MigratingLinuxToAzure-MSFT Book
MigratingLinuxToAzure-MSFT Book
MigratingLinuxToAzure-MSFT Book
Microsoft Azure
Rithin Skaria
Toni Willberg
BIRMINGHAM—MUMBAI
Migrating Linux to Microsoft Azure
Copyright © 2021 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of
the publisher, except in the case of brief quotations embedded in critical articles or
reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of
the information presented. However, the information contained in this book is sold
without warranty, either express or implied. Neither the author(s), nor Packt Publishing
or its dealers and distributors, will be held liable for any damages caused or alleged to
have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
Authors: Rithin Skaria, Toni Willberg
Technical Reviewers: Marin Nedea, Micha Wets
Managing Editors: Neha Pande, Mamta Yadav
Acquisitions Editors: Saby Dsilva, Ben Renow-Clarke
Production Editor: Deepak Chavan
Editorial Board: Vishal Bodwani, Edward Doxey, Ben Renow-Clarke, Arijit Sarkar, and
Dominic Shakeshaft
First Published: April 2021
Production Reference: 1280421
ISBN: 978-1-80107-172-7
Published by Packt Publishing Ltd.
Livery Place, 35 Livery Street
Birmingham, B3 2PB, UK.
Table of Contents
Preface i
Index 187
Preface
>
About
This section briefly introduces the authors and reviewers, the coverage of this book, the
technical skills you'll need to get started, and the hardware and software needed to complete all
of the topics.
ii | Preface
Currently, Toni holds the position of Head of Cloud Business Unit at Iglu, a managed
service provider company offering professional public cloud projects and services.
Connect with him on Twitter at @ToniWillberg.
Learning objectives
• Explore the terminology and technology of various Linux distributions
• Understand the technical support co-operation between Microsoft and
commercial Linux vendors
• Assess current workloads by using Azure Migrate
• Plan cloud governance and operations
• Execute a real migration project
• Manage projects, staffing, and customer engagement
Audience
This book is intended to benefit cloud architects, cloud solution providers, and any
stakeholders dealing with the migration of Linux workloads to Azure. Basic familiarity
with Microsoft Azure would be a plus.
iv | Preface
Approach
Migrating Linux to Microsoft Azure uses an ideal blend of theoretical explanations and
hands-on examples to help you prepare for real-world migration challenges faced by
businesses today.
Software requirements
We also recommend that you have the following software configuration in advance:
• Azure subscription
• Azure CLI
Conventions
Code words in the text, database names, folder names, filenames, and file extensions
are shown as follows.
"You can either download it in Linux using the wget command or download it to your
computer and transfer it to a Linux machine using SFTP/SCP."
Here's a sample block of code:
wget --content-disposition https://aka.ms/dependencyagentlinux -O
InstallDependencyAgent-Linux64.bin
sh InstallDependencyAgent-Linux64.bin
As Azure is evolving at a very rapid pace, it is possible that some of the views or features
you see in the Azure Portal are different from the screenshots seen in this book. We
have tried to make sure that the screenshots and all the technical facts in this book are
correct at the time of writing. We have provided links to the official documentation
throughout this book. If you're unsure, check the documentation for the latest usage
guidance.
Downloading resources
We also have other code bundles from our rich catalog of books and videos available at
https://github.com/PacktPublishing/. Check them out!
Linux: History and
1
future in the cloud
We will start off with a brief history of Linux and the events that led to its development.
Along with that, we will talk about some of the competitors of Linux and the use cases
for both Linux and these competitors. We will cover some of the key roles that Linux
servers play in IT infrastructure, touching on why the cloud is better for running these
workloads compared to on-premises solutions. As most organizations are going with a
cloud transformation strategy, the demand for virtual machines, containers, container
orchestration solutions, big data, and so on is increasing, and Microsoft Azure provides
a platform to run all these mission-critical workloads.
In order to understand the complexity of migrating Linux workloads to Azure, you need
to understand the history of IT, operating systems, Unix, Linux, and Windows, before
the cloud and virtualization. This chapter will provide some important background
information about Linux to enable those who are not very familiar with it to learn the
terminology.
The public cloud has many benefits over self-hosted environments. We will talk about
them, particularly covering how Azure is designed to support Linux workloads.
While we will briefly mention some typically difficult aspects of Linux systems, you will
also learn that Azure is evolving rapidly. Azure now has out-of-the-box features that
will make Linux sysadmins' lives much easier.
This chapter covers the following key topics:
• Brief history and evolution of Linux
• Use cases of Linux in IT infrastructure
• Challenges in on-premises infrastructure
• Cloud economics
• Advantages of migrating to Azure
• Simplifying the complexity associated with migration
Unix
The aforementioned shortcomings led to the development of a project called Unix,
which was started in the mid-1970s by a group of developers at Bell Laboratories. The
main intention of this project was to make a common software for all computers, rather
than having individual pieces of software for each computer. The project used the C
language instead of assembly language; it was indeed refined and uncomplicated.
The Unix operating system was widely adopted by government organizations,
universities, and schools. It existed for many systems, ranging from personal computers
all the way to supercomputers. Though the advent of Unix resolved some issues, it
hadn't dealt with the pricing problem; these systems were still expensive.
During the early 1980s, organizations began developing their own versions of Unix.
As a result of the multiple development branches, we ended up with lots of different
versions, or dialects. Every developer and organization wanted to create a free Unix-
like operating system and, in 1983 at MIT, Richard Stallman developed the GNU project.
The goal of this project was to create a free operating system (in the sense of licensing,
and not necessarily cost). This project didn't gain much popularity, as expected;
nevertheless, GNU tools were adopted by Linux when it came into existence.
Linux
In 1991, Linus Torvalds developed Linux as a freely distributable Unix while he was
a student at the University of Helsinki, Finland. Linus was motivated by Andrew
Tanenbaum's Minix operating system, which was another free Unix for PCs. Linus
wanted to author a freely available academic version of Unix that could run on Intel
386-based PCs for Minix users who wanted to get more out of their computers. The
project was initially named "Freax," a fun project that ended up as one of the biggest
revolutions in the history of computers with the name "Linux." On a public forum (comp.
os.minix) during the initial days of Linux, Linus referred to his work as "a better Minix
than Minix." Quoting his own words:
4 | Linux: History and future in the cloud
"After that it was plain sailing: hairy coding still, but I had some devices, and debugging
was easier. I started using C at this stage, and it certainly speeds up development. This
is also when I start to get serious about my megalomaniac ideas to make "a better Minix
than Minix." I was hoping I'd be able to recompile gcc under Linux some day...
"Two months for basic setup, but then only slightly longer until I had a disk driver
(seriously buggy, but it happened to work on my machine) and a small filesystem. That was
about when I made 0.01 available [around late August of 1991]: it wasn't pretty, it had no
floppy drive, and it couldn't do much of anything. I don't think anybody ever compiled that
version. But by then I was hooked, and didn't want to stop until I could chuck out Minix."
If only he had guessed how widely adopted Linux would be 30 years on.
Workstations
There is a large subset of consumers who prefer to use Linux as a daily commuter on
their personal computers. This area was mainly monopolized by Windows and macOS,
but things changed a lot when Linux came to the stage. Traditionally, Linux was an
all-time favorite for coders and programmers, providing more customization options
for the general consumer than Windows or macOS. For this reason, Linux became the
preferred option for millions of people across the globe:
Currently, we have flavors such as Ubuntu, Fedora Workstation, Linux Mint, Elementary
OS, CentOS, and Arch Linux. Figure 1.1 shows how the Graphical User Interface (GUI)
appears in different workstation distros.
Typical Linux use cases in IT infrastructure | 7
Application servers
An application server is computer software that is bundled together to facilitate
business logic. If we take a three-tier application, the application server is the
component that comprises the GUI, the business logic, and the database server. The
majority of application servers support the Java platform, some examples being JBoss,
Jetty, JOnAS, Apache Geronimo, and Glassfish:
Figure 1.2: Coupling of application servers with other services to provide end-to-end solutions
8 | Linux: History and future in the cloud
In Figure 1.2, you can see how the application servers are coupled with other services,
including the front-end and back-end services. An application server handles
connections between the user requests that originate from the front-end and back-end
services, such as databases and other logic.
Database servers
Linux has been the home of databases for a very long time now. We can install relational
and non-relational databases on Linux as per our data requirements. The term database
server refers to the combination of a database application and memory allocated for
data storage. These databases can be used to record transactions in a similar way to
how SQL Server works on Microsoft Windows:
Figure 1.3: Two-tier application model with databases behind a load balancer
Some commonly used database services include MariaDB, PostgreSQL, MySQL, and
MongoDB. In most scenarios, the databases hosted in Linux servers are kept behind a
load balancing solution to provide high availability. Figure 1.3 is an example of this.
Virtualization
The purpose of virtualization is to create virtual machines using specialized software
called hypervisors. Most of you might be familiar with the term virtual machines
(VMs), as this is quite common in on-premises environments as well as in the cloud.
The purpose of making Linux a virtualization host is the same as installing a Windows
Server instance with the Hyper-V role. VMs are often created for the isolation of
workloads and for testing purposes. Popular Linux virtualization solutions include KVM,
RHEV, Xen, QEMU, VirtualBox, and VMware:
Typical Linux use cases in IT infrastructure | 9
As shown in Figure 1.4, the hypervisor is installed on the hardware and different VMs are
created using hypervisors. Each of these VMs is isolated from the operating system and
can host different applications.
Containers
We just discussed VMs and their creation using hypervisors installed on our Linux
servers. The footprint of these servers will be large and will often contain some
stock libraries and binaries that we do not require. This leads to a waste of compute
resources; with all VMs being deployed, your host capacity will soon be exhausted. With
the introduction of containers, things have changed, and we don't need to deploy the
entire VM to host a dedicated service.
A container is just a software package that contains the code, binaries, and libraries
required for a specific task. For example, to run a web server, we could deploy a VM
and install NGINX on it. The resource consumption for the VM would be high and
encompass a lot of services that we do not need. We could instead use containers, so
the image would only have code to run the NGINX server, and nothing else. This would
mean a lightweight image and quick deployment.
10 | Linux: History and future in the cloud
In the case of VMs, we were using hypervisors to run them; in the case of containers,
we use container runtime engines. A comparison of the two is shown in Figure 1.5. Some
common examples include Docker (which is the most used), Runc, Rkt (which is no
longer in development), and Mesos:
Currently, we have container images available for each and every service, including
NGINX, MySQL, and Apache. All major software packages have been ported.
Typical Linux use cases in IT infrastructure | 11
Cloud computing
Linux can be used to host cloud operating system solutions such as OpenStack. We
can install OpenStack on our Linux server to host a cloud environment (both private
and public) to manage large pools of underlying resources including compute, storage,
and network. Think of this as the Azure Stack, where you can run Azure in your own
datacenter. In a similar way, you can host a cloud environment in your datacenter for
your users to deploy services using OpenStack, which is running on Linux:
OpenStack exposes a lot of APIs using which users can track, manage, and monitor
their deployment. Figure 1.6 displays the basic architecture of how OpenStack runs on
top of Linux to serve as a platform for deployments.
12 | Linux: History and future in the cloud
Container orchestration
With the introduction of containers, many organizations are moving from a monolithic
architecture to a microservice architecture. As the number of containers increases,
it's not easy to manage them on a large scale. That is where container orchestration
tools such as Kubernetes come into the picture. We can install the Kubernetes service
on a Linux machine and add Linux and Windows worker nodes to it. The master will
be running on a Linux server and this will act as a management plane for the cluster.
Figure 1.7 shows a high-level representation of how Linux nodes are added to the
Kubernetes master. In a similar fashion, we can also create a pool of Windows nodes
and add it to the Kubernetes cluster:
Big data
We started with simple examples and have expanded our horizons all the way to
complex scenarios, such as big data on Linux. You can install tools such as Apache
Hadoop on Linux and then perform big data analysis. We don't really see this scenario
in every organization due to varying availability and support for managed cloud services
such as Azure Synapse Analytics or Azure HDInsight. Nevertheless, if you would like to
implement big data analytics on Linux, it's possible. Figure 1.8 shows the extensive list
of tools that are used by data scientists and big data analysts, and all of these can be
installed on Linux:
As mentioned earlier, using Linux for big data analytics is a seldom seen scenario,
however, some customers to prefer to install certain analytics tools like Splunk on
Linux.
In this section, we've talked about some common scenarios, but this doesn't mean that
the use cases are confined to these only. With the introduction of new technologies
almost daily, the potential use cases will keep on expanding. We explored these
particular ones to demonstrate that Linux can handle wide-ranging scenarios, from
basic functionality such as workstations all the way to container orchestration and big
data.
Even though on-premises infrastructure can also support all these scenarios, there are
some disadvantages to this approach. This is the driving force behind the cloud journey
of each and every organization. Let's see what these challenges are and how the cloud
mitigates them.
14 | Linux: History and future in the cloud
These are some of the main reasons why it can be challenging to work on-premises.
With the introduction of the cloud, organizations can focus more on achieving business
goals rather than wasting time on racking and stacking, software patching, and other
time-consuming IT management chores.
In the next section, we'll cover cloud economics, where we'll take a deep dive into the
advantages of the cloud and how both the aforementioned and other unmentioned
challenges can be resolved.
Cloud economics
Owning a datacenter is not a core business of typical companies. While it might be
tempting for the IT department to own physical servers that they can set up and
physically interact with themselves, it probably is not something your Chief Financial
Officer (CFO) wants to do. Owning servers not only shows up in the balance sheets as
capital expenses, but the costs of the facilities, electricity, insurance, and so on also add
up in terms of total operational costs. If you ask any IT manager how much it costs to
buy, set up, operate, and dispose of the infrastructure needed to host one application
for a year on their own datacenter, they most probably won't know or even dare to
guess.
Outsourcing your infrastructure to a hosting provider sounds like a good idea after
you realize how expensive it is to operate a datacenter yourself. A multi-customer
datacenter is certainly more cost-effective compared to a single-customer datacenter.
Adding scale makes it easier to save costs by sharing parts of the infrastructure
between all or many customers. At the end of 2020, there were thousands or tens of
thousands of professionally run, shared hosting datacenters around the world—how do
we know which one to choose and which will be out of business next year?
The size and the complexity of business software have increased, together with the
amount of data collected and processed by applications. This creates more and more
demand for compute power and storage, which naturally increases the infrastructure
costs. Constantly increasing the cost of the hosted environment is not something your
CFO will tolerate over an extended period.
16 | Linux: History and future in the cloud
From the user's point of view, these solutions are just "there" and can be used without
much initial effort. The same applies to typical business solutions such as Salesforce
CRM or Microsoft 365. You cannot install these yourself even if you wanted; they
always come as a turnkey service and you do not have any visibility into the underlying
infrastructure.
Platform as a Service (PaaS) solutions differ from SaaS in a couple of ways; they need
some kind of installation work and an infrastructure where they can be installed. While
the installation is automatic, you may need to manage some parts of the infrastructure
yourself. Examples of such services include Azure Kubernetes Service (AKS) and Azure
Red Hat OpenShift (ARO).
In the context of migrating Linux servers to Azure, we are focusing on Infrastructure
as a Service (IaaS), which means that you only get the lower-level infrastructure
components as a service. Everything else is your own responsibility, including
configuring the storage and network and operating the operating system yourself.
This type of cloud service is similar to typical VM-hosting services offered by hosting
companies.
Note
Linux has rapidly gained popularity in Azure. In 2015, Mark Russinovich, the CTO
of Azure, said that one in four VM instances in Azure runs Linux. In 2018, Microsoft
Cloud EVP Scott Guthrie revealed in an interview by ZDnet that about half of Azure
VMs run Linux.
(https://www.zdnet.com/article/mark-russinovich-the-microsoft-azure-cloud-and-
open-source/ and https://www.zdnet.com/article/linux-now-dominates-azure/)
18 | Linux: History and future in the cloud
At the time of writing in 2021, Microsoft has already become well known for its love of
Linux and open source. Microsoft is supporting many open-source projects, initiatives,
and foundations, such as the Linux Foundation. According to their website (https://
opensource.microsoft.com/program/), Microsoft already uses over 150,000 open-
source components while building their products and services.
Today, more and more customers are migrating their existing workloads to Azure.
As mentioned earlier, many of these workloads are Linux-based. To facilitate these
migrations, Microsoft has developed many tools and services with Linux users in mind.
We will cover these in more detail later in this book.
Microsoft has partnered with all the major Linux vendors to help their customers move
workloads to Azure. These partnerships have the aim of developing new features and
ensuring that existing features are better integrated, not to forget providing monetary
benefits in the shape of the ability to continue to use existing commercial on-premises
contracts in Azure.
Enterprise Linux companies such as Red Hat and SUSE are very popular in the world
of on-premises IT infrastructure, and they have both worked with Microsoft to create
unified global support services to ensure that their customers can migrate to Azure
without hassle.
Community Linux distributions such as CentOS and Ubuntu are very popular in Azure,
and there are many companies offering commercial Linux support, including Canonical,
with its Ubuntu Pro offering.
Azure Marketplace has over 2,000 Linux VM-based images at the time of writing
compared to about 800 Windows-based images. Linux is clearly dominating the
marketplace. Out of those images, only 14 are from Microsoft; the rest are created and
published by third-party ISV companies. For example, if you want to install WordPress
on a Linux VM, you need to install Apache, PHP, and MySQL as the database. On the
other hand, if you're using a Marketplace image, you'll be able to find customized
WordPress images. These images can easily be deployed right from the Marketplace
to your Azure subscription without the need to manually install the Apache, PHP, and
MySQL services.
You can find Azure Marketplace here: https://azuremarketplace.microsoft.com/
marketplace/. The Marketplace images are also available via Azure command-line
interfaces. The number of images is increasing as we speak, and it is also possible
to publish your own images to Azure Marketplace and make them available to large
numbers of customers.
We will begin our discussion by talking about clustering, which is a scenario where
there are a lot of gray areas.
Clustering
In plain English, the word "cluster" means group, flock, or assemble. When we say
clustering in the IT world, we are expressing the idea of a group of computers (in this
context, Linux computers), multiple storage components, and redundant network
connections acting together to form a highly available system. Clustering avoids a single
point of failure and also provides load balancing along with high availability. Clustering
may look complex at first glance as we have to manage multiple computing resources,
but this section is all about demystifying the complexity of clustering.
Typical Linux clustering scenarios can be categorized into four types:
• Storage
• High availability
• Load balancing
• High performance
Each of these is implemented with different software and requires its own architecture
and configuration. In the next few sections, we will see how Azure addresses each of
these four scenarios.
20 | Linux: History and future in the cloud
Azure Files can be used as a complete replacement for the file server role that we had
on our on-premises servers. Since we have the capability to attach to our on-premises
server, we can also use Azure Files to move data from on-premises servers to cloud
servers with the same file share mounted on both ends. The related documentation
is available here: https://docs.microsoft.com/azure/storage/files/storage-files-
introduction.
An additional solution for a shared NFS filesystem is called Azure NetApp Files (ANF).
This is an enterprise-class high-performance file system service. NetApp is a very
popular storage solution typically used in on-premises systems, and it is also now
available on Azure. You can read more about the solution here: https://docs.microsoft.
com/azure/azure-netapp-files.
ANF supports various performance tiers for storage, depending on your application's
IOPS requirement. As this is deeply integrated with the Azure platform, it can be used
as a shared file solution for your clustered solutions. Additionally, ANF carries leading
industry certifications, which makes it ideal for SAP HANA LOB applications, HPFS, VDI,
and HPC. Note that the minimum storage capacity size for ANF is currently 4 TB.
Similarly, we have UDs where the VMs are grouped in a way where the underlying
hardware can be rebooted at the same time. When a planned maintenance event
happens in an Azure datacenter, only one UD gets rebooted at a time. By default, if you
deploy to an availability set, the VMs will be distributed across five FDs. However, if you
so wish, you can increase this to up to 20 UDs. Figure 1.9 shows how UDs and FDs are
mapped in a datacenter:
Availability sets enable you to deploy VMs on Azure in a distributed manner across
isolated hardware clusters. A useful tutorial for this feature is available here: https://
docs.microsoft.com/azure/virtual-machines/linux/tutorial-availability-sets.
The proximity placement groups feature enables you to keep selected VMs near to
one another in terms of distance within an availability set. This reduces network
latency, which could impact your applications. See more information about this feature
here: https://docs.microsoft.com/azure/virtual-machines/co-location#proximity-
placement-groups.
Pacemaker, the software used for clustering on typical on-premises setups, is not
often required on Azure. Some legacy solutions ported to Azure, however, are based on
Pacemaker and DRBD, for example, the certified SAP on Azure architecture.
The journey from Linux to Azure | 23
Subscription portability
Very often, the biggest challenge with Azure migrations for Linux is surprisingly not
technical. Let's stop here for a moment and think about your Linux licensing and
subscriptions, especially if you are using a commercial Linux distribution such as Red
Hat Enterprise Linux or SUSE Linux Enterprise Server.
Do you know whether you have simply lifted and shifted your existing VM to the public
cloud? Do you need to discuss with your IT procurement or a lawyer the contract terms
of Red Hat or SUSE? The correct answer to any question you may have in your mind
right now is: Yes, but check with your IT procurement first.
