Microsoft cloud migration and modernization playbook 031819 (1) (2)

ARTIFICIAL INTELLIGENCE PAGE 1
aka.ms/practiceplaybooks
Cloud
Migration &
Modernization
Microsoft Practice
Development
Playbook

About this Playbook
This playbook is intended for the business and technical leadership for new and existing Microsoft
partners focused on migrating workloads to Microsoft Azure or modernizing legacy applications
to the cloud.
Objectives
The goal of this playbook is to help you accelerate or
optimize your Azure-focused practice by teaching you the
ins-and-outs of migrating workloads or modernizing
applications and hosting them in Microsoft Azure.
For the business side, this playbook provides an
understanding of the strategies you can take to build a
migration or modernization practice, including which
workloads to focus on, how to price your services, and
how to build your technical team.
For the technical side, this playbook provides detailed
guidance on how to plan and execute the migration of an
existing workload or application to Azure, including
advice on different approaches and the tools you may find
useful, and technical details on best practices with
infrastructure migrations. Application modernization,
optimization, and management are discussed, as are
Azure best practices and advice on how to build unique IP
to make your migration practice more successful.
How this playbook was made
This playbook is part of a series of guidance written by
Microsoft Partner Opsgility, in conjunction with the
Microsoft One Commercial Partner group and 12 other
successful Azure partners that have volunteered their time
to provide input and best practices to share with the rest
of the partner community.
To validate the guidance provided in these playbooks, we
worked with MDC Research to conduct a survey of 364
global partners who are currently selling Azure migration
services to customers, and offering or actively working
towards offering cloud services. In this survey, we
gathered insights on a range of topics, including how
partners hire, compensate and train resources; their
business model, revenue and profitability; what practices
and services they offer; and what skillsets they have in
place to support their offers. The results of this survey are
provided in line with the guidance found within this
playbook.
CONTRIBUTING PARTNERS
Attunix Hanu
BitTitan Sentia
CAPSiDE Inframon
Clear People Intercept
Cloud Direct Rackspace
Daisy Group TCS

ABOUT THIS PLAYBOOK PAGE 3
Using the playbook effectively
Quickly read through the playbook to familiarize yourself with the layout and content. Each
section includes an executive summary and key actions for that specific topic. Review these
summaries first to decide which areas to focus on. Go over the content several times, if
needed, then share with your team.
TO GET THE MOST VALUE OUT OF THIS PLAYBOOK:
 Get your team together and discuss which pieces of the strategy each person is responsible for.
 Share the playbook with your sales, marketing, support, technical, and managed services teams.
 Leverage the resources available from Microsoft to help maximize your profitability.
 Share feedback on how we can improve this and other playbooks by emailing
playbookfeedback@microsoft.com.

““Every company is a software company. You
have to start thinking and operating like a
digital company. It’s no longer just about
procuring one solution and deploying one.
It’s not about one simple software solution.
It’s really you yourself thinking of your own
future as a digital company.”
SATYA NADELLA
CEO
Microsoft

Table of Contents
About this Playbook ........................................................................2
Digital Transformation ......................................................................................5
The Cloud Migration Opportunity..............................................................10
Define Your Strategy ......................................................................11
The Big Picture of Migration.........................................................................13
Identify Your Target Customers...................................................................14
Define Your Service Offering.........................................................................16
Defining Your Pricing Strategy.................................................................... 20
Apply for Azure Incentive Programs......................................................... 22
Build Your Migration Practice...................................................................... 24
Landing a Migration Project......................................................................... 25
Executing Your First Migration Project .................................................... 28
Leverage Reusable IP ...................................................................................... 29
Managed Applications ....................................................................................31
Managing a Migration Program using a Migration Factory ........... 32
Guide: Optimize and Grow........................................................................... 33
Hire & Train.................................................................................... 34
Building a Migration Team........................................................................... 36
Job Descriptions for your Migration Team..............................................37
Reskilling for the Cloud..................................................................................44
How is the Cloud Different? ......................................................................... 45
Hiring and Onboarding.................................................................................. 46
Azure Certifications and Exams................................................................... 47
Migration Assessment...................................................................53
Discovery.............................................................................................................. 55
Planning ............................................................................................................... 59
Evaluation............................................................................................................ 65
Lift & Shift .......................................................................................67
Building Out the Network............................................................................. 69
Network Appliances .........................................................................................73
The Virtual Data Center.................................................................................. 74
Enabling Hybrid Identity.................................................................................75
Planning for Storage ........................................................................................76
File Shares.............................................................................................................77
Choosing Virtual Machines............................................................................78
Availability Options...........................................................................................79
Customized Virtual Machine Images........................................................ 80
Migrating to Virtual Machines .....................................................................81
Migrating Disks.................................................................................................. 82
Migrating VMware Workloads.................................................................... 84
Migration Tools................................................................................................. 85
Business Continuity...........................................................................................87
Migrating Existing VMs to CSP.................................................................... 88
Migrating Databases....................................................................................... 89
Modernizing Apps ......................................................................... 91
Modernizing Applications with Azure...................................................... 93
Cloud-Native Architecture and Design.................................................... 95
Cloud Design Considerations .......................................................................97
Cloud Design Patterns.................................................................................... 99
Azure DevTest Labs.........................................................................................100
Migrating Applications to Azure App Service......................................103
Microservices and Containers.....................................................................105
What is Docker?................................................................................................106
Modern Data Platform ..................................................................................107
Cognitive Services and AI.............................................................................109
Optimize & Manage......................................................................110
Cost Optimization ........................................................................................... 112
Azure Cost Management.............................................................................. 113
Automatic Shutdown of VMs......................................................................123
Optimized Architecture.................................................................................125
Azure Management Best Practices........................................................... 131
Azure Subscriptions........................................................................................132
Resource Organization..................................................................................135
Controlling access to Azure Resources ...................................................136
Security and Compliance..............................................................................137
Infrastructure as Code....................................................................................138
Azure Resource Manager Templates.......................................................139
Automated Scripts.......................................................................................... 140
Azure SDKs and REST APIs ...........................................................................141
Playbook Summary...................................................................... 142
March 2019

Digital Transformation
The path to unprecedented growth goes through the cloud, helping your customers connect
people, data, and processes in new ways to embrace the possibilities enabled by modern
technologies. To succeed in a digital-first world, business leaders are bringing business and IT
closer together and optimizing processes to create new value for customers.
The potential is huge. By 2019, IDC predicts $1.7 trillion USD in spending worldwide to create new business models,
operational efficiencies, and customer experiences. Digital transformation is now an executive mandate and partner
development capabilities will take advantage of customer demand for custom and packaged software.
Three trends are helping shape this profitability opportunity:
DIGITAL PLATFORMS AND ECOSYSTEMS
By 2020, 60% of all enterprises will have fully articulated an organization-wide digital platform
strategy and will be in the process of implementing that strategy as the new IT core for competing in
the digital economy.
CLOUD
By 2021, spending on cloud services and cloud-enabling hardware, software and services will more
than double to over $530 billion, leveraging the diversifying cloud environment that is 20% at the
edge, and over 90% multi-cloud.
HYPER-AGILE APPLICATIONS
By 2021, enterprise apps will shift toward hyper-agile architectures, with 80% of application
development on cloud platforms (PaaS) using microservices and cloud functions, and over 95% of
new microservices deployed in containers.
Partners play a key role in helping businesses make the platform and cultural shifts needed, and such transformations are
creating amazing partner multiples. In a recent IDC study, partners reported earning $9.64 in revenue for every $1 of
Microsoft revenue generated in 2017. This is expected to continue through 2022 and include a mix of software (45%), services
(50%), and hardware (5%), that are sold in relation to Microsoft solutions.

These changes affect all aspects of a modern business, both internal and external. Microsoft
models these changes in four pillars:
ENGAGING
CUSTOMERS
Give them new personalized
experiences that bolster
acquisition and strengthen
loyalty.
EMPOWERING
EMPLOYEES
Boost productivity with
flexible workstyles and
mobile solutions that enable
a data-driven culture.
OPTIMIZING
OPERATIONS
Drive efficiencies with a
cloud platform that
accelerates agility.
TRANSFORMING
PRODUCTS
Create new revenue
opportunities using
intelligent technology to
innovate new products and
processes.
Customer centricity
integrated across
the business
Intentional about
people priorities and
related strategies
Harnessing
technology for next
level of efficiency
Leveraging data to
enter new markets
Creating fans &
segment of one
Using more data to
drive insights and
decision making
Leveraging digital
platforms to reduce
delivery timeframes
Revising business
models to prioritize
agility and emerging
trends
Data driven
customer insights
Delivering self-
service & simplifying
processes
Testing new
products
and services at a
fraction of the cost
Making customers
your business
partners
Marketing leaders as
technology decision
makers
Enhancing HR
employee skills
Anticipating and
solving customer
issues before they
become issues
Connecting
products to amplify
and redefine their
value
FURTHER READING
➔ Microsoft Digital Transformation eBook Series
➔ Designed to Disrupt: Reimagine your apps and transform your industry
$
$

The Cloud Enables Digital Transformation
Cloud technologies are at the center of the digital transformation revolution. The cloud has
changed more than the way we implement and manage IT; it’s changing the very fabric of
business. With ready access to data, and intelligent new ways to view, analyze and use the
information, the cloud has engendered powerful new capabilities which are disrupting entire
business models.
There are many advantages to adopting the cloud. Businesses moving to the cloud do so for a range of motivations, seeking
a variety of benefits. These benefits fall into four categories: cost, agility, service quality, and new scenarios:
• Cost: Cloud computing offers significant potential
cost-savings over on-premises infrastructure,
especially considering the full cost of the latter. In
addition, cloud computing enables organizations to
move IT spending from capital expenditure (CapEx) to
operational expenditure (OpEx). Since the fixed costs
associated with shared infrastructure are avoided, the
cloud also provides much greater visibility into the
true cost of individual applications.
• Agility: Where traditional on-premises infrastructure
can take weeks or even months to deploy, Azure
offers near-instant provisioning of resources. This
enables Azure projects to move much more quickly,
without the need to over-provision resources in
advance or spend considerable time on infrastructure
planning. To take full advantage of this new flexibility,
organizations are accelerating the adoption of new
ways of working, such as by using agile software
development methodologies, continuous integration
and deployment (CI/CD), and modern PaaS-based
application architectures.
• Service quality: Azure’s infrastructure has been
designed to support some of the world’s most
demanding workloads. These workloads continuously
raise the bar on the quality of service Azure must
provide. As a result, migration to Azure often offers
significant improvements in performance, reliability,
and security over on-premises infrastructure.
• New scenarios: Azure enables new application
scenarios which are simply not possible, or would be
prohibitively expensive to deliver, using on-premises
infrastructure, such as big data storage and analytics,
machine learning, and compliance with industry
certifications such as ISO, PCI, HIPA and GDPR, where
customers can leverage the certifications offered by
cloud providers. These technologies are enabling new
application scenarios, driving innovation and
competitive advantages only available in the cloud.

These benefits are all central to a successful digital transformation strategy.
Reduced costs and the shift from CapEx to OpEx
dramatically lowers the cost of innovation, enabling a ‘fail-
fast’ experimental approach.
This is supported by the increase in agility that lowers
innovation cost and enables a faster time-to-market. The
scale, performance, reliability, and global reach of the
cloud enables small development teams to develop global
services for global audiences.
Most of all, new technologies including big data, IoT,
machine learning, and AI empower the insight and
customer focus upon which digital transformation
depends.
These technologies are often only available in the cloud or
are prohibitively expensive on-premises. Moreover,
competition between major cloud providers is driving a
tidal wave of innovation within the cloud itself. New
features and services are added on a weekly or even daily
basis, providing an ever-richer platform and enabling
business to continue to experiment, innovate, reduce cost
and deliver increasing value.
Embracing the cloud is not simply the easiest, or cheapest,
or fastest way to drive digital transformation—it is the
only way. For many businesses, the first step on this
journey is to migrate existing applications to the cloud.
CLOUD OPERATIONS DIGITAL TRANSFORMATION VALUE
IT becomes an enabler to the business Driving envisioning and agility
Security by design  Continuous regulatory compliance delivery expertise
Dynamic monitoring with anomaly detection  Proactive insight into end user experience
DevOps tools and processes, CI/CD skillsets  Scale up, scale down, and move to different geographies
Solution and application-based SLAs  Meet business outcomes and customer performance expectations
Decentralized operations and resources  Modernize operations
Software and cloud-based solutions  Automation and orchestration
Expertise consulting, designing, architecting,
automating, and optimizing for the cloud
 Increase agility and optimization

The Cloud Migration Opportunity
Many businesses will seek help on their cloud migration journey. Cloud migration represents
an enormous business opportunity for partners.
As businesses of all sizes embrace digital transformation,
traditional on-premises IT becomes increasingly seen as a
costly, restrictive, and distracting burden. This creates
pressure to reduce or even eliminate on-premises IT by
moving existing applications and services to the cloud.
The business-critical nature of many existing applications
means any change—especially one as fundamental and
far-reaching as cloud migration—represents a business
risk. Migration must be as seamless and safe as possible.
Cloud migration is a highly technical endeavor and
requires skills and experience that are lacking in
traditional IT departments. Recognizing this, many
businesses seek outside expertise to help them with their
cloud migration journey.
This trend has created a rapidly growing business
opportunity for specialist IT providers. The global market
for cloud migration services is forecast to grow from $2.4B
to $7.1B between 2016 and 2021.2 This opportunity does
not end with cloud migration. Once moved to the cloud,
applications must continue to be maintained and
updated. Once again, this requires specialist cloud skills
and expertise, and once again many businesses will
outsource this ongoing maintenance to specialist
managed service providers. Outsourcing this work also
enables a business to focus on their core activities rather
than IT.
This creates an additional two-fold business opportunity
for migration partners. First, to provide the ongoing
maintenance, support, and related services for migrated
applications. Second, and in the long run more
importantly, to become a trusted, strategic partner in the
customer’s digital transformation journey, by leveraging
the data generated by those applications to deliver
insight, innovation and enhanced customer value.

Microsoft
Partner
Network
Cloud Migration
and Modernization
Define Your
Strategy

DEFINE YOUR STRATEGY PAGE 12
Executive Summary
We start at the beginning, by looking at why customers are
interested in migrating applications to the cloud. There are
many benefits to the cloud, and not every customer has
the same motivations. We present the various ways in
which the cloud can deliver value for a business.
Understanding your value proposition is the foundation
for building a successful practice in application migration
and management.
With this understanding, we will then discuss the variety of
services which a Managed Service Provider (MSP) can offer
as part of a cloud migration and management practice. We
also discuss ways in which a MSP can specialize their
business to differentiate from the competition and provide
greater value.
We then discuss a variety of revenue streams and pricing
models for both application migration and on-going
managed services, showing how you can maximize your
returns by aligning your pricing to the value offered by
your services. We also present the various Microsoft
incentive programs which you may wish to take advantage
of as your build your business.
Finally, we’ll give you a head-start on how to identify and
close a deal for a migration project, including the common
objections you may face. Finally, we’ll close this section by
giving an outline of the implementation approach that will
be the focus of the remainder of this playbook.
Throughout this playbook, we provide links to a variety of
resources provided by both Microsoft and third parties to
help build your migration practice and execute successful
Cloud migrations. A good place to start is the new Azure
Migration Center, which contains lots of useful guidance.
For further business guidance on building a successful
Azure practice, see the Cloud Infrastructure Practice
Development Playbook.
Top 4 things to do
Define your business strategy.
Here are the top 4 things you
should absolutely do when
defining the strategy for your
migration practice.
 Understand the cloud migration value proposition
 Define your service offering
 Define your pricing strategy
 Apply for Azure incentive programs

The Big Picture of Migration
Before you focus on defining your strategy it is helpful to understand at a high level what the
migration process is. At a high level, it can be broken down into three key phases:
ASSESS
The assessment phase is where your team will use a mixture of software tools and consultancy best practices to discover what
applications can be migrated, what their current configurations are, the people within your customer that will be impacted by
the migration, as well as identify the dependencies of the application. The output of your assessment will include a
comprehensive plan for what to do with the application and the expectations on availability and functionality. This phase is
discussed in detail in the assessment section of the playbook.
MIGRATE
The migration phase is when the recommendations in your assessment plan are put into place. The following steps are
usually taken.
• Setup Azure subscriptions using best practices for security, connectivity, policies and general governance prior to
migration to ensure your customers are using Azure correctly from the start.
• Perform the migration using the prescribed method identified in the assessment plan: rehost, retire, replace, rearchitect
or retain.
• Evaluate and test to ensure the migrated application meets the criteria outlined in your assessment.
You can learn more about rehosting applications in the Lift and Shift section of the playbook, and to learn more about
rearchitecting applications for Azure see the Modernizing Apps section.
OPTIMIZE
In the optimization phase, you will use Azure security and management resources to govern, secure, and monitor your cloud
applications in Azure. This is also the time for you to look for opportunities to optimize spending. Common tasks at this stage
are:
• Review Azure cost management to track spending and identify areas for cost savings.
• Evaluate migrated applications for opportunities to right size over provisioned virtual machines and services.
• Implement automation to resize or stop based on a utilization schedule.
• Identify applications that could benefit from optimization with platform as a service (PaaS) services or containers.
You can learn more about the optimization phase in the Optimize and Manage section of the playbook and for a more
detailed view look to the Operations and Management playbook.

Identify Your Target Customers
Know your customer. Choose what type of organization your migration practice will target,
and which verticals you will focus on.
When defining the strategy for your cloud migration
practice, a key consideration is your target customer base.
Choosing the right target customers for your business will
create focus and accelerate growth.
Our survey of Microsoft partners with a cloud migration
practice studied two aspects of the partners’ customer
base: the size of customer, and their vertical market
segment. In this section, we share our findings to help you
understand the opportunity within each segment and
make the right choice for your practice.
INDUSTRY VERTICALS
Our survey considered which industry verticals had driven
the most migration or modernization projects. We found
that Professional Services was the top industry served with
Azure migration or modernization projects, followed by
Technology, Manufacturing, Retail and Financial Services.
ENTERPRISE VS SMB
Some migration practices focused on the enterprise
segment, where other focused on the small and mid-size
business (SMB) segment. Key findings of our survey were:
• SMB customers generate nearly three-quarters of
cloud migration or modernization business
• Migration practices that focus on SMB customers tend
to have shorter migration project durations, with
nearly half of all projects taking 3 months or less.
• Practices with an enterprise focus tend to see higher
follow-on revenue for additional services post-
migration.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, Professional Services was the top industry served
with Azure migration or modernization projects.

SURVEY DATA
Our survey of Microsoft partners with an Azure migration practice studied variations in business volume, project duration
and follow-on revenue based on a practice focus on either enterprise or SMB customers.

Define Your Service Offering
Customers have different priorities when migrating to the cloud, and migration partners
specialize in different types of migration. It’s important to understand these variations and
choose your area of focus.
Different organizations will have different objectives and
priorities for their cloud migration. For example, some
may be strongly motivated by the new scenarios which
the cloud enables, whereas others may be focused on
increasing agility.
These different customer motivations in turn offer
different potential business models for a migration
partner.
MIGRATION SERVICES
The most common service offered is ‘lift and shift’
migrations to Azure infrastructure services (IaaS) and in
certain cases directly to Azure platform as a service (PaaS).
This focuses on cost reduction by reducing or removing
the dependency on on-premises infrastructure. Within
this area, a range of complementary services can be
offered, such as migration assessments and networking
services.
In addition, some providers focus on application
modernization—transforming existing applications to
take advantage of Azure platform services (PaaS). While
these are more complex and typically longer migration
projects, they provide increased agility and manageability
in addition to cost savings.
Of the partners we interviewed, a minority specialized in
enabling new business scenarios, working with customers
at the business rather than infrastructure level to re-define
existing processes to take advantage of advanced cloud
technologies such as machine learning and big data.
These projects are the most complex, but also have the
potential to deliver the greatest value by generating new
revenue streams as well as reducing costs.
Offerings can vary in other ways. For example, ongoing
application support can be offered at different levels, from
24-hour response times, down to 1-hour or even 15-
minute response times as a premium service. Some
providers focus on Azure-based service, while others
provide a hybrid service spanning on-premises
infrastructure, traditional hosting, and Azure.
It’s not an either/or choice. For example, a common
combination is for a provider to specialize in ‘lift and shift’
migrations, and to provide application modernization
services as an additional service once those applications
are migrated. Another example is providers whose
operations teams specialize in extracting business insight
from application usage data once the application has
been migrated.
Within each of the major service areas—migration
assessment, migration execution, and (especially) ongoing
operations—there are a wealth of opportunities for
additional services offering additional value. For example,
some customers choose to run their own operations, but
will need guidance and training on how to transform and
optimize their processes and roles.
You will need to decide which services you provide
directly, which you provide through partners, and which
you elect not to offer. To choose your strategy, you will
need to understand your customers, the potential for each
approach in your target markets, and the capabilities
within your organization. Making the right choice is a
critical step in defining your cloud practice.
RESOURCES
For further information, including detailed information on
the many services offered by Managed Service Provider
partners, see the Azure Managed Service Provider
Playbook for CSP Partners.

SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, Cloud Infrastructure & Management services
accounted for nearly 50% of reported revenue.
Our survey also showed that the most commonly offered service was implementation and migration. Partners with an
enterprise focus were more likely to offer Architecture & Design (85%), Proofs of Concept (82%) and Application
Modernization (55%) project services than those with an SMB focus.

Public Cloud, Hybrid Cloud, or Multi-Cloud
Should you develop a multi-cloud practice, or will you be more successful by specializing in
Azure?
Microsoft offers a compelling vision for the cloud, coupled
with a unique range of offerings, including Office365,
Azure, Dynamics, SQL Server, Windows, and more. These
products and services span all aspects of a modern digital
business.
In some cases, however, customers may have a multi-
cloud strategy. This may be motivated by a policy of using
multiple vendors, or simply because different groups in
large organizations may have made different purchasing
decisions in the past.
Your probably already have established lines of business.
Some partners are dedicated specialists offering only the
Microsoft stack; others combine Microsoft technologies
with those from other vendors. In either case, when
defining your strategy as a cloud migration practice, you
will need to decide whether you combine your support of
Azure with support for other vendor’s clouds, or with on-
premises solutions such as VMware.
To make such a decision, you need data. Our survey of
Microsoft partners with an established cloud migration
practice looked at how many projects used other clouds in
addition to Azure (see panel). Use this information
together with your understanding of your local market
when defining your strategy.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, only a small proportion of projects combined Azure
with other vendors’ public clouds.

Hosting Azure Stack
Azure Stack combines the agility and flexibility of Azure with the geo-location, isolation, and
security of on-premises infrastructure. Hosting Azure Stack offers a unique business
opportunity for Managed Service Providers to differentiate their offerings.
Azure Stack is an extension of Azure, bringing the agility
and fast-paced innovation of cloud computing to on-
premises environments.
Why would customers choose Azure Stack instead of
Azure? There are two main reasons. The first is
disconnected environments, such as a cruise ship, where
connectivity to the public cloud is not available or
prohibitively slow or expensive. The second, and more
common reason, is regulatory or policy compliance,
where a workload cannot be placed in the public Azure
cloud. For example, some countries require banking data
to remain within national borders. Alternatively, a high-
security application might not be permitted to run in a
multi-tenant public cloud environment (despite the
security and tenant-isolation features Azure provides).
Of course, such applications could be delivered using
conventional infrastructure, however this approach comes
with all the disadvantages that infrastructure brings.
Azure Stack offers an alternative approach. By replicating
the core functionality of Azure in an on-premises
environment, Azure Stack offers the agility associated with
cloud development, with the isolation and security of an
on-premises deployment.
Agility is key. Azure Stack allows you to use the same set
of tools, APIs, DevOps processes, and other technologies
for both Cloud and on-premises development. And Azure
Stack is not just limited to infrastructure services—it
includes many fully-managed Azure platform services,
including serverless computing, distributed microservice
architectures, and containers. By offering a consistent
experience with Public Cloud Azure, you also benefit from
full application portability between Public Cloud Azure
and Azure Stack.
Azure Stack can be purchased in two ways:
• As a system you manage: Typically on-premises, you
purchase the hardware from a hardware vendor and
license the Azure Stack software from Microsoft. You
manage the system and contact Microsoft for
support.
• As a managed service: Typically at a service provider
premises, you purchase the service from the service
provider who purchases and manages the hardware
and software for you. You call the service provider for
support.
Azure Stack therefore creates an exciting new business
opportunity for managed service providers, by offering
Azure Stack as a fully-managed service.
Hosting Azure Stack is supported through the CSP
program:
• Direct CSP providers can purchase, host and
manage Azure Stack, offering Azure Stack services to
their customers.
• Indirect CSP providers and resellers can also
provide Azure Stack services and have the same
responsibilities for billing and support as they do in
Public Cloud Azure. Either party can take
responsibility for owning and administering the Azure
Stack hardware.
RESOURCES
➔ Azure Stack Overview
➔ How to Buy Azure Stack
➔ Service Provider Licensing Guide

Defining Your Pricing Strategy
How do you make money as a Managed Service Provider (MSP)? A variety of pricing models
are available. Choose the right model for your service offerings.
Migration practices can perform many functions for their
customers in the cloud. In each of the major areas—
migration assessment, migration execution, and
operations—there are a wealth of different services to
offer, as discussed earlier in this section. These services can
be priced in different ways and offer different potential
margins.
CLOUD CONSUMPTION RESALE
Microsoft offers two major schemes enabling partners to
receive a share of the revenue generated by Azure spend:
Cloud Solution Provider (CSP)
In this program, the partner resells the Azure subscription
to the customer. Microsoft charges the CSP partner for
subscription usage, and the partner passes on these
charges to the customer, making a margin in doing so. In
return, the partner takes on certain responsibilities from
Microsoft for managing the subscription, such as support
and billing.
There are two CSP models—direct and indirect. In the
direct model, the partner works directly with the customer
and with Microsoft, becoming the customer’s only point
of contact for their Azure services. In the indirect model,
two types of partner are involved—the indirect provider
(distributor) works with Microsoft, taking responsibility for
support and billing, and reaches customers through their
partner channel, the indirect reseller, who manages the
customer relationship. Further details are given in the next
section, on Azure incentive programs.
Digital Partner of Record (DPOR)
In this program, the customer obtains their Azure
subscription directly from Microsoft, for example via an
Enterprise Agreement. By assisting the customer with
Azure usage, the MSP is eligible to be registered by the
customer as the digital partner of record for the
subscription. The MSP then receives a percentage of the
Azure usage on the subscription as payment from
Microsoft.
PROFESSIONAL SERVICES
Charging for professional services can be an effective way
to generate revenue from cloud migrations, and typically
offer higher margins than cloud consumption. The MSP
can potentially charge for any of their services offered, the
most common being migration assessments and
migration execution. These can be charged at a daily rate
or on a fixed-price project basis.
In some cases, MSPs choose not to charge for migration
assessments, instead choosing to fund them internally as
‘pre-sales’ activities in the hope of greater future revenue
from migration execution or on-going managed services.
This choice is typically made on a case-by-case basis,
depending on the assessment costs and size of the
potential opportunity.
MANAGED SERVICES
Many migration partners focus on charging for the
ongoing management of migrated applications as
managed services. These typically offer the greatest
margins, especially once the number of services under
management is high enough for the economies of scale
relating to 24x7 support to apply and for custom-built
tools to show strong return on investment.

SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, typical margins for a cloud migration project were in the
25-30% range, with most individual projects generating under $50,000 in revenue, although some generate substantially
more. These figures did not vary significantly between migration and modernization projects, nor between customers with an
enterprise or SMB focus.
There are a number of managed service pricing models
available. For example, customers can be billed per
application, per VM, per user, or per connected device.
The right choice for your business will depend on the
application’s operating cost and usage model, as well as
customer preferences.
Pricing for on-going application support is often divided
into ‘tiers’, for example ‘Silver’, ‘Gold’ and ‘Platinum’. The
offerings within each tier vary according to the services
offered and the service-level agreements included. For
example, a ‘Silver’ tier might offer office hours support
with 24-hour response time and 30-day backups, whereas
the ‘Platinum’ tier might offer 24x7 support with 15-
minute response time, together with a business continuity
SLA of 15 mins RPO and 1-hour RTO.
FURTHER READING
For further information, including detailed information on
the many services offered by Managed Service Provider
partners, see the Azure Managed Service Provider
Playbook for CSP Partners.

Apply for Azure Incentive Programs
Microsoft offers several incentive programs for Azure usage. Take advantage of these
programs to boost your business.
Over recent years, Microsoft has transitioned from a
company focused primarily on software licensing, to a
provider of online services. This is a fundamental shift and
creates new opportunities for Microsoft’s partner
community.
This focus on services places the Microsoft partner front-
and-center in the relationship between Microsoft and its
customers. The partner role has expanded far beyond
reselling licenses, to helping the customer in their use of
Microsoft services throughout the customer lifecycle.
The revenue model has also changed. The shift from
software to services has moved revenue from one-time
license sales to monthly billing. For partners, this change is
reflected in new incentive programs to share these new
revenue streams.
In this section, we’ll review the incentives Microsoft
provides to partners who help drive business in Azure.
CLOUD SOLUTION PROVIDER
The primary incentive program for Managed Service
Providers is the Cloud Solution Provider (CSP) program.
This program supports not only Azure, but all Microsoft
cloud services including Office365, Enterprise Mobility +
Security, and Dynamics CRM Online.
The CSP program enables the partner to own the
customer lifecycle and relationship for their consumption
of Azure service. You set the price, bill customers directly,
and directly provision and manage subscriptions. The CSP
also acts as the first point of contact for customer support.
There are two CSP models: direct and indirect. It’s
important to understand the difference, and to choose
carefully where in this ecosystem you want your business
to sit.
Direct Partners
This model is designed for resellers or Managed Service
Providers who have the in-house capability to bill and
support their customers at scale.
In this model, partners work with both their customers
and with Microsoft directly. They take on the entire
customer relationship, including support, billing, and
invoicing. They become a customer's only point of contact
for their Azure services. This provides continuity in the
customer experience and helps build strong business
relationships.
Azure CSP direct partners are responsible for customer
support. Microsoft does not provide support for Azure
CSP customers and relies on Azure CSP partners to
manage their Azure workloads and resolve technical
problems.
Azure CSP direct partners are also responsible for
customer pricing, billing, and invoicing. Microsoft
provides partner-facing billing capabilities to Azure CSP
direct partners through the Partner Center portal and
APIs.

The Azure CSP direct program requires that partners
invest in the support and billing practices for the
Microsoft cloud products that they want to deliver to their
customers.
Indirect Providers and Resellers
The Azure CSP indirect model defines two types of
partners: Azure CSP indirect providers (distributors) and
Azure CSP indirect resellers. Azure CSP indirect providers
work with Microsoft directly, but reach customers
indirectly through their partner channel — Azure CSP
resellers.
Azure CSP indirect reseller is a good choice for partners
who don't want to manage as much infrastructure as an
Azure CSP direct partner, so they team up with an indirect
provider to handle their support, billing, and invoicing
needs. They still build strong relationships with the
customer and get many of the benefits of the Azure CSP
program, but they offload support and billing to Azure
CSP indirect providers.
To learn more about the Azure CSP program, start with
the Azure CSP Overview.
DIGITAL PARTNER OF RECORD
In some cases, customers may prefer to use their own
Azure subscriptions rather than an Azure subscription
provided by partners under the CSP program. For
example, the customer may be receiving discounted
Azure consumption via an Enterprise Agreement.
This does not prevent you from managing services hosted
within these subscriptions, not does it prevent you from
benefiting from the Azure consumption which you help to
enable.
The Digital Partner of Record program enables Microsoft
partners to benefit financially from the revenue they
enable for Microsoft. As with the CSP program, this
program is eligible across Office 365, Dynamics CRM
online, Enterprise Mobility + Security, and other online
services, in addition to Azure.
For further details, and to learn how to register, see Digital
Partner of Record.

Build Your Migration Practice
You’ve studied the market, identified your customer base, and defined your offering and
pricing. Now you’re ready to start your first migration projects, and to build your migration
practice.
In this section, we’ll look at how you can build your migration practice, from your first sale through to executing large-scale
migration programs.
First, we’ll look in detail at how you can generate your first leads and land your first deals. By building on the experiences
shared by partners with existing migration practices who participated in our survey and interviews, you can learn which
techniques are most effective, according to those who have already been successful.
Next, we’ll give a brief summary of what is required to execute your first migration project, which will be detailed in
subsequent chapters of this playbook.
As you build your business, you’ll land larger contracts and more migration projects. Large enterprise customers working on
entire data center migrations have thousands of servers to migrate. To help you scale your business, we’ll close this section by
discussing how to build a migration factory, with specialized teams focused on each stage of the migration process, for
greater productivity.

Landing a Migration Project
Finding a lead is the first step. Once your marketing and sales efforts have identified
promising leads it will be up to your technical team to help close the deal.
FINDING LEADS
In our interviews with existing Microsoft partners, we
identified two different approaches to finding leads. Some
partners were established IT providers with a significant
existing managed services customer base. These partners
prioritized working with their existing customers on their
cloud migration. We also interviewed partners who were
relatively new to the market. Naturally, these partners
tended to be chasing new business elsewhere.
Our survey of Microsoft partners with an Azure migration
practice also looked at how leads were generated. For
new customers, the most effective method was customer
referrals; for existing customers, most leads came from
account manager relationships (see panel).
UNDERSTAND YOUR CUSTOMER
Simply moving existing infrastructure to the cloud may
generate some savings, but it will not by itself deliver the
full benefits the cloud promises. Getting maximum
advantage from the agility and new scenarios available in
the cloud requires deeper changes, to roles, processes,
organizational structures, and even culture. Not all
customers are ready to embrace this level of change.
As with any sales process, it’s essential that you
understand your customer. Don’t assume that every
customer you talk to already understands the value of the
cloud. The value proposition is much broader than many
people realize.
SURVEY DATA
Our survey of Microsoft partners with an Azure migration practice found that customer referrals were the best way to
generate leads with new customers, and account manager relationships the best way to generate leads with existing
customers.

Many customers will have specific goals in mind. These
will typically map into the four pillars of cloud business
value we presented earlier (cost, agility, service quality,
and new scenarios). These benefits ‘pull’ the customer
towards the cloud. In some cases, external factors such as
expiring co-location contracts or end-of-life of an existing
software package may ‘push’ the customer towards the
need for change, in some cases with a hard deadline that
must be met.
Where the customer isn’t clear, start with the basics. Focus
on availability and cost savings, since these are
fundamental concerns shared by all businesses. The full
cost savings of the Cloud may not be realized by an initial
project, since staff responsible for infrastructure
maintenance may only be redeployed once more
workloads have been migrated. Gains may be limited to
improvements in uptime and agility.
Minimize the risk and impact of any change. More
ambitious projects can wait until the customer has built
greater confidence.
START SMALL
Many of the partners we spoke to advised us that one way
to convince customers who are not yet committed to the
cloud is to start with low-risk, high value workloads that
can easily be rolled back in the event of project failure.
Examples include:
• Adopting Azure DevTest Labs for
development/test environments.
• Migrating single instance virtual machines to
Azure.
• Replacing existing on-premises backup solutions
with Azure Backup.
• Implementing Azure Site Recovery for on-
premises to cloud failover in environments that
do not have an existing disaster recovery solution.
• Moving websites with minimal dependencies to
Azure Web Apps (e.g., marketing or informational
websites).
• Using the Azure Files service or Azure StorSimple
to replace retiring file share servers.
• Replacing end-of-life hardware on a standalone,
non-critical workload without complex
dependencies.
As you move forward, you can develop a long-term
strategy, with the cloud as the future of IT and mapping
out an incremental roadmap to get there. The customer
doesn’t want to be left behind—their competitors will
embrace the cloud, and benefit from the competitive
edge it gives them.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, increased availability and scalability were reported
as the most valuable benefit when convincing a customer to move to the cloud. Next most valuable were cost savings
and increased IT agility.

OVERCOMING CUSTOMER OBJECTIONS
As you talk to your customers, you should be prepared to
address their concerns and fears regarding cloud
adoption. Here are the most common concerns and
questions your customers are likely to ask. Be ready to
answer—use the content and references in this playbook
to prepare yourself and your team.
• What are the cost savings / total cost of ownership
(TCO) if I move to Azure?
• Which applications should I move – and what is the
recommended sequence?
• Will you build my entire environment on Azure or can
part of it remain on-premises/private cloud?
• Will you take care of architecture changes to meet
reliability, scalability, and availability requirements?
• What are the impacts to business continuity and to
my customer relationships?
• Will you ensure that my data and processes comply
with regulations?
• Can you show me how you plan to manage and
monitor my application in the cloud?
• What are my risks?
CLOSING THE DEAL
With the right solution, for the right price, and with
objections addressed, you’re ready to close the deal. The
panel below shows the most effective closing activities, as
reported in our survey.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, proof of concepts were reported to be the most
effective method of closing a migration deal.
60%
55%
44%
43%
40%
29%
24%
0% 10% 20% 30% 40% 50% 60% 70%
Proof of concepts
Technical assessments
Presentations
Price estimates
Architecture design sessions
Return on investment analysis
Case study reviews

Executing Your First Migration Project
There is not a one-size fits all approach to migrating to the cloud. However, there are some
general approaches that are tested and proven, on which you can build.
There is a wide variation between cloud migration
projects, depending on the size, complexity, and
technology of the application or group of applications
involved. However, all projects typically follow a common
migration framework, comprising the following three
phases. Leverage the details in this playbook to build your
competence and capability at delivering each stage
effectively and efficiently. Keep your first projects small
and learn as you build experience.
ASSESSMENTS
In this assessment phase, you should use a mix of
interviews and technology to identify the current
environment that you are starting with. Don’t limit the
assessment to just versions of software deployed but use
this as an opportunity to understand your customer’s
business in-depth. You will speak with project managers,
IT professionals, end users, and more to gain valuable
insight and potential opportunities.
One of the outputs of the assessment phase is a detailed
understanding of costs—existing application running
costs, a forecast of cloud running costs post-migration,
and the cost of migration itself. These costings, together
with the other benefits of migration, are essential for
making a go/no-go decision on the migration project.
Typically, customers will therefore procure the migration
assessment as a stand-alone work item, before deciding
whether to proceed with the application migration itself.
As a partner you may choose to absorb this work as part
of a pre-sales engagement or choose to charge as paid
consultancy work. The majority of partners interviewed for
this playbook deliver the assessment as a paid
engagement. However, the choice will depend on your
business model and the size of the opportunity.
MIGRATION & MODERNIZATION
This phase is where your technical experts start migrating
the first workloads into Azure, identified from the
assessment phase or modernizing the application to take
advantage of native cloud services. This involves laying
the foundation of setting up the network, ensuring
identity and security, and creating the resources in Azure.
Additional considerations such as user acceptance testing
and implementing a failback plan will be detailed in the
Cloud Migration and Modernization chapter.
OPTIMIZE & MANAGE
The optimize and manage phase is where your managed
services team takes over, and the focus is on monitoring,
preventative maintenance, and optimization. After the
workloads or applications are stabilized you will have a
substantial amount of data to review that can open up
opportunities for optimization.

Leverage Reusable IP
Reusable IP can drive efficiency and competitive advantage in every step of the migration
cycle.
As you perform more migrations, and manage more
Azure-based services, you will identify common problems
and tasks. These can occur at every stage of the migration
cycle, from assessment, through migration, and to
operations.
Buying or building your own repeatable processes or
technology to automate these tasks can give your practice
a distinct offering and competitive edge. Specialized
software or service offerings can be leveraged to
accelerate your own team and provide capabilities,
insights and even direct assistance services to migration
projects.
Examples of areas of investment include:
• A repeatable discovery, planning, and evaluation
methodology that streamlines the assessment process
• Tools to more accurately forecast prices based on
designs or usage data
• Software and services that organize, manage and scan
application workloads and generate planning and
cost models that can be implemented in an
automated manner to migrate.
• Software that can analyze workloads and their
components and recommend alternative topologies
and Azure Services that can be used to modernize
applications as part of their automated migration.
• An in-house library of Azure Resource Manager
templates or scripts to assist with building proofs-of-
concept or even production environments.
• A test framework that speeds up the testing phase of
the migration process, while also improving test
quality and reducing migration risks.
• An analytics system that enables you to more easily
identify cost savings and optimize running systems.
The possibilities are almost endless. Buying (or using as
SaaS) migration software, or building repeatable
processes and tools enables your team to work faster, with
fewer mistakes, and higher quality. It drives down your
costs, shortens your delivery schedules, and improves your
customer experience.
In some cases, a low-tech approach suffices. Your re-
usable migration assessment process could start with
something as simple as a Word template. Your pricing
tool could start as an Excel spreadsheet. In other cases,
your team will need to code custom tools for specific
assessment, migration or operational tasks.

SURVEY DATA
Our survey of Microsoft partners with an Azure migration practice found that PowerShell scripts and virtual machine
images were the most common types of reusable IP. Faster delivery and lower cost to the customer were the main
benefits that IP delivered.

Managed Applications
Offer cloud solutions that are easy for customers to deploy, and for you to manage.
As you develop your migration practice, you may develop
a reusable application or tool that is of potential value to
broad range of customers. These can be released as
monetized as Azure Managed Applications.
Managed Applications enable you to offer cloud solutions
that are easy for customers to deploy and create, and for
you to provide on-going management services. They do
not need expertise in cloud infrastructure to use your
solution and have limited access to the critical resources.
They do not need to worry about making a mistake when
managing it.
Managed Applications enable you to establish an ongoing
relationship with your consumers. You define terms and
fees for managing the application, and all charges are
handled through Azure billing.
A managed application is like a solution template in the
marketplace, with one key difference: in a managed
application, the resources are provisioned to a resource
group that's managed by the publisher of the app. The
resource group is present in the consumer's subscription,
but an identity in the publisher's tenant has access to the
resource group. As the publisher, you specify the cost for
ongoing support of the solution.
Managed Applications enable you to establish an ongoing
relationship with your consumers. You define terms for
managing the application, and all charges are handled
through Azure billing.
To make Managed Applications available to all customers,
they can be published to the Azure Marketplace. To make
Managed Applications available to only users within your
organization, they can instead be published to an internal
catalog.

Managing a Migration Program using a
Migration Factory
Large customers have hundreds of applications and servers to migrate. A programmatic
approach is needed to manage the complexity and scale.
Enterprise customers have large IT footprints, with
thousands of servers hosted on-premises or in dedicated
data centers. Those embracing the cloud are seeking to
dramatically reduce their server footprint, with a goal of
significant cost savings.
Projects to eliminate entire data centers are a significant
challenge even for an established migration practice. They
are also a huge commercial opportunity.
Migrating thousands of servers, with hundreds of
applications, requires a systematic, programmatic
approach. Each individual migration project needs to
follow a defined structure, with processes in place for roll-
up progress tracking and status reporting.
A common approach to manage large-scale migration
programs is to build a migration factory. A migration
factory works just like a manufacturing production line,
with dedicated, specialized teams focused on each stage
of the migration. Just as in a production line, this focus
and specialization enables a significant increase in
productivity, efficiency, and quality, resulting in faster,
cheaper, and more reliable migrations.
To be successful, each stage must follow a well-defined
process, using dedicated, optimized tools. This
consistency enables smooth handovers between teams as
each migration project progresses.
A consistent approach also enables program-level
reporting. Each individual project should report status and
progress using a common format. For example, projects
may maintain a scorecard for key migration criteria. Roll-
up scores can be used to dashboard an overview of
progress to senior management and identify problem
migrations quickly for additional attention.
MIGRATION DASHBOARD
A migration dashboard enables a roll-up view of migration status across a portfolio of migration projects. This is useful for
both internal tracking and customer reports.

Guide: Optimize and Grow
Leverage the Microsoft resources available in the Optimize and Grow guide, for details on
building customer lifetime value, executing nurture marketing efforts, optimizing and growing
from feedback, refining your customer value proposition, growing partnerships, and
measuring results.

OPERATIONALIZE PAGE 34
Microsoft
Partner
Network
Cloud Migration
and Modernization
Hire &
Train

HIRE & TRAIN PAGE 35
Executive Summary
In the previous section, we evaluated several strategies
that you can pursue to build or enhance your migration or
modernization practice. Now that you’ve identified some
avenues of success, you may be wondering how to build
and train your team.
A very real and pressing challenge is the skills gap in the
industry. To say it simply, there are not enough subject
matter experts that know Microsoft Azure and the
surrounding technologies to fulfill the amount of
opportunities available.
In your practice, you will need to decide whether to reskill
existing employees, hire new, contract out, or utilize a
combination of these options to fulfill the operational
needs of your practice.
In this section, we will help you define the members of
your team and the skills they should contribute. If you
need to hire to fill gaps, we will provide you with detailed
job descriptions you can use, ideas on where to look for
resources, and the factors you should look for in a
candidate’s skillset.
Second, we will help you put together a plan for reskilling
and maintaining your team’s skills. This will involve
understanding what skills are needed and practical ways
of training your team to close the skills gap and foster
team growth.
•
Top 5 things to do
Measure twice and cut once. Here are
the top 5 things you should absolutely do
when planning for hiring and training.
 Define roles in your technical team
 Write job descriptions
 Develop a readiness and onboarding
plan
 Identify applicable certifications
 Get trained

Building a Migration Team
The team needed for a migration may vary greatly depending on the size and scope of the effort. An important consideration
is that most migrations are performed in conjunction with technical and business stakeholders from the customer, so it is
important to ensure that they are brought in at the right times throughout the project and that communication is clear on
timelines, objectives and responsibilities.
The following examples of roles are based on interviews with partners and are made slightly generic to outline the types of
professionals you will need on your team as well as the people you may encounter in your customer’s organization.
PARTNER
Cloud Architect – the Cloud Architect is responsible for
the overall vision of what the solution will consist of once
it is in Azure, as well as building out the migration plan.
They are typically the go-to-resource for helping the
customer to understand the tradeoffs of the approach to
migrating or modernizing workloads as well as setting up
the target Azure environment with appropriate controls
for governance.
Cloud Infrastructure Engineers – the Cloud
Infrastructure Engineers are the experts that are doing the
actual work of a migration project. This may include
creating resources in Azure, uploading data, writing
scripts, and in general doing the actual migration.
Senior Software Developer – the Senior Software
Developer is responsible for designing and delivering a
modernized application that takes advantage of new
capabilities Azure provides.
Technical Specialist – the Technical Specialist is a
solution engineer that specializes in a certain area such as
databases, networking, storage, or security/identity
management. They may or may not be part of your
migration team depending on the workload.
Project Manager – the Project Manager is tasked with
ensuring that milestones are reached on time and
communication occurs between the members of the
partner team and the customer. In addition to strong
project management skills and experience, the PM should
also have solid technical background, so they can
understand the project in depth and make sound
technical judgement calls.
CUSTOMER
Application/Business owners – these are the teams
directly responsible for business processes that may vary
by the migration project.
Database administrators – these experts will play an
integral role in identifying dependencies, availability
requirements, and migration SLAs for moving data as part
of the migration.
Security and compliance specialists – work with the
security and compliance experts to understand existing
security processes and compliance criteria. Often these
professionals are some of the most important to create a
productive relationship with because companies rightly
view questions about security as a blocker.
IT Architects – your team will work with the IT architects
at your customer to understand existing services and
policies and what the future services and policies after the
migration should look like.
Application developers – the application developers are
an incredibly useful resource to work with when it comes
to deciding whether an application should be migrated
as-is, modernized, or split into a hybrid model.
End user representatives – end user feedback is
important to validate that the migrated system is
functioning and performing correctly and to validate any
user experience changes.

Job Descriptions for your Migration Team
The following tables provides detailed job descriptions you can utilize to hire the key technical resources. All technical skills,
non-technical skills, certifications, and technologies listed are potential items a candidate should have, but no candidate will
have all the items listed.
CLOUD ARCHITECT
A Cloud Architect (CA) drives high-priority customer initiatives in collaboration with customers and your sales team. The
CA is a technical, customer-facing role that is accountable for the end-to-end customer cloud deployment experience.
CAs own the Azure technical customer engagement, including: architectural design sessions, specific implementation
projects and/or proofs of concepts. The ideal candidate will have experience in customer-facing roles and success leading
deep technical architecture and application design discussions with senior customer executives to drive cloud
deployment. Bachelor’s degree in computer science or related field preferred.
Technical Skills • Solid understanding of modern authentication protocols and a background in cyber security.
• Deep understanding of cloud computing technologies, business drivers, and emerging
computing trends.
• Deep technical experience in enterprise mobile, identity and access control, & security solutions.
• Understanding of cloud governance technologies for cost management and control.
• Understanding of common database technologies such as SQL Database/Server, Oracle, MySQL
• Working knowledge with AGILE development, SCRUM and Application Lifecycle Management
(ALM) with one or more of the following programming languages: PowerShell, Bash, .NET, C++,
Java, JSON, PHP, Perl, Python, Ruby on Rails, HTML, CSS, JavaScript, Responsive Web Design.
Non-Technical
Skills
• Proven track record of building deep technical relationships with senior executives and growing
cloud consumption share in large or highly strategic accounts.
• Proven track record of driving decisions collaboratively, resolving conflicts & ensuring follow through.
• Presentation skills with a high degree of comfort with both large and small audiences.
• Prior work experience in a consulting/architecture position within a software & services company.
• Problem-solving mentality leveraging internal and/or external resources.
• Exceptional verbal and written communication.
Certifications • MCSE Cloud Platform and Infrastructure, CompTIA Security+, CISSP, MCSA Cloud Platform
Solutions Associate, MCSA Linux on Azure Solutions Associate, AWS Certified Solution Architect.
• Exam priorities: Architecting Azure Solutions 70-535 (retired), Microsoft Certified Azure Solutions
Architect (AZ-300 and AZ-301, or AZ-302); Implementing Infrastructure Solutions 70-533
(retired), Microsoft Certified Azure Administrator (AZ-100 and AZ-101 or AZ-102).

Project
Experience
Types/Qualities
• 5+ years of architecture, design, implementation, and/or support of highly distributed
applications (i.e. having an architectural sense for ensuring availability, reliability, etc.).
• 2+ years of experience in “migrating” on premise workloads to the cloud.
• 5+ years of success in consultative/complex technical sales and deployment projects (where
necessary, managing various stakeholder relationships to get consensus on solution/projects).
• Oversight experience on major transformation projects and successful transitions to
implementation support teams.
Technologies • Enterprise Mobility Suite, Intune, Azure Information Protection, Azure Active Directory, Octa,
Auth0, LDAP, OAuth, SAML, Cloud App Security, Firewalls, Office 365, Windows Server Active
Directory, Azure AD Connect, Active Directory Federation Services (ADFS), Mobile Iron, Airwatch,
iOS, Android, Windows, Azure Virtual Machines, Virtual Networks, ExpressRoute, Operations
Management Suite, Azure Site Recovery, Azure Backup, Azure App Services, Azure Storage, Azure
Import/Export, Azure SQL Database, Azure Web Jobs, Azure ExpressRoute, Azure SQL Database,
MySQL, Azure SQL DW, Azure DB for MySQL, Azure Cosmos DB, SQL Server, SQL Server on Azure
IaaS, SharePoint on Azure, AWS EC2, S3, AWS DirectConnect

CLOUD INFRASTRUCTURE ENGINEER
The Cloud Infrastructure Engineer delivers technical solutions and support to customers allowing them to maximize their
investment in cloud technology. The ideal candidate will have experience in customer facing roles and success
implementing cloud-based solutions, migrating workloads to the cloud, and experience with connecting and managing
hybrid cloud environments.
Building upon solid IT project experience relative to their level, consultants will work with customers in:
• The delivery of high quality engagements around Microsoft's solution areas, technologies and products in diverse
client environments.
• The design and development of integrated solutions using the latest Microsoft products and technologies.
• Understanding the relevant application development, infrastructure and operations implications of the
developed solution.
Technical Skills • Deep understanding of cloud computing technologies, business drivers, and emerging
computing trends.
• Deep technical experience in infrastructure design including private and public cloud,
networking, virtualization, identity, security and storage.
• Understanding of how to build resilient multi-site architectures.
• Experience with Windows, Linux and OSS technologies.
• Experience with configuration management and automation technologies such as PowerShell
DSC, Chef, ARM Templates, and Puppet.
• Experience with deploying and managing the infrastructure for databases such as SQL Server,
Oracle, Maria, Cassandra
• Working knowledge with AGILE development, SCRUM and Application Lifecycle Management
(ALM) with one or more of the following programming languages: PowerShell, Bash, .NET, C++,
Java, JSON, PHP, Perl, Python, Ruby on Rails.
Non-Technical
Skills
• Services project management.
• Building customer/partner relationships.
• Proven track record of driving decisions collaboratively, resolving conflicts and ensuring follow
through.
• Presentation skills with a high degree of comfort with both large and small audiences.
• Prior work experience in a consulting/architecture position within a software and/or services
company.
• Problem-solving mentality leveraging internal and/or external resources.
• Exceptional verbal and written communication.
Certifications • MCSE Cloud Platform and Infrastructure, MCSA Cloud Platform Solutions Associate, MCSA Linux
on Azure Solutions Associate, AWS Certified Solution Architect.
• Exam priorities: Implementing Infrastructure Solutions 70-533 (retired), Microsoft Certified Azure
Administrator (AZ-100 and AZ-101 or AZ-102); Architecting Azure Solutions 70-535 (retired),
Microsoft Certified Azure Solutions Architect (AZ-300 and AZ-301, or AZ-302).

