install the agent, and a location to use for the cache. Then click Next.
Azure Backup uses the cache to store data snapshots before sending them to Azure.
The cache location should have free space equal to at least 5% of the size of the data you'll back up.
In Proxy Configuration, specify how the agent running on the Windows machine will connect to the internet. Then click Next.
If you're using a custom proxy specify the proxy settings, and credentials if needed.
Remember that the agent needs access to these URLs.
In Installation review the prerequisites check, and click Install.
After the agent is installed, click Proceed to Registration.
In the Register Server Wizard > Vault Identification, browse and select the credentials file you downloaded. Then click Next.
In Encryption Setting, specify a passphrase that will be used to encrypt and decrypt backups for the machine.
Save the encryption passphrase in a secure location.
If you lose or forget the passphrase, Microsoft can't help recover the backup data. Save the file in a secure location. You need it to restore a backup.
Click Finish. The agent is now installed and your machine is registered to the vault. You're ready to configure and schedule your backup.
Create a backup policy
The backup policy specifies when to take snapshots of the data to create recovery points, and how long to retain recovery points.
You configure a backup policy using the MARS agent.
Azure Backup doesn't automatically take daylight savings time (DST) into account. This could cause some discrepancy between the actual time and scheduled backup time.
Create a policy as follows:
After downloading and registering the MARS agent, launch the agent console. You can find it by searching your machine for Microsoft Azure Backup.
In Actions, click Schedule Backup.
In the Schedule Backup Wizard > Getting started, click Next.
In Select Items to Back up, click Add Items.
In Select Items, select what you want to back up and click OK.
In Select Items to Back up page, click Next.
In Specify Back up Schedule page, specify when you want to take daily or weekly backups. Then click Next.
A recovery point is created when a backup is taken.
The number of recovery points created in your environment is dependent upon your backup schedule.
You can schedule daily backups, up to three times a day. For example, the screenshot shows two daily backups, one at midnight and one at 6:00 PM.
You can run weekly backups too. For example, the screenshot shows backups taken every alternate Sunday & Wednesday at 9:30 AM and 1:00 AM.
On the Select Retention Policy page, specify how you store historical copies of your data. Then click Next.
Retention settings specify which recovery points should be stored, and how long they should be stored for.
For example, when you set a daily retention setting, you indicate that at the time specified for the daily retention, the latest recovery point will be retained for the specified number of days. Or, as another example, you could specify a monthly retention policy to indicate that the recovery point created on the 30th of every month should be stored for 12 months.
Daily and weekly recovery point retention usually coincides with the backup schedule. Meaning that when the backup is triggered according to schedule, the recovery point created by the backup is stored for the duration indicated in the daily or weekly retention policy.
As an example, in the following screenshot:
Daily backups at midnight and 6:00 PM are kept for seven days.
Backups taken on a Saturday at midnight and 6:00 PM are kept for four weeks.
Backups taken on Saturday on the last week of the month at midnight and 6:00 PM are kept for 12 months.
Backups taken on a Saturday in the last week of March are kept for 10 years.
In Choose Initial Backup Type decide if you want to take the initial backup over the network or use offline backup (for more information on offline backup refer, see this article). To take the initial backup over the network, select Automatically over the network and click Next.
In Confirmation, review the information, and then click Finish.
After the wizard finishes creating the backup schedule, click Close.
You must create a policy on each machine where the agent is installed.
Challenge 2 – Assess and Migrate to Azure App Service and Azure SQL database
Section 1 – Application server migration
In this challenge we will be downloading the Migration Assistant and start your .NET and PHP app migration to Azure App Service. This local agent will perform a detailed assessment and then walks you through the migration process. The tool performs readiness checks as well as a general assessment of the web app’s configuration settings.
Once the application has received a successful assessment, the tool will walk you through the process of authenticating with your Azure subscription and then prompt you to provide details on the target account and App Service plan along with other configuration details for the newly migrated site.
The Migration Assistant tool will then move your site to the target App Service plan while also configuring Hybrid Connections, should that option be selected.