24 | Linux: History and future in the cloud
Both Red Hat and SUSE allow customers to move their existing enterprise subscriptions
to the public cloud, but there are a couple of steps you'll need to take in order to be
compliant and to continue to receive support directly from them. In Azure, the Linux
VMs created using these migrated subscriptions are Bring Your Own Subscription
(BYOS). Red Hat calls the related program Red Hat Cloud Access, and SUSE's program
is called SUSE Public Cloud Program.
Please note that migrating your existing Linux subscriptions to Azure means that you
will continue to have a billing relationship with Red Hat or SUSE for VMs utilizing these
subscriptions. You can create new Linux VMs on Azure using Microsoft's Pay as You Go
(PAYG) billing.
Finally, it's useful to learn about Azure Hybrid Benefit, which allows you to change
between BYOS and PAYG. This feature is under active development and, at the time of
writing, supports only VMs migrated from on-premises to Azure. See more details in
the documentation here: https://docs.microsoft.com/azure/virtual-machines/linux/
azure-hybrid-benefit-linux.
If you are using community distributions such as CentOS and Ubuntu, none of the
preceding should matter to you as those distributions are completely free to use, but at
least you learned something new today.
Summary
This chapter started with the history of Linux. The leap that Linux took from being
a fun project to being an enterprise-grade operating system was astonishing. Today,
Linux is everywhere, from high-end servers to smartphones to smart bulbs. Due to
the freedom of customization, there are a lot of variants of Linux, referred to as flavors
or distros; there is a distro available for each and every use case. If none of the distros
matches your exact requirements and you want to add more features, feel free to
customize and build your own Linux. We explored some use case scenarios for Linux
and looked at some of the challenges that traditional IT is facing with infrastructure
management in on-premises environments.
Every organization runs by numbers. In the Cloud economics section, we examined
how running workloads in the cloud can draw profit if we make a CapEx versus
OpEx comparison. The upper hand of the cloud not only comes from cost reduction;
it's a solution for all the challenges we encountered in on-premises environments.
We discussed several advantages, including fault tolerance, high availability, agility,
elasticity, and scaling.
Summary | 25
The final section of this chapter is Linux on Azure, and it starts with a discussion of
the Microsoft-endorsed distributions and the scope of support provided by Microsoft.
The support is shared between Microsoft and the Linux vendor. We will also cover the
licensing models in Azure for Linux virtual machines and what the potential savings for
the customer are with each model. We will conclude this chapter with a demonstration
using the Azure CLI to find details on VM images; this is useful if you want to see a list
of available images on Azure.
This chapter will cover the following topics:
• Linux licensing and open-source business models
• Popular Linux distributions
• Linux on Azure: benefits, licensing models, support
By the end of this chapter, you will have learned the necessary tips and tricks for
moving Linux subscriptions to the cloud. Let's start our discussion by exploring Linux
licenses.
Open-source licenses
How do you make money from something that is free? To answer that, we must look
back and see what it means when we say something is open source.
Linux distributions and the Linux kernel are open source, but at the same time, they are
covered by copyright laws. To make things very complicated, there are numerous open-
source licenses covering different parts of a Linux distribution. Some components may
be covered by a GNU General Public License (GPL), some by an Apache License (APL),
and some by an MIT license. To make this even more complex, it is important to realize
that there may be multiple versions of the same license and that they may not all be
compatible with each other or with any other license whatsoever.
At this point, it is enough to understand that all Linux distributions are covered by an
open-source license. This means you have the right to download the source code of all
the software included in a Linux distribution. What you can do with the source code
is out of the scope of this book, since we are not creating our own Linux distributions.
In this book, we do not have to go into the details of various open-source licenses and
copyright laws.
Linux licensing and open-source business models | 29
Enterprise agreements
When talking about commercial open source, and specifically commercial Linux
distributions, the term enterprise agreement is something you will need to familiarize
yourself with before thinking about moving your Linux servers to Azure. We might
often skip reading the terms and conditions of such agreements before accepting them
with a simple click of a mouse, but it's important to read them.
An enterprise agreement for commercial Linux vendors typically states that you agree
to pay to use their software according to their latest price lists and to follow the rules
of where and how you can use the software. It also says many other things, but since
this is not a software procurement book, we will not go into those details. However, it
might make sense for you to have a conversation with your software purchasing team
to check if they know the contract details.
Linux subscriptions
What proprietary software vendors call "licenses" can be loosely referred to as
"subscriptions" in the Linux world. Technically these are, of course, two different things,
but in a typical sales conversation, you may hear someone talk about Linux licenses—
and as we learned earlier, those are not the licenses you are looking for.
Subscription practically means the right to download, use, and update a commercial
Linux distribution. It very often also comes with a technical support service with
varying service level agreements. In order to subscribe to such a service, you will need
to sign a contract with a commercial Linux vendor on behalf of your employer. This
contract is usually referred to as an enterprise agreement, and it typically comes with
some additional obligations. One of these obligations is to follow the rules of the service
subscription agreement.
For example, the subscription rules for Red Hat Enterprise Linux state that you may
only use the software on your own infrastructure. Practically, this also includes hosted
environments, which are considered rented infrastructure. Public clouds are not
considered as your own infrastructure and you will need to inform Red Hat if you want
to move your Linux servers to the public cloud.
SUSE has very similar subscription rules. As mentioned, it is a very good idea to check
the contracts with your software purchasing department to ensure that you are
following the rules.
With Ubuntu, the concept of subscriptions is a bit different; you do not need a
subscription to use it at all. In this case, the subscription refers to a professional
support service contract from Canonical, the company behind Ubuntu. In addition to
the free Ubuntu Linux, Canonical also offers Ubuntu Pro, their commercial Ubuntu
image on Azure.
30 | Understanding Linux distributions
Figure 2.1 illustrates the differences between licenses, subscriptions, and support
contracts of commercial and community Linux distributions:
Enough of licenses and subscriptions. Let's take a look at the actual Linux distributions.
The complete acquisition list consists of more than 30 companies that most of you have
probably not heard of, since the brands have been merged with Red Hat's other product
lines. Red Hat Enterprise Linux (RHEL) is a very popular platform nowadays, especially
for Java middleware JBoss products, as is the commercial Kubernetes packaging,
OpenShift, since both are published by Red Hat as well.
SUSE was founded a year before Red Hat, in 1992, and became the first company to
market Linux to enterprise customers. Rolard Dyroff, Burchard Steinbild, Hubert
Mantel, and Thomas Fehr first named the company Gesellschaft für Software und
Systementwicklung mbH and used the acronym SuSE, which came from the German
phrase Software- und System-Entwicklung, meaning software and systems development.
The first version of their product was an extension of the then-popular Slackware Linux
distribution. In 1996, they released their first Linux distribution, based on the already-
forgotten Linux distribution Jurix, and deviated from Slackware.
Over the years, SUSE has been acquired and changed names several times, most
notably by Novell in 2003 and EQT Partners in 2018. SUSE itself acquired Hewlett
Packard Enterprise's (HPE's) OpenStack and CloudFoundry assets in 2017, as well as
Rancher Labs—a company known for its Kubernetes management platform—in 2020.
Today, SUSE Linux Enterprise Server (SLES) is a very common platform for SAP system
deployments.
For non-commercial use, it seems like Ubuntu is the clear winner if you look at the
number of deployments. Ubuntu is based on Debian, once a very popular Linux
distribution for server workloads.
CentOS, being fully compatible with RHEL, is also popular since it's typically used by
RHEL professionals on their hobbyist projects and other work that doesn't have an
enterprise-level budget available.
Over the years, there have been many popular Linux distributions for desktop use, but
they have not gained popularity on server use cases. We will not be covering those in
the scope of this book since Linux on Azure usually refers to using server operating
systems.
In the next section, we will go into the details of using free and commercial Linux
distributions on Azure, with a particular focus on RHEL, SLES, and Ubuntu Pro.
However, most of the content is applicable to their free versions CentOS, openSUSE,
and Ubuntu as well.
32 | Understanding Linux distributions
Linux on Azure
In Chapter 1, Linux: History and future in the cloud, we mentioned that Microsoft came
up with the motto "Microsoft ♡ Linux." On Azure, Linux mainly refers to the different
Linux distributions that are supported on Azure. Microsoft Azure supports common
Linux server distros including RHEL, CentOS, Ubuntu, Debian, SLES, openSUSE, Oracle
Linux, and Flatcar Container Linux. You can find the up-to-date list and much more
about Linux on Azure at this landing page: https://azure.com/linux.
If the operating system that you are looking for is not on the list or you need to have
a customized or pre-configured image, feel free to visit Azure Marketplace where you
can browse through hundreds of images that may suit your requirements.
If the Azure Marketplace images do not meet your organization's standards or
requirements, you can create and upload your own images to Azure:
Figure 2.2 is a view of Azure Marketplace, showing some of the different types of
pre-configured images that are available.
Linux on Azure is very generic; the "on Azure" suffix can apply separately to each distro.
For example, you should take "Red Hat on Azure" to mean all the Red Hat products
that are supported on Azure. You might think RHEL is the only offering from Red Hat
that is available on Azure, but you can also find other products such as Azure Red Hat
OpenShift, Red Hat JBoss Enterprise Application Platform, Red Hat Gluster Storage,
Red Hat OpenShift Container Platform, Red Hat CloudForms, and Red Hat Ansible
Automation. You can see that all the major product lines of Red Hat are available on
Azure; this is a clear example of how large organizations promote their products to
Microsoft Azure. You will see similar approaches from other vendors, as in "SUSE
on Azure" and "Ubuntu on Azure," which stand for the products supported by the
respective vendors in Azure.
Note
Check out the product lines available on Azure for the following vendors:
• Red Hat product lines available on Azure: https://Azure.com/RedHat
• SUSE product lines available on Azure: https://Azure.com/SUSE
• Ubuntu on Azure: https://Azure.com/Ubuntu
Another option to get help with Azure design, architecture, and other technical
questions is to engage with Microsoft's sales and partner teams, namely the
Customer Success Unit (CSU) and One Commercial Partner (OCP). These teams are
able to assist named commercial customers and partners. It is good to remember
that these organizations are not replacements for Microsoft Support but are part of
Microsoft's Global Sales and Marketing organization. To get in touch with the technical
staff of the CSU and OCP teams, you should contact your named Microsoft account
manager.
A third and very popular option is to talk with the large network of Microsoft partners.
They are able to provide a broad range of advisory, consulting, implementation, and
operational assistance for Azure in general as well as Linux on Azure. Many of these
partners are also partnered with some of the Linux vendors mentioned in this chapter.
The easiest way to locate Microsoft partners is to use the Microsoft solution provider
search tool: https://www.microsoft.com/solution-providers/home.
Note
Along with the endorsed Linux distribution support, Microsoft also provides
production support for certain OSS technologies such as PHP, Java, Python,
Node.js, MySQL, Apache, Tomcat, and WordPress. This list is subject to change and
the technical support available may be very limited.
Now that we are familiar with the scope of Azure Technical Support, let's look at how
pricing works on Azure.
Licensing on Azure
In Azure, there are three licensing models: pay-as-you-go (PAYG), Azure Hybrid Benefit,
and prepay. We will look at how these models vary and what the benefits are, starting
with the PAYG model.
Linux on Azure | 37
Figure 2.3: Licensing cost for RHEL from the Azure Pricing Calculator
38 | Understanding Linux distributions
On the other hand, if we pick Ubuntu/CentOS, the license cost will not be there, as
shown in Figure 2.4:
To summarize, in PAYG, customers pay based on how long a VM runs. When the
VM is deallocated, the compute cores are not utilized, which means no charges
are incurred for compute cores or the license. This model is ideal for VMs that are
deployed for testing and will be running for a short period of time, but if you have VMs
running 24/7/365, this might not be the ideal model, as the license cost will keep on
accumulating based on hours used. In these cases, it is better to go with the Azure
Hybrid Benefit or prepay plans for potential savings.
Linux on Azure | 39
If you meet the prerequisites, the next step is to start using Azure Hybrid Benefit. Here
are the steps you need to follow:
1. Choose one of the active or unused RHEL subscriptions and enable it for use in
Azure. This is done from the Red Hat Cloud Access customer interface. Red Hat
customers will be able to access this by logging in to https://www.redhat.com/
technologies/cloud-computing/cloud-access. Only the subscriptions we enroll
here are eligible to use Azure Hybrid Benefit.
40 | Understanding Linux distributions
2. Linking the subscription was the primary step; we can specify that the VMs use
the RHEL subscription during the creation stage, or we can convert existing VMs.
3. During the creation of the VM, you can opt to use the existing RHEL subscription
as shown in Figure 2.5:
4. We can also convert existing VMs to Azure Hybrid Benefit without the need to
redeploy. This can be achieved from the Configuration pane of the VM as shown
in Figure 2.6:
Once this process is complete, in your Azure usage, you will see that the cost for the
VM has dropped significantly. The process of attaching the RHEL subscription to Azure
VMs can be done from the CLI and ARM templates as well if you would like to do this
programmatically.
As mentioned earlier, customers have the freedom to switch back to a PAYG model
whenever their RHEL subscriptions expire. Conversion back to the PAYG model is also
done via the Configuration pane of the VM.
For SUSE customers, the process of attaching is pretty much the same; however,
registration for using SUSE subscriptions is done via the SUSE Public Cloud program.
42 | Understanding Linux distributions
This model is ideal for customers who have active or unused RHEL or SUSE
subscriptions that they purchased from the respective vendors and who would like to
utilize these in the cloud for potential savings over the PAYG model.
In this model, we were using the subscription that we purchased from Red Hat or SUSE
and attaching it to use with our Azure subscription. However, in the prepay model,
which we are going to cover next, we will be purchasing Red Hat or SUSE software
plans directly from Microsoft.
Figure 2.7: Calculating a software plan cost from the Azure Pricing Calculator
Linux on Azure | 43
In this model, customers can buy software plans directly from Microsoft for a term of
1 year and they can also renew if required by term-end. One catch here is that the plan
amount should be paid upfront. In Figure 2.7, you can see that this has been mentioned
in the cost; the moment a customer purchases a software plan from Azure, that charge
will be added to the next invoice as an upfront cost for the next year.
Another key point to keep in mind here is that cancellation or exchange of these plans
is not allowed. This means you should be buying the right plan for your workload. For
example, if your product is SLES Priority for 2-4 vCPUs, you should purchase SLES
Priority for 2-4 vCPUs. If you were to purchase SLES for HPC 1-2 vCPUs instead of SLES
Priority for 2-4 vCPUs by mistake, then you would not get the benefit and you would
not be able to return or exchange this plan. A piece of advice here is to understand your
workload and buy accordingly.
The software plan can be purchased from the Reservations pane in Azure, the very
same place where we purchase reserved instances for Azure VMs, databases, and so on.
The benefit will be applied automatically to the matching workload and no mapping is
required.
For instance, if you have three SLES Priority instances, each with 4 vCPUs, then the
right plan for you is SLES Priority for 2-4 vCPUs. Depending on the quantity you
purchase, the discount is applied automatically to the instances. Assume that we
purchased two SLES Priority for 2-4 vCPU plans; then, two out of three VMs will get
the benefit and the remaining one will remain in the PAYG model. If you need the third
one's cost also covered by the plan, then you need to buy another plan of the same kind.
This new plan will automatically attach to the remaining VM.
Like Azure reserved instances, the software plans are a "use it or lose it" benefit. This
means that if you deallocate all your VMs and the plan is not able to find a suitable VM
to attach to, the benefit will be in vain. You cannot carry forward the unused hours.
Note
You can avoid losing the benefit in the case of a migration by opening a billing
support case on the Azure portal.
44 | Understanding Linux distributions
You should always do proper planning for your workloads before buying software
plans to ensure that the most cost-effective plan is selected. Reiterating some of the
considerations that we should be keeping in mind:
1. The plan is ideal for 24/7/365 workloads; other servers need a billing support
change request. If the plan is not able to discover the appropriate SKU, the
utilization of the plan will be zero and you will lose a benefit.
2. No return or exchange is possible. Buy the right plan based on the product and
vCores your VM has; buying the wrong plan or the wrong number of CPUs will
result in a loss of money.
3. For SUSE plans, only certain SLES versions are supported. Make sure you check
the version you are running using the cat/etc/os-release command and
match with the documentation available here: https://docs.microsoft.com/
azure/cost-management-billing/reservations/understand-suse-reservation-
charges#discount-applies-to-different-vm-sizes-for-suse-plans.
4. The plan's costs are upfront and will appear on your next invoice.
In the next section, we will conclude the licensing part of the chapter with a helpful
comparison of these licensing models and their benefits.
If we plot these values on a graph and calculate the savings percentage for a year, we
will get a graph like the one shown in Figure 2.8:
The value may look small, but this is only for a single VM; in an enterprise environment
where there will be thousands of VMs, the potential savings are very high.
Each model has its own use case scenarios:
• PAYG is ideal for testing or development where you are not planning to keep the
VM running 24/7.
• Azure Hybrid Benefit is appropriate if you have license subscriptions from Red
Hat or SUSE and would like to use them in the cloud.
• Prepay software plans are perfect for customers who do not have RHEL or
SUSE subscriptions and would like to get some discounts on the software cost.
However, this is a long-term commitment with Microsoft.
Using Azure Reserved Instances, customers can also get a discount on the compute
cost. In short, if you combine Azure Hybrid Benefit or a prepay software plan with
Azure Reserved Instances, the overall savings percentage will be boosted to 50-70%.
You can read more about Azure Reserved Instances for VMs here: https://docs.
microsoft.com/azure/cost-management-billing/reservations/save-compute-costs-
reservations. As this is not a licensing model, but more of a cost optimization technique,
we will not cover this topic in this chapter. However, when we discuss assessment and
migration in Chapter 3, Assessment and migration planning, we will discuss how to
optimize cloud costs.
46 | Understanding Linux distributions
Now that we are familiar with the licensing models, let's see how we can use the Azure
command-line interface (CLI) to find the versions of available distros.
Available distros
In the introduction of the Linux on Azure section, we saw that Microsoft Azure supports
common Linux distros such as Red Hat, Ubuntu, SUSE, CentOS, Debian, Oracle
Linux, and CoreOS. We also saw how we can make use of Azure Marketplace to find
the appropriate image as per our organization's requirements. Table 2.2 displays the
endorsed distros and the vendors/publishers who are providing these images:
Though generic version numbers are given in the preceding table, it is very easy to find
the image name and version from a publisher using the Azure CLI. In order to use the
Azure CLI, we need to install it on our workstation. The Azure CLI can be installed on
Linux, Mac, or Windows systems. If you are using the Cloud Shell in the Azure portal, by
default the Azure CLI is installed for you.
Assuming that we are using a local computer (an Ubuntu computer, for example), we
need to install the Azure CLI. You can find the specific installation steps depending on
your operating system here: https://docs.microsoft.com/cli/azure/install-azure-cli.
For simplicity of demonstration, we will install the Azure CLI on an Ubuntu instance:
Linux on Azure | 47
1. Microsoft has developed a script to run the installation in a single shot, which
makes it convenient for beginners to ramp up quickly. If you prefer to perform
this step by step, the Microsoft documentation has instructions for that as well.
For Ubuntu, the installation can be done using the following command:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
The output is shown in Figure 2.9:
2. The next step is to log in to our account from the Azure CLI in order to connect
our Azure account to the Azure CLI. This can be accomplished by running the
az login command. The console will prompt you to open a browser window and
provide a code to complete the authentication process, as shown in Figure 2.10:
3. In a browser window, you must enter the code shown in the terminal (as shown
in Figure 2.10) and sign in using your credentials. Once signed in, the terminal
will show all the subscriptions you have access to, as seen in Figure 2.11. If you do
not want to authenticate using the code, you can log in using a service principal
where you will be using the client ID and client secret as the username and
password, respectively. Also, you can use Managed Identity if required:
Now we will see how we can get information on the available VM images. The
primary command used here is az vm image.
Linux on Azure | 49
4. To list the images (offline) for the VMs/VMSSs that are available on Azure
Marketplace, you can use az vm image list. The response will be in JSON
and we can format it to a table by appending the -o table parameter to the
command. This will list offline cached images as shown in Figure 2.12:
To update the list and display all images, you can append the –all parameter to
the command and call the command again.
The preceding command may take a minute or two to refresh the list of all
available images. Usually, when we query the image list, it is recommended to use
the publisher or SKU or offer parameters, so that the search is limited to a set of
images and the results can be retrieved very easily.
In the next steps, we will be seeing how we can find the publisher, offer, or SKU
for an image and use it in our az vm image list to narrow down the search.
50 | Understanding Linux distributions
5. In order to find the list of all publishers, we can use the az vm image list-
publishers command. Location is a required parameter here, as some publishers
publish only to a specific region, so it's recommended to check that the publisher
has published to the region you are planning to deploy to. The following is the
output:
6. For example, the publisher for Ubuntu is Canonical. If we want to list all the
offers provided by this publisher, we can use the following command:
az vm image list-offers -p Canonical -l eastus -o table
Linux on Azure | 51
Here the location is a required parameter, as offers may vary depending upon
location. The output will be similar to the one shown in Figure 2.14:
7. Let's pick an offer; for instance, UbuntuServer. Now we need to list the SKUs
to find the available SKUs for the image. We need to pass the publisher, offer,
and location to the az vm image list-skus command in order to list the SKUs.