Project
Experience
Types/Qualities
• 3-5+ years senior (Tier 3) level support with cloud infrastructure as part of responsibilities.
• 5+ years of architecture, design, implementation, and/or support of highly distributed
applications (i.e. having an architectural sense for ensuring availability, reliability, etc.)
• 5+ years of success in consultative/complex technical sales and deployment projects (where
necessary, managing various stakeholder relationships to get consensus on solution/projects.
• Oversight experience on major transformation projects and successful transitions to
Technologies • Azure Virtual Machines, Virtual Networks, ExpressRoute, Azure Active Directory, Operations
Management Suite, Azure Site Recovery, Azure Backup, Azure App Services, Azure Storage, Azure
Import/Export, Azure SQL Database, Azure Web Jobs, Azure ExpressRoute, MySQL, SQL Server,
SQL Server IaaS, SharePoint on Azure, AWS EC2, S3, DirectConnect, Hyper-V, VMWare, System
Center, Citrix, StorSimple, SAN, firewalls, web app proxies, PowerShell, Bash, JSON, ARM
Templates, BGP, Site-to-Site VPN, Chef, Puppet, Ansible, SaltStack, Windows Server, Linux, OSS
Technologies, Azure SQL Database, MySQL, Azure SQL DW, Azure DB for MySQL, Azure Cosmos
DB, SQL Server, SQL Server on Azure IaaS, SharePoint on Azure, AWS EC2, S3, AWS DirectConnect

SENIOR SOFTWARE DEVELOPER
A Senior Software Developer has a history of designing, owning and shipping software, as well as excellent
communication and collaboration skills. With a focus on cloud-based application development, the candidate must have
demonstrable experience architecting and deploying applications to cloud platforms, the ability to effectively integrate
disparate services as needed, and decide when to implement IaaS, SaaS, and PaaS components. As a mentor to junior
developers, the senior software developer should have a solid understanding of the software development cycle, from
architecture to testing. They should have a passion for quality and be a creative thinker. A senior developer will write
secure, reliable, scalable, and maintainable code, and then effectively debug it, test it and support it live. This person
should also be comfortable owning a feature and making decisions independently, and should have leadership
experience with agile methodologies, such as the Scrum approach to agile software development.
A Senior Software Developer can also effectively gather customer requirements and ask clarifying questions when
needed. This person must be able to translate these requirements to actionable tasks they will perform, or delegate to
members of the team. The ideal candidate will have experience in customer facing roles and success leading deep
technical architecture and design discussions with senior executives.
Eight plus years of experience with deep understanding of web technologies, API consumption/development, full lifecycle
application development, database development (relational and/or NoSQL), and enterprise/cloud architecture. Technical
BS degree in Computer Science desirable, and experience in:
• The delivery of high quality engagements around Microsoft's solution areas, technologies and products in diverse
client environments.
• Stabilizing developed solutions using Microsoft methodologies in complex customer environments.
• The design and development of integrated solutions using the latest Microsoft products and technologies.
• Understanding the relevant application development, infrastructure and operations implications of the
developed solution.
Bachelor’s degree in computer science or related field preferred.
Technical Skills • API development, Application architecture, application development, application lifecycle
management (ALM), caching, capacity planning, cloud archival, cloud disaster recovery, cloud
storage, cloud systems management, cloud systems operations, cloud transformation,
compliance (PCI, HIPPA, etc.), data architecting, data migration (cross platform / upgrade), data
modeling (physical and logical), data movement, data transformation, database and server
virtualization, database architecture, database design, database lifecycle management, database
management, dev ops, diagnostics, distributed application design, distributed application
development, distributed database design, event sourcing, HADR / replication, health checks,
identity and security, information architecture, information management, IoC, mission critical DB
design and architecture, modern applications, monitoring, package management (npm, NuGet,
etc.), performance tuning, polyglot resiliency, reporting services design and deployment,
responsive design, RESTful services, resiliency (clustering, etc.), scalability (up and out, high
performance), security architecture, security compliance, source code repository management
(git, TFS, svn, etc.), technical migration upgrades, technology architecture, testing / TDD,
unstructured data formats (e.g. JSON), structured data formats (e.g. XML), UI / UX.

Non-Technical
Skills
• Collaboration, stakeholder management, relationship management, technical oversight,
technical recommendations, problem solving, risk management, architecture design session,
program management, proof of concept design, technical demonstration, excellent
communication skills.
Certifications • MCSE Enterprise Devices and Apps, MCSE Business Intelligence, MCSA Cloud Platform Solutions
Associate, MCSA Linux on Azure Solutions Associate, MCSE Cloud Platform and Infrastructure,
Certified ScrumMaster, AWS Certified Solution Architect, AWS Certified Developer.
• Exam priorities: Developing Microsoft Azure Solutions 70-532 (retired), Microsoft Certified Azure
Developer (AZ-203); Architecting Azure Solutions 70-535 (retired), Microsoft Certified Azure
Solutions Architect (AZ-300 and AZ-301, or AZ-302).
Project
Experience
Types/Qualities
• API consumption and development, coordinate and execute pilots, prototypes or proof of
concepts, provide validation on specific scenarios, document and share technical best practices,
further customer investment, hybrid solutions on premises or in the cloud, industry-visible, CI /
Continuous Deployment, large project relative to size of customer, lift and shift, migrations and
upgrades (SQL, etc.), on-premises to cloud, production environment, projects where data is born
in the cloud, cross-platform SQL Server migration, server-side/desktop development, service
architecture, size of project team (complexity), significant challenges, source code repository
echnologies • AWS API Gateway, AWS EC2, AWS SWF, AWS, AWS RDS, AWS VM, AWS Redshift, AWS S3,
Angular, Aurelia, Azure Active Directory, Azure App Service Environment, Azure Data Catalog,
Azure Data Factory, Azure Data Lake, Azure Logic App, Azure Mobile App, Azure Storage, Azure
Cosmos DB, Azure SQL Data Warehouse, Azure Functions, Azure Import/Export, Azure SQL
Database, Azure SQL DW, Azure DB for MySQL, Azure Search, Azure Event Hubs, Azure Web App,
Azure Functions, Azure Cognitive Services, BizTalk, Business Objects, Cassandra, CDN, Cortana
Intelligence, CouchDB, Data warehouse, Database, DB2, Docker, Excel, IBM Bluemix, Google App
Engine, HTML, IBM, IBM Teradata, IoT Solutions, Java, Media Services, MongoDB, Microsoft
Dynamics CRM, Microsoft SharePoint, MySQL, MVC, MVVM, Mobile Development, Networking,
Node.js, NoSQL, Oracle, Oracle Exadata, Oracle SOA, PostgreSQL, Python, REST, Security, SQL
Server, SQL Server IaaS, SQL Server Integration Services, Storage, Sybase, T-SQL, UWP,
Virtualization, Web Services, WCF, WPF, XML
• Programming/Scripting Languages: .NET (C#, F#, VB.NET), Java, Python, JavaScript, Scala, Go,
Ruby, PHP, SQL, T-SQL, PowerShell.
Platforms: Linux (Red Hat, Ubuntu, Debian, etc.), Windows.

PROJECT MANAGER
The Project Manager is responsible for the overall success of the project. They are responsible for ensuring the initial
vision and goals of the project are clearly defined and aligned with all relevant stakeholders and executing the project to
meet those goals. This includes building project plans, tracking and managing risks, analyzing dependencies, and
communication within the team, with management, and with the customer.
Throughout the project, the Project Manager will need to make scoping and prioritization decisions as issues arise.
Making good decisions is only possible if the Project Manager can fully understand each issue. In addition, a good Project
Manager can anticipate issues before they arise and take pre-emptive corrective action. In addition to strong project
management skills, the Project Manager should also have a strong technical background.
Technical Skills • Solid technical background in IT infrastructure and application architectures.
• Solid understanding of cloud computing technologies, business drivers, and emerging
computing trends.
• Solid understanding of cloud migration approaches and supporting tools.
Non-Technical
Skills
• Strong project management skills including experience of a variety of project management
methodologies such as Agile, SCRUM, waterfall methodologies, etc.
• Demonstrated success in driving complex projects with multiple stakeholders and dependencies.
• Proven track record of building deep technical relationships with senior executives and growing
cloud consumption share in large or highly strategic accounts.
• Proven track record of driving decisions collaboratively, resolving conflicts & ensuring follow through.
• Strong written and spoken presentation skills with a high degree of comfort with senior
audiences. Able to represent the project to the customer.
Certifications • A relevant Project Management qualification such as PMP, Certified ScrumMaster or PRINCE 2.
• MCSA Cloud Platform Solutions Associate, MCSA Linux on Azure Solutions Associate, AWS
Certified Solution Architect.
• Exam priorities: Implementing Infrastructure Solutions 70-533 (retired), Microsoft Certified Azure
Administrator (AZ-100 and AZ-101 or AZ-102); Architecting Azure Solutions 70-535 (retired),
Microsoft Certified Azure Solutions Architect (AZ-300 and AZ-301, or AZ-302).
Project
Experience
Types/Qualities
• 5+ years technical project management experience leading complex projects on business-critical
IT systems.
• 3+ years in hands-on technical IT role (e.g. developer, operations engineer).
Technologies • Project Management and issue tracking tools (VSTS, MS Project, or similar).
• Infrastructure, Networking and Storage technologies (including MS SQL or other databases).
• Azure IaaS, Azure Backup, Azure Site Recovery.

Reskilling for the Cloud
With the prevalence of the cloud, new technologies and services have seemingly popped up
overnight leaving technical professionals behind in their knowledge and an ever-widening
gap in the number of experts available versus what is needed. It’s not just the technology that
has changed, technical roles have also been upended in this wave of technical innovation.
For instance, traditional IT and operations experts are now expected to understand how to solve problems traditionally
solved by developers, and developers are routinely expected to understand technologies that were previously under the
domain of IT.
Indeed, all the tasks associated with creating and operating IT systems are impacted by the move to the cloud (see panel).
OPPORTUNITY FOR PARTNERS
The cloud offers enterprises unprecedented opportunities for agility and cost reduction relative to traditional IT.
Transforming enterprise IT to take advantage of the cloud requires deep changes to existing IT processes. This is where the
partner can demonstrate immense value.
A key success factor for your practice will be how fast you can staff with the appropriate skillsets, and how well you can
maintain and grow their skills. A successful partner will create a plan for reskilling existing staff and build an ongoing
readiness plan to keep the skills gap closed.
Plan, provision, and manage compute
and storage capacity
Application architecture and
development
Networking
Deployment and monitoring
High availability, disaster recovery, and
backup
Performance and scalability
Security and compliance
Budgeting and cost control
Done differently in the cloud

How is the Cloud Different?
PLAN, PROVISION AND MANAGE COMPUTE AND
STORAGE CAPACITY
With the cloud, capacity planning is still incredibly
important, but the opportunity to optimize compute and
storage capacity is like nothing before seen. Professionals
can now truly only pay for what they use and to scale
workloads dynamically based on demand. This ability
requires new skills, such as coding and template authoring
that may not have typically been part of an IT
professional’s previous skill set.
APPLICATION ARCHITECTURE AND
DEVELOPMENT
Application architects now have a broad assortment of
managed services and container-based architectures to
choose from that make it easier to build, deploy and scale
at a much higher velocity because the underlying
infrastructure is taken care of by the platform. Beyond
ease of use, there are now tremendous new opportunities
for building applications that could not easily be created
before but now can because of the availability of bleeding
edge technologies such as machine learning and artificial
intelligence.
NETWORKING
In Azure, you can create resources in any region that
Azure supports. This means your network engineers have
the opportunity to think about connectivity on a global
scale between Azure data centers and you or your
customer’s on-premises data center. Your experts will use
built-in services such as Azure App Gateway to protect
workloads and route traffic or 3rd party network virtual
appliances from the Azure marketplace. Opportunities
abound, which makes it easy to choose the right solution
for the task at hand vs. what has been used in the past for
the sake of familiarity.
DEPLOYMENT AND MONITORING
Infrastructure as well as all resources in Azure can be
defined and controlled from templates written in
JavaScript object notation (JSON). Resources can be
scripted to automatically deploy and even self-configure
using configuration management services such as
PowerShell Desired State Configuration (DSC), and other
services like Chef or Puppet. Services and applications can
be monitored in near real time, with services that can look
for and predict problems such as maintenance updates
and security problems such as missing patches or even
attacks.
HIGH AVAILABILITY, DISASTER RECOVERY, AND
BACKUP
The cloud brings new opportunities to organizations to
optimize offsite backup by storing data in the cloud versus
mechanical tape drives or extra disks. The capabilities for
multi-site disaster recovery are significantly increased at a
fraction of the cost compared to traditional data centers.
With Azure you can failover on-demand between your
data center and the cloud or between two different
regions in the cloud with just a small cost per node
compared to paying for an entire second data center.
PERFORMANCE AND SCALABILITY
Azure services offer unprecedented scale compared to an
on-premises solution. With access to 50 regions
worldwide and services that can automatically scale, or
with specialized virtual machine sizes available with high
end GPUs and RDMA.
SECURITY AND COMPLIANCE
Security and compliance is a shared responsibility
between you, your customer and Microsoft. Microsoft is
responsible for protecting the infrastructure they control,
including the physical data center. You are responsible for
protecting your applications, servers, and ensuring that
solution you build using Azure services meets your
compliance and security criteria.
BUDGETING AND COST CONTROL
Capital expenses versus operational expenses. Azure
provides the ability to consume and pay for services as
needed instead of the traditional approach of overestimating
(and overspending). For organizations with multiple cost
centers that must implement a chargeback policy Azure
provides services such as cost management, policies, and
tags to control which services your staff can use as well as
track spending down to whatever granularity your business
rules require.

Hiring and Onboarding
As part of embracing a cloud-based world, you should understand some of the steps needed
to manage acquiring, and growing the technical experts needed for your practice.
Mapping Existing Staff - the cloud requires new skills, but this doesn’t mean that your existing staff is not
up the challenge! A successful reskilling exercise will require identifying the needed skills and roles your
practice will need going forward and then mapping your existing team to those roles. Once identified, an
onboarding plan will be identified to help guide your new experts on their chosen path.
Interviewing/Hiring New - in many cases, the cloud offers capabilities that no one on your team has an
appropriate background for. In those cases, you may need to hire new talent. You should start off with a
defined role and the needed soft and technical skills for the role and then move forward with a recruitment
plan to find the best fit for your organization. We’ll discuss some options for finding new talent later in this
section.
Onboarding - Every existing team member or new hire will need an onboarding plan to be successful. This
means a list of external and internal training to take, to learn not only the technology they will use on a day-
to-day basis but also the systems and IP that your organization has created to deliver solutions consistently
for your customers. A good onboarding plan will also involve a method for ongoing training such as access
to on-demand training and lab environments, as well as access to a technical community.
Building a Technical Community - Technical communities can be an incredibly beneficial way of
increasing the technical expertise within your organization. Putting subject matter experts on tools such as
Yammer, Microsoft Teams, Slack (and many others) has the benefits of spreading their expertise across the
organization as well as providing easy access to often asked questions and scenarios your teams may face.
Rewarding Assistance - Giving your team the ability to communicate with each other and help others in
the organization is a big step in building a learning and helping culture. The leaders of your practice should
be encouraged to publicly praise or reward team members when they go out of their way to help each
other.
Retaining your staff - Hiring and onboarding is only the first step among many to build a rock solid
technical and business delivery team. Ensure frequent communication about the company’s goals, and
about expectations of your team are essential. Working with your human resources team to establish an
employee retention plan is key, there are many low cost and low impact techniques to ensure a happy
workforce.

Azure Certifications and Exams
Microsoft certifications are a globally-recognized gold standard. Use certification in Azure to
demonstrate your skills and boost your career.
Microsoft offers a range of Azure certifications and exams with different levels and specializations. These can help you build
skills in your team as well as to identify suitable candidates when hiring.
Azure Certifications
Microsoft offers a range of certifications aimed at different career paths. For Azure, the main certifications are as follows:
• Microsoft Certified Solutions Associate (MCSA) certification is available in several specialties. These are Cloud
Platform, Data Engineering with Azure, Linux on Azure, and Machine Learning. In each case, the certification
demonstrates competency in the relevant subject.
• Microsoft Certified Solutions Developer (MCSD): App Builder validates that you have the skills needed to build
modern mobile and/or web applications and service.
• Microsoft Certified Solutions Expert (MCSE) certification is the highest level of certification offered and validates that
you have a high level of expertise in a range of cloud technologies.
To achieve certification, you will need to pass one or more Microsoft certification exams. The exams needed vary depending
on the certification sought, and a range of options is typically available for each certification. To explore further, and to
review which exams are required for each certification, see the Microsoft Certification Overview.
RESOURCES
Certifications
➔ Microsoft Certification Overview
➔ MCSA: Cloud Platform
➔ MCSA: Data Engineering with Azure
➔ MCSA: Linux on Azure
➔ MCSA: Machine Learning
➔ MCSE: Cloud Platform and Infrastructure

Azure Exams
Advocating that your technical staff pass Azure exams provides several benefits to your practice. First, they are a valuable
metric for you to understand a baseline on your delivery capabilities. Second, they are a requirement for your Microsoft
Cloud Competencies, and third they provide an opportunity for your team to validate their knowledge and gain
confidence as they deliver migration or modernization work.
A summary of the Azure certification exams is given below:
• AZ-100 Microsoft Azure Infrastructure and Deployment
• AZ-101 Microsoft Azure Integration and Security
• AZ-102 Microsoft Azure Administrator Certification Transition
• AZ-300 Microsoft Azure Architect Technologies
• AZ-301 Microsoft Azure Architect Design
• AZ-302 Microsoft Azure Solutions Architect Certification Transition
• 70-473 Designing and Implementing Cloud Data Platform Solutions
• 70-475 Designing and Implementing Big Data Analytics Solutions
• 70-487 Developing Microsoft Azure and Web Services
• 70-537 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack
• 70-774 Perform Cloud Data Science with Azure Machine Learning
• 70-775 Perform Data Engineering on Microsoft HDInsight
• 70-776 Engineering Data with Microsoft Cloud Service
In addition, the following exams have been announced and will be available shortly:
• 70-538 Implementing Microsoft Azure DevOps Solutions
• 70-539 Managing Linux Workloads on Azure
For further details on any of the Azure exams, including target audience, detailed descriptions of the skills required, and links
to training resources, see Azure Exams.
RESOURCES
➔ Azure Exams
➔ Microsoft Official Practice Tests

Which Exams Should Your Team Take?
With so many exams available, what should you focus on first?
FOR A MIGRATION PRACTICE?
Over half of the respondents of the migration partner survey indicated that exam 70-533: Implementing Azure Infrastructure
Solutions is the most important for their practice, followed by exam 70-535: Architecting Azure Solutions, at 37%.
The same survey data also showed that the exam “Designing and Implementing Cloud Data Platform Solutions” is the most
important for data focused migration projects. This exam is heavily focused on SQL Server in Azure Virtual Machines and
Azure SQL Database and Data Warehouse.
FOR A MODERNIZATION PRACTICE?
For practices that also offer services for modernizing applications and workloads, exam 70-532: Developing Azure
Solutions is important, as well as any related data certification relevant to your modernization project.

Training & Readiness
Preparing and Training Technical Staff for the Cloud
Follow a learning curriculum to build the skills you need most to stay relevant.
Suggested resources to help onboard your team for training success are available in this section. This includes a range of on-
line learning resources for self-paced learning, as well as options for instructor-led training for rapid technology adoption.
Use the following resources as part of your Azure onboarding for new and existing staff:
• Azure Training and Certification provides free
online training options including online courses,
learning paths, hands-on labs as well as resources
to help you find learning partners who can help
you achieve your skills development goals using
Microsoft Azure services.
• Microsoft Azure Hands-on Labs provides free,
self-paced labs to help you stay current with
Azure. The live environments are fully self-
contained. You do not need your own Azure
subscription to complete the labs, just login with
a remote desktop (RDP) client and get started.
• Microsoft Virtual Academy offers training from
the people who helped to build Microsoft Azure.
From the basic overview to deep technical
training, IT staff will learn how to leverage
Microsoft Azure for their business.
• Microsoft IT Pro Cloud Essentials is a free annual
subscription that includes cloud services,
education, and support benefits. IT Pro Cloud
Essentials provides IT implementers with hands-
on experience, targeted educational
opportunities, and access to experts in areas that
matter most to increase knowledge and create a
path to career advancement.
• The Microsoft IT Pro Career Center is a free online
resource to help map your cloud career path.
Learn what industry experts suggest for your
cloud role and the skills to get you there.
• Microsoft Learning offers a wide variety of official
curriculum on-demand, as well as edX courses
that are taught by Microsoft experts, and help
you learn through hands-on experiences with a
broad reach of Azure technologies.
• The Microsoft Partner Network (MPN) Learning
Portal provides a centralized interface with
training opportunities and certification options
organized by products, competencies,
certifications, and job role.

General Technical Training
Whether you need to fill a skills gap or are looking to improve your team’s skill surface area,
technical training is critical to your success.
In our research, we found conferences and paid online
training are the most common learning mechanisms.
Source: Microsoft Cloud Practice Development
Study, MDC Research, November 2016
CLOUD AND ENTERPRISE PARTNER RESOURCES
The Cloud and Enterprise Partner Resources Portal
provides a source of sales and technical training for
partner practices and key areas of specialization.
Resources include customer success stories, sales and
technical training, tools, engines, and resources available
to help build your skills around selling, deploying, and
architecting cloud infrastructure and management, cloud
application development, data platform and analytics,
and security and compliance solutions.
MPN LEARNING PORTAL
The Microsoft Partner Network (MPN) Learning Portal
provides a centralized interface with training
opportunities and certification options organized by
products, competencies, certifications, and job role.
CLOUD + ENTERPRISE UNIVERSITY ONLINE
Leverage the Cloud + Enterprise University Online to build
knowledge, stay sharp, and prove your expertise on selling
and supporting Microsoft cloud solutions through our live
and on demand webcasts and virtual, instructor-led
courses—giving you the flexibility to train at your own
pace.
MICROSOFT INSPIRE CONFERENCE RECORDINGS
Even if you missed the annual live event, the Microsoft
Inspire Conference provides many of its sessions as on-
demand recordings — no conference pass required.
PARTNER COMMUNITY EVENTS, CALLS &
WEBINARS
The Microsoft Partner Enablement Blog maintains a
schedule of trainings available to partners. Visit often and
plan your training calendar.
SMART PARTNER MARKETING
Leverage the Microsoft Smart Partner Marketing site as
your starting point for training marketing resources.

Additional Resources
Microsoft Learning Partners are available worldwide to help enable your team for Microsoft Azure via live instructor-led
training. This can be scheduled as a dedicated delivery at your location or virtually using remote learning technologies. Many
courses are scheduled as open-enrollment courses, which doesn’t require you to schedule a dedicated class.
• Pluralsight is a key Microsoft partner that offers Azure training. Gain the know-how and confidence your job
demands through these free online courses, delivered in partnership with Pluralsight.
• Opsgility is a key Microsoft partner that offers both a comprehensive range ofinstructor-ledclasses which can be customized to
your exact needs, as well asself-paced learning through SkillMeUp.com using both videosand interactive hands-on labs.
Opsgility also offers theAzureMigrationAccelerator trainingprogram to master skills for migrating workloads to Azure.
• O’Reilly Safari provides subscription access to more than 40,000 books, videos, and interactive tutorials from over
200 of the world’s best publishers, including O’Reilly, Pearson, Harvard Business Review, and Packt. It also offers live
online training courses led by instructors from O’Reilly’s network of tech innovators and expert practitioners.

MIGRATION ASSESSMENT PAGE 53
Microsoft
Partner
Network
Cloud Migration
and Modernization
Migration
Assessment

Executive Summary
Help your customers identify their infrastructure and opportunities for migrating applications
with Azure
Before migrating a workload to Azure, you first need to
understand the current infrastructure and define what the
migrated workload will look like. Only then can you fully
understand the migration process and costs.
Therefore, the first step to migrating or modernizing a
workload with Azure is to build a Migration Assessment
Plan.
Creating this plan typically has three main phases:
1. A discovery phase, in which the current applications
and infrastructure are documented, as well as the
business context and overall goals for the migration.
2. A planning phase, in which a detailed cloud design
and migration plan are constructed.
3. An evaluation phase, which builds the business case
for the migration for review and sign-off by the final
decision makers.
This section of the playbook discusses each of the above
stages in detail.
Creating the Migration Assessment plan should be an
iterative process. Identify applications for migration,
create the assessment plan, and migrate. This allows
improvement in future assessments as well as increased
velocity as you identify areas that can be improved in your
process.
The migration assessment should answer the following
questions for your customer:
• What applications and infrastructure am I currently
running?
• Of these applications, which should be migrated,
modernized, retired, replaced, or maintained on-
premises?
• What are the risks associated with a migration, and
how long will it take?
• What will be the return on my investment for
migration, based on my current running costs, my
post-migration running costs, and the cost of
migration itself?
• What additional benefits will cloud migration bring to
my business?
Top 4 things to do
A migration assessment is the foundation
for successful migration project. Here are
the top 4 things for successful migration
assessments.
 Develop a comprehensive migration
assessment methodology
 Choose your migration assessment tools
 Learn how to accurately calculate return
on investment
 Build migration roadmaps, prioritizing
the simplest migrations

Discovery
The goal of the discovery phase is to fully understand the existing infrastructure and
applications, and the business context and goals surrounding those applications and their
move to the cloud. This informs the planning and evaluations phases which follow.
It is important to understand how each application
contributes to the business. What does it do? Who uses it?
What is the impact of an outage? How important is
business continuity and business assurance to the
workloads being migrated? Placing the existing
applications in their business context is essential to
making informed decisions regarding prioritization,
design, and indeed every aspect of the migration project.
Equally important is an understanding of the end users
and how they use the application. In some cases, cloud
migration will be a seamless change, of which users will be
unaware. In other cases, users may experience significant
changes, and may need to access applications differently,
or perform specific tasks in new ways. To help users
embrace rather than resist this change, it’s important to
understand the user experience, and to keep end users
informed and engaged throughout the migration process.
Existing pain points (such as reliability, performance, or
issues with functionality) should be identified. Migration
to cloud is often an opportunity to reduce or remove such
problems. These kinds of positive changes make it easier
to get buy-in from both decision-makers and end-users.
Non-functional requirements, such as reliability,
performance, and forecasted scale must be understood so
they can be factored into the design. The cloud offers far
greater flexibility than on-premises infrastructure and is
therefore able to adapt quickly to changes in demand.
Even so, some requirements—such as very high
availability delivered through redundancy across more
than one Azure region—have design and cost
implications that need to be captured up-front.
Likewise, security and compliance requirements must be
captured. Azure supports an extremely wide range of
compliance certifications spanning many international,
national and industry-specific standards. Delivering an
application that is compliant with a specific set of
standards requires that the design be reviewed against
the Azure guidance for those standards.
Of course, the discovery phase must also capture the
details of the existing application implementation. The
hardware, network and storage infrastructure must be
documented. It is important to capture the actual usage
as well as the physical specifications. Traditional
infrastructure is often over-provisioned to handle
expected future demand or worst-case scenarios. The
agility and elastic scale of the cloud offers the opportunity
to optimize significantly on this approach. Usage should
be measured at both normal and peak expected load.
Data should be gathered on CPU, memory, network
(latency and bandwidth) and storage (capacity, IOPS and
throughput).

Any dependencies between components and systems, such as between applications and databases, must be identified and
mapped. Understanding these dependencies is important when grouping and sequencing migrations during the planning
phase.
Capture the current version of all software, and all operating systems—in some cases, updating the software to more recent,
supported versions may be required as a pre-requisite to migration. Where software is developed in-house, the availability of
source code and skilled staff familiar with the code must be established. Where software is licensed, vendor support for cloud
technologies must be understood. For example, does the vendor already offer a cloud-based version of the software? If the
software uses Microsoft SQL Server, has the vendor certified use with Azure SQL Database?
UNDERSTAND THE TOTAL COST OF OWNERSHIP
Having mapped the existing infrastructure and applications, the total costs of delivering those applications can then be
analyzed. The Azure Total Cost of Ownership (TCO) calculator can help estimate on-premises costs but cannot capture all
costs such as 3rd-party software licenses. Building a complete business case for the cloud requires building a full view of these
costs. Some costs, such as servers and software licensing, are specific to each application; other costs such as operations staff
and buildings are spread across applications and therefore may need to be apportioned appropriately. Remember to include
backup, disaster recovery, software licensing, power, space, operations staff, support agreements, networking equipment,
warranties, and Internet access. It is also important to understand the renewal dates for any leasing, licensing, warranty or
support agreements, and the refresh cycle for all hardware, since this may create hard deadlines for migration, or impact
prioritization to better leverage existing assets.
DISCOVERY TECHNIQUES AND TOOLS
A variety of methods must be employed to gather all this information. First, it is important to identify key stakeholders, such
as application owners, relevant executives, technical staff, and end users. Interviews with each stakeholder will be necessary to
understand their perspectives and priorities, and to gather their input on the topics listed above.
Various tools are also available to assist with gathering technical data on the existing infrastructure. In many cases, these tools
can also help with the subsequent migration planning, costing, and even with the migration execution. Examples of available
tools, from both Microsoft and third-party vendors, include:
MICROSOFT OFFERINGS
Azure Migrate: The Azure Migrate tool can be used to assess on-premises workloads for
suitability, as well as offering advice on performance-based VM sizing and cost
estimations. The initial release of Azure Migrate only supports VMWare VMs but support
for Hyper-V is coming soon. Azure Migrate offers the following capabilities:
• Discover and assess on-premises VMs
• Confidently plan your migration
• Easily migrate your workloads to Azure
More resources:
• Assess on-premises workloads for migration to Azure
• Watch a Demonstration of Azure Migrate

Azure Database Migration Service: The Azure Database Migration Service is a fully
managed service designed to enable seamless migrations from multiple database sources
to Azure Data platforms with minimal downtime.
The Data Migration Assistant (DMA): Enables you to upgrade to a modern data platform
by detecting compatibility issues that can impact database functionality in your new
version of SQL Server and Azure SQL Database. DMA recommends performance and
reliability improvements for your target environment and allows you to move your
schema, data, and uncontained objects from your source server to your target server.
Azure SQL Database DTU Calculator: A Database Transaction Unit (DTU) is a blended
measure of CPU, memory, and I/O used by an Azure SQL Database. Within each SQL
Database service tier, Microsoft guarantees performance in terms of DTUs. The SQL
Database DTU Calculator can be used to analyze the performance of existing on-premises
databases, to calculate the number of DTUs (and hence service tier) required after
migration to Azure SQL Database.
THIRD-PARTY OFFERINGS
Turbonomic
Turbonomic plans reflect what your workloads actually need to run in the cloud – no
more, no less. Get to the cloud quickly and safely, while avoiding cost-overruns or
performance issues.
Cloudamize
The Cloudamize cloud infrastructure analytics platform helps you make data-driven
decisions with ease and confidence throughout your entire cloud journey.
• Assess: Which cloud is right for me and what will it cost?
• Plan: How do I prioritize my applications for migration?
• Migrate: How do I ensure my migration execution is right on the first try?
Movere
More than just a point-in-time assessment, Movere enables a depth of monitoring,
analysis and optimization unseen in any other platform. Movere organically scans
environments globally at a rate of up to 1,000 servers per hour and multiple
instances/environments in less than one day.
RISC Networks
RISC Networks CloudScape provides IT professionals with the most relevant infrastructure
performance analysis needed to properly prepare for cloud, data center, and
infrastructure projects. Agentless discovery of Network Devices, routers, switches,
Windows and Linux Servers and more. Review the Asset Report in the RISC Networks
Portal or download an excel spreadsheet.