Download and Install the Azure Migration Assistance Tool
Note: This should not be installed on the cmhost server
1. In the Azure Virtual Machine where you have the applications go to the Azure Application Service migration website
2. Go to the Azure Migrate overview page https://appmigration.microsoft.com/, click on the Assess and migrate web apps button. This takes you to the Migrate to Azure App Service page
Note: On this page, you can choose to assess and migrate your web app by entering a public URL to the app, or by downloading and installing the Migration Assistant tool on your computer.
3. Click Download to download the Migration Assistant tool
4. Once the download is complete, install and run the tool
5. Open the Migration Assistant application
6. The tool will show you the websites that are running in iiS. Select the “Default Web Site” website and click Next.
The tool will initiate the assessment of the application to see if it can run in Azure and if anything needs to be changed. This will result in an Assessment Report in which you may encounter some errors:
Common errors are related to the version of HTML and the web.config file
Two well-known common errors related with the web.config files are:
7. Once the Assessment Report shows no errors that prevent the application from being migrated to Azure, click on Next.
8. Complete the steps to login into Azure in the following login page and enter the code that is shown in the Migration Assistant.
9. Once logged in, enter the details of the App Service that we are migrating the application to
Select a Resource Group associated to your user (Ex. estudiante5minihackcloudrg)
Fill in a Name for the App Service (Ex. cmweb1)
Pick a Region (East US)
Leave the Database option to “Set up hybrid connection to enable database connection”
Click Migrate
10. The migration will start. Once it is done, you'll see the Migration Results.
Note: On the step to “Setup Hybrid Connection Manager” we are going to select the option to Skip this step and install HCM setup on this server”.
Note: You will need to execute this steps on the frontdoor (cmweb1) and the backend(cmapp1).
Section 2 – Database Migration
Note: This should not be installed on the cmhost server
Create a project and add a tool
Set up a new Azure Migrate project in an Azure subscription, and add a tool.
An Azure Migrate project is used to store discovery, assessment, and migration metadata collected from the environment you're assessing or migrating.
In a project you can track discovered assets, and orchestrate assessment and migration.
In the Azure portal > All services, search for Azure Migrate.
Under Services, select Azure Migrate.
In Overview, click Assess and migrate databases.
In Discover, assess and migrate servers, click Add tools.
In Migrate project, select your Azure subscription, and select the resource group estudiante#minihackcloudrg.
In Project Details, specify the project name, and geography in which you want to create the project (United States).
Click Next, and add an assessment or migration tool.
Note
When you create a project you need to add at least one assessment or migration tool.
In Select assessment tool, add an assessment tool. If you don't need an assessment tool, select Skip adding an assessment tool for now > Next.
In Select migration tool, add a migration tool as required. If you don't need a migration tool right now, select Skip adding a migration tool for now > Next.
In Review + add tools, review the settings and click Add tools.
After creating the project you can select additional tools for assessment and migration of servers and workloads, databases, and web apps.
Create a single database
Create single database using the Azure portal.
Select Azure SQL in the left-hand menu of the Azure portal. If Azure SQL is not in the list, select All services, then type Azure SQL in the search box. (Optional) Select the star next to Azure SQL to favorite it and add it as an item in the left-hand navigation.
Select + Add to open the Select SQL deployment option page. You can view additional information about the different databases by selecting Show details on the Databases tile.
Select Create:
On the Basics tab, in the Project Details section, type or select the following values:
Subscription: Drop down and select the correct subscription, if it doesn't appear.
In the Database Details section, type or select the following values:
Database name: Enter contosomortgagedb.
Server: Select Create new, enter the following values and then select Select.
Server name: Type cmdb1; along with some numbers for uniqueness.
Server admin login: Type demouser.
Password: demo!pass123.
Location: East US.
Want to use SQL elastic pool: Select the No option.
Compute + storage: Keep the default settings.
Select the Networking tab.
Select the Private endpoint
Click + Add Private endpoint
Type the Name: azuresqlvnetcon
Select the virtual network named: Azurevnet
Select the subnet: Azure
Click on OK
Select the Additional settings tab.