The aforementioned parameters are mandatory for this command, so the final
command will be as follows:
az vm image list-skus -l eastus -p Canonical -f UbuntuServer -o table
The output is as shown in Figure 2.15:
Figure 2.15: Listing SKUs available for the Canonical UbuntuServer offer in East US
8. Now we know the publisher, offer, and SKU. Let's use these values in the az vm
image list command to see the available versions of an image. Here we will be
using Canonical as the publisher (-p), UbuntuServer as the offer (-f), and 19_04-
gen2 as the SKU (-s). Combine these and call the following command:
az vm image list -p Canonical -f UbuntuServer -s 19_04-gen2 --all -o table
Linux on Azure | 53
This will list the image version available for the specified publisher, offer, and
SKU combination. The following is the sample output:
Figure 2.16: Listing versions of an image for a specific publisher, offer, and SKU combination
9. We can use urn from the output in the az vm image show command to get the
details of the VM image as shown in Figure 2.17:
10. The same urn can be used in our az vm create command to create a VM with
that particular image version. A quick illustration has been given in Figure 2.18:
Before we conclude, please check Table 2.3, which lists all the commands we used in the
preceding steps for quick reference:
Required
Command Purpose Documentation
Parameters
az vm Lists VM/VMSS images
NA
image list (offline/cached).
Lists all images from Azure
Marketplace. This usually takes
az vm image time due to the large dataset.
NA
list --all It’s recommended that you filter
using publisher, offer, and SKU
for a quicker response. https://docs.microsoft.
az vm image com/cli/azure/vm/im‑
list- Lists publishers available. Location (-l) age?view=azure-cli-lat‑
publishers est
az vm image Location (-l),
Lists VM image offers available.
list-offers publisher (-p)
Location (-l),
az vm image Lists available SKUs for an offer
publisher (-p),
list-skus from a publisher.
offer (-f)
az vm Location (-l),
Shows details for a given URN.
image show URN (-u)
https://docs.micro‑
Name (-n),
az vm soft.com/cli/azure/
Creates a VM. resource
create vm?view=azure-cli-lat‑
group (-g)
est#az_vm_create
Table 2.3: Commands used for the hands-on exercise
In this hands-on exercise, we queried the image list to find the available images and
created a VM using that. We learned how to narrow down the search using parameters
such as publisher, offers, and SKU.
Although we used the Azure CLI to accomplish this task, if you are using PSCore or
PowerShell, you can make use of the Azure Powershell module to perform the same
operations. The documentation for this is available here: https://docs.microsoft.com/
powershell/module/az.compute/get-azvmimage?view=azps-5.2.0.
With that, we have reached the end of this chapter, and we will now summarize the
topics we have discussed so far.
Summary | 55
Summary
In the first chapter, we learned that there are different distros or flavors of Linux
available depending on the user requirements. This chapter was more of an overview
of popular Linux distributions and how Linux on Azure works. We also talked about
commercial and free open-source software.
There are several advantages to using commercial distributions of Linux. Since we are
paying for these subscriptions, it is expected that they provide additional features that
are not found out of the box in free distributions. These add-ons include support, extra
modules, and extended customization options. This chapter threw light on these areas
as well.
We looked closely at Linux on Azure. We started off with Azure Marketplace and the
plethora of images it has. After that, we introduced the term "endorsed distributions";
this is where Microsoft works with different vendors such as Red Hat, Canonical,
and SUSE to bring their Linux images to the cloud. Microsoft recommends using an
endorsed image for your production deployment. We also discussed the technical
support matrix and the scope of support given by Microsoft Support. We saw some
scenarios where vendors need to be engaged for the resolution to a problem.
After covering the Linux distros on Azure, we talked about the licensing models
available in Linux and which one is best for you depending on the type of deployment.
We also plotted a graph to portray the potential savings in each of the models. The last
part of the chapter was more hands-on, where we saw how we can use the Azure CLI to
find the different VM images available on Azure. However, the range of choice does not
stop here; if you are not able to find the image you are looking for, Azure allows you the
freedom to bring your own image.
Linux on Azure is an extensive topic and there are many books that clearly discuss
how Linux administration can be done on Azure. This book is geared more toward the
migration and assessment of Linux workloads. The licensing models and distros were
explained to help you understand how things are done in the Azure realm.
In the next chapter, we will start to talk about migration. Many organizations begin to
move to the cloud without proper assessment or planning. Planning and assessment
are the cornerstones of migration and they need to be done properly before moving to
the cloud. The planning phase is more about getting to know the capacity and checking
prerequisites, while assessment is done using assessment tools to verify whether your
workloads are ready for Azure or if they need any sort of refactoring first. With that
said, we will talk more about these strategies and steps in the next chapter. Keep on
reading!
Assessment and
3
migration planning
This chapter will focus on discussing useful methods for assessing your existing
workloads in on-premises or hosted environments and provide some guidance on
planning your migration project.
We will go into the technical details regarding a number of popular Linux workloads
and explain why these specific workloads require extra careful planning prior to
migration. Additionally, we will talk about various migration methodologies and tools,
and will also show some practical examples of how to assess current workloads by using
tools such as Azure Migrate.
58 | Assessment and migration planning
Until now, we have been talking about the history of Linux and various Linux
distributions that are available. We have not talked about migration or what happens
prior to this. In this chapter, we are going to cover concepts related to pre-migration
steps. You may be wondering why we need pre-migration steps and why cannot we
move our workloads directly to the cloud. The answer is simply that migrating to
the cloud requires a lot of planning and assessment. We need to make sure that our
workloads are ready to be migrated to the cloud, otherwise the time and money spent
investing in the migration will go to waste.
In this chapter, you will also learn that pre-migration mainly comprises assessment and
capacity planning. Assessment is the process of creating an inventory of workloads we
have in the current environment. Using this inventory, we will be able to understand the
current infrastructure topology, which can be used to generate the expense for moving
to the cloud and to verify whether the workloads are cloud-optimized.
We will also cover a service called Azure Migrate, which can handle both the
assessment and migration of our Linux workloads. As we progress, we will walk you
through the assessment process and its relevance to migration.
Some of the key takeaways from this chapter are as follows:
• Learning some of the popular workloads on Linux
• Preparing for a migration project
• Assessing the current environment
• An introduction to assessment tools
Additionally, we have created a hands-on lab exercise for you that you can use to learn
to assess an environment by doing it yourself.
Let's now get started with some of the popular workloads that are running on Linux.
LAMP
The acronym LAMP stands for Linux, Apache, MySQL, PHP/Perl/Python. Typically, it
is the first service stack that any Linux administrator would set up and is usually used
to host dynamic and database-driven websites. In LAMP:
• Linux (L) refers to any Linux distribution; you can use Ubuntu or Fedora or
CentOS or any other distribution.
• Apache (A) is the web server that presents the data or web page to the user. In
short, this is the front end that users will be interacting with.
• MySQL (M) is the data store that will be used to save data.
• PHP/Perl/Python (P) is the programming language used to develop the dynamic
websites.
Although we refer to it as a LAMP server installation, these are separate packages that
you need to install individually, and it is not like installing CentOS on a computer. In
certain cases, LAMP might not be the right choice; in other words, you may not require
all the components of LAMP. Again, this entirely depends on what your application is.
If you have a static website, which is created using HTML, CSS, and JS, then you do not
need the MySQL or PHP functionality in your system. All you need is the Linux server
and Apache web server running on top of that, which can deliver the static site to your
clients.
Depending on what components of the LAMP server you are using, the migration needs
to be planned accordingly. For the purpose of the hands-on lab in this chapter, we will
be using a LAMP server for assessment and dependency analysis. Figure 3.1 shows the
architecture of the server. This architecture could be deployed on a hypervisor such as
Hyper-V, VMWare ESXi, or on a physical server. In our lab, we are going to use Hyper-V
as the virtualization platform:
Database servers
In LAMP, we saw how the Linux server hosts the MySQL database, which can act
as a data store for the dynamic websites. MySQL is not the only database that can
be deployed in Linux servers. There are a plethora of relational and non-relational
databases that can be installed on Linux servers. Some of the open-source relational
databases that can be deployed on Linux are listed below. Some of these are very
popular and well known; others you may not have heard of before:
• MySQL
• MariaDB
• PostgreSQL
• SQLite
• LucidDB
• H2
• HSQLDB
• Firebird
• Derby
• CUBRID
There are many other relational database products that are not open source, such as
Microsoft SQL Server, Oracle Database 18c, MaxDB, and IBM's DB2.
Apart from the relational databases, Linux is also a popular platform for NoSQL
databases. MongoDB, Couchbase, CouchDB, RavenDB, and OrientDB are examples of
NoSQL databases.
Azure has Database Migration Service available to migrate data from on-premises to
managed Platform-as-a-service (PaaS) solutions. Regardless of all the benefits that are
offered by PaaS services, there is a subset of customers who prefer to deploy these on
Infrastructure-as-a-service (IaaS) servers and manage the administration fully. The
migration process and technical details depend on the technologies chosen.
In addition to IaaS, Azure offers a set of open-source databases as PaaS solutions.
The advantage of using PaaS is that most of the infrastructure-related tasks, such as
updating and patching, will be taken care of by Microsoft Azure. These PaaS solutions
include Azure Database for PostgreSQL, Azure Database for MySQL, Azure Database for
MariaDB, and Azure Cache for Redis.
Popular workloads on Linux | 61
Shared storage
By way of a recap from Chapter 1, Linux: History and future in the cloud, let's review the
shared storage use case again. Linux is commonly used as a storage server and clients
connect to the server via SMB or the NFS protocol. These servers can be used to store
shared files and can be accessed by clients for several purposes. For example, you can
have a shared file server to store all necessary installation packages of your internal
applications. Your clients will be able to download these files from the shared storage
and consume them.
Also, shared storage can be used to store files that require collaboration. Files uploaded
to these drives can be used by collaborators depending on what level of permissions
they have.
62 | Assessment and migration planning
In Microsoft Azure, Azure Files can be used as shared storage and the advantage here
is that this is a completely managed service. If you are planning to deploy a VM and
host a shared storage on top of that, as a customer, you have to manage many things,
starting with OS management, updates, patches, and so on. However, in the case of
Azure Files, the service is managed by Microsoft and because of the various redundancy
levels offered by Azure Storage, you do not have to worry about implementing high
availability yourself.
Data from on-premises can be moved using command-line tools such as AzCopy and
robocopy. AzCopy is optimized for best throughput for the copy job and can copy data
directly between storage accounts. On the other hand, robocopy is useful if you would
like to move from your on-premises storage to Azure File Storage, which is already
mounted on the same server.
The aforementioned are the common scenarios; however, this does not mean that the
use case scenarios or workload types are confined to these. Even for the same workload
type, different customers will be using different components. For example, if we think
about a database server, some customers will be using MySQL, while others will be
using PostgreSQL.
Microsoft has a collection of documents, best practices, implementation guides,
and tooling that are designed to accelerate your cloud adoption. This framework is
called the Microsoft Cloud Adoption Framework (CAF) for Azure. Organizations are
recommended to adopt this framework so that they can incorporate the best practices
and tools from the very beginning of their cloud journey. The complete framework can
be reviewed here: https://docs.microsoft.com/azure/cloud-adoption-framework/.
The action plan we are going to follow throughout this book is from the Migrate section
of the CAF. In this book, we will focus on the main steps for migrating your Linux
workloads to Azure. This roadmap consists of four main steps as shown in Figure 3.2:
As shown in the preceding diagram, we will start our migration journey with the
first phase—Assess.
Pre-project preparations
All projects should start with proper planning, and the same applies to cloud migrations
as well. At this point, we have already gathered all the necessary technical information,
but how do we know what kind of project team we need? Let's take a closer look.
When you add the internal and external users, the list grows:
• Identity management administrator
• Connectivity administrator
• Application owners
• Business owners
• Application users
Now, let's imagine you plan to move this system to Azure: Which of these people will
you need to talk to in order to ensure that the work undertaken by the business users
of this application is not disrupted? Let's look at some of the key roles and why they are
quite important in cloud migration projects.
64 | Assessment and migration planning
Network administrator
Applications running only in one datacenter and serving users in a single country are
quite easy to migrate to the cloud compared to distributed applications and users
across the globe.
Let's take an example (refer to Figure 3.3) company that has four offices in two
continents and four countries. The European teams in Paris and London are using a
datacenter in London, and the teams in Singapore and Bangkok are using a datacenter
in Singapore:
This scenario adds one obvious aspect of complexity to the total architecture: global
network connectivity. From a project planning point of view, this means that you will
need to add at least one international network provider company to the list of roles
involved in the project.
Typically, this kind of network structure can be moved to the cloud without any
dramatic changes, but there is one special category of applications that will require
lots of planning: financial applications. Traditionally, the financial industry has relied on
dedicated internet connections with private links in their systems. This, in itself, is not
an issue as Azure has various options for VPN and other private connections. The tricky
part here is the use of the Multicast protocol in many trading applications used by the
financial sector. Another industry that often uses the Multicast protocol is healthcare,
especially hospitals.
Note
If you would like to learn more about use cases of Multicast in enterprise
environments, you could look at the book Multicast Design Solutions,
published by Cisco Press: https://www.ciscopress.com/articles/article.
asp?p=2928192&seqNum=5.
Pre-project preparations | 65
What makes multicast worth mentioning in this section is the fact that public clouds
do not support multicast networking. This makes it very challenging to migrate
applications relying on multicast routing directly to Azure. Luckily, there are ways
to work around the problem, for example, by using Multicast-to-Unicast gateways,
but this approach will require re-architecting your network design and possibly
applications.
Another networking detail that requires careful planning is VPN and ExpressRoute
connections. It is good to remember that it is not guaranteed that you may be able to
move your connections from your current locations to public clouds easily. As those
existing connections may be owned or operated by a third-party company, you need to
make sure to involve them in your network planning sessions.
The point to understand here is that things such as networking may sound easy and
straightforward, but it is one of the most difficult technological areas in public cloud
migration, not only from the technology point of view, but also from a staffing and
planning perspective, as there are so many stakeholders involved.
If you could add just one networking person to your migration team, pick someone with
experience of working with telecom providers and legacy networking technologies.
This person is going to be more valuable than any cloud networking specialist.
Let's now move on to the next key role.
Linux administrator
In earlier chapters, we talked about the business aspects of Linux subscription
management. It also has some technical details that need to be considered when
planning to migrate to the public cloud. One of these details is update management:
where will you get security patches and package updates when using Linux on Azure?
Your Linux administrator is a key person here as they already know how the various
package managers and subscription systems work in the current system. With some
training, it is quite easy for them to understand what kind of changes need to be
implemented when moving your systems to Azure.
Does having a Linux administrator in your migration project team sound obvious? In
real life, we have seen migration projects where the project manager did not think this
was necessary and had a Windows administrator trying to figure out how to migrate
Linux to Azure. You can probably make a guess as to whether those projects were
successful.
By Linux administrator, in this context, we mean someone who understands things
such as filesystems, disk performance, SELinux, and subscription management if you
are using a commercial Linux distribution.
66 | Assessment and migration planning
With a bit of luck, the system you are planning to migrate is well maintained, all
security patches and updates are applied, and everything is well documented. In real
life however, this is rarely the case. It really helps to have someone in the team who has
extensive experience of working with various Linux services and application stacks as
they often can find the information that is missing from your documentation.
Let's take an example of having an RHEL server with SELinux turned off. Your
application documentation does not mention anything about SELinux, and your
security team says that in the public cloud, you will need to have SELinux enabled
or they will not approve the migration. What could possibly go wrong? Everything,
especially if the security team turns on Enforcing Mode in SELinux without first
checking how the application behaves.
We recommend that you familiarize yourself with all the relevant roles and personas
related to the system you are planning to migrate to Azure and to investigate very
carefully, following the pattern introduced here, to find out who you need to involve in
your project team.
Note
CAF is available for free to everyone at https://docs.microsoft.com/azure/cloud-
adoption-framework/.
Several sections from CAF are very important when learning about cloud migrations.
For example, Landing Zone is a term you should be very familiar with going forward.
In Azure, a landing zone means a set of pre-designed architecture or services where
you can deploy your new or migrated resources, for example, VMs. An analogy in the
software development world would be Minimum Viable Product (MVP).
Note
Read more about Azure landing zones here: https://docs.microsoft.com/azure/
cloud-adoption-framework/ready/landing-zone/.
Another very important topic worth mentioning at this point is cloud operations, or
CloudOps. In most cases, the team who develops a software solution will not be the
same team that operates the cloud infrastructure – or landing zone – after the solution
is deployed. Typically, cloud operations are managed by the company's IT department,
or this work is outsourced to a specialized cloud management service provider.
Migration assessment | 67
The worst thing you can do is to have no one take care of the application or the
infrastructure it is using after it is deployed. Someone needs to monitor the application
and infrastructure performance, react to system alerts, ensure that security patches are
applied, and, most likely, also run cost optimization processes every now and then.
The Microsoft CAF also covers these cloud management aspects, not only from a
technology point of view, but also from the organization and business alignment angles.
Read more about cloud management in the CAF here: https://docs.microsoft.com/
azure/cloud-adoption-framework/manage/.
To apply all the theory that we have learned so far in relation to discovery and
assessment, let's go through a hands-on assessment lab. In this lab, you will see how
Hyper-V VMs are discovered and assessed in Azure.
Migration assessment
The migration journey continues by getting to know your current infrastructure. Assess
is the first step in migration and, in this phase, we will be creating an inventory of our
source. When we say source, this is not necessarily always on-premises. It could be
other cloud vendors or platforms as well. The assessment tools available in Azure can
be used to assess infrastructure in AWS, GCP, virtualized platform, and on-premises
physical servers. The reason we need to perform the assessment is because we need to
make sure what the migration of our workloads will look like post-migration.
The assessment consists of four steps along with a set of tools. Let's proceed and learn
about these steps.
The general rule of thumb is to prioritize applications with fewer dependencies; this
will act as a catalyst for the migration. Once these are done, you can focus on the
applications with a large number of dependencies. Moving those will give you more
time to focus as the other applications were migrated earlier. This will also ensure
more optimal use of your time. If you start with applications having a large number of
dependencies, you may take longer to optimize and plan them. This will mean that the
deadlines for other workloads will be extended further. Hence, it is better to complete
the simple ones prior to handling the complex ones.
The next step is "Discovery and evaluation" this is where the full assessment takes
place.
• Rebuild: If the cost, time, and manpower required to rearchitect the application
is more than starting from scratch, then you may rebuild the application. This
approach helps the software development team to develop applications that can
get the most out of the cloud.
• Replace: Sometimes, when you review the overall expenditure for rebuilding or
rearchitecting the solution, it could be higher than buying third-party software.
Assuming that you have your own CRM solution, the cost of rearchitecting or
rebuilding is higher than buying a license for a similar SaaS product such as
Dynamics 365.
Once we have discovered the entire infrastructure, the next step in the pipeline is to
involve the key stakeholders.
Starting with the assessment to savings calculation, there are different tools involved in
the process. Let's identify the tools available at the assessment stage.
Identifying tools
Tools play a vital role in the migration assessment. Without tools, it will be a
cumbersome task to go to each of the servers that you have on-premises and create an
inventory. Hence, tools increase productivity and accelerate migration. Table 3.1 shows
the list of tools that can be leveraged at the Assess stage:
The aforementioned are the tools used at the Assess stage. Likewise, there are other
tools leveraged at each stage (Migrate, Optimize, and Secure & Manage) in the
adoption plan. Once we get to these stages, you will be acquainted with the tools used
at each respective stage.
There are other third-party tools that can be used to perform an assessment. These are
available in Azure Migrate and can be selected during project creation.
Now that we are familiar with the steps that are part of the Assess stage, let's try to
understand more about each of these tools and their usage.
Assessing tooling
As explained in the preceding Identifying tools section, the inevitable roles played by
these tools make the assessment, mapping, and savings calculation easier. Now we will
evaluate each of these tools and see how they are used and what the use case scenarios
are. We will start with Azure Migrate.
Assessing tooling | 71
Azure Migrate
The purpose of Azure Migrate is already evident from Table 3.1. With the help of Azure
Migrate, we can run environment discovery without installing any agents on the
servers. If we install agents, we can also perform dependency analysis, which can be
used to generate service maps. The best part of the assessment is that all of this is
natively integrated into the Azure portal and you do not have to be dependent on any
other portals.
Following the assessment, Azure Migrate generates an assessment report with the
estimated cost, recommendations, and size of the VM that you will need to provision
to match your on-premises configuration. Azure Migrate can discover and assess VMs
deployed on Hyper-V and VMWare virtualization environments, as well as physical
machines, while extending the list to other cloud vendors, too.
To use Azure Migrate, we need to create an Azure Migrate project in the Azure portal.
This project will be used to store the assessments that we perform. Also, the same
project can be used when we are migrating our workload to Azure. Since we are in the
assessment phase of the migration plan, this chapter will focus on the assessment tools
available in the project. Once we reach the migration stage in Chapter 4, Performing
migration to Azure, we will discuss the migration tools in the Azure Migrate project.
Let's now familiarize ourselves with the next tool, Service Map.
Service Map
Service Map is another great tool that is part of Azure Monitor for server assessment
that performs the dependency analysis for us. There are several advantages to
leveraging dependency analysis and this boosts the overall migration confidence and
success rate. Some of the advantages are as follows:
If you have a large number of servers to migrate, you can group them based on
solutions as we know which server hosts which dependency:
• It helps in identifying the right machines in a solution and migrating them
together.