BitTitan Azure Assessments
Provide detailed readiness reporting using cost analysis and planning tools to convince
your customers to adopt Azure. Take advantage of massive opportunities to move data
out of SQL servers at end of life or support. Even uncover security concerns in customer
infrastructure.
• Readiness check
• Cost analysis
• Detailed planning
TSOLogic
The TSO Logic Platform provides the industry’s most accurate data-driven analysis of total
cost of ownership and cost modelling for your ideal future state. It ingests millions of data
points from your current environment, including age, generation and configuration of all
hardware and software they’re running and each instance’s historical utilization. The
Platform creates a fine-grained statistical model of compute patterns for all OS instances,
showing how much you’re spending, where you’re over-provisioned, and where there are
opportunities to realize significant savings both now and in the future.
Corent
Corent’s SurPaaS® Platform is an Azure SaaS service that enables you to automate the
scan, assessment, planning and cost modeling for your customers workloads, then
automatically migrates them to the cloud, and then monitors, manages, optimizes and
operates those workloads in the cloud.
BMC Discovery for Multi-Cloud
BMC Discovery for Multi-Cloud automates asset discovery and application dependency
mapping to build a holistic view of all your data center assets, multi-cloud services, and
their relationships.

Planning
The purpose of the planning phase of the Migration Assessment Plan is to build a proposal of
what to applications to migrate, how to migrate each application, and when each migration
should take place.
Having understood the various workloads and their underlying architectures during the discovery phase, the first step in the
planning phase is to logically group the infrastructure and application components, and to prioritize their migration. This
prioritization will be based on several factors: simplicity of application and infrastructure, number of dependencies,
application criticality, limitations of existing hardware, and hardware and license refresh cycles. It is useful to approach
applications from two different vantage points:
TOP DOWN
The top-down approach is focused on reaching that goal and begins with an evaluation of the various technical and security
aspects of each application:
• Categorization of data, compliance, sovereignty and security risk requirements
• Current complexity of interface, authentication, data structure, latency requirements, coupling and application life
expectancy of the application architecture
• Operational requirements like SLAs, integration, maintenance windows, monitoring and insight
Once analyzed, these aspects generate an overall score that reflects the difficulty of moving that application to the cloud. The
top-down assessment also involves evaluating the application’s financial benefits:
• Operational efficiencies, TCO, return on investment (or similar measurements)
• Overall computer load, seasonal fluctuations in usage levels, types of users (casual vs. expert, always online vs. only
occasionally), necessary levels of scalability or elasticity
• Business continuity and resiliency requirements, any dependencies in the event of a service disruption
BOTTOM UP
Simultaneous to the top-down assessment, a bottom-up assessment can also be performed. And because this is more about
the technical requirements and where an application could go, much of the information can be pulled from your assessment
tool of choice. Requirements typically addressed with a bottom-up approach include:
• Max. memory, number of processors, operating system disk space, data disks, Network interface cards, IPv6, Network
load balancing, Clustering, OS/ DB version, Domains supporting, Third-party components/ software packages
Once the applications and infrastructure have been grouped and prioritized, a migration plan should start to emerge.
Depending on the number and complexity of applications, your migration plan may range from a relatively straightforward
application migration schedule, or may be a complex multi-year strategic migration roadmap, with detailed application-level
planning taking place iteratively as the roadmap is executed.
A pragmatic approach is preferred, preferring simpler, non-critical workloads for the early migrations. These are less risky and
likely to be quicker to migrate and to present fewer issues. Early success builds confidence and allows demonstrable return on
investment. It also builds experience, which reduces the risks associated with migrating the more complex workloads which
follow.

COMMON MIGRATION APPROACHES
When designing the migration for a specific workload, there are a number of choices available.
• Retire: Some applications may be end-of-life and more easily be retired than migrated.
• Replace: Many common business workloads (such as Exchange or SharePoint) have equivalent SaaS offerings. Migrating
to SaaS services offers an alternative to running application infrastructure in the cloud, typically with higher availability
and lower TCO.
• Rehost: A ‘lift and shift’ approach, in which applications are migrated to IaaS virtual machines, offers a fast migration
path with a high level of compatibility with existing software. SQL Managed Instances is another option when rehosting
SQL Servers. The compatibility benefits of virtual machines, but the benefits of PaaS.
• Rearchitect: Converting applications to run as PaaS services offers significant advantages over a simple rehosting in IaaS
virtual machines, due to the lower on-going management complexity and costs. However, converting to PaaS may take
longer and require greater technical skills, and the level of change—from minor refactoring to a complete application re-
write—will depend on the existing codebase and the choice of PaaS technology adopted. As a result, while some
applications may be converted to PaaS services as part of a migration project; more commonly they are first rehosted to
IaaS and then evolved to take advantage of PaaS.
• Retain on-premises: For some applications, continuing to run on-premises may be the only realistic option, for example
where regulatory requirements require data to reside within national borders and no local Azure region is available. In
these cases, Azure Stack may be a viable option.
DECISION TREE FOR APPLICATION MIGRATION STRATEGY
A good practice is to build a decision tree based on your customers priorities and requirements to help decide the correct
migration strategy. The following tree is an example of how to approach the application based on whether the workload is
applicable to SaaS, IaaS or should be modernized with PaaS, or if it cannot be migrated at all should reside in a private cloud.

CONSIDER MIGRATION VELOCITY AND BENEFITS
When considering the priority order of which workloads to migrate first,
it’s important to understand the relative difficulty level of each migration
type as well as the benefit received for that option. For instance, rebuilding
with PaaS will typically to be the most difficult, but high on the strategic
scale because you are moving to managed services with more capabilities
and developer agility. Where rehosting with IaaS is most likely going to
require the least amount of effort, but is going to provide the least benefit.
SaaS is the most strategic because you are offloading everything but the
administration and consumption of the service to the service provider.
STARTING THE MIGRATION PROCESS
After prioritizing your application portfolio priority, and then going through the decision-making process of the correct
migration strategy for each workload, your team can then start the migration process in earnest. Migrations should be
planned in sprints, and your team should work with the customer to ensure that changes are communicated correctly not just
to your stake holders but as well to the product owners and any users that will be impacted by changes.
Example of an Enterprise Cloud Migration

SURVEY DATA
Our survey of Microsoft partners with an Azure migration practice measured how frequently each of the main migration
approaches were used. Lift and Shift to IaaS was the most common approach, more than twice as common as application
modernization.
Percentage of Migration Types Applied to Specific Workloads
(n=364)
Our survey also studied how the approach to migration varied across a range of common workloads. Most workloads
employed an IaaS migration, except for database server and web servers which favored a PaaS migration, and training
and service desk applications, which were more commonly retained in existing infrastructure.
Percentage of Migration Types Applied to Specific Workloads
(n=364)
Highest service frequency by workload

IAAS OR PAAS?
The choice between IaaS and PaaS is not all-or-nothing. A
range of blended options exists, combining both IaaS and
PaaS components in a single application architecture. For
example, a traditional 3-tier application may see the
application tier migrated to IaaS VMs, while the front-end
tier is migrated to Azure App Service and the database tier
is migrated to Azure SQL Database.
Where third-party software is used, licensing and support
agreements must be reviewed to ensure that cloud-based
deployments are fully supported, and to evaluate which
cloud-based services may be used. For example, some
software may support SQL Server running in IaaS, but not
be validated with Azure SQL Database. In such cases it
may be worthwhile to contact the software vendor to
understand the future cloud roadmap for the product.
While PaaS migrations may be costlier and time
consuming initially, this loss is frequently outweighed by
the benefits of reduced management overhead—
especially appealing to managed service providers. In
addition to the efficiency gains of a PaaS approach, a
modern application architecture also creates a foundation
for higher-value customer offerings such as data analytics
for increased business insight.
Many of the migration partners we interviewed described
a ‘PaaS-first’ approach, preferring PaaS solutions where
possible, recognizing that use of IaaS is inevitable in many
cases, during a transition to PaaS or due to technical
constraints such as the use of third-party software. In
many cases, migration takes a phased approach, with
initial migration executed as a ‘lift and shift’ to IaaS VMs,
followed by additional phases to convert the application
to make greater use of PaaS services.
OPPORTUNITY TO CLEAN UP LEGACY
DEPLOYMENTS
In addition, cloud migration is often used by an
organization as an opportunity to clean up legacy
infrastructure and applications. It may be necessary to
modernize certain infrastructure in-place before it can be
migrated, for example, upgrading a legacy database or OS
to a more modern version. Another common example is
to consolidate on-premises databases prior to migration.
Similarly, converting applications to PaaS may be an
opportunity to combine several related applications into
one.
WHICH AZURE SERVICES AND TOOLS
Having decided on the overall approach to migration, the
design for the migrated application can be completed.
This design describes in detail which Azure services are to
be used, and how they will be configured. This includes:
• The design for directory services, such as whether
Azure AD will extend an on-premises Active Directory
or not, and whether to adopt hybrid identity.
• The design for subscription and resource groups, and
the resource naming convention.
• The list of Azure services and resource types used,
their deployment region, and the SKU or service tier in
each case.
• The network design, including virtual networks and
subnets, peering, network security groups, routes,
connectivity to on-premises networks, and use of
virtual appliances.
• The storage design, accounting for capacity, IOPS,
and data throughput requirements.
• The design for backup, high availability and disaster
recovery.
• The tools used for the initial deployment to Azure and
on-going updates.
• Plans for on-going operations, including monitoring,
alerting, reporting, patching, and scaling.
Remember when specifying the compute, network, and
storage capacity of the migrated service not to simply
copy the hardware specification of the on-premises
system. Instead, scale the system based on the actual
usage data gathered during the discovery phase, and
design the system to scale as needed in future.

MINIMIZE DOUBT AND RISK WITH PROOF-OF-
CONCEPTS
Technical uncertainties impacting the design can be
resolved using Proof-of-Concept implementations, which
can reduce the risk of unexpected discoveries impacting
the migration schedule during the execution phase.
With the goal state of the migrated application in place,
the design for the initial deployment and application
migration can be completed. This describes in detail how
each application will be migrated from the on-premises
environment to Azure. This includes:
• How existing application data will be transferred.
• How traffic will be switched to new application
endpoints.
The nature and duration of any user impact during
migration.
• Details of how the migration will be monitored and
verified.
• The process for roll-back should the migration fail.
• Details of any supporting tools, such as Azure Migrate
or Azure Site Recovery, that will be used.
PROJECT SCHEDULE
Finally, the Planning phase includes creating the schedule
for executing the migration. Many of the migration
partners we interviewed use a traditional milestone-based
methodology, such as PMP or PRINCE2. A minority
adopted agile methodologies such as Scrum.
PaaS migration projects typically follow traditional
software development phases and milestones for coding,
testing, user acceptance, staging, and production
deployment, followed by additional milestones for data
migration, verification, and endpoint cut-over.
IaaS ‘lift and shift’ projects may forego the coding phase,
but the other phases are still typically required.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, we asked what safeguards and processes they used
to mitigate risks for a migration project. The top responses were testing and proof of concepts, followed by backup and
recovery strategies.
4%
4%
4%
4%
4%
6%
8%
18%
19%
Parallels
Client collaboration
Data protection
Iterative review
Follow industry standards
Security check
Risk analysis
Backup / recovery strategies
Testing / Proofs of concept

Evaluation
In the last phase of the migration assessment plan—Evaluation—you will help the customer
to understand the value proposition of going forward with cloud migration by reviewing the
benefits identified.
Earlier in this playbook, we discussed the different objectives and priorities that different organizations have when moving to
Azure—from cost reduction, to increased agility, to improved service quality, to enabling new business scenarios.
Understanding your customer and the motivations behind each migration is crucial to presenting the migration assessment
in terms that relate to the customer and their concerns.
FORECASTING COST AND RETURN ON INVESTMENT
That said, cost is a universal concern. The discovery phase should already have captured an accurate picture of the existing
on-premises application costs. To complete the business case, an accurate forecast of Azure costs is required. When
computing these costs, consider the following points:
1. The choice of SKU or service tier is important since it can make a significant difference to pricing. A direct translation
of existing on-premises hardware specifications into Azure Virtual Machine SKUs may not be optimal, since on-
premises hardware may be under-utilized, and Azure hardware is typically newer, and hence faster, than on-
premises hardware with a similar number of CPU cores. The Optimize and Manage phase is a key talking point in this
discussion.
2. Remember to account for the hours that each service will run. It may be possible to scale back usage of Production
environments at times of low usage, especially when using PaaS. Non-production environments such as Dev/Test
typically only need to be deployed when they are in active use.
3. The Azure Hybrid Benefit allows existing Windows Server software licenses (with Software Assurance) to be re-used
on Azure Virtual Machines. This allows existing licensing investments to be leveraged, so the Virtual Machine is only
charged at the ‘bare metal’ (Linux) rate. This can result in significant reductions in your Azure bill of 40% or even
more. This benefit is also available for SQL Server licensees, allowing them to reuse their SQL Server licenses without
paying the premium rate as well as significant cost savings for using Azure SQL Database. See
https://azure.microsoft.com/pricing/hybrid-benefit/ for further details.
4. Similarly, the License Mobility program enables Microsoft Windows Server application licenses (with Software
Assurance) to be used in Azure, again allowing existing licensing investments to be leveraged in Azure. See
https://azure.microsoft.com/pricing/license-mobility/ for further details.
5. Some costs, such as Virtual Machine SKU, are relatively easy to predict. Other costs, such as bandwidth or storage
access charges, vary according to application usage and can be difficult to predict without accurate data. Usage may
need to be estimated based on transaction logs or other available usage information.
6. Where appropriate, take advantage of Azure Reserved Instances (https://azure.microsoft.com/pricing/reserved-vm-
instances/) to further reduce Azure subscription costs.
These approaches, when used in combination, can offer very substantial cost savings. Further details on optimizing costs are
given in the Azure Management Best Practices section of this Playbook.
The Azure pricing calculator is a useful tool for predicting Azure costs based on expected usage and service tiers. A number
of third-party tools also offer pricing estimation.

On-premises infrastructure has the advantage of well-understood up-front pricing. By comparison, cloud costs can be more
difficult to predict, and may vary over time, for example as usage changes, or as the service is optimized, or as the unit cost of
Azure resources changes. As a Managed Service Provider, it is important to set appropriate expectations with your customer
regarding costs, and it is generally better to slightly overestimate rather than underestimate what future costs will be.
Once the costs of the migrated service have been fully understood, they can be compared with the costs of the existing
service as captured during the discovery phase of the migration assessment. This enables both you and the customer to
understand the return on investment that the cloud migration will deliver.
COMMON CONCERNS
There are a number of common questions or concerns that may be raised in the context of an Azure migration. Common
concerns include:
• Concerns over regulatory compliance: Requirements should be captured during the discovery phase and addressed in
the proposed design. Be careful of making assumptions or taking requirements on face value, since in some cases
regulations may have been updated or misunderstood.
• Concerns over security: The proposed design should explicitly address security concerns and the Azure technologies used
to mitigate common threats. In some cases, and particularly when using PaaS services, the security design of the Azure-
based solution may be based on a different approach than that used on premises, with which the customer is more
familiar (for example, being more focused on access control and credentials and less focused on network-level
protections). Addressing these concerns may require the customer to adopt new security models. Alternatively, using
IaaS services at least initially may be a pragmatic way forward.
• Concerns over service availability: The proposed design should address the requirements for backup, availability and
disaster recovery, consistently with the published Azure SLAs.
• Concerns over functionality, compatibility and performance: A proof of concept is a common way to address
functionality and performance concerns and build confidence in the proposed solutions.
• Concerns over cost and cost variability: A sound understanding of fully-loaded costs for the existing application
implementation, together with a complete costing for the Azure implementation, should be presented. Whilst a high-
level cost approximation may provide a clear business case, providing additional detail can improve forecasting and
customer confidence.
A good understanding of the customer will enable Managed Service Providers to anticipate what is likely to be asked and
prepare appropriate responses.

Cloud Migration
and Modernization
Microsoft
Partner
Network
Lift &
Shift

Top 5 things to do
Here are the top 5 things to focus
on during an Azure infrastructure
migration.
 Deploy your network, compute and storage
infrastructure
 Implement user identity
 Understand the available tools and approaches for
server migration
 Configure high availability and backup
 Understand how to migrate data
Executive Summary
Now the actual work of migrating workloads studied during the assessment phase begins. In
this section, we’ll consider ‘lift and shift’ migrations to Azure infrastructure services.
Migrating applications to Azure using Infrastructure-as-a-
Service is often the quickest way to move applications to
Azure, as well as requiring the least work and presenting
the fewest risks.
For some applications, and some customers, migrating to
Azure infrastructure is the end goal, and the application
will continue to be operated in that way indefinitely. In
many cases however, an infrastructure migration is used
as a starting point, after which a longer-term program of
application modernization begins. In this case, the end
goal is for the application to be operated using Platform-
as-a-Service technologies, giving lower management
overhead and greater agility. Application modernization is
the topic of the next chapter of this playbook.
The foundation of an Azure infrastructure deployment
comprises:
• Identity – how will users authenticate and how
resources are secured
• Compute – configuring virtual machines for
availability, scale and performance
• Network – designing the network for current and
future connectivity requirement
• Storage – planning for performance, durability,
scalability and archival
This section discusses how to design and build this
foundation and provides several resources to help.
We then discuss how to migrate the existing application
servers—physical or virtual—to Azure. We provide
guidance on how to choose the right Azure virtual
machine and the various tools and methodologies to
execute the migration itself.
Finally, we’ll present some key topics that are important
for Azure infrastructure migrations:
• Migrating VMware workloads
• Configuring backup and disaster recovery for
migrated workloads
• Migrating existing Azure applications to Cloud
Solution Provider (CSP) subscriptions
• Using Azure Stack as a migration target for customers
that cannot migrate to the public cloud
• Migrating data and databases

Building Out the Network
The network forms the backbone of any application, both on-premises and in the cloud. It is
the doorway to the end users, the glue that enables the application to function, and the
security boundary against outside attacks. Establishing the right network architecture is a
critical step in designing any cloud migration.
Designing the network can be one of the most technical and challenging aspects of a cloud migration project. The network
design must consider a range of requirements and security threats. Common considerations include:
• Designing network topologies with the right connectivity for application access and internal traffic
• Creating hybrid networks connecting on-premises and Azure-based resources
• Routing traffic for scale, resilience and high availability
• Securing the network against outside threats, including DDoS
• Monitoring and trouble-shooting networking issues
Microsoft Azure offers an extensive range of networking services and features, enabling almost any networking topology to
be created in Azure. This enables existing network topologies to be reproduced in Azure as part of a migration. Migration to
the cloud is also an opportunity to align the network design with current best practices for performance and security.
In addition to designing your Azure network, remember to consider the existing on-premises network. What changes—
temporary or permanent—are needed to make the existing network compatible with and extensible to the cloud?
AZURE NETWORKING
Azure provides a comprehensive range of networking services to support a wide range of network topologies. These are built
using Microsoft’s software defined networking technology, which offers cloud scale, fast provisioning, and virtual isolation of
network traffic in the multi-tenant Azure environment.
This guide gives a short overview of the core Azure networking services. Microsoft publishes substantial additional
documentation on each of these services online. For further reading, we recommend the Azure Networking Overview.
VIRTUAL NETWORKS
Virtual networks are the most fundamental resource in Azure networking. A virtual network allows you to create a dedicated,
private network space (for example, 10.0.0.0/16) within the Azure cloud. Resources, such as Azure virtual machines, can be
allocated private IP addresses within this space, and use those addresses to communicate with each other.
Each virtual network can be divided into subnets, and virtual networks can be connected with each other, either using site-to-
site VPN connections or peering connections (note that in-region peering is generally available, but cross-region peering is
currently available in Preview only). You can configure user-defined routes and network security groups (NSGs), which are
like firewall rules, to control traffic in, out, and between subnets.
Inbound Internet traffic is supported by creating a Public IP Address, which can be either IPv4 or IPv6 (not all networking
features are supported with IPv6). These IP addresses can be statically or dynamically assigned. Outbound Internet traffic is
supported both with and without the presence of a Public IP Address (and can be blocked using an NSG if required).
LOAD BALANCING OPTIONS
There are three alternative load-balancing technologies available in Azure. It is important to understand all three, and to
design your application appropriately.

• Azure Load Balancer is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy virtual
machines or other service instances. It can be used for both Internet-facing and internal application endpoints.
• Azure Application Gateway is a Layer 7 load-balancer with security and routing features, such as web application firewall, SSL off-
loading, URL path-based routing and cookie-based session affinity. It is an example of a network appliance; a range of 3rd-party
applies is also available via the Azure Marketplace.
• Azure Traffic Manager is a DNS-based global traffic management service. It provides a range of traffic-routing capabilities, based
on end user geo-location, endpoint proximity (based on network latency), and endpoint availability. Traffic Manager can be used
to direct traffic between endpoint in different Azure regions, or between Azure and non-Azure endpoints.
Note that all three load-balancing services include endpoint health probes for back-end instances, and the ability to deliver high-
availability by automatically removing failed instances from service and restore them once they return to health.
DNS SERVICES
Azure supports a range of DNS services and features, for use by both Internet-facing and internal applications:
• App Service Domains allows you to register a domain name, through a partnership with the name registrar GoDaddy. Originally
part of Azure App Service, this is now available in Preview as a standalone service.
• Azure DNS allows you to host your DNS domain (whether purchased via Azure or elsewhere). It provides a global network of
authoritative DNS name servers for high availability and low latency and supports all common DNS record types. Azure DNS is
generally available for Internet-facing domains; Intranet-facing private domain support is available in Preview.
• Azure-provided DNS is the name given to the recursive DNS service provided by default to all Azure virtual machines. You can
override the virtual machine DNS settings at either the virtual network or individual virtual machine level to specify your own
recursive DNS server; the most common scenarios are to specify the DNS service of your Active Directory deployment when using
domain joined virtual machines, or to enable DNS lookup for on-premises servers when using hybrid networking.
• Reverse DNS lookup is used to create a mapping from an IP address to a DNS name. Azure lets you configure the reverse DNS
name assigned to the public IP addresses assigned to your virtual machines. You can also host the reverse lookup zone for your
own IP address block using Azure DNS.
SECURITY, MONITORING AND TROUBLESHOOTING
• DDoS Protection: Azure provides two levels of DDoS protection. The basic level, which is free of charge, provides always-on traffic
monitoring and real-time mitigation against common attacks. The paid-for standard-level service, which is currently in Preview,
provides policies tuned using machine learning and real-time telemetry.
• Network Watcher provides a central hub for a range of tools to view network settings across your deployment. It also provides
several very useful tools for investigating network issues, such as the ability to run packet captures, and to verify connectivity from
a virtual machine to a given endpoint.
HYBRID NETWORKING
Most Azure migrations use Hybrid Networking to connect to on-premises resources.
In some migrations, for a variety of reasons including data sovereignty or industry-specific regulations, it may be necessary for some
parts of an application (typically the application database) to reside on-premises, whilst the other tiers of the application are moved to
Azure. In these so-called ‘hybrid’ networks, a secure and robust connection is required between the database in the on-premises
environment and the rest of the application in Azure. We call this connectivity between Azure and on-premises networks ‘hybrid
networking’.
Another example is Intranet applications. Even if the entire application stack is moved to Azure, some organizations will prefer to
access Intranet applications over their internal network, rather than a public IP address. Here again, a secure connection between the
on-premises network and the Azure network is required.
Azure provides two approaches to implement hybrid networking: Virtual Private Networks and ExpressRoute. These are summarized
below.

Virtual Private Networks
In a Virtual Private Network (VPN), traffic flows over the public Internet through a secure, encrypted tunnel, but appears from
a networking perspective to be between two private networks.
Azure supports two types of VPN:
• Site-to-Site VPN: Used to join on-premises networks to Azure, for example to connect application servers with database
servers. At the Azure end, a VPN Gateway is deployed into a dedicated subnet in your virtual network. The on-premises
network endpoint is a VPN gateway device. These devices form a VPN tunnel over which traffic between the networks
flows.
• Point-to-Site VPN: Used to join individual machines to the Azure network, for example to connect remote worker laptops
to an Azure application, or for Dev/Test purposes. Once again, a VPN Gateway is deployed in Azure, in this case
connecting to a VPN client deployed on the remote machine.
ExpressRoute
Microsoft Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection
facilitated by a connectivity provider. All traffic flows over this private connection, not over the public Internet. As such,
ExpressRoute connections offer a higher level of performance and reliability compared to VPN connections.
Where VPN connections provide connectivity only to a single Azure virtual network in a single region, ExpressRoute
connectivity supports all Azure regions in a given geopolitical region, or all regions worldwide with the ExpressRoute
Premium add-on.
VPN connections only provide connectivity to Azure resources. With ExpressRoute, you can establish connections to all
Microsoft cloud services, including Microsoft Azure, Office 365, and Dynamics 365. For guidance on using ExpressRoute to
access Office 365 visit http://aka.ms/ExpressRouteOffice365.
ExpressRoute offers a choice of connectivity models:
• Co-located at a cloud exchange If you are co-located in a facility with a cloud exchange, you can order virtual cross-
connections to the Microsoft cloud through the co-location provider’s Ethernet exchange. Co-location providers can
offer either Layer 2 cross-connections, or managed Layer 3 cross-connections between your infrastructure in the co-
location facility and the Microsoft cloud.
• Any-to-any (IPVPN) networks You can integrate your WAN with the Microsoft cloud. IPVPN providers (typically MPLS
VPN) offer any-to-any connectivity between your branch offices and datacenters. The Microsoft cloud can be
interconnected to your WAN to make it look just like any other branch office. WAN providers typically offer managed
Layer 3
• Point-to-point Ethernet connections You can connect your on-premises datacenters/offices to the Microsoft cloud
through point-to-point Ethernet links. Point-to-point Ethernet providers can offer Layer 2 connections, or managed
Layer 3 connections between your site and the Microsoft cloud.
ExpressRoute capabilities and features are all identical across all of the above connectivity models.
RESOURCES
➔ Reference Architecture: Hybrid Networking

SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, over 70% of migration projects included hybrid
networking. Most of these (60%) used site-to-site VPNs, while 11% used ExpressRoute. These ratios changed significantly
depending on the Partner’s customer focus, with enterprise-focused customers over three times more likely to use
ExpressRoute than SMB-focused partners (22% vs 7%, respectively).

