How we migrated on-premise infrastructure of an enterprise customer to Azure
Azure Migration Scenario: Migrating On-Premise Infrastructure to Cloud
Scenario
We helped a client successfully complete an Azure migration by moving their on-premise infrastructure to the cloud. He also needs his remote staff laptops / Android / iOS devices to be managed vi Azure for Corporate Data security. The below was the current infrastructure of the of the client.
Before the migration, the client struggled with significant performance issues and security gaps in their existing infrastructure. The reliance on on-premise servers created challenges for scalability and data security, especially as the company expanded and remote work increased. These limitations made it difficult to support the growing demands of their business and workforce, necessitating a move to a more flexible and secure cloud environment.
- Two Hyper-V Hosts running 4 Virtual machines in total.
- One Physical server used to take backups of VMs via Veeam.
- Two office locations where about 300 devices in total connect to on-premise via VPN and join to on-prem Active Directory to access corporate data.
- Users used on-premise Exchange server for email activity.
Challenges
We needed to deploy a Infrastructure that not only manages the remote devices, but also needed to complete “lift and shift” all on-premises servers and dependencies to cloud as well as to provide corporate data security. The customer was looking for cloud-only model to manage his entire business.
One of the key challenges was ensuring the security of remote devices connecting to the cloud. The client needed a robust system to manage corporate-owned and BYOD devices, ensuring that all devices had the latest security patches and were in compliance with company policies. Azure’s cloud-based management tools, including Microsoft Intune, provided an ideal solution to manage the devices securely, streamlining the process of enforcing security policies across all devices, regardless of location.
Objectives
For Corporate Data security of remote devices connecting to Azure, we proposed Microsoft Intune. To migrate the on-premises Hyper-V Infrastructure we used Azure Migrate Tool where at the backend the ASR technology is used. And lastly, Azure backup was proposed as data backup solution.
Using Azure AD DS (Domain Services), we enabled the client’s migrated virtual machines to seamlessly integrate with their existing domain environment in the cloud. This allowed their teams to continue working without disruptions while benefiting from the enhanced security of Azure AD’s cloud-based identity management system.
Project Delivery
We deployed another VM at on premise and installed AD-Connect first to sync all user identities to Azure Active Directory. Then Azure AD domain services was deployed to domain join migrated on-premises VMs. The VMs were migrated using Azure Site Recovery or ASR. Azure Backup services were deployed to protect the VMs in Azure. The emails are migrated to Office 365 Plan using Bittitian Tool.
We also deployed Azure Intune service with Office 365 E5 Plan for the remote management of Windows 10 Laptop/ Desktop / Android and iOS Devices with defined device and application management policies. Azure VPN was deployed for the admin to remotely and securely manage the Azure Infrastructure. With Azure AD, the remote staff were present with Single Sign on (SSO) experience with their usual corporate applications such as Salesforce, Ring central for meetings, Office365 and others.
Result
We were able to move all on premises servers to Azure thus by eliminating all on-premise dependencies for the business to run. Then all Corporate owned devices (COD) or BYOD devices are able login using Microsoft Intune with Office365 Platform for a unified SSO experience, and thus ensuring data security for Corporate data.
Tools Used
- Azure Active Directory (AAD)
- Azure Active Directory Domain service (AAD DS)
- Single Sign-on (SSO)
- Site to Site VPN
- Point to Site VPN
- Microsoft Intune
- Office 365
- Azure Backup
- Azure Site Recovery (ASR)