• It helps in understanding the topology of the environment.
Makes sure that you migrate everything and that no server is excluded from migration
due to human errors or negligence. There are two types of dependency analysis:
• Agentless analysis
• Agent-based analysis
Agentless analysis
As the name implies, no agents are installed on the VMs to perform the dependency
analysis. The discovery or analysis is done by using the TCP connection data capture
from machines. However, one thing to note here is that agentless analysis is in preview
at the time of writing this book and is available for VMWare VMs only. Data polling and
collection is accomplished with the help of vSphere APIs.
If we run a netstat command on our Linux or Windows computer, we will be able
to see the connections, state of connections, source, destination, and ports of all
the network connections made from our computer. As mentioned earlier, these TCP
metrics are used for the logical grouping of servers.
Once they are grouped, you can visualize the service map to understand the
dependencies or you can export this as a CSV for your reference. The assessment tools
include an Azure Migrate appliance, which is a VM that you need to deploy in your
environment for discovery. This appliance will constantly gather data and push it to
Azure for assessment.
Agent-based analysis
As the name suggests, we need an agent to perform the dependency analysis in the
case of agent-based analysis. This method of analysis utilizes the Service Map feature
of Azure Monitor. We need to install the Microsoft Monitoring Agent (MMA), which
is essentially for Windows machines, or OMS Agent (in the case of Linux machines), as
well as the dependency agent. The data sent by these agents will be used to create the
service map.
We need a Log Analytics workspace to ingest the logs and data pushed by these agents.
One thing to note here is that the workspace should be deployed in a region where
Service Map is supported.
Unlike agentless analysis, since we have the data ingested to the workspace, we can use
Kusto Query Language (KQL) to analyze this data.
When we move on to the hands-on exercise toward the end of this chapter, we will see
how these agents are installed and are used for the dependency analysis. Dependency
analysis can be very useful in the case of applications that have complex architectures.
Next, we will talk about the Azure TCO calculator.
Assessing tooling | 73
The Azure TCO calculator can be accessed from any browser by navigating to the
following link: https://azure.microsoft.com/pricing/tco/calculator/.
The TCO calculation involves a three-step process, starting with defining your
workloads. In this first step, you will be inputting the details of your on-premises
workloads and this will be plotted against the cloud cost to understand the savings.
These workloads are categorized into servers, databases, storage, and networking
components. For each category, there will be a set of information that you need to pass
to the TCO calculator. As an example, if we take Servers, we will be asked to input the
OS type, OS, license, processors, cores, and RAM, as shown in Figure 3.4:
74 | Assessment and migration planning
After defining your workloads, you will reach the Adjust assumptions step. Here, we
are going to share details about whether you already have licenses for these machines,
followed by storage costs, IT labor costs, electricity costs, and so on. You need to tune
these assumptions as per your on-premises data.
Once you have stated the assumptions, the TCO calculator will give the potential
savings based on the data you have shared. Here, for example, based on the workloads
and assumptions, we are getting estimated cost savings of $18,472 over 1 year. Figure 3.5
shows a sample output from the TCO calculator:
There are other graphs (category-wise breakdown) that are available in the TCO
calculator and the best part is that you can download this report and it can be shared
with stakeholders for review.
With that, we have covered the main tools that are used during the Assess phase
shown in Table 3.1). As mentioned earlier, there are other tools that are used in other
phases in the adoption plan. We will cover the Migrate & Modernize stage in Chapter
4, Performing migration to Azure, and the Optimize and Secure & Manage stages in
Chapter 5, Operating Linux on Azure.
Now that we have gathered all the necessary details of our application and
infrastructure, we are ready to create the migration project plan.
In Figure 3.6, we can have a Hyper-V host, and two VMs are deployed on it. One VM
(VM - 01) runs Ubuntu and has a LAMP server set up on it. The second VM (VM - 02) is a
CentOS VM that is running a static website using Apache Webserver.
Our goal is to assess this environment and create an assessment report along with a
dependency analysis.
As mentioned earlier in Assessing tooling section, we need to create an Azure Migrate
project to kick off the assessment process.
76 | Assessment and migration planning
Prerequisites
Some of the prerequisites for this hands-on lab are as follows:
• You should have at least contributor permission on your Azure subscription.
• Users should have permissions to register Microsoft Entra ID apps or else should
have an application developer role in Microsoft Entra ID.
Once you are in the Azure Migrate blade, you will see different migration options
for servers, databases, and so on.
Hands-on assess lab | 77
2. Since we are assessing servers, you need to choose Assess and migrate servers
or you can click on Servers from the Azure Migrate blade, as shown in Figure 3.8:
3. In the next window, you will get the Create project option and, once selected,
you need to input basic details such as Subscription, Resource group, Migrate
project, and Geography, as shown in Figure 3.9:
4. Once the project is created, we will be presented with the Assessment tools and
Migration tools options for servers. Since we are currently in the Assess phase,
we will explore Assessment tools, as shown in Figure 3.10:
5. The next step is to initiate the discovery of servers in our Hyper-V environment
so that we can create the assessment. We will be using the Discover option
shown in Figure 3.10 to start the discovery process.
Now, we must select the platform where our servers are currently deployed. You
will get an option to choose from VMWare vSphere Hypervisor, Hyper-V, and
Physical or others (AWS, GCP, and so on). Since our VMs are deployed on Hyper-
V, let's select this option, as shown in Figure 3.11.
To run the discovery against our on-premises infrastructure, we need to deploy
a new VM to our on-premises environment. This VM is called the Azure Migrate
appliance, which will discover servers and send that information to Azure
Migrate.
6. We need to give a name to the migrate appliance and generate a key, as shown in
Figure 3.11. This key is later used to set up the migrate appliance on our Hyper-V
host. You need to copy this key and keep this handy:
After creating the key, we need to download the Azure Migrate appliance.
Basically, there are two ways in which to deploy the appliance, as shown in
Figure 3.11.
You can download the VHD file and deploy it as a new VM in your Hyper-V
environment or you can download a zip file that will contain the PowerShell
scripts that can convert an existing VM to an Azure Migrate appliance. If you
prefer to use an existing server as Migrate Appliance, Microsoft recommends
using Windows Server 2016 with at least 8vCPUs and 16 GB of RAM.
80 | Assessment and migration planning
In this hands-on lab, we will be downloading the VHD directly to our Hyper-V Host and
creating a new VM. Using the VHD file, we need to create a new VM in our Hyper-V
server using the following steps:
1. Open Hyper-V Manager, on the right-hand side. From Actions, select Import
Virtual Machine.
2. You will get the Before you begin page with the set of instructions. Click Next.
3. Using the Locate folder, browse the folder where you have extracted the VHD
and hit Next.
4. Select Virtual Machine and then click on Next.
5. Select Copy the virtual machine (create a new unique ID) as Import type and
then hit Next.
6. Leave Destination and Storage as their default settings and then click Next.
7. Select the appropriate virtual switch that the VM will be using to connect to the
network and click Next.
8. Finally, in the Summary page, review the configuration we selected and click
Finish to initiate the VM import.
9. After a period of time, you'll be able to see the new VM in your Hyper-V
Manager.
We now have our VM deployed in our environment. Now, it is time to start the
discovery and send the information to the Azure Migrate project. Let's set up the
appliance to push the data to Azure.
1. We must agree to the terms and conditions to start using the Azure Migrate
appliance.
2. The prerequisite check will be done automatically and if there is any new update,
the system will install it automatically, as shown in Figure 3.12:
3. The next step is to input the Migrate appliance key, which we generated from the
Azure portal when we initiated the Discover process (Figure 3.11).
The key needs to the entered into the textbox in order for the system to validate
the key and register the appliance. Once the validation is done, you will be
prompted with a device code to log in to Azure. We need to use Copy code &
Login to authenticate with Azure, as shown in Figure 3.13:
82 | Assessment and migration planning
4. In the new tab, you can sign in using the credentials that you use to sign into the
Azure portal, and if the authentication is successful, you will be asked to close
the newly opened tab. Also, as shown in Figure 3.14, you will be able to confirm
from the Azure Migrate appliance screen whether the appliance was successful:
5. The next step is to provide the credentials for the Hyper-V cluster to the Azure
Migrate appliance so that it can run Discovery. You can use Add credentials and
enter the credentials for your Hyper-V host as shown in Figure 3.15 and save it:
Hands-on assess lab | 83
6. Since we have stored the credentials, we will be using the credentials to connect
to our Hyper-V host. You can add multiple Hyper-V clusters in a single shot,
or you can import the list as a CSV. In our case, we have a single server, and we
need to provide the IP address for the server and select the credentials created
in Step 5, as shown in Figure 3.16:
7. The Migrate appliance will use the credentials against the IP address we have
entered to perform validation. If the credentials are correct, you will be able to
see the successful message, as shown in Figure 3.17:
8. Now that we have completed the configuration of the appliance, we can start
the discovery using the Start Discovery option. The discovery process may take
some time and the discovered number will be reflected on the Azure portal.
Note
Since the appliance uses the FQDN for connection, if the name of the host cannot
be resolved by DNS, you will not be able to discover any VMs and the revalidation
would fail. The workaround is to modify the host file and add the FQDN and IP
address.
The next step in our process is to verify from the Azure portal whether the discovery
was successful and the appliance was able to discover all the VMs. In the following
section, we will see how the discovery can be verified from the portal.
Hands-on assess lab | 85
Here, we see three VMs because the discovery process included the Migrate appliance
as well. The next process is to run the assessment on the discovered servers, and this
can be done by clicking on the Assess option next to Discover.
86 | Assessment and migration planning
Running an assessment
As mentioned in the Migration Assessment section, the assessment creates the
inventory of your on-premises servers. Run an assessment as follows:
1. Select the Assess option from Azure Migrate: Server Assessment, as shown in
Figure 3.19:
3. In the Assessment properties edit window, you will have the option to
customize TARGET PROPERTIES, VM SIZE, and PRICING. These factors are used
to run the assessment and generate the report. Also, you can include the Azure
Hybrid Benefit in your calculation to exclude the license cost if you already
have licenses purchased. You can update each of these factors as per your
requirements. A sample configuration has been shown in Figure 3.21:
4. Next, you can provide a name for your assessment and a name for the group of
servers. Grouping helps you to assess a set of servers together. Finally, we will
select the servers that need to be assigned and add them to the group, as shown
in Figure 3.22:
5. The final step is to create the assessment, which will create the group and run
the assessment on the grouped servers.
If you refresh Assessment tools, you can see that Groups and Assessments have the
value of 1, as visible in Figure 3.23:
Note
If the data is not visible, try using the Refresh button and wait for the system to
refresh.
3. If you would like to recalculate based on another target region or any other
properties, you can edit the properties (using the Edit properties option as
shown in Figure 3.24) and re-run the assessment.
90 | Assessment and migration planning
Here, we have only discovered the VMs; however, we have not performed a dependency
analysis. This assessment report can be exported to an Excel sheet and you can share it
with the stakeholders.
In the next section, we will see how to use the agents to set up the dependency analysis
in Azure Migrate.
Dependency analysis
Dependency analysis is only supported for VMWare VMs and Hyper V VMs. VMs
discovered from other platforms such as Xen, or even from other cloud providers such
as AWS and GCP, do not support dependency analysis.
As mentioned in the Service Map section, we can only run the agent-based dependency
analysis on the Hyper V environment. In the case of VMWare VMs, it supports both
agentless and agent-based dependency analysis.
To start with the analysis, we need to associate a Log Analytics workspace with
our Azure Migrate project. The following steps can be performed to associate the
workspace with Azure Migrate: Server Assessment:
1. Once you have discovered the machines for assessment, in Servers | Azure
Migrate: Server Assessment, click Overview.
2. In Azure Migrate: Server Assessment, click Essentials.
3. In OMS Workspace, click Requires configuration, as shown in Figure 3.25:
4. Once you select Requires configuration, as shown in Figure 3.25, you will be
prompted to create a new Log Analytics workspace or associate an existing one
in your Azure subscription.
Hands-on assess lab | 91
5. If you do not have an existing workspace, create a new one as shown in Figure
3.26:
6. The next step is to download and install the agents for dependency
visualization. For this, we need to navigate to Discovered servers and check the
Dependencies (Agent-based) column. Sometimes, this column will be hidden,
and you can enable it using the Columns option.
7. We will select Requires agent installation against our discovered VM, as shown
in Figure 3.27, to install the agents. For ease of demonstration, let's install the
agents on the LAMP server:
8. The portal will give you the steps to install the agents on both Windows and
Linux servers. We are interested in the Linux servers, and so will follow that
process. Also, we need to make a note of Workspace ID and Workspace key,
shown in Figure 3.28. This is required in order to configure the agent:
9. You can either download it in Linux using the wget command, or download
it to your computer and transfer it to a Linux machine using SFTP/SCP. Let's
download it using wget and configure the agents on the Linux server.
10. You can copy the link for the agents from the portal and pass that to wget to
download the file, as shown in Figure 3.29:
Hands-on assess lab | 93
11. The MMA agent can be installed using the following command:
sudo wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/
master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR
WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY>
workspace id and workspace key can be obtained from the Azure portal, as
shown in Figure 3.28. At the time of writing this book, the latest version for the
MMA agent is 1.13.33-0 and we install this as shown in Figure 3.30:
12. Now, we must download and install the dependency agent using the following
commands:
wget --content-disposition https://aka.ms/dependencyagentlinux -O
InstallDependencyAgent-Linux64.bin
sh InstallDependencyAgent-Linux64.bin
13. Once the dependency agent is installed, we will be able to see the dependencies
from Azure Migrate: Server Assessment. Click Discovered servers. In the
Dependencies column, click View dependencies to view the dependencies for
the server. It's expected to take some time to load the dependencies.
You can also run Kusto queries against the Log Analytics workspace to review the
connections and validate the data.
With that, we have successfully assessed the workloads that are deployed in the
Hyper-V host and set up dependency analysis. We have used Hyper-V for a demo.
However, in your environment, you may be using VMWare, so Table 3.2 displays a list of
links that can be used to assess other environments, along with the documentation for
Hyper-V:
https://docs.microsoft.com/azure/ https://docs.microsoft.com/azure/
Hyper-V
migrate/tutorial-discover-hyper-v migrate/tutorial-assess-hyper-v
https://docs.microsoft.com/azure/
https://docs.microsoft.com/azure/
VMWare migrate/tutorial-assess-vmware-
migrate/tutorial-discover-vmware
azure-vm
https://docs.microsoft.com/azure/ https://docs.microsoft.com/azure/
AWS
migrate/tutorial-discover-aws migrate/tutorial-assess-aws
https://docs.microsoft.com/azure/ https://docs.microsoft.com/azure/
GCP
migrate/tutorial-discover-gcp migrate/tutorial-assess-gcp
Import https://docs.microsoft.com/azure/
N/A
CSV migrate/tutorial-discover-import
The rationale behind this hands-on lab was to give you an idea of the steps and
familiarize you with the process. Before we conclude this chapter, let's quickly go
through a quick summary of the topics we have discussed so far.
Summary
Assessing the current architecture and workloads is a very important part of a
migration project, as we learned in this chapter. For this, we used Azure Migrate to
create a solid assessment report. We also discussed tools for calculating cost savings on
Azure and went through a hands-on lab for a migration assessment.
In this chapter, we also discussed some of the popular workloads on Linux, including
the LAMP stack and database servers. We also covered some of the more technically
difficult scenarios regarding high-performance computing, clustering, shared storage,
and SAP applications.
In the Pre-project preparations section, the importance of involving the right project
team members was also covered as this ensures that you have all the necessary skills,
including networking and Linux administration, for your migration project.
The next chapter will focus on practical migration, and you will have the opportunity to
use everything learned so far in a hands-on lab.
Performing migration
4
to Azure
This chapter outlines how to execute a real migration project based on the workload
assessment done in the previous chapter. We have created two hands-on labs to show
you how real-life migrations can be implemented.
The first hands-on lab gives you practical examples of how to migrate Linux servers
from a Hyper-V host to Azure using Azure Migrate. The second lab guides you through
migrating a MySQL server to Azure using Azure Database Migration Service (DMS).
Executing migrations in real life is not always as easy as it sounds. Most problems we
have seen are fortunately not actually technology-related, but more about planning and
project management. If you apply the lessons of this book to your projects, you will be
able to avoid the same pitfalls.
98 | Performing migration to Azure
For example, one specific migration project we know of was originally planned to take a
couple of months and it had about 500 virtual servers to migrate to Azure. The project
turned out to be a bit more complex than originally planned. Some problems on the
project started right after the project kickoff. The team in charge of the migration had
severely underestimated the resources and skills required in the project. Eventually, the
project scope was shrunk, and external cloud specialists were invited to advise on some
of the most difficult parts of the project. It is no surprise that some of those parts were
related to Linux patch management, subscription management, and security. Do you
remember that we talked about these topics earlier in this book? Now you know why.
The project schedule got quite a few extensions and the project took much longer than
originally planned. During the project, the customer also decided not to migrate some
of the older applications, and instead decided to start to develop new cloud-native
versions of those applications. From the migration project's point of view, this caused
some major challenges in project scheduling. In the previous chapter, we talked about
the importance of assessments and quality project planning for a good reason.
Why was the project unsuccessful? The project team didn't use any migration
assessment tooling and they also lacked a proper migration execution tool. Additionally,
they had little experience managing projects like this, and they also lacked expertise in
cloud migrations and some of the workloads to be migrated.
Even after successful migration to Azure, there can be unexpected issues due to the
wrong configuration or human error. You can reach out to Microsoft Azure support
in the event of issues like virtual machine booting problems, remote SSH access not
working, and so on. In Chapter 6, Troubleshooting and problem solving, we will talk more
about possible problems and troubleshooting scenarios and also about how they can be
resolved.
We have mentioned it already a couple of times in this book, but since it is such
important advice, let's say it again: a key element to a successful migration project is
ensuring that your customer—be they internal or external—is committed to the project.
The second piece of advice we want to repeat is to use the right tools to help you with
migration. In the previous chapter, we covered Azure Migrate for running successful
assessments, so we can be quite sure the project team has the correct facts about the
workloads to be migrated.
In this chapter, we will cover the following topics:
• Hands-on migration lab
• Migrating servers to Azure
• Migrating databases
By the end of the chapter, you will have learned how to use the right tools the right way.
Hands-on migration lab | 99
The LAMP server will be used to demonstrate server migration using Azure Migrate and
the MySQL VM will be migrated using DMS. You could deploy a LAMP application from
GitHub—there are many repos that have files for a simple LAMP server. The one used in
the demo is cloned from https://github.com/Anirban2404/phpMySQLapp. The LAMP
installation is covered in the GitHub repo.
We'll break down the process into various stages, starting with the installation of
providers, all the way to cutover.
100 | Performing migration to Azure
In Figure 4.2, you can see the server assessment tools, the results from the
previous lab, and the migration tools that we're going to use in this lab.
2. Once we click on Discover, we'll be asked to confirm the platform where our
servers are deployed. We will select Yes, with Hyper-V as shown in Figure 4.3.
Along with that, we'll set Target region. This is the region where your server
will be deployed post-migration. One thing to keep in mind here is that once
Target region is confirmed, it cannot be changed for the project. Azure will
show a banner with the same content and you have to agree to this condition by
checking the checkbox. After that, we can click on Create resources and the Site
Recovery vault gets created behind the scenes:
3. Azure provides very intuitive steps to complete the replication, starting with the
installation of the replication provider software on our Hyper-V server. Steps will
be prompted to you as shown in Figure 4.4:
102 | Performing migration to Azure
4. We'll follow the steps in Figure 4.4. Let's download the Site Recovery provider
software and install it on our Hyper-V server, and also download the registration
key. You can copy the installation file and registration key to the Hyper-V server
over remote desktop protocol (RDP), or you can use a file share. The installation
is a two-step process and will take some time to install. Once the installation is
done, you will get a window similar to the following one and you can proceed
using the Register button, not the Finish button:
5. It's time to use the registration key that we copied earlier. Click on the Register
button shown in Figure 4.5. On the next screen, you will be asked to choose the
registration key and the rest of the details are auto-filled, as shown in Figure 4.6.
Proceed by clicking on the Next button:
6. You don't have to configure to connect using a proxy—let the server directly
connect to Site Recovery without a proxy server. Hit Next and continue with the
registration process.
7. The last stage is Registration, which will take some time. Once the registration is
done, the window will prompt as shown in Figure 4.7:
8. Now we need to go back to the Azure portal and reopen the project to finalize
the registration. If the connection was successful, you will see the registered
Hyper-V host under 2. Finalize registration. Click on the Finalize registration
button as shown in Figure 4.8. If you are not able to see the host as registered,
follow the troubleshooting guide provided by Azure on the same page:
9. You will get a message on the screen to say that the registration may take around
15 minutes to complete. We need to wait for this process to complete before we
replicate our machines to Azure. Once the process is complete, you will get a
Registration finalized message, as shown in Figure 4.9:
Let's take a look at how to discover the servers that are available to be migrated.
Discovering servers
Our Hyper-V server is configured with the providers, and we need to make sure that
our Azure Migrate project discovered the VMs. Let's head back to the Azure Migrate
landing page and refresh the toolset. As shown in Figure 4.10, you will be able to see that
the migration tool discovered two VMs:
We can see that our VMs were discovered by the Azure Migrate project and we're ready
to replicate these discovered servers.