Network Appliances
Using Network Virtual Appliances can improve application security, help meet existing
security policies, and leverage existing licensing investments, and re-use existing skills.
Many on-premises applications make use of third-party
network appliances, for example to provide additional
security, availability, or custom routing features. Many of
these appliances are now available as ‘network virtual
appliances’ (NVAs) in the Azure Marketplace. Having
identical or similar functionality available in Azure makes
it much easier to migrate existing applications that use
these devices.
Customers may have made a significant investment in
these appliances, in terms of hardware and licensing, and
also in the configuration of the appliance to support their
security policy and in training their staff. Minimizing
change and maximizing re-use of existing investments can
be an important way to remove obstacles from a
migration project. Using a virtual appliance from the
customer’s existing vendor makes it easy to re-use existing
configurations and policies, as well as providing a familiar
interface to existing staff. Moreover, in many cases the
virtual appliances support ‘bring your own license’, so
existing license investments can be re-used.
Microsoft provides its own network appliance, Azure
Application Gateway, which we discussed earlier. Third-
party network virtual appliances are available in the Azure
Marketplace from a wide range of vendors, including
Cisco, Barracuda, Check Point, Citrix, F5, and many more.
For a full list, see the Azure Marketplace.
RESOURCES
➔ Reference Architecture: Networking DMZs with
Network Virtual Appliances
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, network appliances from the Azure Marketplace
were used in a significant number of projects. Most common were Firewall appliances (36% of projects), followed by Load
Balancers (19%) and WAN Optimizers (9%).

The Virtual Data Center
Azure Virtual Datacenter is an approach to making the most of the Azure cloud platform's
capabilities while respecting existing security and networking policies. When deploying
enterprise workloads to the cloud, IT organizations and business units must balance
governance with developer agility. Azure Virtual Datacenter provides models to achieve this
balance.
Unlike an existing on-premises datacenter environment,
the Azure public cloud operates using shared physical
infrastructure and a software-defined environment
abstraction. The Azure Virtual Datacenter model allows
you to structure isolated workloads in the Azure
multitenant environment that meet existing governance
policies.
With this approach, a set of shared services, access
controls and policies are deployed and managed
independently of the actual application workloads. These
services include shared components such as load
balancers, hybrid network connections, network security
appliances, and management jump-boxes. Policies ensure
that all traffic is routed through this shared infrastructure,
which is responsible for implementing and enforcing
governance standards.
Individual application workloads are then deployed
separately into this infrastructure. Each workload uses a
dedicated virtual network, integrated with the shared
infrastructure using peering and routing rules. The
resulting network is a ‘hub and spoke’ model, with a
central hub of shared components, with each application
workload isolated in separate spokes.
With this approach, partners can deliver a flexible and
agile and yet also highly secure and compliant
infrastructure, with the aim of meeting any customer
security policy requirements and assuaging security
concerns. By sharing network security infrastructure,
partners can also demonstrate significant cost savings
over siloed application deployments. These advantages
will be especially important for Enterprise customers, who
typically have more demanding requirements and a larger
number of applications to migrate.
FURTHER READING
Deploying and configuring an Azure Virtual Datacenter
requires a deep understanding of a broad range of Azure
technologies. Fortunately, the Microsoft Customer
Advisory Team (AzureCAT) have published extensive
guidance, based on their experience of helping
Microsoft’s largest customers on their Azure journeys. For
more information, see the Azure Virtual Datacenter portal
on the Azure Architecture Center, the Azure Virtual
Datacenter White Paper and the Mesh and Hub-and-
Spoke Networks on Azure White Paper.

Enabling Hybrid Identity
As business move from using on-premises applications to cloud-based services, controlling
access to those services becomes a challenge. Azure Active Directory provides the solution.
Controlling access to cloud-based services poses multiple
challenges. How do you know which services your
employees are using? How do you ensure access is
authorized and authenticated? And how do you manage
authentication credentials across all those services?
Azure Active Directory is a cloud-based directory and
identity management service designed to address these
challenges. It enables a single set of credentials to be used
to authenticate access to thousands of common cloud-
based services. By integrating with on-premises
directories, this enables a common set of credentials to be
used for both corporate and cloud applications—we call
this hybrid identity. Enabling hybrid identity is a
foundational step for most enterprise migrations.
When migrating applications to the cloud, it is important
to understand how user identity will be managed. This
should be designed early before any migration efforts
have taken place beyond a proof-of-concept.
• You can run Windows Server Active Directory
(commonly referred to as AD) in the cloud using
virtual machines created with Azure Virtual machines.
This approach makes sense when you're using Azure
to extend your on-premises datacenter into the cloud.
• You can use Azure Active Directory to give your users
single sign-on to Software as a Service (SaaS)
applications. Microsoft's Office 365 uses this
technology, for example, and applications running on
Azure or other cloud platforms can also use it.
• Applications running in the cloud or on-premises can
use Azure Active Directory Access Control to let users
log in using identities from Facebook, Google,
Microsoft, and other identity providers.
Organizations already using Office365 or Azure will
already be using Azure Active Directory, since it is the
authentication mechanism behind both services. In some
cases, where different directories are in use, it is useful to
transfer ownership of their subscription to another
account.
SERVICE PRINCIPAL ACCOUNTS
As well as supporting user authentication, applications
also use Azure Active directory to authorize access to the
resources they need. They do this using special types of
accounts, called Service Principal accounts. Service
Principal accounts can be created using the Azure portal,
PowerShell, or CLI.
Service Principal accounts should be configured with just
enough permissions to run the tasks needed by the
application, and no more. It is important that applications
do not run in the context of user accounts, since this
breaks the principles of least privilege and individual
accountability.
MANAGED SERVICE IDENTITY
Managed Service Identity is currently a preview feature of
Azure Active Directory. It enables service principal
accounts to be created automatically for Azure resources
such as virtual machines. The credentials for the account
are automatically provisioned into the virtual machine,
using the MSI virtual machine extension. Applications
running on the virtual machine can then use those
credentials to request access tokens which are used to
authenticate requests to other Azure resources.
Managed Service Identities automate the fully credential
management lifecycle—from initial provisioning, through
rollover, to deleting the Service Principal account when
the resource is deleted. This greatly reduces the
management overhead associated with credential
management, whilst also increasing security.
To learn more, see Managed Service Identity Overview.
RESOURCES
➔ What is Azure AD?
➔ Deploying a Hybrid Identity Solution
➔ How to Deploy ADFS in Azure
➔ Azure AD Domain Services
➔ Azure Active Directory Proof of Concept Playbook

Planning for Storage
Data storage is a critical feature of any application. Choosing the right storage technology will
help create performant, cost-effective cloud deployments.
There are a wide range of data storage technologies
available in Azure. Each offers different features,
performance, resiliency and cost characteristics. It is
important to understand the options before choosing the
storage for your applications.
In this section, we’ll consider the storage options available
to Azure Virtual Machines, considering both the disks
attached to the virtual machines themselves, and shared
file shares.
In addition, Azure supports a wide range of database
options. These are considered later in this playbook: see
the sections on Migrating Databases and Modern Data
Platform.
VIRTUAL MACHINE DISKS
With the right storage combination, you can achieve up to
256 TB of storage per virtual machine, with up to 80,000
IOPS (input/output operations per second) and up to 2 GB
per second disk throughput, with extremely low latencies
for read operations. However, achieving this performance
requires a large (and costly) deployment, and so whilst
Azure supports extreme levels of disk performance, it is
important to ‘right-size’ your design to avoid unnecessary
cost.
The first step in planning disk storage is to identify the
storage requirements—capacity, throughput, and
read/write operations per second. This information should
be gathered in the assessment phase, using tools such as
Azure Migrate or Azure Site Recovery Deployment
Planner. This information will help determine the storage
architecture to use, for example the size, type and number
of disks.
There are two technologies available for virtual machine
disks in Azure. The original approach, which is still
supported, is to store the disk image in a ‘blob‘ in Azure
storage. The newer approach, called Managed Disks,
abstracts the disk as a first-class resource in its own right.
Managed Disks offer numerous advantages over blob
storage and is the recommended approach for all new
deployments.
When planning your disk storage, you will need to choose
between Standard Storage and Premium Storage:
• Standard Storage offer lower transaction rates, data
throughput and higher latency than Premium disks.
They also offer both local and geo-redundant
replication. They are a good choice for web and
application servers that do not depend on high IOPS
or low latency.
• Premium Storage offers much higher transaction
rates, throughput, and lower latency than standard
disks. They offer local replication only (no geo-
replication). They are suitable for database servers, file
servers and interactive applications that require high
throughput and low latency. They are also required to
take advantage of the Azure SLA for single-instance
virtual machines.
In each case, it is important to understand the capacity,
IOPS and throughput options available, and to choose a
storage design that meets your requirements. In some
cases, to meet the required performance, it will be
necessary stripe data across multiple disks.

File Shares
Cloud file shares make sharing files across cloud and on-premises servers easy.
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block
(SMB) protocol (also known as Common Internet File System or CIFS). Azure File shares can be mounted concurrently by
cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure File shares can be cached on
Windows Servers with Azure File Sync (preview) for fast access near where the data is being used.
Azure File shares can be used to:
• Replace or supplement on-premises file servers:
Azure Files can be used to completely replace or supplement traditional on-premises file servers or NAS devices. Popular
operating systems such as Windows, macOS, and Linux can directly mount Azure File shares wherever they are in the
world. Azure File shares can also be replicated with Azure File Sync to Windows Servers, either on-premises or in the
cloud, for performance and distributed caching of the data where it's being used.
• "Lift and shift" applications:
Azure Files makes it easy to "lift and shift" applications to the cloud that expect a file share to store file application or user
data. Azure Files enables both the "classic" lift and shift scenario, where both the application and its data are moved to
Azure, and the "hybrid" lift and shift scenario, where the application data is moved to Azure Files, and the application
continues to run on-premises.
• Simplify cloud development:
Azure Files can also be used in numerous ways to simplify new cloud development projects, for example for shared
application settings, diagnostics, or shared tools.
Azure files are a fully-managed service, requiring no patching or ongoing management, and have built-in resiliency.

Choosing Virtual Machines
Helping customers choose the right virtual machines family and size, with the correct
availability options, is an important value-add.
Migrating existing servers—whether physical, VMware or
Hyper-V—comprises two main steps. First, an appropriate
Azure virtual machine must be selected and provisioned.
Secondly, the application files (executables, configuration
and local data) stored on the disks associated with the
existing servers must be migrated.
In this section, we’ll focus on the first step—choosing the
right the virtual machines, and choosing the right high
availability design for their deployment.
VIRTUAL MACHINE FAMILIES
Azure supports a wide range of virtual machine families,
with a wide range of compute and memory capabilities.
The family and size of each virtual machine used should
be determined during the planning phase of the discovery
process, based on the analysis of the existing application
and hardware. For example, database servers and web
servers may have very different memory requirements,
and so use different virtual machine families.
Many of the assessment tools can help with this right
sizing exercise. Even so, having intimate knowledge of the
available options will undoubtedly be required.
Helping your customers navigate the various VM compute
series to ensure they are choosing the optimal size both
for performance and for cost effectiveness for their
workload is an incredible value-add and will be critical to
the success of the project.

Availability Options
Beyond choosing the right family and size of virtual machine, choosing the right availability
option will also be integral to the project at hand.
In addition to understanding the native availability
requirements for the workload (for example: SQL Server
Always On) you will have to plan and choose the right
level of availability with Azure Virtual Machines, backed by
a suitable virtual machine availability SLA.
SINGLE INSTANCE VM
When any Azure virtual machine is backed by Azure
Premium Storage, (for all disks), Microsoft provides a
99.9% availability SLA.
AVAILABILITY SETS
Azure Availability Sets are a logical grouping capability
that you can use in Azure to ensure that the virtual
machines you place within it are isolated from each other
when they are deployed within an Azure datacenter.
Using availability sets helps protect against outages
caused by local failures, such as a top-of-rack network
switch, or by rolling system updates such as host OS
patching.
Availability sets offer a 99.95% availability SLA, and
require that at least two virtual machines are deployed.
AVAILABILTY ZONES
Azure Availability Zones are fault-isolated locations within
an Azure region, designed with independent power,
cooling, and networking. They help protect your mission-
critical applications from failures of entire datacenters,
caused by events such as power or cooling failures, fire, or
flood.
Availability zones are designed to be sufficiently isolated
to protect against coordinated failures, yet close enough
for low network latency between zones, so that write
operations to zone-redundant storage take place
synchronously.
Availability zones also support zone-redundant
networking. Zone-redundant load-balancers can be used
to distributed traffic across virtual machine instances, both
within and across Availability Zones. Zone-redundant
public IP addresses enable a single public IP address to be
shared across all zones, with traffic routed away from
failed zones automatically.
Availability zones were made generally available as of
March 30, 2018. They offer a 99.99% availability SLA.
However, they are not yet supported in all Azure
regions—see Azure Regions for details.
REGION PAIRS
Deploying your application to more than one Azure
region helps protect you against large-scale region-wide
disasters (such as hurricanes) with the potential to impact
all availability zones within a region. However, this comes
at a significant cost—as well as the increased Azure
consumption arising from the larger deployment
footprint, the application design must account for data
consistency between regions and traffic routing, both
before and during a disaster.
Cross-region data replication can be achieved using a
range of database technologies, including Azure SQL
Database. Cross-region traffic routing and failover is
provided by Azure Traffic Manager, which supports a
variety of traffic-routing policies.
When deploying an application to more than one Azure
region, you should take advantage of Azure region pairs.
Each Azure region has a ‘paired’ region, and Azure avoids
deploying system updates to both regions at the same
time. Spreading your load across paired Azure regions
helps protect against unexpected outages caused by
Azure system updates.

Customized Virtual Machine Images
Take advantage of custom virtual machine images to optimize your deployment time
Many customers use virtual machine images in their
existing virtualization environment complete with 3rd
party and custom software ready for deployment. These
images can be used in Azure as well, which can accelerate
deployments by removing the need to change
configuration settings and deploy software after the
virtual machine is created.
CUSTOM IMAGES FOR WORKING TOOLS
Many of the partners we interviewed create custom
images (Windows and Linux) that contain their custom
applications and third-party tools they commonly use as
part of a migration or modernization project.
With this approach, they get the additional benefit of a
common working environment which allows for
consistent behavior and a common set of tools. New
teams can get started much faster and with less confusion
since all of the environments have the expected set of
tools and services when they start.
CREATING YOUR OWN IMAGES
A first step should be to browse the Azure Marketplace, to
see if there is an existing virtual machine image available
that meets your needs. Using an existing image saves you
valuable time in creating your own. However, if you can’t
find a suitable image in the Marketplace, you can also
create a custom image as a baseline for your virtual
machines.
The easiest way to create a new image is to start by
provisioning a VM from the Azure Marketplace and then
customizing it by installing software and services. After
the VM is configured you must run sysprep.exe with the
generalize and shutdown options selected. Once the VM
is shutdown you can use the Azure capture command to
store the image for later use. For more information, see
Creating Custom VM Images.
You can also use the open source tool ‘Packer’ to create
custom virtual machine images. To build images, you
define a Packer template file specifying the build process
for the image. Packer supports integration with Azure,
allowing you to define Azure resources such as service
principal credentials. Running Packer will then deploy a
virtual machine to Azure, perform the necessary build
steps, create the image, and then clean up the virtual
machine. This image can then be used as a baseline for
more virtual machines. For more information, see How to
use Packer to create Windows virtual machine images in
Azure.
UPLOADING EXISTING IMAGES
Using the Azure Command line tools or Storage Explorer
you can upload existing VHD files and register them as
managed images that can be used to create new virtual
machines in Azure.
For details, see the Migrating Disks section in this
playbook.

Migrating to Virtual Machines
A critical step in any migration to Azure infrastructure is the migration of the servers
themselves. Over the following pages, well learn about the migration approaches you can use
and the tools available to help you.
There are two main approaches to migrating the
application files to virtual machines in Azure:
1. Start with a clean Azure virtual machine and re-install
and re-configure the application software,
OR
2. Port the existing machine disks, so that the virtual
machine in Azure continues where the on-premises
machine left off.
A clean installation on a new virtual machine has the
advantage of leaving behind any legacy issues associated
with the existing machine, such as patching history and
device drivers. It creates a clean, up-to-date disk image
and a clean install of the application software. It is also
repeatable, which helps with reliable testing.
However, a clean install is only possible where the
application installers and the knowledge to configure the
application are available. For legacy applications, in
practice, this is frequently not the case. For these
applications, porting the existing disks to Azure is the
fastest and most reliable way to migrate the application.
In the following sections, we’ll discuss a variety of ways of
implementing the second migration approach—porting
existing disks to Azure. First, we’ll consider the simplest
possible approach of simply copying the disks. Next, we’ll
look at how migration can be streamlined using Azure Site
Recovery. Finally, we’ll discuss the features and resources
available specifically to support VMware to Azure
migrations.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, 44% reported that a clean application install was
their most common approach to migration. The remaining 56% reported that their most common approach was to
migrate existing servers.

Migrating Disks
Copying disks is the simplest way to migrate existing servers to Azure.
The simplest way to migrate existing servers to Azure is
simply to migrate their disks to Azure and then attach
those disks to new Azure virtual machines.
By using snapshots, disks can be exported from existing
servers and imported into Azure while those servers are
running. For stateless servers, this works well. However, for
stateful servers (such as databases), any changes after the
snapshot is created will be lost during the migration. In
this case, to avoid loss of data, the service will need to be
stopped during the migration process. Migrating disks in
this way therefore incurs a longer system downtime than
other migration approaches, such as using Azure Site
Recovery as discussed in the next section. However, the
simplicity of disk migration means it may still be a good
choice for appropriate applications for which this
downtime is acceptable.
MIGRATING HYPER-V OR VMWARE VIRTUAL
MACHINES TO AZURE
Importing disks to Azure only supports the Hyper-V VHD
disk format, which must be a fixed-size disk no larger than
1,023GB. In addition, only ‘Generation 1’ VMs are
supported. You can convert from the VHDX format to
VHD, and from a dynamically expanding disk to a fixed-
size disk. However, you cannot change the VM’s
generation, and will therefore need to use a different
migration approach with Generation 2 VMs.
Converting Hyper-V disks from VHDX to VHD format, and
to fixed size, can be achieved using either Hyper-V
Manager to PowerShell. For details, see Prepare a
Windows VHD or VHDX to upload to Azure.
You can also convert the VMware VMDK disk format to
VHD using the Microsoft VM Converter. For more
information, see the blog article How to Convert a
VMware VMDK to Hyper-V VHD.
Some additional VM changes are also required before
uploading to Azure. For example, any static persistent
routes must be removed, WinHTTP proxy removed, the
SAN disk policy configured, the time zone set to UTC, and
the power profile set to High Performance.
You will have to choose whether to ‘sysprep’ your VM. You
typically do this if you want to create a template from
which you can deploy several other VMs that have a
specific configuration. This is called a generalized image.
If, instead, you want only to create one VM from one disk,
you don’t have to use sysprep. In this situation, you can
just create the VM from what is known as a specialized
image.
There is a long list of additional changes, fully
documented at Prepare a Windows VHD or VHDX to
upload to Azure. Once complete, the VHD file can be
uploaded as a blob in Azure Storage. From there, you can
use the VHD blob either to create a Managed Disk (in the
case of a specialized image) or to create a Managed
Image (in the case of a generalized image). These can then
be used in your Azure virtual machines.
MIGRATING AWS EC2 INSTANCES TO AZURE
Migrating AWS EC2 instances to Azure follows a similar
process as used for Hyper-V or VMware, as described
above. First, you export the EC2 instance to a VHD file in
an Amazon S3 bucket, using the instructions provided in
Exporting an Instance as a VM using VM Import/Export.
This VHD file is then transferred to Azure and used to
create a Managed Disk or Managed Image (both
specialized and generalized VHDs are supported).
For further information, see Move a Windows VM from
AWS to Azure using PowerShell.
MIGRATING PHYSICAL SERVERS TO AZURE
Physical servers can be migrated to Azure by converting
their disks to VHD files, then following a similar process as
described above. This can be done using the Disk2vhd
utility. An advantage of this tool is that is uses the
Windows Volume Snapshot capability to create consistent
point-in-time disk snapshots, allowing the VHD to be
created without system downtime.

Migrating using Azure Site Recovery
Azure Site Recovery (ASR) is an Azure service designed initially to enable customers to deliver
high availability applications by enabling automatic failover to Azure infrastructure in the
event of failure. By treating an application migration as a controlled failover without failback, it
can also be used to migrate applications to Azure.
The requirements for failover to a backup site are similar
to the requirements for a migration. Key concerns focus
on data replication and integrity, re-directing the network
traffic, and minimizing downtime. While initially designed
for failover, Azure Site Recovery supports both failover
and migration scenarios.
Azure Site Recovery for Migration supports migration
from physical machines and both VMware and Hyper-V
virtual machines to Azure. The ASR Deployment Planner
can be used to help assess the workload to be migrated
and determine details of the migration such as the
network capacity needed and Azure virtual machines to
use.
Once installed and configured, the migration starts by
copying data (disks) from each machine to be migrated.
Once completed, continuous incremental data transfers
are used. This all occurs while the on-premises application
is fully operational, prior to any application migration
work window.
Data synchronization integrates with a wide range of
common application workloads to ensure the
synchronized snapshots are application consistent.
Common workloads supported by Azure Site Recovery
include SQL Server, Active Directory, Exchange and Oracle
Data Guard. For a full list of supported workloads, see
What workloads you can protect with Azure Site Recovery.
During application cut-over, virtual machines in Azure are
booted using the replicated data. A final incremental data
transfer is used to ensure the Azure virtual machines are
fully up-to-date. Azure Site Recovery supports an RPO
(Recovery Point Objective) as low as 30 seconds, enabling
the work window during which applications are
unavailable to be kept as small as possible.
The application traffic is then switched to the Azure-based
service. For Internet-facing applications, the Azure service
will have a new IP address, hence this switchover happens
at the DNS level. Azure Site Recovery integrates with
Azure Traffic Manager, enabling this transition to happen
quickly and easily. For Intranet applications, there are two
possible approaches: changes to the internal IP address
require the internal DNS record to be updated;
alternatively, the internal IP address can be preserved,
with switchover can occur at IP subnet level. This last
approach is useful if application dependencies require
that existing internal IP addresses must be preserved.

Migrating VMware Workloads
Many customers use VMware to run virtualized applications, either on-premises or with a
hosting provider. The overall process of migrating VMware virtual machines to Azure follows
a similar sequence to any other migration. However, there are some considerations that are
specific to VMware.
Migrating VMware virtual machines to run in Azure is one
of the most common migration scenarios. Microsoft has
published a detailed Migrating VMware to Microsoft
Azure TCO Guidance document to help demonstrate the
value proposition that underpins these migrations.
The overall process for migrating VMware workloads to
Azure follows a similar path to other workloads, using
tools we have already seen such as Azure Migrate and
Azure Site Recovery. To help support VMware customers
on their migration journey, these services are designed
and tested specifically with VMware workloads in mind.
Existing VMware administrators unfamiliar with Azure
may appreciate free online training to introduce Azure
VMs to existing VMware vSphere administrators.
There are many technical compatibility issues to consider
when planning a VMware to Azure migration, such as
firmware version, OS version, VMware version, disk size,
disk format, network capacity, etc. The Azure Migrate and
Azure Site Recovery Deployment Planner tools can be
used to automatically assess an existing VMware
environment prior to migration, giving a report of issues
that needs to be addressed.
Microsoft publishes step-by-step guidance on how to
prepare and configure VMware migration to Azure using
Azure Site Recovery, including specific considerations for
Cloud Solution Provider (CSP) subscriptions.
In some cases, you may already be hosting customer
applications in your own on-premises VMware
infrastructure. Where this is a multi-tenant environment
(supporting more than one customer), it is important to
ensure tenant isolation during the migration process. This
can be achieved by ensuring the vCenter access account
used by the Azure Site Recovery configuration server only
has the correct access permissions.
Instead of using Azure Site Recovery, an alternative
approach for VMWare to Azure migration is to simply
convert the server disks from the VMware VMDK format
into the VHD format used by Hyper-V and Azure. This can
be achieved using the Microsoft Virtual Machine
Converter tool. A number of other steps are necessary to
prepare the VM disk for upload to Azure.
In the rare event that compatibility issues prevent an
existing VMware workload being migrated to an Azure
virtual machine, there is an alternative. Microsoft recently
announced future support for VMware virtualization in
Azure. This offering will allow customers to access the full
VMware stack on Azure hardware, co-located with other
Azure services. While not offering the same cost-savings
or agility of migrating to Azure virtual machines, this
option does provide an additional option to reduce on-
premises infrastructure.

Migration Tools
Following is a list of the most common migration tools and services used when migrating servers to Azure Virtual Machines.
See also the tools listed under Discovery, many of which can also support migration.
Azure PowerShell and Azure CLI
The Azure command line tools are some of the most frequently used tools with migration.
Tasks range from uploading images to Azure Storage, to automating Azure infrastructure
during a failover from Azure Site Recovery with a recovery plan.
Azure Site Recovery
As well as offering a Disaster Recovery solution for failover to Azure VMs, Azure Site
Recovery can also be used to replicate and migrate VMs to Azure at scale. Azure Site
Recovery can be used with Azure Migrate (which helps with migration assessments).
CloudEndure
CloudEndure® provides an automated migration solution that utilizes block-level
continuous replication, application stack orchestration, and automated machine
conversion to ensure data integrity during migrations to, between, or within the cloud.
ATADATA
ATADATA’s automates the migration of workloads and also auto-provisions multi-tiered
live workloads directly into Hyper-V, Azure Classic or Azure Resource Manager
environments. The agentless architecture is managed through the ATADATA Console
which installs entirely behind client firewalls, or via a hosted/SaaS deployment.
Dataometry
Datometry Hyper-Q simplifies enterprise management of existing applications and
develops new applications on cloud databases.
Unittrends
Automatically remodel VMs to native cloud virtual machines in low cost AWS S3 or Azure
Blob storage. This free tool even handles the transformation of networking differences
between VMware and AWS.
Attunity
Attunity Replicate empowers organizations to accelerate data replication across a wide
range of heterogenous databases.