In the Data source section, under Use existing data, select None.
Leave the rest of the values as default and select Review + Create at the bottom of the form.
Review the final settings and select Create.
On the SQL Database form, select Create to deploy and provision the resource group, server, and database.
Note: Repeat the process to create a second database named contosomortgageidentity on the same Azure SQL server .
Assess your on-premises database
Before you can migrate data from an on-premises SQL Server instance to a single database or pooled database in Azure SQL Database, you need to assess the SQL Server database for any blocking issues that might prevent migration. Using the Data Migration Assistant v3.3 or later, follow the steps described below to complete the on-premises database assessment.
Open the Data Migration Assistant, select the New (+) icon, and then select the Assessment project type.
Specify a project name, in the Source server type text box, select SQL Server, in the Target server type text box, select Azure SQL Database, and then select Create to create the project.
When you're assessing the source SQL Server database migrating to a single database or pooled database in Azure SQL Database, you can choose one or both of the following assessment report types:
Check database compatibility
Check feature parity
Both report types are selected by default.
In the Data Migration Assistant, on the Options screen, select Next.
On the Select sources screen, in the Connect to a server dialog box, provide the connection details to your SQL Server, and then select Connect.
Server name: cmdb1
Authentication type: SQL Server Authentication
SQL Authentication credentials: sa / demo!pass123
Remove the check mark on Encrypt connection
Add check mark on Trust server certificate
In the Add sources dialog box, select cmdb1, select Add, and then select Start Assessment (you are required to select the “SQL Server feature parity” and the “Compatibility issues” assessments to enable the Upload to Azure Migrate button).
Note: Make sure that both databases are selected under the
When the assessment is complete, the results display as shown in the following graphic:
Review the assessment results for migration blocking issues and feature parity issues by selecting the specific options.
Migrate the schema and data of databases
After you're comfortable with the assessment and satisfied that the selected database is a viable candidate for migration to a single database or pooled database in Azure SQL Database, use DMA to migrate the schema to Azure SQL Database.
Note: Before you create a migration project in Data Migration Assistant, be sure that you have already provisioned an Azure SQL database as mentioned in the prerequisites. For purposes of this minihack, the name of the Azure SQL Database is assumed to be cmdb1, but you can provide whatever name you wish.
To migrate the cmdb1 schema to a single database or pooled database Azure SQL Database, perform the following steps:
In the Data Migration Assistant, select the New (+) icon, and then under Project type, select Migration.
Specify a project name, in the Source server type text box, select SQL Server, and then in the Target server type text box, select Azure SQL Database.
Under Migration Scope, select Schema and data.
After performing the previous steps, the Data Migration Assistant interface should appear.
Select Create to create the project.
In the Data Migration Assistant, specify the source connection details for your SQL Server, select Connect, and then select the contosomortgagedb database.
Select Next, under Connect to target server, specify the target connection details for the Azure SQL Database, select Connect, and then select the contosomortgagedb database you had pre-provisioned in Azure SQL Database.
Select Next to advance to the Select objects screen, on which you can specify the schema objects in the contosomortgagedb database that need to be deployed to Azure SQL Database.
By default, all objects are selected.
Select Generate SQL script to create the SQL scripts, and then review the scripts for any errors.
Select Deploy schema to deploy the schema to Azure SQL Database, and then after the schema is deployed, check the target server for any anomalies.
Select Migrate Data, and click Start data migration. Wait for the migration to finish and review the results
Note: Repeat this step for the second database contosomortgageidentity and close the tool once you finish.
Section 3 – Update the connections to the database and web apps
View and Edit the deployed web.config with Kudu
1. Go to the Azure Portal and click on App Services
2. Open the App Service and go to “DEVELOPMENT TOOLS” -> “Advanced Tools” and click on the “Go ->” link.
3. On the console use the file explorer to navigate to the “site/wwwroot” folder
4. Scroll down and click the pencil icon next to the file, to open the file
5. Make the changes on the file and once you finish click on Save.
Note: You may need to go to your Azure SQL Database and get a copy of the connection string. When updating the connection string make sure that you add the database password.