Replicating servers
As Figure 4.10 displays, the next step is to replicate our servers to Azure. For that, you
need to click on the Replicate option next to Discover. As a side note, you need to
have certain resources created before we replicate, else you may need to restart the
replication process. So, it's better to have your resource group, virtual network, and
replication storage account created before starting the replication:
1. Replication is a five-step process, and we'll start with Source settings. Here you'll
select the virtualization platform or your source as Hyper-V.
2. In the second step, you have to select the VMs that you are migrating to the
cloud. You could use the results of an assessment and migrate, or you can specify
the migration settings manually. For demonstration purposes and to explain the
steps, let's go with the manual option. Select the VMs and hit Next as shown in
Figure 4.11:
106 | Performing migration to Azure
3. It's time to configure Target settings as in the configuration on the Azure side.
You have to set Subscription, Resource group, Replication Storage Account (this
is where the data will be replicated), Virtual Network, Subnet, and Availability
options. The target location cannot be changed. As mentioned earlier, if you
don't have these resources created, feel free to create these resources in your
selected target region and start from Step 2 again. Here is how the configuration
will look if you already have the target resources in place:
4. Hitting Next in the Target settings tab will take you to the Compute tab, where
you can set Azure VM Size, OS Type, and the OS Disk name you are going
to migrate. You could set Azure VM Size as Automatically select matching
configuration, as shown in Figure 4.13, and Azure will select a size matching your
on-premises configuration:
5. After selecting the Compute configuration, you can click on Next and the wizard
will take you to the Disks tab. Here you will get a chance to select the disks that
you want to replicate from on-premises. You can also replicate the data disks if
required; however, in our case, we only have the OS disks. The configuration will
look like Figure 4.14:
6. Once you have selected the disks, you can click on Next and you will reach
the last step. In this step, we will review the target configuration and click on
Replicate to replicate the server to Azure.
7. We can confirm from the landing page whether the replication has started or
not. As shown in Figure 4.15, the Replicating servers section should show two as
we selected two servers for replication:
8. We could also click on 2, which has a hyperlink to show the status of the
replication. This is a lengthy process, and you can track it as shown in Figure 4.16:
9. Once the replication is done, you will be able to see the status of both the servers
change to Protected as demonstrated in Figure 4.17:
Hands-on migration lab | 109
Migrating to Azure
Since the servers are replicated, we can perform the test failover anytime we want.
Performing a test failover will not interrupt any of the services—this stage is to confirm
whether an application is functioning as expected. If not, we can take measures to
remediate this and reattempt the migration without any production downtime.
Let's see how the application looks in our on-premises LAMP application, which is a
demo LAMP application created from https://github.com/Anirban2404/phpMySQLapp:
As mentioned at the beginning of this section, we can perform a test failover and see
whether our application is working fine. In order to perform a test failover, follow these
steps:
1. Navigate to Azure Migrate | Servers and choose Replicate from Migration tools
as shown in Figure 4.19:
2. From the next screen, select the VM that you want to test failover for and click
on the three dots on the far-right side. You'll see a Test migration option as
shown in Figure 4.20:
3. Select the virtual network where you want to deploy the resources and select
Test migration as shown in Figure 4.21:
4. After some time, you will see that the resources have been created. One thing to
note here is that there won't be a public IP or NSG attached to the resources that
are created during the test migration. For us to check them using the internet,
we need a public IP and NSG with SSH and HTTP rules added. If you are not sure
how to make this change, refer to https://docs.microsoft.com/azure/virtual-
network/manage-network-security-group and https://docs.microsoft.com/
azure/virtual-network/associate-public-ip-address-vm.
5. Once the test migration status shows as completed, you can navigate to the
target resource group that you selected in the Azure Migrate project during
the initial configuration. The resources will be deployed, with the test keyword
added as a suffix to the resource name, as visible in Figure 4.22:
7. Once the test migration is done, you need to clean up the test migration before
we perform the actual migration. This can be done using the Clean up test
migration option, which is shown in Figure 4.20. You will be asked to add your
notes and confirm the deletion of the test resources.
8. After cleaning up the test resources, we can perform the actual migration of
resources. To start the migration, navigate to Azure Migrate | Servers and
choose Migrate from Migration tools as shown in Figure 4.24:
114 | Performing migration to Azure
9. You will be asked whether you want to shut down the machines to minimize data
loss. Select Yes to shut down the machines and perform a planned migration
with zero data loss. If you choose not to shut down the VMs, a final sync will be
performed before the migration, but any changes that happen on the machine
after the final sync is started will not be replicated. Let's go with No and select
the machines we want to migrate, as shown in Figure 4.25:
Hands-on migration lab | 115
10. As we saw in the case of the test migration, this process will take some time and
the resources will be created in the target resource group. The servers will have
no public IP or NSG attached to them. You need to follow the process outlined
in the documentation we followed in the test migration to attach the NSG and
public IP. You can reuse the NSG and public IP from the test migration if you
haven't deleted them.
11. Voilà, we have our resources in our target resource group:
12. If we navigate back to Azure Migrate | Servers and refresh the project, we will
get the summary of the migration we have done as shown in Figure 4.27:
With that, we've seen the end-to-end process of migrating servers from an on-premises
Hyper-V host to Azure using Azure Migrate. As mentioned in the introduction of this
section, we are going to see how we can migrate databases to PaaS solutions in the next
hands-on lab.
Hands-on migration lab | 117
Migrating databases
In the Migrating servers to Azure section, we saw how servers can be migrated to Azure
with the help of Azure Migrate. We can directly migrate databases from IaaS to IaaS as
we did in the case of the LAMP server. However, in this section, we will be migrating the
database to a PaaS solution. You can use any on-premises MySQL server that can be
accessed publicly. If you don't have one, for demonstration purposes, you can create a
VM in Azure and install MySQL. In order to work with the hands-on data, you need to
run the following SQL script in your MySQL server:
CREATE DATABASE MOVIES;
USE MOVIES;
CREATE TABLE horror_tbl (movie_id int NOT NULL PRIMARY KEY auto_increment,
movie_title varchar(100) NOT NULL, movie_year int NOT NULL);
INSERT INTO horror_tbl(movie_title, movie_year) VALUES ('Exorcist',1973),
('Hereditary',2018), ('The Conjuring',2013), ('The Shining',1980),
('Texas Chainsaw Massacre',1980), ('The Ring',2002), ('Halloween',1978),
('Sinister',2012), ('Insidious',2010), ('IT',2017);
Though IaaS offers a lot of flexibility in terms of control and administration, PaaS helps
developers or administrators to deploy at ease and be more productive, as most of the
management tasks are performed by Microsoft. PaaS offers a lot of time savings as the
underlying hardware, OS patches and updates, and maintenance tasks are taken care of
by Azure.
To migrate databases to PaaS, we will be using a service called Azure DMS. DMS
empowers customers to perform online and offline migration from a plethora of
database sources to Azure data platforms, with minimal service interruption or
downtime.
DMS offer two different methods to migrate databases: offline migration or online
migration. Offline migration requires the server to be shut down at the start of the
migration, so there is downtime involved in this method. On the other hand, online
migration follows a continuous replication of the live data, also allowing a cutover to
Azure at any time with minimal downtime.
Azure DMS offers two pricing tiers:
• Standard: Only offline migrations are supported. This tier has no charge.
• Premium: Offline and online migrations are supported. There is no charge for
the first six months—after that, this tier will incur charges.
Now that we have some idea about DMS, let's go ahead and create an instance.
118 | Performing migration to Azure
4. Clicking Review + create will initiate the validation process and the service will
be created.
Now that we have created a DMS instance, the next step is to configure the migration
project. Before this, we need to create the target database in Azure. Since we are
migrating MySQL, we need to create an Azure Database for MySQL server.
3. The wizard will take you through the creation process. You need to fill in the
details and configure the compute, storage, and pricing tier for the server as
per your requirements. Since we're dealing with a very small database, a Basic
server with 1 vCPU and 8 GB of storage will suffice. In real-world scenarios, you
should match the compute and storage of the Azure server with the on-premises
configuration to avoid performance issues. The configuration is as shown in
Figure 4.31:
4. With that, we can select the Review + create option, then the Create option, and
the database will be provisioned.
5. After provisioning the database, we need to create a target table where the
data from the on-premises database table should be migrated. We will create
an empty table and map this to our on-premises database when we create a
migration project.
6. The server admin login name can be obtained from the Overview pane of the
database that we created in Step 3.
7. You can use any Linux or Windows computer with MySQL tools installed or
Azure Cloud Shell to work with the server we deployed in Azure. Here, let's
connect from the Bash shell as shown in Figure 4.32:
Here the connection will fail, as the IP address of the machine from which we are
connecting is not in the allowed list of IP addresses and the firewall will stop us
from connecting.
8. To add your IP address to the allowed list of IP addresses, you can navigate to the
server we created and click on Connection security. If you are using Azure Cloud
Shell, you have to enable Allow access to Azure services. Since we are using a
local machine, we will add our IP address as shown in Figure 4.33 and save the
configuration:
9. Now that we've added our IP address to the firewall, let's try to reconnect from
Bash and see if the connection succeeds. You can see in Figure 4.34 that the login
was successful:
10. Our on-premises server consists of a database and has a table named horror_
tbl. Basically, this table stores the names of horror movies and the years they
were released. We need to create a similar table in the MySQL server as we
created in Azure so that the data can be migrated. Let's create a new database
and table using the following commands:
CREATE DATABASE movies;
USE movies;
11. Here is how the databases look in on-premises infrastructure and in Azure:
It's evident from the preceding figure that the on-premises database contains data,
and the Azure database is empty. Now we need to extract the schema from the source
database and apply it to the destination.
Now we need to import this data to Azure Database for MySQL using the following
syntax. This can be run directly from the VM hosting the on-premises database if the
networking allows the connection. Otherwise, the schema needs to be imported on
a machine that has the option to connect to the Azure database or into Cloud Shell
directly:
mysql -h {servername} -u {username} -p {database name} < /path/to/schema
In our scenario, you need to replace the server name and login name with your Azure
Database for MySQL credentials:
mysql -h mysql-rithin.mysql.database.azure.com -u rithin@mysql-rithin \
-p movies < schema.sql
After the import process, we need to switch back to DMS and create a migration
project.
126 | Performing migration to Azure
2. The creation is a very simple process. We need to input a name for the project,
set Source server type (in our case MySQL), and set Target server type, which
is Azure Database for MySQL. Finally, set the type of activity as Online data
migration, as we are planning to migrate without any downtime. The offline
option is not currently available for MySQL. The configuration is as shown in
Figure 4.38:
Hands-on migration lab | 127
3. Once the project is configured, click on Create and run activity. This will take
you to MySQL to Azure Database for MySQL Online Migration Wizard.
128 | Performing migration to Azure
4. The first step in the wizard is to configure the source. Here we need to set
Source server name, Server port, User Name, and Password for our publicly
available on-premises server as shown in Figure 4.39:
Note
You might encounter errors if the MySQL server is not configured properly.
Configuration of the bind-address, bin-logs in mysqld.cnf, and the creation of
a new user with admin privileges might be required for a successful connection.
Refer to https://docs.microsoft.com/azure/dms/tutorial-mysql-azure-mysql-
online#prerequisites.
5. Now we need to configure the target, which includes setting Target server
name, User Name, and Password. Target server name and User Name can be
found from the Overview pane of our MySQL server in Azure. The password
is the one you entered during the service creation—if forgotten, you can use
the Reset Password option. The target server details should be configured as
follows:
Hands-on migration lab | 129
Note
You may get an error message stating that the IP address is not allowed to connect
to the MySQL server. From the error message, you can get the public IP of DMS
and add this IP to the Connection Security pane of MySQL for successful
connection, or enable Allow access to Azure Services. However, this would give
all Azure services in your subscription access to the database.
6. The next step is to select the source databases that need to be migrated to the
cloud. The tool will show you the databases that are available on the on-premises
server. Select the source database and corresponding database as the target. In
our case, we will map the MOVIES database, which is on-premises, to the movies
database that we created earlier. Figure 4.41 shows how the mapping is done
from source to target:
7. We're approaching the last step, where we can configure the migration settings.
At this stage, you can specify which tables need to be migrated and settings for
large objects (LOB) data. Since our dataset is small, we don't need to configure
LOB settings. From Figure 4.42, we can see that the horror_tbl table has been
selected:
8. With that, we proceed to the Summary tab, where we need to add a name for
this activity and review the configuration we have done so far. Clicking on Start
Migration will initiate the migration from the on-premises server to the Azure
server.
9. Soon we will be redirected to a page with the migration status and details of the
source and destination servers, as shown in Figure 4.43:
Hands-on migration lab | 131
10. Since our dataset was 10 rows, it took less than 5 seconds to complete the
migration and notify us that we are ready to cut over. If you choose Start
Cutover, Azure will provide the steps to commit any pending transactions, as
shown in Figure 4.44, and after that you are ready to point your applications to
this database:
11. Even without initiating the cutover, you can check the Azure MySQL instance
and verify that our records are there. The following shows verification done with
Bash by connecting to the instance:
Figure 4.45: Verifying data in the Azure Database for MySQL server after migration
From Figure 4.45, it's evident that we are indeed connecting to the Azure MySQL
instance.
Though we performed the migration from Hyper-V for demonstration, Azure Migrate
supports other platforms and DMS supports other database types as well. Table 4.1
shows links to the official Microsoft content for other platforms including Hyper-V:
Summary | 133
Platform Link
https://docs.microsoft.com/azure/migrate/
VMware
server-migrate-overview
https://docs.microsoft.com/azure/migrate/
Physical servers
tutorial-migrate-physical-virtual-machines
https://docs.microsoft.com/azure/migrate/
AWS instances
tutorial-migrate-aws-virtual-machines
https://docs.microsoft.com/azure/migrate/
GCP instances
tutorial-migrate-gcp-virtual-machines
https://docs.microsoft.com/azure/migrate/
Hyper-V
tutorial-migrate-hyper-v
With that, we have reached the end of the hands-on lab. To conclude, this hands-on
was divided into sections where you were migrating servers using Azure Migrate and
migrating databases using DMS.
Summary
This chapter focused on practical learning via hands-on labs. First, we went through
how to install providers in VMs, then we ran discovery and replication procedures. The
first hands-on lab concluded with the migration of a VM to Azure using Azure Migrate.
Our second hands-on lab focused on MySQL database migration to the Azure Database
for MySQL service using DMS. In this lab, we first created the migration service and
configured it with our target resources. Then we migrated a sample schema. Finally, we
created a migration project and migrated the database to Azure.
Migrating operating systems and databases to Azure is just one step on our cloud
journey. Naturally, the next step is to operate the migrated Linux workloads on Azure.
Chapter 5, Operating Linux on Azure, will give you some practical guidance on this
topic.
Operating Linux
5
on Azure
If you recall the migration roadmap we shared earlier, it was a four-stage process. In
the last two chapters, we covered the Assess and Migrate milestones. In Chapter 3,
Assessment and migration planning, we discussed the need for proper assessment and
thorough planning of the migration, as they are an inevitable part of the process. We
also discussed the tooling used to complete these milestones in our migration journey
in Chapter 4, Performing migration to Azure, and we migrated two Linux servers from
Hyper-V into Azure. The first server was an Ubuntu LTS, and the second was a MySQL
server, which was converted into an Azure Database for MySQL service.
One thing to keep in mind is that the journey doesn't stop there. In this chapter, we
will focus primarily on the remaining stages: Optimize and Manage & Secure. We need
to make sure that workloads are optimized, and that security is top-notch. In an
on-premises environment, security is typically entirely handled by you. However, in the
case of the cloud, you are deploying the workloads to the cloud provider's datacenter.
Here, security will be a major concern, but you need not worry. Azure provides a lot of
services that can change the security landscape of your cloud deployments.
136 | Operating Linux on Azure
The Optimize stage mainly focuses on analyzing your costs, improving the
infrastructure using recommendations, and reinvesting to achieve more. On the other
hand, the Manage & Secure phase talks more about security, data protection, and finally
monitoring.
Some of the key takeaways from this chapter include:
• Optimizing costs on Azure
• Working with Azure Linux agents and extensions
• Linux patching on Azure
• Infrastructure monitoring
Let's continue our migration journey by moving on to the next milestone, Optimize,
where we are going to learn about a number of cost optimization techniques in Azure.
Optimize
At this stage, you may have successfully migrated your services to the Azure cloud. As
mentioned in the introduction to this chapter, however, the journey doesn't end here. If
you remember, during our migration, we had an option to choose the size of the virtual
machines that need to be created in Azure. For demonstration purposes, we let Azure
decide the size of the target virtual machines. A couple of questions will surface at this
point, for example: Is the sizing decision correct? Are the migrated workloads running
efficiently?
The answer to these questions is delivered in the Optimize phase. In this phase, we
ensure that the migrated workloads are running efficiently from a cost standpoint as
well as a performance standpoint. Let's go ahead and cover some of the tools that are
used to optimize the workloads, mainly from a cost perspective.
In the previous chapters, we discussed the relevant tools that are used in the respective
phases. Likewise, the Optimize phase also has a set of tools that can be leveraged by
customers to optimize workloads. Let's take a look at these tools.
If you look closely at Figure 5.1, right next to ACTUAL COST (USD), you can see the
forecasted cost under FORECAST: CHART VIEW ON. The forecast is done using
resources that are currently deployed. Alongside this, ACM provides budgeting and
alerting features so that you will be notified whenever you cross the threshold of your
budget. Furthermore, you can integrate budgets with action groups and invoke Azure
Functions or Azure Logic Apps to automatically shut down workloads when you are
crossing the threshold.
In addition to the aforementioned features, ACM also offers the following advantages:
• You can monitor your AWS costs from ACM using the AWS connector.
• ACM offers richer APIs that can be utilized to build dashboards in your favorite
visualization tool.
ACM also has a Power BI connector that you can leverage to bring the data from Cost
Management to Power BI. At the time of writing this book, the Power BI connector is
only supported for Enterprise Agreement (EA) and Microsoft Customer Agreement
(MCA) customers. Pay-As-You-Go (PAYG) customers have to use the APIs to create
dashboards in Power BI.
138 | Operating Linux on Azure
To conclude, ACM is very powerful in terms of the features it offers and the visibility
it provides in terms of cloud spending. You can analyze the costs of the services or
servers that you have migrated and verify whether they are within your projected
budget. If not, you can think about resizing the server provided you are not
compromising the performance of the application.
With that, we will move on to the next tool used in the Optimize phase—Azure Advisor.
Azure Advisor
Azure Advisor can give you recommendations to review and improve the optimization
and efficiency of your workloads. Azure Advisor is now integrated into the ACM blade to
provide recommendations on cost reduction. Recommendations from a cost reduction
standpoint include suggestions for resizing underutilized Azure virtual machines,
making use of additional discounts, and converting PAYG virtual machines to Azure
Reserved Instances to get significant discounts on workloads that run 24x7.
For underutilized resources, Azure Advisor recommends shutting down or resizing the
instance based on the evaluation. The evaluation metrics can be found here: https://
docs.microsoft.com/azure/advisor/advisor-cost-recommendations.
Recommendations from Advisor do not always involve costs—you will be able to
see recommendations on Cost, Security, Reliability, Operational excellence, and
Performance. Figure 5.2 shows the view from the Advisor blade showing different
recommendations. In this case, most of the recommendations have been completed,
except the Reliability recommendations:
These recommendations can be downloaded as CSV or PDF, which you can share with
other stakeholders who play vital roles in business decision making.
Analyzing costs using ACM and reviewing the recommendations made by Azure Advisor
will help you optimize your workloads in Azure. Now, let's move on to the next phase of
our journey, called Manage & Secure.
The agent talks with Azure Service Fabric via two channels. During virtual machine
deployment, the agent mounts an Open Virtualization Format (OVF)-compliant
configuration file from a virtual DVD image that contains the required provisioning
details. During runtime, communication takes place via the REST API provided by the
agent, allowing Azure Fabric to push information and commands to the virtual machine.
140 | Operating Linux on Azure
When creating your own Linux images or modifying existing images, it is good to
remember that the agent is not completely monolithic—it requires the following
components from the underlying Linux system:
• Python 2.6+
• OpenSSL 1.0+
• OpenSSH 5.3+
• Filesystem utilities: sfdisk, fdisk, mkfs, parted
• Password tools: chpasswd, sudo
• Text processing tools: sed, grep
• Network tools: ip-route
Even if it is technically possible to run Linux on Azure without the agent, it is highly
recommended to always have the agent installed and active in your virtual machine.
Without the agent, you cannot run any remote commands to the virtual machine via
Azure Fabric. Additionally, Azure would not get any status information about the virtual
machine and wouldn't know whether the system was healthy.
All endorsed Linux distributions on Azure come with the agent pre-installed. For your
own images, you may install the agent from DEB and RPM packages, as well as using a
Python-based installation script.
Note
You should always use the version of the agent distributed with the virtual
machine image by your Linux distribution vendor. Only install it manually if there is
no official package available for your Linux flavor.