CloudAtlas
CloudPilot's static code analysis ensures a deep understanding of applications and data to
successfully migrate them with no code changes to Azure Containers, Azure Virtual
Machines, or Azure App Service (PaaS). Migrate in minutes, not months. CloudPilot checks
applications for security, governance, and regulatory compliance, and with coding best
practices to reduce migration risks and costs.
ZeroDown Software
ZeroDown enables companies to move applications from their data center or other
hosting platform to Azure with no interruption of service. The tool automatically
synchronizes the source and target environments and is transparent to the migrated
application’s users with no cutover problems or loss of in-flight transactions.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, PowerShell was the most-used tool during workload
migration. Use of Azure Migrate was in second place, and was first-place among practices with an enterprise focus.
23%
31%
32%
38%
41%
44%
Azure CLI Tools
Azure Site Recovery
V2V tools such as Microsoft
Virtual Machine Converter
P2V tools such as Disk2VHD
Azure Migrate
Azure PowerShell Cmdlets

Business Continuity
Providing guaranteed continuity of service even in the event of failures is a key requirement
of any business application. Services in Azure are no exception.
Business continuity requires that services keep running, or
recover quickly, even when disaster strikes. That could be
a large-scale IT failure, or a data loss event.
This presents both a challenge, and an opportunity. You
can use Azure services to enhance your offerings to
support business continuity for customers. In designing
your business continuity service, be prepared to answer
common customer questions, such as:
• Will you help me restore my data when it is corrupt or
lost? Will you take care of my data’s long-term
retention compliance requirements?
• Will you protect my mission critical applications? Will
you make DR and recovery plans and run DR drills?
• Will you ensure business continuity in case of any
interruption? What kind of SLAs will you provide?
To protect against IT failures, Azure Site Recovery enables
critical workloads to replicate their running state to Azure,
and to rapidly fail over to an Azure-based infrastructure
when needed. Whilst this creates data redundancy, it does
not protect against data corruption, accidental data
deletion, or ransomware, and thus additional data
backups, as provided by Azure Backup, are also essential.
These services can be used to protect both cloud
workloads and on-premises deployments. As a Managed
Service Provider, providing additional resilience to on-
premises applications by integrating these Azure services
can be a ‘quick win’, helping to build customer trust prior
to a full Azure migration.
Microsoft Azure offers a rich set of services to backup
workloads and fail over critical workloads, in addition to
hybrid storage support.
• Azure Backup supports file and folder-based
workloads, virtual machine backup, as well as
workload specific support such as Hyper-V, VMware,
SharePoint, and Active Directory straight to Azure,
removing the need for physical backups like tape.
Azure Backup recently added support for application-
consistent backups for a range of common Linux-
based workloads.
• Azure StorSimple is an appliance (physical and virtual)
that provides hybrid tiered storage to automatically
offload data to the cloud.
• Azure Site Recovery protects important applications
by coordinating the replication and recovery of
physical or virtual machines. You can replicate to your
own datacenter, to a hosting service provider, or even
to Azure to avoid the expense and complexity of
building and managing your own secondary location.
Azure Site Recovery continuously monitors service
health and helps automate the orderly recovery of
services in the event of a site outage at the primary
datacenter.

Migrating Existing VMs to CSP
In some cases, a customer may have an existing Azure-based application, which they wish to
transfer to the Managed Service Provider for on-going maintenance and monitoring.
Migrating an existing application to a Managed Service
Provider may require that the Azure resources that implement
that application be migrated to a different Azure subscription.
This will typically be a CSP subscription managed by the
Managed Service Provider on behalf of the customer.
Azure supports moving resources between subscriptions.
However, there are a number of constraints that must be met
beforehand to ensure the resource move is successful. In
particular, note that managed disks do not currently support
migration, which means virtual machines that use managed
disks cannot be migrated.
First, Azure only supports resource move where both source
and destination subscriptions reside under the same Microsoft
tenant (directory). The existing subscription may use a
different Azure AD tenant or may use a Microsoft account. In
either case, it must be transferred to the tenant created when
the customer account is created in the CSP portal.
Second, not all Azure resources are available in CSP
subscriptions. The Azure CSP Migration Assessment Tool can
be used to identify any existing resources that are not
currently supported in CSP subscriptions, or which do not
support resource move. In some cases, the tool will specify
modifications which are required prior to migration; in other
cases, the tool may identify existing resources which cannot
currently be migrated. In this case, changes to the application
may be required to remove this component.
Third, CSP subscriptions only support the Azure Resource
Manager deployment model, and not the Azure Service
Management (‘classic’) model. Resources using the ‘classic’
model will be identified by the Azure CSP Migration
Assessment Tool, and will need to be migrated in-place to the
Azure Resource Manager deployment model before
continuing.
Finally, the resources can now be migrated to the new
subscription. Cross-subscription migrations require
resources and all their dependencies to be moved at once.
For example, if you have VM resources in one resource
group, and that VM's disks are stored in a storage account
in another resource group, first move all dependent
resources to a single resource group. You can then
migrate the entire resource group at the same time.
The links given in the Resources section below provide
detailed step-by-step instructions for each step of the
migration process.
RESOURCES
➔ Migrating resources from an EA subscription to CSP
➔ Migrating resources from a PAYG subscription to CSP
➔ Azure CSP Migration Assessment Tool
➔ Upgrade resources from Classic to Resource Manager
➔ Moving resources between Azure subscriptions
➔ ASR Capacity Planning guide for migration to CSP

Migrating Databases
Alongside migrating servers to virtual machines, migrating the application database is
perhaps the most critical step in any Azure workload migration. Maintaining integrity and
availability of data is critical, and the time taken to synchronize data between old and new
systems may determine the duration of any service disruption during migration.
Migrating databases is a crucial step in any migration
project. Fears over application downtime or data loss are
common, so it’s important to have a well thought-
through and proven approach.
As a partner responsible for a data migration, you are
responsible for:
• Understanding compatibility issues between existing
databases and new databases in Azure
• Assessing and optimizing databases
• Executing data migration safely.
There are two main options for running a database in
Azure: either as a database installed on an Azure VM or
using the Azure SQL Database service. In both cases, a
range of database technologies is supported, including
Microsoft SQL Server, Oracle, PostgresSQL, NoSQL, and
more.
In many cases, even where an infrastructure-only
migration strategy is being followed, the database will be
migrated directly to Azure SQL Database, rather than
SQL-on-IaaS. The motivation is to take advantage of the
PaaS benefits of Azure SQL Database such as lower
management overhead for underlying infrastructure,
quick provisioning and service scaling, and integration
with other PaaS services. Azure SQL Database also offers
SQL Database Managed Instances for near 100%
compatibility with on-premises SQL Server. This provides
you with all of the advantages of a PaaS deployment
along with the ease of migration inherent in a SQL Server
on IaaS deployment. This makes SQL Database Managed
Instances an ideal target for database migrations.
A key goal of migration is to avoid any loss of data. In
some cases, a real-time synchronization between old and
new databases is possible, enabling migration without
service impact. In many cases however, the most
pragmatic approach is to accept that the application may
be unavailable (or available as read-only) during the
migration work window during which the data will be
replicated. The duration of this window can be kept to a
minimum by performing an initial data transfer prior to
migration, followed by an incremental sync containing
only subsequent changes during the migration work
window. Migrations should be approached with the
same rigor and processes as a full software or hardware
project – a solid methodology is required for success.
When planning a database migration project, we
recommend that you consider the process shown in the
following graphic:

KEY SERVICES FOR THIS OFFERING
• Azure Database Migration Service: The Azure
Database Migration Service is a fully managed service
designed to enable seamless migrations from multiple
database sources to Azure Data platforms with
minimal downtime. The service uses the Data
Migration Assistant to generate assessment reports
that provide recommendations to guide you through
the changes required prior to performing a migration,
and performs all of the associated steps, taking
advantage of best practices as determined by
Microsoft.
• Data Migration Assistant: This tool can be used to
assess a Microsoft SQL Server database in preparation
for migration, identify compatibility issues, and to
execute the migration, either to SQL-on-IaaS or to
Azure SQL Database.
• Third-party tools: A range of third-party tools is
available to assist with data migration. See the
Database Migration Guide for a list of tools
RESOURCES
➔ Azure Database Migration Hub
➔ Data Migration Blog
➔ Azure Blog post: Migrating to Azure SQL Database
with zero downtime for read-only workloads
➔ Azure SQL Database Managed Instance

MODERNIZING APPLICATIONS PAGE 91
Cloud Migration
and Modernization
Microsoft
Partner
Network
Modernizing
Apps

Executive Summary
Modernizing applications to use Azure platform services maximizes the value of migrating to
the cloud. Which applications should you modernize, and how?
In the previous chapter, we looked in depth at how to
migrate workloads to the cloud using a ‘lift and shift’
approach (rehosting) to Azure’s infrastructure services. In
this chapter, we’ll study how to migrate applications to
Azure’s platform services (rearchitecting).
While a ‘lift and shift’ migration to Azure infrastructure
services can offer significant benefits, it does not take
advantage of everything the cloud has to offer. Virtual
machines still need to be patched, services cannot scale
automatically based on usage, software updates have to
be managed, and many of the higher-level services
offered by the cloud are not available.
To take full advantage of the cloud requires a migration to
Azure platform services. Here, the full benefits of the
cloud can be realized: patching and many other
maintenance tasks are handled automatically by the
platform, streamlined workflows support rapid software
updates, services can auto-scale based on usage, and the
full power of all Azure services is available
Earlier in this playbook, we discussed the various
motivations behind a cloud migration, and the different
ways that migration can deliver value for a business. To
recap, the four main cloud benefits are: cost saving,
agility, service quality, and the new scenarios that cloud-
based technologies can enable. Only a platform-based
architecture can take full advantage of these benefits.
In this chapter, we will discuss migrating applications to
Azure platform services. We will start by taking a closer
look at the platforms services available in Azure, the
benefits of a platform-based approach, and we will
provide some best practices and design considerations for
‘cloud-native’ application architectures.
We will then go on to discuss the most commonly-used
approaches, focusing firstly on Azure App Service, and
then on microservices and containers. We’ll also look at
the various technologies available for storing and
processing data, including ‘big data’ technologies used to
extract insight and value from large data volumes.
Finally, we’ll discuss higher-level platform services for
machine learning and artificial intelligence. These cloud-
only services are increasingly used to light up new
application scenarios, delivering competitive advantage
beyond cost savings and agility.
Top 4 things to do
Cloud-native designs offer the
greatest cloud benefits. Here are
the top 4 things to get you started.
 Understand the benefits of platform vs
infrastructure approaches to the cloud
 Build technical expertise in cloud-native design
 Choose which platform services your practice
will use
 Build experience at migrating existing
applications to platform services

Modernizing Applications with Azure
One of the most effective ways to realize the benefits of migrating applications and system
architectures to the cloud is to utilize PaaS (Platform as a Service) services.
Platform as a Service (PaaS) is a complete development
and deployment environment in the cloud, with resources
that enable the delivery of everything from simple cloud-
based apps to sophisticated, cloud-enabled enterprise
applications. Like IaaS (Infrastructure as a Service), PaaS
includes infrastructure (servers, storage, and networking)
but also middleware, development tools, business
intelligence (BI) services, database management systems,
and more. PaaS is designed to support the complete
application lifecycle.
BENEFITS OF USING PAAS
Here are the biggest benefits of using PaaS services to
modernize and host applications in the cloud:
• Managed Virtual Machines (VMs): PaaS hosting is
provided by Managed VMs that do not require the
traditional maintenance and updates required by
traditional IaaS VMs. This provides an abstraction that
automates Operating System updates and patches, so
the development team only needs to be concerned
with the application, data, and deployment rather
than infrastructure maintenance.
• Cut coding time: PaaS development tools can cut the
time it takes to code new apps with pre-coded
application components built into the platform, such
as workflow, directory services, security features,
search, and so on.
• Add development capabilities without adding
staff: PaaS components can give your development
team new capabilities without your needing to add
staff having the required skills.
• Develop for multiple platforms—including
mobile—more easily: Some service providers give
you development options for multiple platforms, such
as computers, mobile devices, and browsers making
cross-platform apps quicker and easier to develop.
• Use sophisticated tools affordably: A pay-as-you-
go model makes it possible for individuals or
organizations to use sophisticated development
software and business intelligence and analytics tools
that they could not afford to purchase outright.
• Support geographically distributed development
teams: Because the development environment is
accessed over the Internet, development teams can
work together on projects even when team members
are in remote locations.
• Efficiently manage the application lifecycle: PaaS
provides all the capabilities that you need to support
the complete web application lifecycle: building,
testing, deploying, managing, and updating within
the same integrated environment.

MIGRATING APPLICATIONS TO PAAS
Using Azure platform features is not all-or-nothing. You
can combine infrastructure and platform services in a
single deployment. For example, it is common for an
infrastructure migration to run application servers using
infrastructure virtual machines, but to use the Azure SQL
Database platform service as the data tier, rather than
running SQL Server on virtual machines. Many other
combinations as possible.
While it is most convenient to build “cloud-native”
applications from the start, that is often not possible with
many enterprise applications. There is often a significant
investment in “legacy” enterprise applications that make it
cost prohibitive to start over from a blank slate to benefit
from the cloud. For this reason, it’s most feasible with
many enterprise systems to refactor the applications to
include cloud-native design considerations and leverage
PaaS technologies.
To support this, Azure provides a range of platform
services, each offering a range of benefits and each
requiring a different degree of application modernization.
For example, an application might be migrated to Azure
App Service, or converted to run in containers, with
relatively few changes. At the other extreme, a fully
serverless architecture utilizing Azure Functions and
higher-level Azure services may require the application to
be re-written. Choosing the right approach to application
modernization requires an understanding of the
suitability, cost and migration complexity of each of the
platform approaches available.
KEY CHALLENGES
• Focus on building applications and business logic,
instead of managing infrastructure, reliability,
scalability, and latency.
• Quickly build powerful web, mobile, and API apps
using multiple languages / frameworks (.NET, .NET
Core, Java, Ruby, Node.js, etc).
• Reliably deploy, update and scale applications
effortlessly across many virtual machines, using either
Windows or Linux.
• Globally deliver content to any device with low
latency.
• Virtual Machine Scale Sets: Apply autoscaling to
virtual machines for high availability. Create
thousands of identical virtual machines in minutes.
• Azure App Service: Quickly create powerful cloud
apps using a fully-managed platform.
• Azure Container Services (AKS): Simplify the
deployment, management, and operations of
Kubernetes
• Service Fabric: Build and operate always-on, scalable,
distributed apps. Simplify microservices development
and application lifecycle management.
• Azure Functions: Build apps faster with a serverless
architecture. Accelerate your development with an
event-driven, serverless compute experience.

SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, two-thirds reported using one or more Azure
services for application modernization.

Cloud-Native Architecture and Design
Most of the traditional application designs and architectures that are common place in on-
premises datacenters are able to run in the cloud without change. However, the cloud brings
with it many new capabilities and features. Applications that make use of cloud capabilities
are often referred to as “cloud-native” applications.
On the surface, designing applications for the cloud is not
very different than designing for on-premises. All the
same development tools, language, and frameworks can
be used in the cloud. This enables all the familiar tools and
existing skillsets of the development team to be used.
However, the cloud also offers a range of additional
capabilities, and taking advantage of these requires some
design changes. In addition, there are a wide range of
cloud services and features available, and a variety of
design approaches available. As a migration partner, you
are responsible for:
• Choosing the right cloud-native application
architecture for your application.
• Incorporating proven best practices into your cloud
designs.
• Optimizing implementation by leveraging existing
deployment templates for common architectures
You’re not on your own. Microsoft has published
extensive guidance on designing applications for the
cloud. This guidance can be found in the Azure
Architecture Center, provides a wealth of resources and
proven cloud architecture best practices, based on real-
world experiences gained from working directly with the
largest Azure customers. Using this guidance can
accelerate your design process, as well as ensuring that
your designs follow proven best practices. Amongst other
resources, the Azure Architecture Center includes:
• The Azure Application Architecture Guide, which
presents a number of common architecture styles,
technology choices, and design principles for Azure
applications.
• Azure reference architectures, which demonstrate
recommended practices and include deployable
solutions which can be used as the basis of your own
deployments.
• Azure architecture best practices for a wide range of
common topics, including API design and
implementation, autoscaling, use of background jobs,
monitoring, fault handling, and more.
• Design review checklists for Availability, Resiliency
and Scalability, which can be used to validate and
improve your own designs, enabling you to catching
potential problems early and avoid expensive re-work
later.

Cloud Design Considerations
Cloud-native applications are designed differently from conventional applications.
There are a few design considerations necessary when building software to be “cloud-native” and utilize PaaS services. These
design considerations address many of the key differences to resource allocations and availability with PaaS services and IaaS
resources. Here are the key design considerations for building “cloud-native” applications, or migrating existing applications,
using PaaS services:
• Scale Out over Scale Up: One of the traditional
methods of scaling to meet increased load in on-
premises environments is to Scale Up; simply add
more CPU power, Memory capacity, or storage
capacity to the server. This is a common practice on-
premises with both Single Server and Multi-Server
hosting solutions. In the cloud, server resources are
more of a readily available commodity. In the cloud,
you can basically provision a new server VM when it’s
needed. For this reason, it’s much easier to add more
servers when extra capacity is needed. An additional
benefit of Scaling Out (adding more servers / VMs) is
an increases resiliency to the application deployment.
If a 1 server out of 10 goes down, it affects the overall
performance of the application and SLA to the
company’s clients and users much less than if 1 server
out of 2 goes down. Scaling Out and spreading load
across server instances has many benefits, including:
higher availability, higher resilience against failure, as
well as the ability to tweak server resources to
optimize cost when comparing pricing tiers.
• Graceful Fault Handling: Every software system has
failures. When distributing load across multiple server
instances, or integrating a distributed / microservices
architecture, an application needs to be coded to
gracefully handle all error when possible. These errors
can even include transient failures, such as not being
able to connect to a database or service, isolated
network outage on a single VM, or any other sort of
error that occurs at random times for a short period of
time and then goes away. When a call to an external
service fails, the application can be coded with Retry
Logic to re-initiate making the service call 1 or more
times before throwing an exception. Another possible
implementation is to cache a user’s request using
some type of message queue, so the user can
continue with their work while the system handles the
error and performs the requested work in the
background.

• Multi-Zone and Multi-Region Deployment: One of
the aspects to hosting application in on-premises
environments that can easily become cost prohibitive
is the ability to deploy to multiple datacenters for
redundancy and increased resiliency. In the cloud,
Microsoft Azure is made up of many Azure Regions
spread across continents and geographies that can be
utilizes for any cloud application deployment. There
are also multiple Availability Zones (currently in
Preview) within each Azure Region that can be
utilized to enable application instances to be
deployed to specific datacenters within the Region.
Application deployments that utilize Zones and
Regions have the capacity to be globally resilient
against Regional or Datacenter failures. This extra
resiliency can be combined with Scaling Out to host
applications with a much greater level of resiliency
and availability than is possible in most on-premises
datacenter environments.
• Do Not Write to Local File System: When using
PaaS services like Azure App Service to host an
application, it’s important to not write anything
persistent to the local file system. There reason for this
is that multiple instances of the application running in
the service do not share the same local file system as
they are hosted on different VMs. Instead of writing to
the local file system, any files and/or data that needs
to be accessed across application instances should be
written to a shared storage service like Azure Blob
Storage, Azure Redis Cache, or another database
service.
• Stateless Design: When designing applications to
Scale Out, instead of Scale Up, the design to share
state across instances can prove to be difficult
depending on the overall application architecture.
Modern application architecture is to design
applications to remain Stateless. This has become the
modern standard in web application and Rest API
design. It’s common to use Cookies with an HTTP-
based application to remain Stateless, but another
option is to use a cache service like Azure Redis Cache
to share state across instances for applications that
still require state.
• Serverless: Serverless computing, such as Azure
Functions, takes the benefits of PaaS even further by
adding an additional abstraction layer that enables
for an individual function of code to be deployed and
hosted without requiring a full application to be
maintained. This larger abstraction of Azure Functions
is integrated with Input and Output Bindings that
provide built-in capabilities to integrate with other
Azure services, as well as third-party services and
applications. Using Serverless compute decreases the
overall development and maintenance costs that
enable faster time to delivery and easier production
support.
• PaaS Services: Where a specific service is available for
a task, using that service is usually a better choice than
building your own using lower-level platform
components. These services have already been
designed to deliver the availability, performance,
security and scale required by Microsoft’s most
demanding customers—saving significant work and
providing a service level that would be difficult and
expensive to match. Using services built specifically
for the cloud enhances the development team’s
capacity to deliver value, in addition to providing an
abstraction that removes many of the monotonous
and time-consuming aspects of Server and Virtual
Machine maintenance.

Cloud Design Patterns
Use proven design patterns to accelerate and improve your cloud-native application designs.
Among the multitude application design challenges your
developers will face, many have already been solved and
documented as cloud ‘design patterns’. These patterns
provide proven out-of-the-box solutions to challenges
involved in designing applications to make best use of the
cloud. Using proven, established patterns streamlines
development by saving the development team from
having to design solutions for these common scenarios on
their own.
Here are some of the most commonly-used cloud design
patterns used to build “cloud-native” applications:
• Retry Pattern: Enable the application to handle
transient failures when it tries to connect to a service
or network resource, by transparently retrying a failed
operation. This can improve the stability of the
application.
• Circuit Breaker Pattern: Handle faults that might
take a variable amount of time to recover from, when
connecting to a remote service or resource. This can
improve the stability and resiliency of an application.
• Competing Consumers Pattern: Enable multiple
concurrent consumers to process messages received
on the same messaging channel. This enables a
system to process multiple messages concurrently to
optimize throughput, to improve scalability and
availability, and to balance the workload.
• Priority Queue Pattern: Prioritize requests sent to
services so that requests with a higher priority are
received and processed more quickly than those with
a lower priority. This pattern is useful in applications
that offer different service level guarantees to
individual clients.
• Queue-Based Load Leveling Pattern: Using a
Queue that acts as a buffer between a task and a
service it invokes in order to smooth intermittent
heavy loads that can cause the service to fail or the
task to time out. This can help to minimize the impact
of peaks in demand on availability and responsiveness
for both the task and the service.
• Cache-Aside Pattern: Load data on demand into a
cache from a data store. This can improve
performance and help to maintain consistency
between data held in the cache and data in the
underlying data store.
• Throttling Pattern: Control the consumption of
resources used by an instance of an application, an
individual tenant, or an entire service. This can allow
the system to continue to function and meet service
level agreements, even when an increase in demand
places an extreme load on resources.
• Command and Query Responsibility Segregation
(CQRS): This design pattern segregates operations
that read data from operations that update data by
using separate interfaces. This can help maximize
performance, scalability, and security. It also supports
the evolution of the software system over time
through higher flexibility and prevents update
commands from causing merge conflicts at the
domain level.
The Microsoft Architecture Center includes an additional
list of cloud design patterns, as well as a list of cloud “anti-
patterns”—common mistakes that can negatively impact
the performance of cloud-native applications.

Azure DevTest Labs
DevTest is probably the only workload that doesn’t have corporate issues slowing down its
migration. Aside from the security and backup of a company’s source code, there’s no reason
for IT managers to balk nor are there regulatory or compliance rules that are stopping the
march of DevTest to the cloud.
Microsoft Azure DevTest Labs provides an end-to-end
experience to address the testing environment needs of
modern development teams. Before looking at the
benefits of DevTest labs, let’s first review the challenges of
building and maintaining DevTest environments.
DevTest Challenges
Skills and Effort Required to Build Out DevTest
Environments
Many development shops build an infrastructure from
scratch as their companies haven’t moved any workloads
to the cloud yet, and that can be overwhelming for
developers. Even though they are leveraging cloud tools,
solving mundane issues such as designing Virtual
Networks, IP address spaces, subnetting, DNS for name
resolution, Virtual Machines templates, file shares, storage
connections to DevOps package repositories will all need
to be designed and implemented. This requires skills in all
areas of IT, many of which are outside of a developer’s
expertise.
Each environment that needs to be built will require a
design to be created and implemented. In addition,
providing for both authentication and connectivity for in-
house developers and external contractors must be
addressed. DevTest in today’s world is all about speed,
and without the right skills or environment isolation,
things can quickly grind to a crawl.
Augmenting Previously Deployed Continuous
Integration and DevOps Tools
Many development and testing teams have invested in
continuous integration and DevOps tools that are heavily
utilized for their operations. When migrating DevTest
environments from on premise to the cloud, these
investments must be leveraged and augmented to ensure
their investment is extended to the cloud.

Customizing the Environment to Meet the Needs of
Developers and Testers
Developers and testers need their environments to be
exactly right to ensure efficiency and to minimize bugs.
Development teams have become very detail-oriented to
ensure that each environment being developed can be
replicated quickly and can be the same every time, no
matter what. Often, this means building Virtual Machine
(VM) templates and scripts to ensure configurations with
DevOps tools. Cloud solutions must allow for this type of
very precise customization and ease of use.
Providing a “Ready to Test” Solution
“Ready to test” is all about efficiency. Testing teams need
to focus on their role in the development cycle, which is
ensuring the highest quality of the application.
Oftentimes, testers must build their environment by hand,
which takes time away from testing the application and
can also introduce human error. When testers show up for
work, they should login and start their test, nothing else.
The bits they are testing and all their tools should already
be installed on the VMs they are working with to ensure
they catch every issue, instead of installing software over
and over.
Ensuring Access Control and Isolation from
Production Environments
A development and testing environment is meant just for
that – development and testing – and those who use these
environments should only have access to leverage the
cloud for such activities. It’s important to provide them
with the access they need to be successful in their role
without risking the safety of production systems.
Accidental shutdowns of systems should never happen,
and sufficient isolation between DevTest and production
should be in place to ensure proper change control
practices are followed. Moving to the cloud doesn’t mean
pioneering to the Wild West. Governance must be in place
to ensure that all teams are playing their roles properly
while utilizing the resource.
Leveraging the Cost Efficiencies of the Cloud via “Pay-
As-You-Go” While Capping Costs and Staying on
Budget
One of the most interesting aspects of moving to the
cloud for DevTest is the idea that costs are only incurred
while developing and testing. Some companies can dip as
low as 0% utilization of on premise DevTest environments
at times during the year. Leveraging the flexibility of the
pay-as-you-go model is one of the most compelling
reasons to move to the cloud. If the users of the resources
aren’t cognizant of how many resources they are using or
when those resources are being used, the scalability of the
public cloud can turn into some very large bills. Just think
of an electric bill if everything in a home was left on 24
hours a day, seven days a week; the bill would be
astronomical. IT projects are known for always being over
budget, so there needs to be a way to ensure that the
resources required don’t put a project over budget.

Azure DevTest Labs
To solve these problems and let developers and testers do
what they do best, Microsoft has developed a turnkey
solution for DevTest in the cloud: Azure DevTest Labs.
This service addresses the above problem by means of the
following features.
Quickly be “Ready to Test”
DevTest Labs provides multiple options to help
developers and testers to get their environments ready
quickly. It offers three different types of VM bases that
developers and testers can use to create the Dev/Test
environments:
• Marketplace images: VM images directly from
Azure Marketplace.
• Custom images: leveraging a VHD file built by the
customer.
• Formulas: a reusable base where VM creation
settings (such as VM image, VM sizes, virtual network,
etc.) are pre-defined, so that environments can be
created without requiring any more input.
Reusable artifacts in the DevTest Labs allow users to run
VM extensions and install tools, deploy applications or
execute custom actions on demand once a lab VM is
created.
Worry-free self-service
DevTest Labs enables a team self-service model where
developers and testers go to the Azure portal directly to
create environments, instead of going through a
complicated “request” process. In this case the DevTest
Lab is leveraging Azure Role-Based Control (RBAC), which
empowers teams to use the portal to build VMs as needed
on their own.
Lab polices makes it easier to control costs by allowing lab
owners to set boundaries and standard operating
procedures around what is spend on the project. By using
policies Development and Testing teams can ensure they
won’t go over and have an unexpected bill at the end.
Using Lab policies and Azure Role-Based Access Control
(RBAC), DevTest Labs enables a sandbox environment for
developers and testers to provision their own
environments without unexpected accidents that can
introduce a big bill.
Create once, use everywhere
DevTest Labs resources (labs, custom images, formulas,
artifacts, etc.) are reusable across labs, so that you don’t
need to re-create the same thing from scratch.
DevTest Labs fully supports Azure Resource Manager
(ARM) and follows the best practice of using resource
groups. You can create multiple labs with the same
settings/policies by deploying the same ARM template.
ARM templates are fully supported to deploy labs and
resources in a lab. Reusable custom images and formulas
can be created from an existing VM, and artifacts loaded
from VSTS Git or GitHub repositories can be used cross
different labs.
Integrates with existing toolchain
Azure DevTest Labs provides pre-made plug-ins,
command-line tool and APIs that allow you to integrate
your Dev/Test environments from labs to the release
pipeline.
In addition to APIs and command line tools, Azure
DevTest Labs Tasks are available in Visual Studio
Marketplace to better support your release pipeline in
Visual Studio Team Services.