Challenge 3 – Associate the application to an Azure Front Door
Create a Front Door for your application
Add a frontend host for Front Door
Create a Front Door configuration that directs user traffic based on lowest latency between the two backends.
On the top left-hand side of the screen, select Create a resource > Networking > Front Door > Create.
In the Create a Front Door, you start with adding the basic info and provide a subscription where you want the Front Door to be configured. Similarly, like any other Azure resource you also need to provide a ResourceGroup (estudiante#minihackcloudrg). conto
Once the basic info is filled in, the first step you need to define is the frontend host for the configuration. The result should be a valid domain name like myappfrontend.azurefd.net. This hostname needs to be globally unique but Front Door will take care of that validation.
Next, you need to configure your application backend(s) in a backend pool for Front Door to know where your application resides.
Click the '+' icon to add a backend pool and then specify a name for your backend pool, say myBackendPool.
Next, click on Add Backends to add your websites created earlier.
Select Target host type as 'App Service', select the subscription in which you created the web site and then choose the first web site from the Target host name, that is, myAppServicePlanEastUS.azurewebsites.net.
Leave the remaining fields as is for now and click Add'.
Repeat steps 2 to 4 to add the other website, that is, myAppServicePlanWestEurope.azurewebsites.net
You can optionally choose to update the Health Probes and Load Balancing settings for the backend pool, but the default values should also work. Click Add.
Add a routing rule
Lastly, click the '+' icon on Routing rules to configure a routing rule. This is needed to map your frontend host to the backend pool, which basically is configuring that if a request comes to myappfrontend.azurefd.net, then forward it to the backend pool myBackendPool. Click Add to add the routing rule for your Front Door. You should now be good to creating the Front Door and so click on Review and Create.
Warning: You must ensure that each of the frontend hosts in your Front Door has a routing rule with a default path ('/*') associated with it. That is, across all of your routing rules there must be at least one routing rule for each of your frontend hosts defined at the default path ('/*'). Failing to do so, may result in your end-user traffic not getting routed correctly.
View Front Door in action
Go to your Azure Front Door frontend host address and test the functionality.
Create a WAF policy (optional)
First, create a basic WAF policy with managed Default Rule Set (DRS) by using the portal.
On the top left-hand side of the screen, select Create a resource>search for WAF>select Web application firewall (Preview) > select Create.
In the Basics tab of the Create a WAF policy page, enter or select the following information, accept the defaults for the remaining settings, and then select Review + create:
Setting
Value
Subscription
Select your Front Door subscription name.
Resource group
Select your Front Door resource group name.
Policy name
Enter a unique name for your WAF policy.
In the Association tab of the Create a WAF policy page, select Add frontend host, enter the following settings, and then select Add:
Setting
Value
Front door
Select your Front Door profile name.
Frontend host
Select the name of your front door host, then select Add.
Note
If the frontend host is associated to a WAF policy, it is shown as grayed out. You must first remove the frontend host from the associated policy, and then re-associate the frontend host to a new WAF policy.
Select Review + create, then select Create.
Configure WAF rules (optional)
Change mode
When you create a WAF policy, by the default WAF policy is in Detection mode. In Detection mode, WAF does not block any requests, instead, requests matching the WAF rules are logged at WAF logs. To see WAF in action, you can change the mode settings from Detection to Prevention. In Prevention mode, requests that match rules that are defined in Default Rule Set (DRS) are blocked and logged at WAF logs.
Default Rule Set (DRS)
Azure-managed Default Rule Set is enabled by default. To disable an individual rule within a rule group, expand the rules within that rule group, select the check box in front of the rule number, and select Disable on the tab above. To change actions types for individual rules within the rule set, select the check box in front of the rule number, and then select the Change action tab above
Associate a WAF Policy (optional)
Create a Front Door configuration that directs user traffic based on lowest latency between the two backends.
On the top left-hand side of the screen, select Create a resource > Networking > Front Door > select you FrontDoor > click on Web Appliction firewall > select the Frontend
Click on Add policy
From the Policy dropdown select your policy and click on Add