Here are some useful commands for checking that the Azure Linux Agent is installed
and updated to the latest version:
• To check whether it is installed and to show the current version number on
Ubuntu:
Figure 5.3: Checking the Azure Linux Agent version number on Ubuntu
Manage and Secure | 141
Alternatively, you can run waagent --version, which can be used on any
distribution without needing to run any package manager-related commands.
• To update the agent or install it in the event that it is missing, run the following
command:
In our example, the agent was already installed and on the latest version as well.
Azure Linux Agent has a built-in mechanism to update itself. It is good to ensure that it
is enabled by editing its configuration file, /etc/waagent.conf:
Note
You can learn more about the technical details of the agent from GitHub as the
agent is released as open source: https://github.com/Azure/WALinuxAgent.
It is also good to be familiar with cloud-init, a very popular tool for customizing a
Linux virtual machine as it boots for the first time. It can be considered an alternative
to Azure Linux Agent. You can read more about it here: https://docs.microsoft.com/
azure/virtual-machines/linux/using-cloud-init. cloud-init works across Linux
distributions and does not depend on the package manager.
Extensions
Azure extensions are tiny helper applications that provide configuration and
automation functionality for Azure virtual machines. These extensions can be used
once the virtual machine and operating system have been deployed and started. They
can also be used during virtual machine deployment using Azure Resource Manager
templates.
142 | Operating Linux on Azure
Extensions are part of the Azure Linux Agent functionality set, but each extension has
its own set of features and use cases.
To list all the available extensions for Linux on Azure, you can run the following Azure
CLI command:
az vm extension image list --location southeastasia --output table
The list is quite long and contains extensions from Microsoft and third-party
publishers. In this example, we have used Southeast Asia as a location. You should
choose your nearest region unless you are working with a specific remote location.
Note
You can explore all the options of the extension image module here: https://
docs.microsoft.com/cli/azure/vm/extension/image?view=azure-cli-latest#az-vm-
extension-image-list.
Virtual machine extensions can also be found in the Azure portal (see Figure 5.6). You
can choose Extensions under the virtual machine properties and add them using the
installation wizard:
Manage and Secure | 143
Extensions are very useful not only for deploying workloads and their configurations,
but also during troubleshooting and debugging.
Data protection
In Azure, your data can be protected in multiple ways and in multiple layers. The
encryption models supported by Azure are as follows:
• Client-side and server-side encryption
• Azure disks and Azure Storage Service Encryption
• Client-side encryption of Azure blobs
• Various encryption methods for databases and database services
• Encryption of data in transit
• Key management with Key Vault
Depending on your migration workloads and their architecture, you may want to utilize
one or more of these encryption features in your project.
144 | Operating Linux on Azure
For example, if your source virtual machine is using encrypted filesystems, you could
migrate it to Azure as-is. However, for performance reasons, it may make sense to turn
off the filesystem encryption and to enable encryption on Azure Storage or Managed
Disk.
If your entire on-premises storage system is encrypted, the most logical choice is to
encrypt at the Azure Storage level as well.
Note
You can read more about the various encryption functionalities in the
encryption overview documentation: https://docs.microsoft.com/azure/security/
fundamentals/encryption-overview.
There are certain recommendations and limitations when it comes to using Azure
Disk Encryption with Linux virtual machines, and right now there is no direct way
of removing encryption from the operating system disks on Linux virtual machines,
making the troubleshooting process in the case of "no boot/no ssh" for ADE operating
system-encrypted virtual machines quite time-consuming. Currently, the memory
requirements shown in Table 5.1 apply:
Manage and Secure | 145
Note
Once encryption is complete, you may reduce the virtual machine's memory size.
Keep in mind that it is mandatory to have temporary disks enabled in order to use
Azure Disk Encryption. On a practical level, this makes virtual machine types Dv4, Dsv4,
Ev4, and Esv4 unable to use disk encryption.
Another limitation is that generation 2 virtual machines and Lsv2-series virtual
machines are not supported currently. You can find all unsupported scenarios
documented here: https://docs.microsoft.com/azure/virtual-machines/linux/disk-
encryption-linux#unsupported-scenarios.
The list of supported Linux distributions for Azure Disk Encryption is quite extensive,
but it covers only a subset of all endorsed distributions. As the list is updated
frequently, we won't include it here, but you can find the up-to-date list in the Azure
documentation: https://docs.microsoft.com/azure/virtual-machines/linux/disk-
encryption-overview#supported-operating-systems.
Next, let's take a look at how to keep up with updates and security patches for Linux on
Azure.
Red Hat Enterprise Linux (RHEL) updates are available from Azure directly
running Red Hat Update Infrastructure. This update repository is available for PAYG
deployments of RHEL. For virtual machines deployed using the Bring-Your-Own-
Subscription (BYOS) method, you need to use Red Hat's own update servers or your
own company's Red Hat Satellite server to download updates.
Read more about RHEL on Azure updates and the Azure RHUI here: https://docs.
microsoft.com/azure/virtual-machines/workloads/redhat/redhat-rhui.
Note
If you have a Red Hat Satellite server, you can continue to use it with RHEL on
Azure for virtual machines that have been migrated from on-premises to Azure.
Satellite can also be used with BYOS installations.
You should not use Satellite with PAYG images as you would be consuming
your RHEL client certificates as well as consuming your PAYG subscription and
practically paying twice for the RHEL installation.
SUSE Linux Enterprise Server (SLES) has a slightly different architecture for the
update servers: your SLES virtual machines will get updates directly from official
SUSE‑operated repositories. You can find more details on SLES and Azure updates from
the SUSE documentation: https://www.suse.com/c/?s=cloud-regionsrv-client.
To update your Linux servers on Azure, you can do it the old-fashioned way by logging
in to the servers via SSH and invoking apt-get update or yum update depending on
your Linux distribution. Ubuntu on Azure can get also updates from mirrors hosted on
Azure. The repository server alias configured by default on Ubuntu images on Azure
is azure.archive.ubuntu.com. This host name is resolved to the actual server in the
region of your resource group:
In this example, you can see that the nearest Ubuntu update server for me was located
in the Southeast Asia region and that its IP address was 20.195.37.151.
Manage and Secure | 147
Azure Update Management does not replace the normal update mechanism or package
manager of a Linux distribution, but it issues requests to those to execute the required
maintenance tasks. Practically, this means that, for example, the Ubuntu updates are
still being installed by the apt tool and, for example, in RHEL, the updates are being
managed by yum. The updates are fetched from the repository configured in the Linux
installation.
On Linux, the available updates are automatically polled once per hour by Azure Update
Management.
Now, let's take a look at the next hands-on lab for managing Linux on Azure to guide
you further in your cloud journey.
If you would like to collect any facility outside the list, then you may need to configure
a custom data source in Azure Monitor. In our hands-on exercise, we will onboard the
LAMP server, which we migrated in Chapter 4, Performing migration to Azure, to the
Log Analytics workspace, and then we will configure it to collect the syslog.
The first step will be to onboard the virtual machine to send logs to the Log Analytics
workspace.
150 | Operating Linux on Azure
2. Clicking on New will redirect you to the wizard to create a workspace and the
Basics tab requires basic information such as Subscription, Resource group,
Name, and Region. You can complete these details as shown in Figure 5.12 and
proceed to Pricing tier:
Hands-on managing Linux on Azure | 151
3. For Pricing tier, you can keep the default value: Pay-as-you-go (Per GB 2018).
You can also reserve the capacity reservation if required; however, for this
hands-on exercise, it is not required.
Finally, you can click on Review + Create and the workspace will be created.
152 | Operating Linux on Azure
2. Click on the virtual machine name and you will be taken to a new page where
you will be able to see the Connect option, as shown in Figure 5.14. Please note
that in order for the connect operation to succeed, the virtual machine should
be in the running state, otherwise it will fail. Also, make sure that walinuxagent
is installed, as already recommended in the Manage and Secure section, and that
the agent is listed as Ready under the Properties blade of the virtual machine.
Click on Connect, after which the extension will be configured on the virtual
machine:
Hands-on managing Linux on Azure | 153
3. If you navigate back to the previous Virtual machines blade, you will be able to
see that the status has been changed to Connecting, as is visible in Figure 5.15.
This process will take some time and Log Analytics extensions will be configured
on the selected virtual machine:
4. Once the extensions are installed, the virtual machine is onboarded to the Log
Analytics workspace. You can confirm this by verifying that the status of the
connection is Connected.
Onboarding is complete; however, we still haven't configured that Log Analytics
workspace with instructions about what type of event data should be pulled from the
virtual machine. In the next section, we will configure data collection.
Data collection
We have onboarded our virtual machine, and the Log Analytics extension is ready to
collect the data and ingest it into the Log Analytics workspace. However, we need to set
up data collection, that is, we need to specify which datasets we need to pull from the
virtual machine. We can configure the collection as follows:
1. Navigate back to the Log Analytics workspace we created and select Agents
configuration, as shown in Figure 5.16:
3. After configuring the performance counters, you can click on the Syslog tab.
Clicking on Add facility will list all the facilities available to you, including auth,
authpriv, and cron. Also, you can specify the logging level for each facility. You
can add the following facilities as shown in Figure 5.18. Once added, click on
Apply to save the configuration:
156 | Operating Linux on Azure
With that, we have configured the data collection. Now we need to verify whether the
data is getting ingested into the Log Analytics workspace, and ingestion will take some
time after completing the onboarding. In the next section, we will run some sample
queries and see whether we are getting results.
Querying data
In the previous section, we configured several performance counters and syslog
facilities that need to be ingested into our Log Analytics workspace. Now, we will query
these logs using KQL and verify whether we are getting the data ingested from the
virtual machine.
There will be different tables to store the performance, syslog, and other data. You can
query the logs of the virtual machine by scoping your queries to the specific virtual
machine. If you run the query from the workspace level, logs from all onboarded virtual
machines will be returned. Nevertheless, you can change the scope from here, too. In
our case, there is only one virtual machine onboarded to the workspace, so querying
from the Virtual machines blade or the Log Analytics blade will be the same. However,
let's query from the Virtual machines blade to make sure that we are looking at the
right scope:
Hands-on managing Linux on Azure | 157
1. Navigate to Virtual machines and open the virtual machine we migrated from
on-premises in Chapter 4, Performing migration to Azure. From Monitoring,
select Logs, as shown in Figure 5.19:
2. To list all the tables in the workspace, you can run a search * | distinct
$table, in the query window and see the results in the Results window. An
example is shown in Figure 5.20:
3. In the results, you can see multiple tables, such as Syslog, VMProcess,
VMBoundPort, VMConnection, and Perf. Let's query some tables and check the
results. All the following scripts need to be run on the query window.
4. Return all informational logs where the syslog message contains rsyslog:
Syslog | where SeverityLevel == "info" and SyslogMessage contains
"rsyslog"
5. Render a time chart for the % Used Memory performance counter:
Perf | where CounterName == "% Used Memory"
| project TimeGenerated, CounterValue
| render timechart
6. Return all external connections made by processes, including the destination IP
and port number:
VMConnection
| where DestinationIp !startswith "127.0.0"
| distinct ProcessName, DestinationIp, DestinationPort
Summary | 159
You can run any sort of query using the available dataset. KQL is very powerful, and
it can perform wonders on your dataset. With this exercise, we have reached the end
of the hands-on lab. In this lab, we onboarded the on-premises virtual machine we
migrated in Chapter 4, Performing migration to Azure, to the Log Analytics workspace
and ingested the performance and syslog into the workspace. Furthermore, we queried
the ingested data using KQL to obtain some results and time charts.
Summary
This chapter has covered various details about how to effectively operate Linux on
Azure. First, we went through the Optimize phase, including the ACM and Azure
Advisor tools. Then, we proceeded to the Manage & Secure phase, where we spent some
time with the data protection functionality as well as the Azure Linux Agent.
Just before the hands-on lab, you also learned how Azure Update Management works in
conjunction with various Linux distributions' update mechanisms.
We have now covered all the topics regarding assessing, migrating, and operating Linux
on Azure. What happens when something doesn't work as you expect? Let's find out in
the next chapter, where we will guide you through troubleshooting Linux on Azure.
Troubleshooting and
6
problem solving
Our migration journey started in Chapter 3, Assessment and migration planning, where
we saw the importance of assessment and its contribution to the overall migration
journey.
In Chapter 4, Performing migration to Azure, we witnessed the actual migration of Linux
workloads to Microsoft Azure Virtual Machines as well as to managed services. Chapter
5, Operating Linux on Azure, was more about the post-migration strategies and tools
for optimizing and securing workloads in Azure.
At this point, we have our virtual machine (VM) successfully migrated to Azure. Time to
pack your bags and consider the job well done. However, sometimes things don't work
the way they should. You might be getting strange errors in your log files or your client
might be complaining that the migrated application is behaving incorrectly. You could
even find out that your VM doesn't boot at all.
Being able to analyze the problem and debug the affected system yourself is quite
important. You don't want to get stuck in the middle of your migration project just
because you don't know how to figure out why something doesn't work.
162 | Troubleshooting and problem solving
This chapter will help you to learn and understand how to assess, debug, and fix the
most common issues in Linux to Azure migration projects. These topics are also useful
for newly created Linux VMs on Azure.
In this chapter, you will learn about the following:
• Remote connectivity and VM start issues
• Common Linux runtime challenges
• Azure diagnostics tooling – a summary
• Opening support requests
To get the most from this chapter, you should be familiar with the typical debugging
methods for on-premises or hosted Linux servers. On Azure, some aspects of
debugging work a bit differently compared to on-premises.
Let's start by discussing the most unwanted problem—a VM you can't connect to.
In this case, the user tried to connect to an Azure VM's private IP address, 10.0.0.1,
directly from their laptop. This fails as the private IP addresses on Azure are always
in the private IP range and cannot be directly accessed via the public internet. This is
a change from your typical on-premises environment where you might have had the
ability to directly connect to any VM in your datacenter. The actual error message may
differ depending on your operating system and the actual cause of the connection
failure.
Azure VMs typically have two IP addresses: the private internal IP and a public
external IP. You can get a list of all the IP addresses of a VM from the Azure portal or
the command line. With the Azure CLI you can use the az vm list-ip-addresses
command, as shown in Figure 6.2:
Remote connectivity and VM start issues | 163
If the connection still doesn't work when using the public IP address, the cause is
probably one of the following:
• An Azure network security group is blocking the connection.
• The SSH service is not running on the VM.
• The Linux firewall is blocking the connection.
These are the most common issues we have seen. If your issue is not one of these, you
will find more analysis guidance later in this chapter in the Azure diagnostics tooling – a
summary section.
Network connectivity issues can be analyzed using the Azure Connection Troubleshoot
tool found on the Azure portal, as shown in Figure 6.3:
In this example, we can see that the Azure network connection is working correctly and
the problem is not in the network security group settings.
You can use the same method to run any commands remotely, for example, to turn off
the Linux firewall if you suspect it might be blocking your SSH connection.
The Azure portal also offers a simple user interface to run commands and simple
scripts remotely, as shown in Figure 6.5:
For the extensions to work, you need to have the Azure Linux Agent installed and
running on the VM, as Azure extensions use it to execute commands on the VM.
If the remote SSH connection still doesn't work, the reason could be a bit more serious:
your VM might not actually boot properly, and it is not possible to fix this using scripted
tools.
166 | Troubleshooting and problem solving
The system logs are captured from the virtual serial terminal and are read-only. You
can use the boot logs to find out about and diagnose problems.
If you need to log in to the system to fix the problem, you can use the Azure Serial
console functionality, which can be also found in the VM Support + troubleshooting
section of the Azure portal, as shown in Figure 6.7:
Remote connectivity and VM start issues | 167
In this example, we can see that the Ubuntu server is stuck at the GRUB bootloader
screen waiting for interaction from the user. At this point, you can proceed to fix the
problem as you would do on any on-premises physical or virtual Linux server. We
won't go into the details of fixing this particular problem since it could be caused by a
number of issues, ranging from a failed kernel upgrade to a misconfigured partitioning
configuration. Instead, let's look at an overview of typical boot failure causes.
There could be various reasons for a VM not booting. Microsoft has published the
following notes regarding Linux on Azure:
• Hyper-V virtual hard disk (VHDX) format is not supported. Use fixed VHD
instead.
• VirtualBox dynamically allocated disks are not supported. Use fixed size instead.
• The maximum VHD size is 1,023 GB.
• Using Logical Volume Manager (LVM) on system disk may cause name collisions.
It is recommended to use the standard partition for the system disk and LVM
only on data disks.
• UDF file system support is mandatory, so do not disable it. It is used by the Azure
Linux Agent.
• Kernel versions before 2.6.37 and Red Hat kernel versions before 2.6.32-504 don't
support non-uniform memory access (NUMA). Disable it with the numa=off
parameter in grub.conf.
• Do not use the system disk for the swap file. Let the Azure Linux Agent set up the
swap on the temporary resource disk.
There are some very common issues with booting Linux on Azure that happen when
migrating from Linux Kernel Virtual Machine (KVM) or VMware virtualization to
Azure. By default, Linux distributions don't include the Hyper-V driver in the ramdisk
image. As Azure runs on Hyper-V hypervisors, the hv_vmbus and hv_storvsc kernel
modules are necessary for Linux to boot on Azure.
If you encounter this problem, the proper fix is to run these commands on Linux before
migrating the VM into Azure:
sudo mkinitrd --preload=hv_storvsc --preload=hv_vmbus -v \
-f initrd-'uname -r'.img 'uname -r'
Please note that it is not possible to fix this problem on Azure by using this VM directly.
Typically, it is better to fix the source image and move it to Azure again. However, the
method for fixing this situation on the Azure side would be to mount the disk on a
working VM and apply the fixes that way.
Common Linux runtime challenges | 169
Sometimes you may encounter boot issues due the virtual disk size, especially if you
have created the disk manually on your source system and have converted a raw disk to
VHD. All virtual drives on Azure must use 1 MB size alignment. This can be fixed before
uploading the image to Azure, for example by using qemu-img to convert the image:
rawdisk="MyLinuxVM.raw"
vhddisk="MyLinuxVM.vhd"
MB=$((1024*1024))
size=$(qemu-img info -f raw --output json "$rawdisk" | \
gawk 'match($0, /"virtual-size": ([0-9]+),/, val) {print val[1]}')
rounded_size=$(((($size+$MB-1)/$MB)*$MB))
echo "Rounded Size = $rounded_size"
qemu-img resize MyLinuxVM.raw $rounded_size
qemu-img convert -f raw -o subformat=fixed,force_size \
-O vpc MyLinuxVM.raw MyLinuxVM.vhd
After your image is converted correctly, you may upload it to Azure again and start it.
Once your server boots properly we can focus on possible runtime issues.
SELinux
Security-Enhanced Linux—more commonly known as SELinux—is a security module for
the Linux kernel, which provides a mechanism for supporting various access control
policies to the operating system. There are some alternatives to SELinux, such as
AppArmor, but they are not commonly used currently. SELinux can be considered the
standard way of securing Linux installations.
170 | Troubleshooting and problem solving
To check the status of SELinux on your Linux VM you can run the sestatus command.
It prints out many variables, as shown in Figure 6.8:
In this example, you can see the SELinux status is enabled and the operating mode
is enforcing. Figure 6.8 is taken from a CentOS 8.2.2004 VM installed from Azure
Marketplace.
SELinux is available for all the common Linux distributions. However, it may not be
enabled by default, or it may be configured in permissive mode by default. The three
operating modes for SELinux are:
• enforcing: SELinux security policy is enforced.
• permissive: SELinux prints warnings instead of enforcing the policy.
• disabled: No SELinux policy is loaded.
One of the most common SELinux-related questions is: How do I disable SELinux? The
correct answer should always be: You don't. The recommended operation mode is, for
practical reasons, permissive. In the enforcing mode, there is a high probability that
many applications from independent software vendors (ISV) will stop working or have
some unexpected runtime errors. However, if you are running applications developed
in house, or are sure the applications are compatible with SELinux in enforcing mode,
then naturally the recommendation is to use enforcing mode.
By running SELinux in permissive mode, you can be sure your applications will run
and that you can catch possible security problems by auditing the security logs. When
developing new applications, it is recommended to use enforcing mode. This way you
can be sure your application will run in any production system.
You can learn more about SELinux and the reasons why it should be not disabled in this
amazing SELinux coloring book authored by Dan Walsh and illustrated by Máirín Duffy:
https://github.com/mairin/selinux-coloring-book.
Common Linux runtime challenges | 171
On Azure, you can use SELinux in enforcing or permissive mode without problems in
most cases. The only time when you need to turn off SELinux completely is when you
want to start encrypting a Linux OS disk on Azure. After the encryption is complete,
you can enable SELinux again.
If you have SELinux completely disabled or running in permissive mode first, and
later decide to switch on enforcing mode, you will probably need to fix the file security
labels. The easiest way to do this is by telling SELinux to relabel the filesystem on the
next reboot, and then to reboot the server as follows:
sudo touch /.autorelabel; sudo reboot
After the server is up again, SELinux will have the whole filesystem labeled and the
security contexts of the files should be up to date again.
Note
If the system was installed without the selinux-policy package, you will need to
make sure SELinux is initialized during system startup. The dracut utility must be
run to set SELinux awareness for the initramfs filesystem.
Not doing so will cause SELinux to not start during system boot.
A useful reference for SELinux-related issues can be found via Red Hat: https://access.
redhat.com/documentation/red_hat_enterprise_linux/6/html/security-enhanced_
linux/sect-security-enhanced_linux-working_with_selinux-changing_selinux_
modes.