Migrating Applications to Azure App Service
Azure App Service is a powerful and flexible platform for hosting web applications in Azure.
Migrating applications to Azure App Service is often the simplest and quickest way to take
advantages of the benefits of PaaS.
Azure App Service is a fully-managed platform to run and
scale both Internet-facing and Intranet web applications
and services, on both Windows and Linux. It supports a
wide range of development languages and offers a high
level developer productivity with features such as such as
CI/CD, easy and safe application updates, and integration
with Visual Studio Team Services, BitBucket, Docker Hub
and GitHub. Azure App Service also supports auto-scaling
of the infrastructure supporting your app, enabling
significant cost savings.
Review the following considerations before you consider
migrating your applications to Azure App Service:
• Port Bindings: Azure App Service support port 80 for
http and port 443 for HTTPS traffic. If you have sites
using any other port after migration to Azure App
Service, do remember that these are the only ports
that will be used.
• Usage of assemblies in the GAC (Global Assembly
Cache): This is not supported. Consider bin placing
the assemblies in the local bin.
• IIS5 Compatibility Mode: IIS5 Compatibility Mode is
not supported. In Azure App Service each Web App
and all the applications under it run in the same
worker process with a specific set of application pool
settings.
• IIS7+ Schema Compliance: One or more elements
and/or attributes are being used which are not
defined in Azure App Service IIS schema. Consider
using XDT transforms.
• Single Application Pool Per Site: In Azure App
Service each Web App and all the applications under
it run in the same application pool. In case you have
applications with different application pool in IIS,
consider establishing a single application pool with
common settings or creating a separate Web App for
each application.
• COM and COM+ components: Azure App Service
does not allow the registration of COM components
on the platform. If your site(s) or application(s) make
use of any COM components, these would need to be
rewritten in managed code and deployed with the site
or application.
• ISAPI Extensions: Azure App Service can support the
use of ISAPI Extensions, however, the DLL(s) need to
be deployed with your site and registered via the
web.config.
Once the above limitations have been taken into
consideration, you will need to migrate your applications.
The easiest form of migrating is through Azure App
Service Migration Assistant. This can be utilized to migrate
sites from Windows and Linux web servers to Azure App
Service. As part of the migration, the migration assistant
will create Web Apps and databases on Azure, publish
content, and synchronize your database.
This tool is available for both Windows server and Linux
servers. The migration tool for Windows Server works
either from the local machine or from a remote machine.
It allows you to migrate sites from IIS running on Windows
Server 2003 onwards. The Linux site migration tool allows
you to migrate sites from Linux web servers running
Apache to the cloud. Only Apache is supported at this
time.

Once you have decided to migrate, the following areas
need to be considered for migrating applications to Azure
App Service. You should also review the considerations for
migrating databases to Azure listed earlier in this
playbook.
• On-premises integration: In case your applications
are communicating with other applications which will
not be migrated to Azure, you have to consider how
the communication will happen when your
application moves to cloud. One solution is to enable
the other application to communicate over the
internet using REST. This may require changes in both
the applications, not to mention the additional risk of
exposing the server onto internet. Another approach
would be to establish a secure connectivity to your
on-premises server from Azure App Service, where
your application is hosted. This can be done in any of
the following ways depending on your requirement –
Deploying your apps in an App Service Environment
using an Isolated App Service Plan; enabling virtual
network integration with an Azure VNet , establish a
Site to Site VPN between this Azure virtual network
and on-premises, and then enable routes between
your App Service and the on-premises server; and
establishing hybrid connections.
• Authentication: When on-premises, using no
authentication or Windows authentication may be
acceptable as there was mutual trust with AD. When
you migrate to Azure, you will need to enable
authentication with Azure Active Directory. This
means modifying some of your configuration to be
able to authenticate your users via Azure AD.
• Session State: In an ideal case, you can make your
application stateless in order to scale/switch at will. In
case it is not possible, have your session state
configured to be persisted in Azure Redis Cache.
• File Persistence: Usually, websites might require
uploading files that need to be persisted. On Azure
App Service, it is recommended to persist any files
outside of the App Service into something like a blob
store. Modify the application to now use either the
Azure Storage SDK or the REST APIs for saving and
accessing files.
• App Settings and Connection Strings: There will be
App Settings and Connection Strings that will change
based on environment, whereas some will stay same.
For the ones that change based on environment, also
define them on the portal or deployment template so
that they can be overridden for different deployment
slots.
• Logging: If your logging framework is logging to files
saved locally you will need to update them to either
log in to Azure Diagnostics or to a centralized blob
store. You can also include Azure App Insights to get
deeper insights into how your application is
performing.
• Certificates: Certificates are not migrated directly.
You will need to explicitly upload your certificates to
be able to work on Azure, as detailed in this Bind SSL
Certificate documentation. You can also purchase
certificates directly from Azure, as detailed in this buy
SSL cert documentation.
• Custom Domains: Custom domains can be
associated to Azure Web Apps via a CNAME record
change. You also need to update App Service to
validate the DNS. Details are available in this map
custom domain documentation.
• Email: Sending Emails requires an SMTP server. App
Service does not provide you with the same and there
is no way that you can configure it within App Service.
While you can setup a SMTP server to send emails on
Azure IaaS VMs, we do put in restrictions. We
recommend using relay services to send email, such as
Office 365.
• LDAP Queries: If you are building internal
applications that are querying your LDAP store such
as AD, those may not work on Azure App Service.
Specifically, in the case of Active Directory, you can
move AD to Azure AD and then use the graph APIs to
make the necessary queries to Azure. For this, you will
need to register your application with Azure AD to
permit querying Directory Objects. A complete list of
graph APIs is here.

Microservices and Containers
The microservices architecture has become an important part of building distributed mission-
critical software systems.
Traditional application architectures build applications in
large, monolithic components. These large components
are deployed as a single unit, making it hard to maintain
strict separation between internal components. This
results in long integration, test and release cycles, which
slow development, reduce agility and increase costs.
The primary design principle of a microservices
architecture is to design an entire software system to be
built using smaller software components, called
microservices. Each microservice performs a single
function of the overall system that can be developed,
deployed, and scaled independently. This independence
enables accelerated development by enabling individual
component teams to work more independently, thereby
avoiding long integration, test and release cycles. For
more information, see the article Why a microservices
approach to building applications?.
Containerization is an approach to deployment and
application management that combines an application
with its dependencies and configurations (via manifest
files) into a container image. Due to their highly efficient
resource consumption, containers are an ideal platform
for the development of microservices. Each microservice is
built into a dedicated container image, and can then be
more easily deployed, scaled, and managed as a single
package. Using microservices and containers reduces the
effort required to manage the deployment and scalability
of an application.
Azure supports several services to support microservices
and containers:
• Azure Container Services (AKS): Kubernetes is the
leading platform for orchestrating container
deployments. The Azure Container Service for
Kubernetes (AKS) simplify the deployment,
management, and operation of Kubernetes.
• Azure Container Instances (ACI) provides a fully-
managed service in which you can run your
containers, without any need to deploy or manage
the underlying infrastructure. This service enables you
to easily run containers on Azure with a single
command, and with per-second billing.
• Azure Container Registry is a fully-managed Docker
Registry service. Container registries can be used to
store and manage container images across all types of
deployments.
• Azure Service Fabric is a platform for deploying and
operating always-on, scalable, distributed,
microservice-based applications. Service Fabric
enables you to simplify microservices development
and application lifecycle management.
• Web App for Containers allows you to easily deploy
and run containerized web apps that scale with your
business and provides a fully-managed platform for
infrastructure maintenance.

What is Docker?
Docker has become the de-facto standard for containers.
Docker is an open-source project for automating the
deployment of applications as portable, self-sufficient
containers that can run on the cloud or on-premises.
Docker is also a company that promotes and evolves this
technology. Docker works in collaboration with cloud,
Linux, and Windows vendors, including Microsoft.
Docker image containers run natively on Linux and
Windows. Windows images run only on Windows hosts
and Linux images run only on Linux hosts. The host is a
server or a virtual machine.
You can develop on Windows, Linux, or macOS. The
development computer runs a Docker host where Docker
images are deployed, including the app and its
dependencies. On Linux or macOS, you use a Docker host
that is Linux-based and can create images only for Linux
containers (on macOS you can edit code or run the
Docker CLI, but as of the time of this writing, containers
do not run directly on macOS). On Windows you can
create images for either Linux or Windows containers.
For further reading, see:
• Introduction to Containers and Docker
• .NET Microservices: Architecture for Containerized
.NET Applications
Source: What is Docker? via docs.microsoft.com

Modern Data Platform
The cloud has driven rapid changes in how applications handle data. Whatever your data
needs, Azure offers a service to suit.
Modern data platforms are designed to ingest and
process petabytes of data for a variety of purposes. These
systems are capable of ingesting and storing data in
nearly any format and at any scale. Data may be
structured like a relational database or unstructured such
as a web log. These modern data platforms enable a
variety of applications types such as large scale cognitive
and AI applications and high throughput IoT data
ingestion.
There are several options for running a modern data
platform in Azure. There are big data stores such as Azure
Data Lake Store and Azure Storage and there are compute
technologies such as HDInsight and Data Lake Analytics.
There are also more focused database options such as
Azure SQL Data Warehouse and Cosmos DB that can also
operate on large amounts of data.
SURVEY DATA
In our survey of Microsoft partners with an Azure migration practice, those using data-related services reported Azure
SQL Database as the most-used service (70%), followed by Azure Storage (60%) and Microsoft SQL Server running in a
virtual machine (49%).

As a Microsoft partner helping customers with their cloud migration, you can add value by helping the customer choose and
implement their modern data platform solution. This will require you to understand the variety of data platform services
available and choose the most suitable services for the given application. Once chosen, further work will be needed to choose
the correct configuration, for example assessing and optimizing the cluster and storage size.
Transferring large data volumes to the cloud can be
another challenge. Online transfers, either via the Internet
or an ExpressRoute connection, are the default approach,
enabled by tools such as AzCopy. For very large volumes,
you can use disks or the Azure Data Box appliance
(currently in Preview) to ship data to Microsoft data
centers.
A common scenario is data analytics, perhaps from
incoming telemetry or using existing data stores. Azure
offers several services to help, such as Azure Analysis
Services for data modelling and analytics to Azure Event
Hubs and Stream Analytics for real-time processing of
incoming data streams.
In many on-premises environments, it is common to
configure a single monolith Hadoop cluster to handle all
types of data ingestion and processing. The architecture
we use in the cloud allows us to store all of our data in the
same location such as an Azure Data Lake Store and then
spin up any number of compute clusters to operate on
that data. This separation of compute and storage buys us
two things:
• Decoupled compute and storage scale. We can
scale compute and storage independently of each
other. If we need more processing power. we can
simply increase the size of our HDInsight cluster.
• Optimized spending. We can now have multiple,
purpose-built compute clusters allowing us to
optimize cluster size and runtime based on a single
workload rather than all workloads in aggregate.
A summary of the Modern Data Platform services offered
by Microsoft is given below:
• Azure HDInsight: Azure HDInsight is a fully-managed
cloud service that makes it easy, fast, and cost-
effective to process massive amounts of data. Use
popular open-source frameworks such as Hadoop,
Spark, Hive, LLAP, Kafka, Storm, R & more. Azure
HDInsight enables a broad range of scenarios such as
ETL, Data Warehousing, Machine Learning, IoT and
more
• Azure Data Lake Analytics: Develop and run massively
parallel data transformation and processing programs
in U-SQL, R, Python, and .NET over petabytes of data
with zero infrastructure.
• Azure Data Lake Store: Store your unstructured, semi-
structured and structured data with no limits on size
or throughput. Secure, massively scalable, and built to
the open HDFS standard, allowing you to run
massively-parallel analytics.
• Azure Cosmos DB: A low latency, horizontally scalable
and globally distributed multi-model database.
Support for many APIs such as SQL, JavaScript,
Gremlin (Graph), MongoDB, Cassandra and Azure
Table storage. Cosmos DB was formerly known as
DocumentDB.
• Azure SQL Database: A fully-managed database
service for structured, relational data.
• Azure SQL Data Warehouse: A massively parallel
processing server with independent compute and
storage scalability, allows you to integrate with big
data stores, and create a hub for your data marts and
cubes—to drive highly tailored, enterprise-grade
performance, while leveraging your existing SQL and
BI skills.
• Azure Data Factory: Fully managed ETL service in the
cloud. Connect all of your data sources and
orchestrate your data workflows wherever your data
lives.
• Azure Storage: Offering fast and scalable blob, table
and queue storage, and shared file storage for Azure
virtual machines
• Azure Storage Import/Export Service and Azure Data
Box: Use physical disks or a custom-built appliance to
ship large data volumes to Azure
• Azure Analysis Services: A fully-managed service
enabling you to combine data from multiple sources
into a single sematic model, enabling reporting
through client tools such as Power BI and Excel.
• Azure Stream Analytics: A managed event-processing
engine for real-time analysis on streaming data.
• Azure Event Hubs: A hyper-scale telemetry ingestion
service supporting real-time and batch processing.
For more information on the Microsoft Data Platform, see
the Microsoft partner Data Platform & Analytics Playbook.

Cognitive Services and AI
Microsoft’s AI and cognitive services allow you to process data in new and exciting ways,
extracting patterns and meaning that would previously have required human input. These
services enable a wealth of new scenarios.
One of the business benefits of cloud migration is the
ability to enable new scenarios that would be impossible
(or at least, prohibitively expensive) previously. This
concept is at the heart of the digital transformation
paradigm shift, and Microsoft’s cognitive and AI services
are at the heart of this capability.
As a partner, you can differentiate your offering by not
only helping customers migrate to the cloud, but also
helping them maximize the new business opportunities
offered by digital transformation. You can use the unique
data that you generate by operating their services to
enhance their business in new and unexpected ways, for
example by interpreting business and customer data in
real-time and large scale, including text, docs, images,
video, and voice.
The Microsoft AI Platform provides a comprehensive set
of flexible AI services and enterprise-grade AI
infrastructure that runs AI workloads anywhere at scale.
The Microsoft AI Platform accelerates the development of
AI solutions with high-level services. Modern AI tools
designed for developers and data scientists help you
create AI solutions easily, and with maximum productivity.
Machine Learning enables computers to learn from data
and experiences, and apply that learning to sense, process
and act on information in future. There are many
applications for this technology. A common use case is
predictive analytics—using historical data to predict
future behavior, for example using telemetry data from
machines in a factory to predict forthcoming hardware
failure and enable pro-active maintenance, thereby
reducing downtime.
Microsoft’s suite of Cognitive Services enable insight from
human interactions, from facial expressions, to speech,
and natural language processing. For example, extracting
the positive or negative sentiment from comments on a
review forum or twitter feed can enable a business to
respond more rapidly to a service quality issue, thereby
improving their overall customer experience.
Enhancing existing applications to take advantage of
these services is one of the ways a Managed Services
Provider can provide additional value to your customers.
Core services of Microsoft’s AI platform include:
• Microsoft Cognitive Services: Use AI to solve business
problems. Infuse your apps, websites, and bots with
intelligent algorithms to see, hear, speak, and
understand natural methods of communication.
• Azure Machine Learning: Model AI algorithms and
experiment with ease. Customize based on your
requirements.
• Azure Bot Service: Accelerate development for
conversational AI. Integrate seamlessly with Cortana,
Office 365, Slack, Facebook Messenger, and more.
For further information on how to build a partner practice
taking advantage of AI, see the AI Practice Development
Playbook.

OPTIMIZE & MANAGE PAGE 110
Cloud Migration
and Modernization
Optimize
& Manage
Microsoft
Partner
Network

Executive Summary
After a successful migration, the workload will be handed off to the managed services team.
Here, a whole new set of services such as monitoring, patching, cost optimization and
support offer additional revenue and differentiation opportunities.
The Azure Managed Services Playbook for CSP Partners
offers detailed guidance on the value-added services
which MSPs can provide, including infrastructure
management, backup and disaster recovery, identity
management, monitoring and security.
In this section, we will focus first on cost optimization.
Azure offers a wide range of possibilities for reducing
running costs and creating cost savings, which we’ll
discuss in depth. Taking advantage of these is key to
maintaining your competitive edge. Azure consumption
optimization is commonly used as a selling point in
negotiating a migration project as a way of demonstrating
how to increase the return on investment from the cloud.
It can also be a great way of identifying additional
opportunity for services.
Next, we’ll review some best practices for managing
services in Azure. We’ll consider subscription
management, resource organization, and how to protect
Azure resources against unauthorized or accidental
changes. We’ll also look at the security and compliance
tools and guidance that are available from Microsoft.
Last, we’ll discuss how to automate the deployment and
management of Azure services using Infrastructure as
Code. Consider both the advantages of this approach, and
the variety of technologies available in Azure to deliver,
including how to develop your own custom tools.
Top 4 things to do
Here are 4 top tips to increase your
efficiency and differentiate your practice.
 Study the Managed Services Playbook
 Learn how to understand, forecast and
optimize costs
 Use best practices for Azure resource
management
 Automate using Infrastructure as Code

Cost Optimization
Cost optimization is the key to a successful managed services business.
With the pay-as-you-go nature of the cloud there are
many ways to over spend; even when being careful. A
common fear that customers have when it comes to
adopting the cloud is the fear of runaway spending. This is
where partners play a critical role, both prior to and after a
migration to Azure—by helping customers understand,
manage, and optimize their spend.
It is always a good idea to design and deploy Azure based
systems that are designed for optimization from the start.
Then, by analyzing application performance and cloud
spend, and by taking advantage of new Azure features, to
help customers optimize spend over time.
Additionally, Microsoft partners can help clients make
sense of their Azure bill and attribute the spend to
different projects, departments, teams, applications and
cost centers. If done correctly, this function can add a lot
of value to both a partners’ practice and the relationship
with clients. Spending money on an Azure service that is
not needed will cause customers to rethink their strategy
and can put the account at risk over time. There are
critical areas of expertise both from a reporting and Azure
feature set that customers will expect you as the partner
to provide or include as a part of their migration to Azure.
KEY CUSTOMER CHALLENGES
• Understanding current cloud spend and forecasting
future spend
• Gaining the most value from cloud spend
• Guarding against unexpected costs
• Optimizing deployments for cloud efficiency
• Azure Cost Management (Cloudyn): Microsoft’s
tool to help customers and partners gain full visibility
and control over cloud spend, optimize cloud
efficiency, and maximize the potential of the cloud
• Pre-Purchasing Azure: Helping cloud customers
save by using upfront commitments to Azure
• Auto Shut Down: Building a strategy for running
VMs only when it services are needed
• Optimized Architecture: Deploying the best
architecture to Azure to ensure performance and cost
optimization

Azure Cost Management
You can’t optimize what you can’t measure. Effective cost management starts with
understanding your costs, at a granular level.
As enterprises accelerate cloud adoption, they are finding
that it’s getting more difficult to manage cloud spend
across the organization. In a recent survey, managing
cloud spend was listed as a challenge by 76% of
respondents, second only to security (source: RightScale
2018 State of the Cloud Report).
To effectively control and optimize costs on behalf of your
customers, you first need visibility into a customer’s IT
environment. Second, you need the ability to optimize
their deployment to reduce costs. And third, when dealing
with customers who have multiple applications, you need
cost transparency to break down costs across each of
those applications.
That’s why there are Microsoft and 3rd party tools you can
leverage for visualizing and optimizing your customer’s IT
environment costs—on premises, on Azure, or in a hybrid
deployment. Microsoft Azure Cost Management, formerly
known as Cloudyn, helps organizations effectively
manage and optimize cloud spend across Azure and other
clouds.
This SaaS solution empowers organizations to monitor,
allocate, and optimize cloud spend in a multi-cloud
environment. It provides easy-to-understand dashboard
reports that help with cost allocation and show
backs/chargebacks as well. Cost Management helps
optimize cloud spending by identifying underutilized
resources that can then managed and adjusted.
VISIBILITY
Once Azure Cost Management is enabled on a customer’s
subscription it will start to collect data on usage
immediately. This provides a real-time view into their
Azure cloud environment. The tool allows for tracking
upfront compute commitments and fees compared with
actual consumption on subscriptions. Customers can also
reconcile prepay commitments with billing payments that
they have made. Other key capabilities include verification
of EA discounts with actual bills and staying on top of
expiring resources and agreements. Given that many
customers leverage EAs in which they need to track costs
across many subscriptions this tool is invaluable to
provide a single view across the entire organization.

Monitoring usage and spending is critically important for
cloud infrastructures because organizations pay for the
resources they consume over time. When usage exceeds
agreement thresholds, unexpected cost overages can
quickly occur.
There are a few important factors which can make ad-hoc
monitoring difficult. First, projecting costs based on
average usage assumes that your consumption remains
consistent over a given billing period. Second, when costs
are near or exceed the budget, it's important that both
the provider and customer get notifications proactively as
to allow for planning or to adjust Azure spending.
Azure Cost Management by Cloudyn shows usage and
costs which can be used to track trends, detect
inefficiencies, and create alerts. All usage and cost data is
displayed in these dashboards and reports.
Tracking usage and costs trends is provided by the Cost
Analysis area of the tool, using the Actual Cost Over Time
report. When first used, the report will have no groups or
filtered applied, so this shows the all-up cost for the entire
Azure environment. The report can be filtered by the
various Azure services consumed by this subscription or
by groups that you can add. Some examples of groups are
departments or applications that you have identified
using Azure Tags. The use of the filters allows a partner to
identify and monitor spending on behalf of each
customer.
Historical data can help manage costs when you analyze
usage and costs over time to identify trends. Trends are
then used to forecast future spending. Cost Management
also includes useful projected cost reports.
Access control helps manage costs by ensuring that users
and teams access only the cost management data that
they needed. You use an entity structure, user
management, and scheduled reports with recipient lists to
assign access.
Azure Cost Management allows you to alert stakeholders
automatically to spending anomalies and overspending
risks. Various reports support alerts based on budget and
cost thresholds. However, alerts are not currently
supported for CSP partner accounts or subscriptions.
An alert can be created for any spending using any Cost
report. For this to work the report must first be configured
using the filters and then scheduled to run at intervals that
you as partner determine with the customer. The
threshold of spending will also be configured. The trigger
for the alert will be the difference between the value the
report returns as the Active Spend vs. the Threshold.
For example, if you had a total budget of $500,000 and
you wanted notification when costs near about half,
create a Red alert at $250,000 and a Yellow alert at
$240,000. Then, choose the number of consecutive alerts.
When you receive total number of alerts that you
specified, no additional alerts are sent.
OPTIMIZATION (RIGHT-SIZING)
An important aspect to any cloud deployment is ensuring
that the right resources are being used for the job at hand.
Azure Cost Management enables partners to drive
optimization into their clients’ environments.
Resource use optimization or “rightsizing” on behalf of
your customers is a valuable service offering for an MSP
practice. In a hybrid or public cloud deployment, you can
consolidate workflows running on multiple, under-utilized
resources, which has a direct impact on cost. Conversely,
you may spin up additional resources when one is no
longer enough to handle your customer’s workloads.
There are many aspects to cost optimization that add
varying degrees of value to both your MSP practice and
the customers you serve. While the goal with any cost
optimization offering should be increased efficiency and
lowered TCO, an MSP will need to choose to offer will
differ and can range from “rightsizing” to harnessing the
power of analytics to offer actionable intelligence with
demand forecasting.
There is also the means to receive recommendations, for
example on switching from on-demand to pre-purchase
VMs, or to reveal underutilized VMs which can be moved
to a lower cost VM family or size. This same
recommendation engine can provide information on how
to reallocate workloads or where to switch from standard
to low priority VMs for cost effectiveness. You can also
consolidate or terminate low usage VMs, and even
calculate your most cost-effective up-front monetary and
usage commitment. Some aspects of the tools provide for
information that would be very difficult to figure out
otherwise—such as showing unattached block-blob
accounts that were left behind from a deleted VM—
helping to minimize waste.

The Optimizer reports improve efficiency, optimize usage,
and identify ways to save money spent on cloud
resources. They are especially helpful with cost-effective
sizing recommendations intended to help reduce idle or
expensive VMs.
The Cost-Effective Sizing Recommendations report
identifies potential annual savings by comparing VM
instance type capacity to their historical CPU and memory
usage data.
TRANSPARENCY AND ACCOUNTABILITY
Prior to moving to the cloud, most IT departments don’t
have a true idea of what their services cost. Often the IT
department is seen as overhead to a business or even a
black hole that is difficult to understand. With the cloud,
this model is turned up-side down, as IT can now see the
exact cost of each and every resource. However, this again
makes it very difficult to understand how the charges
should be allocated across their business.
With Azure Cost Management, MSP can help their
customers get an enterprise-wide cloud accountability by
enabling accurate cost allocation and chargeback across
the company. These costs can be rolled up and reported
on to different entities that can be defined including
subscriptions, accounts, departments and cost centers.
This could be as simple as tagging Azure resources for
simplified cost allocation. More complex models can also
be implemented with different types of cost allocation
such as blended/average/normalized rates, compute pre-
purchase rates, or any other policy of your choice.
Cost allocation manages costs by analyzing your costs
based on your tagging policy. You can use tags on your
custom accounts, resources, and entities to refine cost
allocation. Category Manager organizes your tags to help
provide additional governance. And, you use cost
allocation for show back/chargeback to show resource
utilization and associated costs to influence consumption
behaviors or charge tenant customers.
Alerting helps manage costs by notifying you
automatically when unusual spending or overspending
occurs. Alerts can also notify other stakeholders
automatically for spending anomalies and overspending
risks.
MSP & CSP COST MANAGEMENT
Partners providing managed services for multiple
customers face particular cost management challenges.
Customers are looking to you, as the expert and provider
of these services, to help ensure they are getting the most
out of their commitment to Azure.
As an MSP or CSP you can use Azure Cost Management
for CSPs to manage and monitor your customers' cloud
deployments for optimal efficiency and growth. Azure
Cost Management manages and optimizes multi-platform
clouds by enabling full visibility and accountability,
packaged with continuous optimization across all clouds.
Supported platforms include Azure, AWS, Google Cloud,
and cloud containers.
Azure Cost Management for CSPs supports additional
capabilities designed specifically for CSPs:
• Manage and monitor end-customers’ consumption,
cost and profitability
• Get visibility into enterprise-grade n-tier hierarchy per
end-customer
• Support any value-chain business model (n-tiers,
direct, indirect, partner, distributor)
• Guarantee full data segregation through Azure Cost
Management’s multi-tenant application
• Implement control policies and consumption limits
through reports and alerts
• Customize margins and discounts per end-customer
• Apply preferred cost allocation methods within end-
customer
• Manage customers’ subscriptions and billing via
custom-built portal

THIRD-PARTY COST MANAGEMENT
APPTIO Cost Transparency
Apptio Cost Transparency allows you to view all your public cloud costs across providers
like AWS and Azure. It can monitor public cloud spend and trends by service type, such as
compute, storage, network, and understand which departments are consuming cloud
services to help proactively manage spend.
CloudCheckr
CloudCheckr is a multi-cloud management platform enabling enterprises and service
providers to save money, reduce risk, and ensure governance at scale.
Corent SurPaaS®
SurPaaS® is a platform for migrating and operating applications. It has monitoring and
metering features that collect usage data for the Azure infrastructure, and to examine the
actual application transactional activity on a tenant basis in order to create customized
tenant cost allocations and billing.
SCALR
Cost is affected by all other aspects of cloud usage, and Cost Control doesn't stop with
visibility. Gain insights you can turn into financial guardrails that encourage smart
behavior.
HANU Insight
Track, optimize, budget, chargeback & invoice your Microsoft Azure spend
Hanu Insight is a Continuous Financial Governance product that provides End-to-end
visibility of your Azure spend and optimizes your consumption to maximize your Azure
investments.