Next, let's take a look at typical storage issues and how to work around them.
The disk drive for /var/lib/mysql is not ready yet or not present.
Continue to wait, or Press S to skip mounting or M for manual recovery
• A serial log entry shows an incorrect UUID
These other common causes can be sometimes fixed by restarting or often by manually
fixing the filesystem. For this, you can use either the serial console access as described
earlier in this chapter, or alternatively attach the broken virtual OS disk to another VM
as you would do in any on-premises system.
The Azure CLI provides an extension called vm-repair that makes it easy to create a
repair VM and attach the broken VM disk to it. You can find more information about
this extension from here: https://docs.microsoft.com/cli/azure/ext/vm-repair/vm/
repair. Note that this extension requires Azure CLI version 2.0.67 or higher.
Common Linux runtime challenges | 173
Note
The Linux system disk encryption process tries to unmount the system drive
before running it through the disk encryption process. If it can't unmount the drive,
an error message of failed to unmount after … is very likely to appear.
Resizing disks
In case you happen to run out of storage space on your VM's system or data disks,
Azure allows you to scale the VMs up and down quite easily, but there are some tasks in
the Linux OS to be done to ensure the VM survives the changes.
Note
To test these commands, we recommend you create a new Linux VM on Azure. In
the following screenshots we used a CentOS 7.9-based VM image.
174 | Troubleshooting and problem solving
First, we need to find out the current VM disk size. The az command is a very powerful
tool to query various aspects of a VM:
az vm show -g vm1_group -n vm3 \
--query "[storageProfile.osDisk.diskSizeGb, \
storageProfile.osDisk.name, hardwareProfile.vmSize]"
This command lists the operating system disk size, unique name, and the VM size
parameters, as shown in Figure 6.9:
If you get an error, it is quite possible that the VM is not running. Start it and try again.
In our example the disk size was 30 GB and the VM is of the Standard_A1 type. The disk
name is vm3_OsDisk_1_b728efd7b94e41d6beefe4a1e8a35f15.
To modify the disk the VM needs to be deallocated—just stopping it is not enough. After
the VM has been deallocated we can proceed to increasing the system disk size.
Note
Currently, you cannot shrink disks in Azure. When increasing disk size, only add the
space you will need.
If you would like to verify that the change was implemented, you can show the actual
disk size as follows, even when the VM is not running:
az disk show -g vm1_group \
-n vm3_OsDisk_1_b728efd7b94e41d6beefe4a1e8a35f15 \
--query "diskSizeGb"
This will print out the size in gigabytes and should show 50 in this case. Now we have
successfully resized the disk on the storage system side, but at this point Linux thinks
the disk size is 30 gigabytes.
Next, you will need to start the VM and log in to Linux with SSH. Now, in the Linux
terminal, you can proceed to check whether you need to manually increase the volume
size and filesystem size as you would do on any other Linux server.
Since there are numerous different ways to do these tasks, we will not be addressing
them all. Azure doesn't set any limitations on how you manage the disks from within the
Linux operating system.
In our test system, CentOS 7.9, it seems that the virtual disk size change on the sda2
device was automatically recognized by the operating system at boot time, as you can
see in Figure 6.11.
You can run the lsblk command to see the block device sizes on your VM:
To see if the filesystem has also noticed the increase in the block device size, you can
run the df -hT command. Our system demonstrated that the XFS filesystem on the
sda2 disk was automatically resized:
176 | Troubleshooting and problem solving
For many years, Linux administrators had to manually resize block devices and
filesystems after the physical or virtual storage size was changed. Nowadays, some
Linux distributions can resize the system disk automatically for you at boot time or
even at runtime. Data disks still require you to manually grow the partition or volume
size and to grow the filesystem size as well.
For data disks, the process is very similar. The biggest difference is that you can do
it while the VM is running. To do this you practically need to unmount the disk and
detach it from the VM before you modify the virtual disk size. Consider taking backups
before modifying partitions, volumes, or filesystems manually—there is a risk of data
loss if you make even a small error in the process.
You can find details about data collections supported by the Log Analytics agent here:
https://docs.microsoft.com/azure/azure-monitor/agents/agent-data-sources.
This documentation will give you a good set of tools you can use to analyze the
performance of your VM.
In on-premises environments, it is a common practice to use tools such as dd to see
how the storage is performing. In Azure however you should not rely on the results
of this command. Instead, you should use a tool called fio, available from most Linux
distribution repositories. It gives reliable results when analyzing the actual disk
performance, measured as input/output operations per second (IOPS).
To use fio, you will first need to create a new file called fiowrite.ini with the
following content:
[global]
size=30g
direct=1
iodepth=256
ioengine=libaio
bs=4k
numjobs=1
[writer1]
rw=randwrite
directory=/
The last parameter tells us which directory or mount point we want to use for testing.
In this case, we are using the system disk, which is mounted on the root directory.
To start the test, run the following command, which starts a test that runs for 30
seconds:
sudo fio --runtime 30 fiowrite.ini
178 | Troubleshooting and problem solving
We have highlighted the IOPS line in yellow. In this case, the average IOPS number was
741.21. We used a standard SSD disk and the Standard A1 VM type with 1 vCPU and 1.72
GiB memory. The system disk was 30 GB with the nominal maximum IOPS being 500.
The storage encryption on this server used server-side encryption with a platform-
managed key.
There are various guides available for optimizing the storage performance for Linux
on Azure users. One very good (although slightly old) guide is this blog post: https://
docs.microsoft.com/archive/blogs/igorpag/azure-storage-secrets-and-linux-io-
optimizations.
The blog post covers many details about performance tuning and is worth reading
even if you don't have performance problems currently. It is always worth optimizing
performance.
Azure diagnostics tooling – a summary | 179
Next, let's take a look at what tools Azure provides to analyze and debug VM problems.
These guides should give you decent tools to analyze and fix most of the problematic
situations you might encounter after you have migrated a Linux VM into Azure. These
are also applicable for all VMs created directly on Azure.
Let's not forget there are also various ways to ask for help from Microsoft if you have
problems with Azure.
In this example, our problem is described as I can not SSH to this VM, and the New
support request tool was able to suggest a couple of possible problem types. We
selected Cannot connect to my VM for the Problem type option, and My configuration
change impacted connectivity for the Problem subtype option.
In the Solutions tab, we will find a possible solution to the problem:
In many cases, these automatic suggestions can guide you through fixing the issue. As
you can see in this example, it appears the VM is not running—probably because the
Azure Linux Agent is not reachable. The system recommends you use the previously
mentioned serial console method to connect to the server.
182 | Troubleshooting and problem solving
Sometimes you may need assistance from Microsoft Technical Support, or you may
have found an actual bug in Azure or one of the supported Linux distributions. In that
case, you will be presented with the option to open a support ticket or ask for help from
the Azure Community.
The availability of Microsoft Technical Support depends on your contract with
Microsoft:
In our example, we used a subscription that does not include technical support. By
clicking View plans (shown in Figure 6.17), we can see the various technical support
plans:
Which plan is best for you depends on many factors. A Microsoft sales representative
can provide you with further guidance if you are unsure about choosing a plan.
Additionally, there is support available from Linux vendors via Azure Marketplace. As
shown in Figure 6.19, by clicking on the Marketplace tab, you can see all available Linux
support plans that are valid for this specific VM:
In this example, the Linux distribution installed on this VM was Ubuntu. Canonical,
the company publishing Ubuntu, offers a support plan called Ubuntu Advantage
Infrastructure Support, as shown in Figure 6.19. As you can see in this case, we have
not purchased the plan.
All commercial Linux vendors have their own support packages available for purchase
or offered already bundled in the enterprise subscription.
Summary
Having completed this chapter, you should be able to debug and fix some of the
most common issues with Linux on Azure. In this chapter, we talked about remote
connectivity issues and how to solve these problems if your VM does not let you log
in. We also discussed the typical boot problems and discovered the Azure tools that
can help in resolving these situations. SELinux- and storage-related issues are quite
common runtime problems, which were also covered in this chapter. We also addressed
Linux on Azure performance analysis. Finally, we explained how to find support for
Linux on Azure from Microsoft Technical Support and Azure Marketplace partners.
184 | Troubleshooting and problem solving
This book took a holistic approach to migrating Linux workloads from on-premises
infrastructure to Azure. Starting from the planning, assessment, service dependency
building, replication, and testing migration, to a complete cutover from on-premises
to Azure, the hands-on labs we developed for you should have provided a quick start
to your first real migration project. We have shared some of the best practices and
vital points that need to be incorporated while migrating Linux workloads to Azure.
Consider these recommendations and adopt them in your migration projects. It will
accelerate them and contribute to the success of the migration, along with saving a lot
of time.
At this point, we would like to congratulate you on learning many new useful skills.
We have spent quite a long period of our lives working with Azure, Linux, and many
other open-source technologies, many of which have been discussed on the pages of
this book. We hope you have enjoyed reading the book as much as we enjoyed writing
it. Certain things you cannot learn by reading books or documentation or even by
following official training courses. Those things can be only learned by trying and doing
things yourself.
For further reading we recommend reading about the Microsoft Cloud Adoption
Framework (CAF) for Azure: https://docs.microsoft.com/azure/cloud-adoption-
framework/. It is a collection of best practices, tools, documentation, and other useful
proven guidance from Microsoft designed to accelerate your cloud adoption journey.
Now it is your turn to do good—teach others about what you have learned. Take the
information from this book, be successful in your Linux to Azure migration projects,
and do not forget to share your knowledge with others!
The change was not only about Linux. Microsoft also released the Edge browser, Visual
Studio Code, and Microsoft Teams for Linux, actions that indicated their readiness to
welcome and fully embrace Linux. In 2018, Microsoft developed their own Linux flavor
called Azure Sphere, which is used in IoT devices. With the recent update of Windows
10, Microsoft shipped a full Linux kernel, which opened the doors for developers who
are working on Linux development as well as cross-platform. Very soon, the usage of
Linux increased and outshone Windows usage in Microsoft Azure. The anti-Microsoft
ideology that was present among Linux users is long gone. Looking at all the progress, it
is obvious that Microsoft truly loves Linux. All of Microsoft's open-source contributions
to the community can be found at https://opensource.microsoft.com/.
Many organizations now use Linux for running a variety of workloads, varying from
workstations to SAP clusters, and the features and support offered by Linux on Azure
welcomed them to the benefits of the cloud. Administrators can administer their Linux
workloads as they normally manage on-premises Linux computers. Azure now provides
tools like Azure Migrate, Azure Site Recovery, and Azure Database Migration Service,
which accelerate the migration of workloads to Azure.
Organizations that initially believed that cloud computing is expensive have now
started to explore the benefits, savings, and features of the Azure cloud. Since these
organizations have license subscriptions from popular vendors like RedHat and SUSE,
it is easy for them to reuse the same license subscription in Azure as well, without the
need to spend extra for licensing in the cloud. Apart from the cost perspective, scaling
and high availability are far better than what organizations could achieve in their
on-premises infrastructure. Also, it's worth mentioning the security and governance
features that Azure provides for running Linux workloads. If you have workloads
that are hosted on-premises, outside Azure, due to compliance reasons, then Azure
Arc-enabled servers provide you with the ability to manage them natively from the
Azure portal.
As we speak, Microsoft is developing new Azure features, pushing updates to preview,
and promoting updates to general availability. If you look at the Azure Updates page
(https://azure.microsoft.com/updates/?query=Linux), you will be able to see all the
new Linux-related updates coming to Azure. The updates are in chronological order,
and looking at the number of updates coming in, you will realize the dominance of
Linux on Microsoft Azure. It is 2021 and today, even if it may sound a little absurd to
some people, the fact is that Microsoft is really an open-source organization.
>
Index
About
All major keywords used in this book are captured alphabetically in this section. Each one is
accompanied by the page number of where they appear.
A apt-get: 141, 146 boot: 5, 144, 161, 165-169,
Arc-enabled: 185 171, 175-176, 183
accelerate: 62, 70, 184-185
architecture: 11-12, 19, bootloader: 167
access: 24, 39, 48, 98, 122,
22-23, 35-36, 59-60, breakdown: 75, 89, 136
129, 166-169, 171-172
64, 66, 68-69, 75, budgets: 137
account: 25, 36, 44, 47,
95, 143, 146-147 bug-free: 4
68, 73, 105-106
assemble: 5, 19 build: 24, 137
acquired: 30-31
Assessing: 57-58, 70, bulbs: 24
acquisition: 30-31
75, 77, 95, 159 BYOS: 24, 39, 146
Actions: 80, 185
assessment: 45, 55, 57-59,
add-ons: 55
address: 1, 37, 80,
67-68, 70-72, 75-76,
78-79, 85-90, 94-95,
C
83-84, 113, 122-123,
97-101, 105, 135, 161, 184 Cache: 60
129, 146, 162-163
auditing: 170 CAF: 62, 66-67, 184
admin: 122, 128
authenticate: 48, 81 Canonical: 5, 18, 29-30,
adopt: 62, 69, 184
AzCopy: 62 34-35, 50-52, 55, 183
Advisor: 35, 138-139, 159
azps-: 54 CapEx: 24
agent: 33, 72, 91-94, 100,
Azure: 1-2, 5, 11, 13-14, Cassandra: 173
139-142, 147-148, 152,
16-25, 27-29, 31-49, catalyst: 68
159, 165, 168, 177, 181
54-55, 57-58, 60-77, CentOS: 5-6, 18, 24,
Agent-based: 71-72, 90-91
79-82, 84-90, 93-95, 28, 31-32, 37-38, 46,
agentless: 71-72, 90
97-101, 104-110, 112-113, 59, 75, 170, 173, 175
agent-linux: 141
116-118, 120-133, Chainsaw: 117
allocate: 14
135-150, 152, 155, chpasswd: 140
analysis: 13, 59, 71-72,
157, 159, 161-185 Cisco: 64
75, 90, 94, 99, 136,
Client-side: 143
163, 176, 183
Analytics: 13, 33, 72, B cloud: 1-2, 6, 8, 11, 13-17,
20-21, 23-24, 27-30,
90-91, 94, 148-154,
back-end: 8, 23 32-33, 39, 41-42, 44-46,
156, 158-159, 176-177
balancer: 8 55, 58, 61-69, 71, 73,
Ansible: 30, 34, 147
Bash: 4, 47, 122-123, 132 90, 98-100, 105, 122,
Apache: 7, 10, 13, 19, 28,
binaries: 9 125, 129, 133, 135-136,
33, 36, 59, 75, 173
bind-address: 128 138, 148, 184-185
APIs: 11, 72, 137
bin-logs: 128 cloud-access: 39
AppArmor: 169
blade: 76-77, 136, 138, CloudForms: 30, 34
application: 7-8, 15,
150, 152-153, 156-157 CloudFoundry: 31
21, 23, 34, 58-59,
BLFS: 5 cloud-init: 33, 141
63-64, 66-69, 73,
blobs: 143 cloud-native: 68, 98
75-76, 99, 109-110,
block-level: 20 CloudOps: 66
113, 138, 161, 169-170
blog: 178
apps: 76, 137
cluster: 12, 19-20, D distros: 5-6, 24-25,
61, 82-83 32, 37, 46, 55
daemon: 4, 148-149
collection: 61-62, 72, DM-Crypt: 144
dashboards: 33, 137
154, 156, 184 Docker: 10, 173
data: 2, 8, 13, 15-16,
collisions: 168 docs: 20-24, 34, 44-46,
20-21, 23, 33, 58-60,
compliance: 185 54, 62, 66-67, 112, 128,
62, 72, 74, 80, 89, 94,
compute: 9, 11, 15, 37-39, 138, 141-142, 144-147,
100, 106-107, 114, 117,
45, 54, 61, 89, 107, 121 172, 177-178, 184
120, 122-126, 130, 132,
conf: 141, 168 Domains: 21
136-137, 139, 143-144,
configure: 80, 92, 103, DRBD: 20, 22
148-149, 152, 154, 156,
106, 120-121, 128, dynamic: 59-60
159, 168, 171, 173, 176-177
130, 148-149, 154
database: 7-8, 19, 60,
connection: 16, 72,
84, 104, 122-123,
62-63, 95, 97, 99, E
117-118, 120-133,
125, 128-129, eastus: 50, 52
135, 143, 185
152-154, 162-165 egress: 37
datacenter: 11, 14-16,
consumers: 6, 16 encounter: 128,
21-22, 64, 73, 135, 162
container: 2, 6, 9-10, 168-169, 173, 180
dataset: 124, 130-131, 159
12-13, 32, 34 encryption: 143-145,
DDoS: 16
Controller: 139 169, 171, 173, 178
deadlines: 67-68
CoreOS: 30, 46 environment: 11, 15, 33,
deallocate: 14, 43, 69
cost: 3, 14-16, 24, 37-39, 45, 58, 63, 67-68,
Debian: 28, 31-32, 46
41-45, 67, 69, 71, 73-74, 71-72, 75, 79-80,
debug: 161-162, 179, 183
87, 89, 95, 136-138, 185 90, 94, 135, 162
dependencies: 68,
Couchbase: 60 ESXi: 59
72, 91, 94
CouchDB: 60 event: 22, 98, 141, 148, 154
deploy: 9, 11, 21-22, 35,
CounterName: 158 explore: 78, 142, 185
50, 58, 60, 62, 66,
CounterValue: 158 ExpressRoute: 65
72, 79, 99, 111, 117
CPU-based: 23 extension: 31, 33, 142,
deployments: 11, 17, 31,
credentials: 33, 48, 152, 154, 164, 172
33, 135, 139, 146
82-84, 125
Derby: 60
cron: 149, 155
cross-region: 99
Diagnose: 166, 179 F
directory: 33, 177
CUBRID: 60 factors: 69, 87, 89, 183
disable: 168, 170
curl: 47 failovers: 109
disk: 4, 20, 33, 65, 68,
custom: 33, 35, 39, failure: 19, 68, 162, 167
89, 99, 107, 144-145,
149, 164, 176 features: 2, 16, 18, 20,
168-169, 171-178
custom-made: 16 23-24, 27, 33, 55,
distribution: 4, 12,
customScript: 164 137-138, 142-143, 185
23, 28-31, 36, 59,
Cygnus: 30 Fedora: 5-6, 59
65, 140-141, 146,
filesystem: 4, 21, 140,
148, 177, 183
144, 171-173, 175-176
fiowrite: 177 high-level: 12 initrd-: 168
Firebird: 60 holistic: 184 InkTank: 30
firewall: 122-123, 163, 165 host: 5, 8-9, 11, 14-15, insights: 33, 176
Flatcar: 32 34, 59, 62, 75, install: 8-9, 11-14, 17,
floppy: 4 79-80, 82-84, 94, 19, 35, 46, 59, 71-72,
forensic: 15 97, 104, 116, 146 81, 91-94, 100, 102,
Foundation: 18, 184 HPFS: 21 117, 133, 140-141
FQDN: 84 HSQLDB: 60 instance: 8, 35, 43,
framework: 62, 99, 184 HTML: 59, 171 46, 52, 68, 117-118,
fsck: 172 HTTP: 112 120, 132, 136, 138
fstab: 171-172 Hybrid: 16, 24, 30, 36, integrate: 137
Functions: 137 38-41, 44-45, 61, 87, 118 Intel: 3
Hyper: 90 interface: 6, 39, 46,
G Hyper-V: 8, 59, 67, 71,
75, 79-80, 82-83, 94,
139, 165, 176
intervals: 176
gateways: 65 97, 99-102, 104-105, inventory: 58, 67-68,
gigabytes: 175 116, 132, 135, 168 70, 86, 100
github: 99, 109, 141, 170 hypervisors: 8-10, 33, 168 invoke: 137, 164
Glassfish: 7 iodepth: 177
GlusterFS: 20
governance: 66, 185
I ioengine: 177
IOPS: 21, 177-178
grep: 140 IaaS: 17, 60, 68, 99, 117 ip-route: 140
group: 3, 19, 71, 77, Identity: 48, 63
88, 105-106, 112,
115, 118, 146, 150,
image: 9, 19, 29, 32,
34-35, 39, 46, 48-50,
J
163-164, 174-175 52-55, 139-140, Java: 7, 30-31, 36, 58
grub: 167-168 142, 168-169, 173 JBoss: 7, 30-31, 34
GUIs: 6 implement: 13-15, 18, 61 Jetty: 7
import: 80, 83, 125 json: 49, 164, 169
H include: 5, 8, 10, 17, 35, 55,
Hadoop: 13
60-61, 72-73, 87, 136,
138, 145, 168, 172, 182
K
HANA: 21 incorporate: 62 kernel: 4-5, 28, 35,
hands-on: 54-55, 58-60, INCREMENT: 117, 123 139, 167-169, 185
67, 72, 75-76, 80, 95, incur: 117 Kubernetes: 12, 17, 31
97-99, 116-117, 133, information: 2, 22, 48, Kusto: 33, 72, 94, 148
148-149, 151, 159, 184 63, 66, 69, 73, 79-80,
hardware: 9, 14, 21-23,
63, 73, 117, 172, 176
85, 92, 139-140,
150, 172, 180, 184
L
Hashicorp: 34 ingest: 33, 72, 148, 154 labels: 171
HDInsight: 13 initial: 3, 17, 69, 112 labor: 74
high-end: 24 initramfs: 171 labs: 31, 97, 133, 184
LAMP: 58-60, 75, 91, M mechanism: 141,
95, 99, 109, 117, 149 147-148, 169
machine: 4, 12, 14, 33,
landing-zone: 66 memory: 8, 14, 144-145,
80, 92, 98-99, 114, 122,
latency: 22 158, 168, 173, 178
125, 139-142, 144-145,
legacy: 22, 65 Mesos: 10
148-150, 152-154,
level: 29, 61, 136, message: 20, 84, 104,
156-157, 159, 161, 168
144-145, 155-156 129, 158, 162, 173
machines: 2, 8, 28, 71-72,
leverage: 137 metadata: 76
74, 86, 89-90, 104, 114,
license: 14, 28, 37-39, method: 39, 72, 117,
136, 138, 141, 144-147,
45, 69, 73, 87, 185 146, 165, 168, 181
152-153, 156-157, 161
limitation: 20, 145 methods: 57, 117, 143, 162
macOS: 6, 20
Linux: 1-6, 8-9, 11-13, metrics: 33, 72, 138, 176
main: 3-4, 15,
17-20, 22-25, 27-37, 39, microservice: 12
61-62, 75, 89
42, 44, 46, 55, 57-63, Microsoft: 1-2, 8, 14,
maintenance: 22, 117, 148
65-66, 72, 75, 92, 95, 16-25, 28, 32-37, 39,
Makara: 30
97-99, 122, 133, 135-136, 42-47, 54-55, 60-62,
manage: 11-12, 14, 17,
139-142, 144-148, 155, 66-67, 72-73, 79, 93,
19, 60, 62, 67, 70, 75,
159, 161-165, 167-171, 98, 100, 112, 117, 120,
135-136, 139, 144, 147,
173, 175-178, 180-185 128, 132, 137-139,
152, 159, 175, 185
list: 5, 13, 28, 31-33, 36, 141-142, 144-147,
managed: 13, 20, 48,
49-50, 52-54, 63-64, 161, 164, 168, 172,
60, 62, 66, 99, 120,
70-71, 83, 94, 122, 177-178, 180, 182-185
139, 144, 148, 161
140, 142, 145, 147, 149, Migrate: 5, 18, 27, 39,
ManageIQ: 30
155, 158, 162-163, 57-58, 60, 62, 64-66,
management: 12, 14-15,
175-176, 179, 181 70-72, 75-77, 79-82,
17, 24, 31, 33, 62-63,
list-offers: 50 84-86, 89-90, 94-95,
65-68, 97-98, 117,
load: 8, 19, 23, 94 97-100, 105, 107,
136-137, 139, 143,
local: 33, 46, 122, 109-110, 112-114, 116-117,
147-148, 159
148-149, 164, 171 120, 126, 132-133,
Manager: 15, 20, 33,
location: 50-52, 135, 144, 169, 185
36, 65, 80, 139,
106, 118, 142 migrated: 24-25, 58,
141, 148, 168, 173
logging: 39, 47, 123, 66-68, 89, 98-99,
managing: 15, 33,
146, 148, 155 105, 115, 117, 122-123,
98, 147-148
logic: 7-8, 137 129-130, 133,
manual: 105, 147, 172
login: 33, 47, 81, 135-136, 138-139,
mapping: 43, 70, 129
122-123, 125 146, 148-149, 152, 157,
MariaDB: 8, 60
logs: 33, 72, 148-149, 159, 161, 167, 180
Marketplace: 18-19,
152, 156-158, 166, migrating: 1-2, 16-18, 24,
23, 32-33, 39, 46,
170-171, 176 58, 61-62, 67, 71, 73,
49, 55, 170, 183
lsblk: 175 97-99, 105, 109, 114,
master: 12, 93
LucidDB: 60 116-117, 120, 124, 126,
MaxDB: 60
133, 159, 168, 184
migration: 1-2, 16-18, 23, N 152, 157, 159, 162, 167,
27, 43, 45, 55, 57-60, 169, 172, 177, 184-185
Nadella: 1, 184
62-63, 65-71, 73, 75-76, open: 18, 28-29, 47, 60,
navigate: 76, 91, 100,
78, 80, 86, 89, 95, 80, 85, 89, 139, 141,
110, 112-113, 116, 122,
97-102, 105, 109-118, 152, 157, 180, 182
126, 150, 152-155, 157
120, 122, 125-127, OpenShift: 12, 17,
NetApp: 20-21
130-133, 135-136, 30-31, 34
netstat: 72
143, 149, 157, 159, opensource: 18, 185
network: 11, 16-17,
161-162, 169, 184-185 open-source: 1, 5,
19-23, 33, 36-37,
migrations: 18, 23, 27, 18, 27-28, 30, 55,
39, 63-65, 72, 80,
63, 66, 76, 97-98, 117 60, 184-185
105-106, 111, 119-120,
mkfs: 140 OpenSSH: 140
139-140, 162-164
mkinitrd: 168 OpenSSL: 140
networking: 4, 14, 65,
mode: 66, 118, 170-171 OpenStack: 11, 31
73, 95, 119, 125
model: 8, 23, 28, openSUSE: 31-32
NGINX: 9-10
36-39, 41-45, 120 operate: 15, 133, 159
no-boot: 171
models: 28, 36, operates: 16, 66
--nodata: 124
44-46, 55, 143 operating: 2-3, 5-6, 9,
--no-data: 124
Modernize: 75 11, 16-17, 24, 27, 30-32,
node: 20, 36, 61
modes: 118, 170-171 35, 46, 75, 133, 135, 141,
nodes: 12, 20, 23, 61
modify: 84, 174, 176 144, 147, 159, 161-162,
nofail: 172
module: 54, 142, 169 169-170, 174-176
non-uniform: 168
modules: 5, 35, 55, 168 operation: 23, 152, 170
NoSQL: 60
MongoDB: 8, 60, 173 operational: 15, 36, 138
NULL: 117, 123
Monitor: 11, 33, 67, 71-72, operations: 54, 66, 177
NYSE: 30
137, 148-149, 176 OpEx: 24
Monitoring: 72, 136, 157 optimal: 68
monolithic: 12, 140 O optimization: 35,
mount: 168, 177 45, 67, 136, 138
OCFS: 20
mounted: 20-21, Optimize: 16, 45, 68,
official: 4, 35, 132, 140,
62, 171, 177 70, 75, 135-136,
145-146, 179, 184
mounting: 20, 172 138-139, 159
offline: 49, 117-118, 126
MyLinuxVM: 169 optimized: 14, 62,
onboard: 93, 149-150, 152
MySQL: 8, 10, 19, 73, 135, 184
onboarded: 154, 156, 159
36, 59-60, 62, 97, optimizing: 16,
onboarding: 152, 154, 156
99, 117, 120-129, 136, 161, 178
on-premises: 2, 5-6, 8,
132-133, 135, 172 Oracle: 32, 46, 60
13-15, 17-18, 20-25, 33,
mysqld: 128 orchestrator: 30
57, 60-63, 67, 69-71,
mysqldump: 124 organization: 3, 5,
73-74, 79, 86, 100, 107,
mysql-rithin: 125 13-15, 24, 32, 36,
109, 116-118, 121-125,
46, 67, 73, 185
128-130, 135, 144, 146,
OrientDB: 60 performance: 19, 21, Premium: 20, 117-118
OsDisk: 174-175 35, 61, 65, 67, 73, preparations: 63, 95
os-release: 44 121, 136, 138, 144, prepare: 27, 67
other: 4-5, 7-8, 15-16, 19, 155-156, 158-159, prepay: 36, 38, 42, 44-45
28-29, 31, 34-36, 38, 169, 176-178, 183 Pre-project: 63, 95
44, 59-60, 62, 64, 67-71, Performing: 61, 71, 75, Prerequisite: 81
73, 75, 89-90, 94, 117, 97, 109, 135, 149, preview: 72, 118, 120, 185
132-133, 136, 139, 156, 157, 159, 161, 177 price: 29
169, 172, 175, 180, 184 Perl: 59 pricing: 3, 16, 36-37,
others: 6, 60, 62, permissions: 35, 61, 76 39, 42, 73, 87, 117-118,
79, 145, 184 phase: 33, 55, 63, 67, 121, 150-151
outlined: 80, 115, 150 71, 75, 78, 99-100, private: 11, 64, 162
output: 47, 50-53, 74, 136, 138-139, 159 process: 1, 14, 33, 41,
170, 174, 177-178 phpMySQLapp: 99, 109 47, 58, 60, 70, 73, 75,
--output: 142, 169 planning: 44-45, 50, 55, 79, 81, 84-85, 92, 95,
outsourced: 66 57-58, 62-67, 75, 97-99, 99, 102-105, 108-109,
Outsourcing: 15 126, 135, 161, 184 115-116, 118, 120-121,
overview: 55, 90, 122, platform: 2, 7, 11, 17, 21, 125-126, 135, 144, 147,
128, 144, 147, 167 30-31, 34, 59-60, 150, 153, 173, 176
67, 76, 79, 101, 105 ProcessName: 158
P platforms: 67, 90,
94, 117, 132-133
processors: 73
product: 31, 34, 39,
PaaS: 17, 30, 60, 68, plethora: 55, 60, 117 43-44, 66, 69
99, 116-117 port: 128, 158 production: 30, 34, 36,
package: 9, 35, 65, portability: 23 55, 63, 109, 170
140-141, 148, 171 portal: 43, 46, 71, 76, products: 18, 31, 34, 60
packages: 10, 33, 81-82, 84-85, 88, project: 3, 5, 24, 57-58,
59, 61, 140, 183 92-93, 104, 120, 136, 63-67, 70-71, 75-80,
pane: 41, 43, 118, 142-143, 150, 162-163, 85, 90, 95, 97-101,
122, 128-129 165-166, 179-180, 185 104-105, 112, 116, 120,
parameter: 49-51, portals: 71 122, 125-127, 133,
124, 168, 177 ported: 4, 10, 22 143, 158, 161, 184
Password: 48, 80, 128, 140 ports: 72 projects: 5, 18, 31, 63,
paths: 68 PostgreSQL: 8, 60, 62 65, 97-98, 162, 184
pattern: 66 PowerShell: 54, 79 prompt: 47, 103
PAYG: 24, 36-39, 41-45, practical: 57, 95, 97, Protected: 108, 143
137-138, 146 133, 145, 170 protection: 136,
perform: 13, 47, 54, 67, practices: 35, 62, 66, 184 139, 143, 159
70-73, 84, 86, 109-110, pre-designed: 66 protocol: 20, 61,
113-114, 117, 159 --preload: 168 64, 102, 148
provider: 14-16, 36, 64, rebooted: 22 repositories: 4-5,
66, 100-102, 135 rebuild: 69 145-146, 177
providers: 16, 39, 65, rebuilding: 69 repository: 145-146, 148
90, 99-100, 105, 133 recalculate: 89 request: 44, 180-181
proxy: 103 recommended: 49-50, requests: 8, 23,
PSCore: 54 62, 68, 73, 140, 152, 148, 162, 180
public: 2-3, 11, 16, 23-24, 155, 168, 170 requirements: 8, 24,
28-30, 37, 41, 65-66, recompile: 4 32, 46, 55, 61, 87,
112-113, 115, 129, 162-163 reconnect: 123 121, 144-145
--publisher: 164 Recovery: 99-103, 172, 185 re-run: 89
publishers: 46, 50, 142 recreating: 68 reservation: 151
publishing: 183 redeploy: 41 reservations: 20, 43-45
push: 72, 80, 85, 139, 148 redeployment: 39 Reserved: 42-43, 45, 138
Python: 36, 59, 140 redhat: 34, 39, 146, 171, 185 Reset: 128
Python-based: 140 redhat-rhui: 146 resolution: 35, 55, 180
redirect: 150 resource: 9, 14, 33, 61,
Q redirected: 80, 130
Redis: 60
77, 105-106, 112, 115,
118, 120, 136, 141,
QEMU: 8 Refactor: 68 146, 150, 168, 173
qemu-img: 169 refactoring: 55 resources: 9, 11, 14, 16,
query: 33, 49, 72, 148, region: 50, 72, 89, 101, 19, 37, 66, 73, 98,
156, 158-159, 174, 185 106, 142, 146, 150 101, 105-106, 111-113,
--query: 174-175 register: 76, 80-81, 115, 133, 136-139
Qumranet: 30 102-103 response: 49
Quoting: 3 registration: 41, 67, revalidation: 84
82, 102-104 review: 61, 69, 75, 80,
R Rehost: 68
released: 4, 31,
89, 94, 108, 120,
122, 130, 138, 151
ramdisk: 168 123, 141, 185 Reviewing: 89,
ramp: 47 Reliability: 138 102, 115, 139
Rancher: 12, 31 replicate: 104-105, RHEL: 5, 31-32, 34,
randwrite: 177 107-108, 110 37, 39-42, 44-45,
range: 36, 55, 162 replicated: 68, 99, 66, 146, 148
RavenDB: 60 106, 109-110, 114 RHEV: 8
rawdisk: 169 Replicating: 105, 108 RHUI: 146
RDMA-based: 23 replication: 68, 101, robocopy: 62
read-only: 166 105-106, 108-109, routing: 65, 139
Real-Time: 176 117, 133, 184 rsyslog: 158
real-world: 58, 121 repo: 99 runtime: 10, 139, 162,
rearchitect: 68-69 169-170, 176, 183
re-architect: 68 --runtime: 177
reboot: 171 Russinovich: 17
S 135, 138, 146, 149, 167, 100-102, 170, 172-173
169, 171, 175, 178, 181 solution: 8, 14, 20-21,
SaaS: 16-17, 69
servername: 124-125 23-24, 36, 66-69,
sbin: 172
servers: 2, 5, 7-9, 14-17, 71, 99, 117, 181
scalability: 16, 61, 69
20-21, 24, 29, 39, 44, solutions: 2, 7-8, 11,
scalable: 23
58, 60-61, 67-68, 17-18, 20-23, 25, 60,
scale: 12, 14-16, 173
70-73, 75-79, 85-86, 64, 68, 71, 116, 181
scaling: 14, 24, 61, 185
88-92, 94-95, 97-101, source: 5, 18, 28-29, 60,
schema: 124-125, 133
105, 108-110, 113-117, 67, 72, 86, 105, 119,
scope: 28, 31, 35-36,
130, 133, 135, 138, 124, 126, 128-130, 141,
55, 68, 98, 156
146-147, 162, 185 144, 149, 168-169
script: 33, 47, 117, 124, 140
server-side: 143, 178 sources: 117, 152, 176
scripted: 165
service: 9-10, 12, 16-17, Splunk: 13
scripts: 79, 93,
20-21, 29, 48, 58-60, SQLite: 60
158, 165, 173
62, 66, 68, 71-72, 76, sshd: 164
SCSI: 20, 171
90, 97, 99, 117-120, stack: 11, 59, 95
SCVMM: 139
126, 128, 133, 135, 139, stage: 4, 6, 40, 69-71,
search: 36, 49, 54, 58, 76,
143, 147, 163, 184-185 73, 75, 100, 103, 109,
118, 120, 150, 152, 158
services: 5, 7-9, 11, 130, 136, 139, 152
Secure: 14, 70, 75,
13-14, 16-19, 39, 58, stakeholders: 63, 65,
135-136, 139, 152, 159
60, 66, 68, 76, 100, 69, 75, 90, 139
secured: 139
109, 118, 122, 129, status: 108, 112, 130-131,
security: 14-16, 33, 35,
135-136, 138, 143, 161 140, 153-154, 170
65-67, 98, 122, 129,
sestatus: 170 storage: 8, 11, 15, 17, 19-21,
135-136, 138-139,
Setting: 20, 67, 76, 23, 30, 34, 37, 39,
144-145, 163-164,
80, 87, 90, 128 61-63, 73-74, 80, 89, 95,
169-171, 185
settings: 80, 105-107, 105-106, 121, 143-144,
self-hosted: 2
130, 143, 164, 169 169, 171, 173, 175-178
self-service: 14
--settings: 164 store: 59-61, 71, 76, 156
SELinux: 65-66,
setup: 4, 173 stored: 83, 148
169-171, 173
setups: 22 storvsc: 168
SELinux-: 183
sfdisk: 140 strategies: 16, 55, 75, 161
seqNum: 64
SFTP: 92 Subnet: 106
serial: 166-167, 171-172, 181
Shell: 4-5, 46, 122, 125 subscribe: 29
-series: 145
sign: 29, 33, 48, 82 subscription: 19, 23-24,
server: 5, 7-9, 11-12, 14,
SKUs: 52 29, 37, 39-42, 44, 65,
20-21, 23, 30-33, 39,
Slackware: 31 76-77, 90, 98, 106,
58-62, 66, 68-69,
SLES: 31-32, 37, 39, 118, 129, 136, 146,
71, 74-75, 78-80, 83,
43-44, 146 150, 182-183, 185
85-86, 89-92, 94, 97,
software: 1, 3-5, 7-10, subset: 6, 60, 145
99-103, 105, 108, 117,
14-16, 19-20, 22, 27-31, subtype: 181
120-126, 128-130, 132,
39, 42-45, 55, 66, 69,
sudo: 35, 47, 93, 140-141, 78, 88, 95, 98-101, 71, 145, 170, 183, 185
164, 168, 171, 177 110, 113, 122, 136, verification: 132
SUSE: 5, 18, 23-24, 29-31, 139-140, 159, 161, 165, verified: 84
34-35, 41-42, 44-46, 177, 179-180, 183-185 verify: 55, 58, 69, 84-85,
55, 146, 180, 185 toolset: 105 99, 132, 138, 156, 175
Synapse: 13 two-step: 102 Verifying: 85, 88, 108,
sync: 114 Two-tier: 8 113, 132, 153-154
syntax: 124-125 version: 3-5, 20, 30-31,
sysadmin: 20
sysadmins: 2, 17
U 44, 46, 53, 93, 120,
140-141, 172
syslog: 148-149, 155-156, Ubuntu: 5-6, 18, 24, --version: 141
158-159, 176 29-32, 34-35, 37-38, versions: 3-4, 28, 31, 35,
syslogs: 33 46-47, 50, 59, 75, 44, 46, 52-53, 98, 168
systemctl: 164 135, 140-141, 146, vhddisk: 169
148, 167, 183 VHDX: 168
T UbuntuServer: 52
Unix: 2-3
view: 17, 33, 54, 64-65, 67,
94, 98, 137-138, 142, 182
technical: 18, 23, 27, upgrade: 20, 167 viewing: 89, 110
29, 34-36, 55, 57, 60, usage: 33, 39, 41, 70, 185 virtual: 2, 8, 14, 28,
63, 65, 141, 182-183 username: 48, 124-125 80, 98-99, 105-106,
technologies: 1, 6, 13, users: 3, 5, 11, 17-18, 111, 119-120, 136,
36, 39, 60, 65, 184 30, 33, 59, 63-64, 138-142, 144-147,
technology: 1, 20, 76, 178, 185 149-150, 152-154,
30, 65, 67 utilities: 4-5, 140 156-157, 159, 161,
templates: 33, 41, 141 utility: 163, 166, 171 166-169, 172, 175-176
terms: 15-16, 22-23, 29, utilize: 33, 39, 42, 143 VirtualBox: 8, 168
73, 81, 89, 117, 138 util-linux: 172 virtualized: 67
test: 109-113, 115, uucp: 149 virtual-size: 169
173, 175, 177 UUID: 171-172 VM-based: 19
testing: 8, 38, 45, 177, 184 VMBoundPort: 158
tier: 117-118, 121, 150-151
tiers: 20-21, 117-118
V vmbus: 168
VMConnection: 158
tool: 34, 36, 71, 98, 105, validate: 81, 94 VM-hosting: 17
129, 136-138, 141, validation: 81, 84, 120 --vm-name: 164
147-148, 163, 166, varchar: 117, 123 VMProcess: 158
174, 177, 180-181 variables: 27, 170 VM-related: 179
tooling: 62, 70, 75, 98-99, variants: 24 vm-repair: 172
135, 162-163, 179 vCores: 44 vmSize: 174
toolkit: 30 vCPU: 37, 43, 121, 178 VMSSs: 49
tools: 3-4, 12-13, 17-18, vCPUs: 43, 79 VMWare: 8, 59, 71-72,
20, 30, 33, 55, 57-58, vendors: 12, 18, 29-30, 79, 90, 94, 168
62, 66-67, 70-72, 75, 34-36, 42, 46, 55, 67, vSphere: 72, 79
W
waagent: 139, 141
walinuxagent: 139-141, 152
Webserver: 75
wget: 92-94
window: 47-48, 77,
87, 102-103, 158
Windows: 2, 5-6, 8, 12, 20,
39, 46, 65, 72, 79-80,
92, 122, 147, 184-185
WordPress: 19, 36
workload: 5, 14,
43, 62, 71, 97
workloads: 1-2, 5, 8, 18,
23-24, 31, 33-35, 44,
55, 57-58, 61-62, 67-69,
73-74, 94-95, 98-99,
133, 135-139, 143, 146,
161, 169, 184-185
workspace: 33, 72,
90-94, 148-152, 154,
156, 158-159, 176
workstation: 6, 30, 46
workstations: 6,
13, 20, 185
X
Xbox: 16
Z
zdnet: 17