PRE-PURCHASING
Helping cloud customers save by using up-front commitments to Azure is one of the most
important roles that a partner can play during and after a migration. There are many program
and strategies that are available for partners to help their customers manage their budgets.
A move to the cloud is a shift in mindset for customers
with respect to purchasing their technology. Traditionally,
they have purchased hardware and software upfront
using capital expenditures with no ongoing commitment
to the platforms they have chosen beyond support. With a
migration to the cloud this relationship changes, due to
the pay-as-you-go nature of the cloud. This means there
are new strategies that you, as a cloud partner, must bring
to the table both in terms of licensing and
implementation. This guidance and optimal deployment
of Azure features can make or break the success of a
migration.
Customers are going to be seeking information about
how the transition will impact their budget and their
existing investments. In addition, they will require input
into strategies for saving on a long-term commitment to
Azure as their cloud platform.
Pre-purchasing Azure is a great way to manage those
costs and make the most out of every dollar that is spent
on the platform. With the right strategies customers, often
will accelerate their transition which will and help them
gain business velocity from their decision to migration to
the cloud.
In this section, we’ll look at five pre-purchase or credit
schemes which you can use to significantly reduce Azure
spend.
ENTERPRISE AGREEMENT (EA) WITH AZURE
MONETARY COMMITMENT
The Enterprise Agreement offers enterprise customers the
distinct benefit of having one contract to purchase all of
their Microsoft products and services. Any Enterprise
Agreement customer can add Azure to their agreement
by making an upfront monetary commitment to Azure.
This is essentially a dollar amount that the customer
expects to spend on Azure over the course of each year
during the EA. EA’s do allow a customer to negotiate their
rates based on their commitment to Microsoft which is
one attractive reason for entering into this type of
contract.
When an EA is signed, the customer will make an upfront
payment to cover the cost of Azure for the first year. Each
subsequent year another payment is made to Microsoft.
That commitment is consumed throughout the year by
using any combination of the wide variety of cloud
services Azure offers from its global datacenters. Microsoft
will also extend the same rates that were negotiated for
services consumed beyond the commitment. This allows
customers to use Azure even with this unplanned growth,
so they can meet their organization’s needs. Enterprise
Agreement customers can pay Microsoft at the end of the
year for unplanned growth, as long as use is within certain
thresholds. If the customer doesn’t use all of the pre-
purchased budget for the year it is forfeited and can’t be
rolled over to the next year.
Azure can be added to an Enterprise Agreement at any
time, although the anniversary or expiration of an existing
Enterprise Agreement commitment is a great time to
evaluate usage and future plans for the platform.
Azure, via the Enterprise Agreement, also gives customers
access to the Enterprise Portal, a great resource for
customers managing multiple accounts or subscriptions—
see the section on Azure Subscriptions for further
information.
SERVER AND CLOUD ENROLLMENT
Server and Cloud Enrollment is an enrollment under the
Microsoft Enterprise Agreement that enables customers
to commit to one or more key server and cloud
technologies from Microsoft. In exchange, they get the
best pricing and terms, plus other benefits such as cloud-
optimized licensing options and simplified license
management.

The following are some of the benefits of Server and
Cloud Enrollment:
Best value
• Get the best pricing, discounts, and added benefits
designed to support server and cloud technologies
• Best pricing and terms for server and cloud products,
including discounts on new licenses and Software
Assurance
• Full Software Assurance benefits for all deployed
licenses, including new version rights
• Unlimited Problem Resolution Support for qualifying
customers
Flexible
Move to the cloud as needed and grow organically
without losing the value of your existing investments.
• Application license mobility to the cloud through
Software Assurance
• New subscription-based licensing gives you more
flexibility when you need to retire workloads,
consolidate, or migrate to the cloud
Manageable
Adopt the latest technologies while simplifying
deployment and license management.
• Simplified licensing management streamlines overall
deployment and management
• Standardized terms, conditions, and discounts
• A standardized management platform across on-
premises and Microsoft Azure comes with
commitment to the Core Infrastructure Suite (CIS) in
Server and Cloud Enrollment
To enroll, customers must make an installed-base
commitment to one or more of the following four Server
Cloud Enrollment components:
• Core Infrastructure: Windows Server and System
Center
• Application platform: SQL Server BizTalk Server
• Developer platform: Visual Studio
• Microsoft Azure: Cloud Deployments
This means committing to full Software Assurance
coverage across the installed base of a Server and Cloud
Enrollment component. For the Core Infrastructure
component, however, customers can commit to full
System Center coverage on the Windows Server installed
base through the Core Infrastructure Suites (CIS).
Microsoft Azure is automatically available when enrolling
in any of the other three components, and it can also be
licensed standalone.
HYBRID BENEFIT
When creating a Windows Server virtual machine in Azure
there are two components that make up the cost per
minute:
• Compute Cost: cost for the hardware of the VM,
known as the base compute costs
• Windows OS License: cost of the Windows
Operating System
If a customer already has Windows OS licenses with
Software Assurance, then Microsoft extends a benefit
which can help them save up to 40 percent on Windows
Server VMs. This is known as the Azure Hybrid Benefit for
Windows Server. This allows customers to use their on-
premises Windows Server licenses with Software
Assurance to save when migrating to Azure. With this
benefit, for each license Microsoft will cover the cost of
the OS, while the customer is only charged for the base
compute costs (which are the same as the Linux VM costs).
The Azure Hybrid Benefit helps customers get more value
from their Windows Server licenses for machines that are
migrated to the cloud since the investment in that
software isn’t lost.

A similar benefit allowing re-use of SQL Server licenses in
Azure will be available in future.
Understanding Hybrid Benefit Usage Scenarios
Hybrid Benefit is a great benefit for customers, but it is
very important to understand the details of the program.
As the partner that is helping the customer migrate to
Azure, it’s your responsibility to help them plan and be
successful with this program, as this can provide huge cost
savings and could even be the reason a deal closes.
Understanding some of these basics will go a long way to
enabling your customer’s success and optimizing their
spend on Azure.
Customers can use the benefit with Windows Server
Datacenter and Standard edition licenses covered with
Software Assurance that they own. Depending on the
edition, customers can convert or re-use their licenses to
run Windows Server virtual machines in Azure and pay a
lower base compute rate (Linux virtual machine rates).
Each 2-processor license or each set of 16-core licenses
are entitled to two instances of up to 8 cores, or one
instance of up to 16 cores. Customers can also use
multiple licenses to cover licensing for a large VM in
Azure. For example, a virtual machine with more than 16
cores can be covered with HUB by “stacking licenses”.
With two 2-processor licenses or two 16-core licenses, the
customer would have the HUB to cover the OS license for
a VM up to 32 cores. There is a 90-day assignment rule for
Windows Server, which requires licenses to stay assigned
to the same hardware for a minimum of 90 days and this
rule does apply to Azure virtual machines.
For every 2-processor Windows Server license or Windows
Server license with 16-cores covered with Software
Assurance, you will receive either of the following:
• Up to two virtual machines with up to 8 cores, or
• One virtual machine with up to 16 cores
There are a few differences on how the HUB can be used
based on the type of license that you customer owns:
Standard Edition Licenses
• Can only be used once either on-premises or in Azure
• Once you assign the Azure Hybrid Benefit to Azure
you cannot use the Standard Edition license on-
premises again
Datacenter Edition Licenses
• Customers can use licenses both on-premises and in
Azure
• Allows for simultaneous usage both on-premises and
in Azure
Hybrid Benefit with CSP
If your customers will be purchasing Azure services
through a Microsoft partner acting as a Cloud Solution
Provider, they are still eligible for the Azure Hybrid
Benefit. The same rules apply in that the software must
have active Software Assurance coverage. There is nothing
different about Hybrid Benefit use on Azure subscriptions
purchased from via CSP.
Deployment Options
As a partner, you can deploy Windows Server virtual
machines for your clients pre-configured with the Azure
Hybrid Benefit straight from the Azure Portal, using ARM
Templates, PowerShell, or the Azure CLI. This is available
for Windows Server 2016 Datacenter, Windows Server
2012 R2 Datacenter, Windows Server 2012 Datacenter, and
Windows Server 2008 R2 SP1. These Azure Platform
images are made available via in the Azure Marketplace.
There are no Windows Server Standard images in Azure,
so Microsoft allows Windows Standard licenses to be used
with the Windows Datacenter Azure Platform images at
no additional cost.
Another option is to upload OS images to the customer’s
subscription and use these as the basis for your
deployments. These images should be generalized to
ensure that they don’t have issues as duplicates in the
environment. Windows VMs should have the sysprep tool
run on them using the Out of Box Experience. The image
should then be uploaded to Azure Storage and then made
into a Managed Image. For more information on how to
use PowerShell to complete this for your customer view
this article on uploading on-premises VMs. All VMs
created using this image will be charged at the base
compute rate and the OS licensing will be covered under
the Hybrid Benefit scheme.
Another option is to upload a current Windows Server
virtual machine disk (VHD) to Azure and create an Azure
VM using this disk. You can upload the VHD using
PowerShell cmdlets, but only after the VM has been
prepped for Azure. The process to prepare a VM to

upload to Azure can be reviewed in this article on
preparing a Windows VHD or VHDX to upload to Azure.
Once this VMs is up and running in Azure it will be
charged at the base compute rate and the OS licensing
will be covered under the Hybrid Benefit scheme.
Another option is to migrate an existing workload to
Azure using Azure Site Recovery. Once migrated, the
virtual machine in Azure will be running as a custom
image and thus will be charged at the base compute rate
and the OS licensing will be covered under the Hybrid
Benefit scheme
RESERVED VM INSTANCES
Another option to enable customers to save on Azure
compute cost is to use Azure Reserved Virtual Machine
Instances. Customers can reserve virtual machines in
advance and enjoy cost savings of up to 72% on pay-as-
you-go prices. When combining the cost savings gained
from Azure Reserved Instances with the added value of
the Azure Hybrid Benefit, customers can save up to 82
percent on their Windows workloads.
Reserved VM Instances provide price predictability, as well
as the flexibility to exchange or cancel to get pro-rated
refund, should their needs change. Discounts for Reserved
Instances are determined based on the customers
commitment to a one-year or three-year term on
Windows and Linux virtual machines (VMs). Reserved
Instances also help customers improve their budgeting
and forecasting with a single upfront payment, making it
easy to understand their investment and avoiding
unexpected overages.
Partners can lower their customers total cost of ownership
by combining Reserved Instances with On-Demand
instances to manage costs across predictable and variable
workloads. In customer environments, there will be
different types of systems, some of which have known
requirements for their VMs. An example of a system with
known requirements would be an SAP implementation
where the exact specifications for the VMs are locked and
are not expected to change during the next three years.
This is a great example of how Reserved Instances could
be used to maximize the savings. In this same
environment, you could have a public e-commerce web
application that has variable needs and leverages the
ability to scale out and scale in based on the number of
visitors on the web site. This workload would be best
suited to the on-demand pricing leveraging standard the
pay-as-you-go model.
Reserved Instance Purchasing and Billing
Reserved Instances are purchased in one-year or three-
year terms with a single upfront payment. Purchasing can
be completed very easily using the Azure portal in three
steps:
• Specify the Azure region
• Select the Virtual Machine type
• Chose a term (one year or three years)
For Enterprise Agreement (EA)customers, Azure Monetary
Commitment can be used to purchaseAzureReserved VM
Instances. In scenarios where EA customers have used up their
monetary commitment, Reserved Instances can still be
purchased, and those purchases will be invoiced on their next
overage bill. ReservedInstances can be assigned at the

enrollment or subscription level, so you can manage Reserved
Instance usage at an organizational or individual department
level. Assignments are easy to change post-purchase.
For customers purchasing via Azure.com, at the time of
purchase, the credit card on file will be charged for the full
upfront payment of the Azure Reserved Instances. To see
Reserved Instance purchase details, use the Azure portal and
select the Reservations menu on the left side of the Azure
Portal to view all Reserved Instances associated with the
account. All Reserved Instances will be displayed on the right.
The Reserved Instance will apply immediately to any existing
running VMs that match the one-year or three-year terms of
the Reserved Instance, depending on if you scope the
Reserved Instance to a specific subscription or apply it at the
enrollment level. In both cases, the period of the Reserved
Instance starts immediately after purchasing.
The Reserved Instance purchase can be assigned to a
subscription or enrollment and can be changed as necessary.
Assignment allows you to decide whether the reservation is
applied at the Azure account/enrollment or at the subscription
level. This provides flexibility for how to leverage the savings.
For example, to simply buy reservations to save money for the
entire customers organization, you can assign all reservations
to the account level. If the customers wishes to apply the
Reserved Instance savings to a particular business unit, such as
finance, you could provision a subscription for that
department and then assign the Reserved Instance to their
subscription. Then only they would be able to take advantage
of the Reserved Instance commitment savings.
Azure Reserved Instances provide a single price for each VM
size in a region. There is no requirement to choose Windows
or Linux VMs for the Reserved Instance purchase. If Windows
Server VM is selected, there is an option to use the Azure
Hybrid Benefit or pay the Windows Server rate.
There are two options for adding Windows Server licenses to
an Azure Reserved VM Instance. The first option is to use your
Azure Hybrid Benefit. If you have Windows Server with
Software Assurance on-premises, you can assign these licenses
to the Azure Reserved Instance. The second option is to add
Windows Server using the Windows Server hourly meter. If
you cannot take advantage of the Azure Hybrid Benefit,
Windows Server will be charged when the VM is active, based
on the number of cores the VM is using.
Availability of Reserved Instances
Azure Reserved Instances are available for all VM families
other than A-series, A_v2 series, or G-series. Azure Reserved
Instances are not available in Azure Government, Germany,
and China. EA customers can purchase reservations in all
countries available in Azure today. For customers who have
signed up through azure.com (Pay-As-You-Go customers),
Azure Reserved Instance offer is not available in India, Brazil,
Taiwan, Russia, Korea, Argentina, Hong Kong, Indonesia,
Liechtenstein, Malaysia, Mexico, Saudi Arabia, South Africa and
Turkey. Because of the flexibility Microsoft does offer to
exchange Reserved Instances to a different region or VM
family, but there is no guarantee availability of capacity in a
given region or VM family.
Exchanges and Cancelations
Selecting Reserved Instances does require making upfront
commitments on compute capacity, but Microsoft allows for
flexibility should the customers business needs change. An
exchange allows the customer to receive a prorated refund
based on the unused amount which applies fully to the new
purchase price. A cancellation terminates the contract and
Microsoft will provide a prorated refund based on unused
amount minus and early termination fee of 12 percent.
Customers can cancel a reservation at any time (up to $50,000
per year).
Customers can easily exchange or cancel Reserved Instances at
any time under the following stipulations:
• Exchange: Reserved Instances can be exchanged across
any region and any series as the workload or application
needs change
• Cancel: If the customer no longer needs the capacity
purchased, it can be canceled at any time in the
reservation term for an adjusted refund
Canceling or exchanging Reserved Instances is done within the
Azure portal by reviewing the inventory of Reserved Instances.
By clicking on the instance with which a change it so to be
made two buttons will appear in the command bar stating
“refund” or “exchange.” Once selected, a support ticket will
open and prepopulate all of the Reserved Instance details.
Once submitted, the request will be processed, and an
email will be generated to confirm completion of the
request.

DEV/TEST PRICING
Microsoft provides discounted rates on Azure for your
customers ongoing development and testing needs. This
includes including no Microsoft software charges on
Azure Virtual Machines and special Dev/Test pricing on
other services.
Discounted rates on Azure to support your ongoing
development and testing includes:
• No Microsoft software charges on Virtual Machines
• Significant dev/test pricing discounts on a variety of
other Azure services
• Exclusive access to Windows 10 Virtual Machines
There are also Dev/Test pricing discounts on the services
that these team consume in Azure. Including significant
discounts on VMs, SQL VMs, Azure App Service, HD
Insight amongst others.
There are two methods for customers to receive these
benefits and discounts, and it based on the type of client
that you are working with on their Dev/Test workload in
Azure.
Small Development Teams
Small teams are best suited to leverage Visual Studio
subscriptions which include benefits for Azure. Each
subscription includes a monthly Azure credit which is
dependent upon the level of the subscription and ranges
from $50 to $150 (full details at Azure credits for Visual
Studio subscribers).
The monthly Azure credit for Visual Studio subscribers is
ideal for experimenting with and learning about Azure
services. When you activate this benefit, it creates a
separate Azure subscription with a monthly credit balance
that renews each month while you remain an active Visual
Studio subscriber. Any overage above the credit would be
billed to a credit card that the Developer would put in file
with Microsoft. If no credit card is on file, then Azure
services are suspended if the credit balance is exceeded.
Large Development Teams and Enterprises
Development and Test subscriptions for large teams are
purchased via an EA and require that each user be an
active Visual Studio Online subscriber. Unlike the small
team these do not include a credit each month, but
instead are eligible for the discounted rates on Azure
services. This is a significant benefit due to the nature of
how these teams work on their projects. For example, if a
group of developers were writing code that requires SQL
Server Enterprise Edition, they won’t be charged for that
software running on their development VMs. Only the
production SQL Server would have this charge—which is a
very large savings over time.

Automatic Shutdown of VMs
One of the most attractive attributes of the cloud is the pay-as-you-go nature of the services.
Take full advantage by only using resources when you need them.
In many environments, there are times of day when
certain services aren’t needed and thus there is no reason
for them to be running. This is particularly true of Azure
Virtual Machines, which can be shut down and later re-
started with no loss of data.
Non-production Cloud servers need to be online only
when employees are actively working on them. In some
cases, non-production environments can be turned off, or
de-allocated, over 70 percent of the time, which translates
into a direct 70 percent cost reduction.
As a partner that is helping a customer move to the cloud,
it is important to understand the requirements placed on
each virtual machine that will be deployed. Understanding
which virtual machines only provide useful service during
certain hours of a workday or even days of the week is
critical to maximizing your potential savings. This could
also change over time as the customers business evolves
or as new workloads are onboarded to the cloud.
It is important to understand that there are two ways to
stop a virtual machine:
• Shutting down the virtual machine from within the
virtual machine OS puts the virtual machine into the
‘Stopped (allocated)’ state. In this state, the
underlying infrastructure (CPU, memory) is still
reserved for the virtual machine, and hence the virtual
machine is still billed
• Stopping the virtual machine from the Azure portal or
other Azure tools (PowerShell, CLI, etc.) puts the
virtual machine into the ‘Stopped (deallocated)’
state. The virtual machine is no longer billed, resulting
in significant potential savings (although other
resources such as VM disks associated with the VM
may still be charged)
A stopped virtual machine can be re-started at any time
and will continue where it left off since its disks have not
been affected. Note that if the virtual machine is
associated with a Public IP Address, then stopping and re-
starting the virtual machine may result in a new Public IP
Address being allocated. To preserve the same Public IP
Address, a static Public IP Address should be used.
Azure supports several ways to implement automatic
shut-down of virtual machines. We’ll now look at each in
turn.
AUTO SHUT DOWN OF VMS
Automatic shut-down of virtual machines is one of the
ways that Microsoft helps customer to optimize their
costs, by automatically shutting down a virtual machine at
a given time.
This feature was originally introduced as a feature of
DevTest Labs and was widely adopted used by customers.
Because of this success, auto shut down was added to all
Azure Resource Manager virtual machines.
Customers can schedule a time each day (local time is
supported) when a VM will be stopped. At this time, the
virtual machine is stopped and deallocated, and Microsoft
stops billing the subscription for the compute time until it
is re-started.

Auto shut-down is available via the Azure portal. This
method is simple to use for individual virtual machines
and can be configured while the virtual machine is being
provisioned or after it has been created. The settings
configured include the local time zone, the time to shut
down and the option to notify the shut-down 15 minutes
in advance, via email.
It is also possible to set the auto shut-down settings when
deploying virtual machines by other methods, such as
Azure Resource Manager templates. To do so, you need to
create a separate resource of type
Microsoft.DevTestLabs/schedules, specifying the target
virtual machine and auto shut-down settings This
configurations will have the same result as configuring the
Auto Shutdown in the portal during the provisioning of a
virtual machines and is how the portal configures them
behind the scenes. The configurations can later be
changed using the portal just as if they were provisioned
there.
It is important to note that the auto shut-down feature
has no corresponding auto start-up, so the virtual
machines will need to be started manually. As an
alternative, consider using one of the other approaches to
auto shut-down described below.
POWERSHELL VIA AZURE AUTOMATION
RUNBOOKS
It is also possible to automatically shut down and restart
Azure virtual machines using a ‘runbook’ executed using
Azure Automation. This is different than the Auto shut
down feature using the Microsoft.DevTestLabs resource
provider. This is fully dependent upon the partner or
customer to configure and leverages the Azure
PowerShell cmdlets. For a packaged solution, see the next
option, ‘Start/stop VMs during off hours’.
START/STOP VMS DURING OFF-HOURS
There is an Azure Marketplace solution known as
‘Start/stop VMs during off-hours’. You can find this
solution by clicking ‘+ Create a resource’ in the Azure
portal, then entering ‘start stop vms’ in the search field.
This solution allows you to start and stop Azure Virtual
Machines automatically, using a schedule or based on
utilization. solution relies on two Azure services and a
SendGrid service:
• Automation: starts and stops your virtual machines.
• Log Analytics: visualizes the successful start and stop
of your machines.
• SendGrid: sends email notifications of stop and start
activities.
This solution is more complex, but more robust in that is it
a full strategy for achieving auto start and stop for an
entire subscription rather than targeting individual virtual
machines. For further information, see the start/stop VMs
during off hours documentation page.

Optimized Architecture
Your choice of application architecture can have a significant impact on running costs.
Incorporating cost as a design goal can result in significant savings.
A common problem that affects organizations when they
initially move resources in to the cloud is their
virtualization strategy. They often use an approach like
the one used when creating virtual machines for the on-
premises virtualization environment. And, they assume
that costs are reduced by moving their on-premises VMs
to the cloud, without any thought to changing how it is
deployed and the resources (CPU & RAM), that are
assigned. However, this approach is not likely to reduce
costs.
The problem with this approach is that the existing on-
premises infrastructure was already paid for. Users could
create and keep large VMs running if they liked—idle or
not and with little consequence. Moving large or idle VMs
to the cloud is likely to increase costs. Cost allocation for
resources is important when customers enter into
agreements with cloud service providers.
Using the features of Azure with a new mindset is required
to gain efficiencies from the cloud, and not end up with
additional costs by moving. There are features in Azure
which allow for autoscaling of compute infrastructures
and thus when coupled with the Pay as you Go model can
provide for the savings customers desire. These strategies
often have the added benefit of high-availably given that
they scale the compute out and in instead of up and
down. This means more nodes provide the service rather
than one larger node providing the service.
Moving to a PaaS platform for services is also a common
strategy to change the architecture of a service and gain
cost savings. Web applications that were traditionally
running on VMs in a customer’s datacenter can now be
moved to the Azure App Service and will run just as today,
but with much less overhead in terms of cost and
management responsibility. This is especially
advantageous to MSPs that are responsible for patching
and securing these VMs. The move to PaaS means that
their responsibility day to day will focus only on the
application itself rather than the underlying OS.
In this section, we’ll discuss the following approaches to
optimizing your application architecture to reduce costs:
AZURE PAAS SERVICES OVER IAAS
PaaS over IaaS is the default stance that partners should
take as a best first approach.
IaaS deployments require almost the same amount of
effort as deploying and managing VMs in a customer
datacenter without the hardware and facilities cost and
complexity. The cloud computing service provider
manages the infrastructure, while customers must
purchase, install, configure, and manage their own

software, operating systems, middleware, and
applications. IaaS does provide the advantages of no
upfront capital commitment and the customer needs to
rent a VM for as long as it is needed.
PaaS is a complete development and deployment
environment in the cloud, with resources that enable
customers to deliver everything from simple cloud-based
apps to sophisticated, cloud-enabled enterprise
applications.
Like IaaS, PaaS includes infrastructure—servers, storage,
and networking, but also middleware, development tools,
business intelligence (BI) services, database management
systems, and more. PaaS is designed to support the
complete web application lifecycle: building, testing,
deploying, managing, and updating.
PaaS allows customers to avoid the expense and
complexity of buying and managing software licenses, the
underlying application infrastructure and middleware or
the development tools and other resources. Customers
and MSPs will operate and manage the applications and
services, while Azure manages everything else.
When making recommendations and determining how to
migrate the customer to Azure, the partner should take a
stance that PaaS is the first answer to how something
should be migrated to Azure. Starting from PaaS and only
backing away to an IaaS deployment should be only due
to specific reason(s) why the deployment can’t leverage a
PaaS service.
There are times when a complete PaaS offering might not
make sense, but partners should use a cloud mindset
when evaluating these circumstances. For example, if a
web server must remain on a VM in Azure IaaS the
question should be asked: “Can the images and data files
that are downloaded to the client be offloaded from the
VM to Azure Storage?” Azure Storage is a HTTP web
server at scale that can easily host all of the applications
images, PDFs or other binary files that will be sent to the
clients while the app is in use. A simple change to the
HTML code of the app to reference a different URL for
these files and the application is now leveraging a PaaS
service. In the customer’s datacenter those downloads
would be left to the VM, but with Azure Storage all the
files could be placed on that service which would free up
the burden of loading these files from the VM to the
client. This could mean the difference in the size of the VM
and thus lessen the customer’s bill each month for that
application.
AUTO SCALE VM SCALE SETS & AZURE WEB APPS
Auto-scale is a built-in feature of many Azure services to
meet the changing needs of applications. Typically, these
are in the form of Websites with fluctuating compute
requirements based on network traffic. When autoscaling
Azure will add more nodes to service the application and
then remove nodes when the traffic spike diminishes. This
is known as scaling-out and scaling-in to meet the
performance demands. Of course, performance means
different things for different applications. Some apps are
CPU-bound, others memory-bound. For example, a web
app that handles millions of requests during the day and
none at night. Auto-scale can scale a service by any of
these or via a custom metric defined by the customer or
partner.
Partners should be proactive with clients and build
autoscaling into their migrations. It’s not wise to wait for a
traffic spike to take down your app or site and scale the
VM size to meet the demand. With scheduled auto-scale,
you can respond before anything ever happens. If a MSP
customer has a retail shopping site and Black Friday is
coming, simply using auto-scale to add 10x more virtual
machines in advance to handle the load. Another example
would be for a website that traffic always skyrockets at
9am Monday through Friday. This can be handled with an
autoscaling rule that triggers a scale our during those
hours, but contracts during the offer hours. By using this
simple approach to better understand the application,

you as a partner, are ensuring their successful
implementation in an optimized manor.
Azure App Service is a great example of using a PaaS
service that can auto-scale. This service is used for hosting
web applications, REST APIs, and mobile back ends. It
supports by Windows and Linux along with many
programing languages including .NET, .NET Core, Java,
Ruby, Node.js, PHP, or Python.
Web Apps not only adds the power of Microsoft Azure to
the application, such as security, load balancing,
autoscaling, and automated management. It also has
DevOps capabilities without the need to provision and
build other VMs or services. These capabilities include
continuous deployment from VSTS, GitHub, Docker Hub,
and other sources, package management, staging
environments, custom domain, and SSL certificates.
With App Service, the customer pays for the Azure
compute resources they use. The compute resources used
is determined by the App Service plan that is
implemented during the migration. Keep in mind that as
the provider you need to give guidance on the size of the
App Service plan just as you would for VM sizes. Each size
and type of App Service place provides different
capabilities from the number of cores and RAM to storage
space and ability to host custom domain names for their
site.
For deployments that require an IaaS deployment, but
also need the ability to auto-scale partners will need to
leverage Virtual Machine Scale Sets (VMSS). VMSS is an
Azure compute resource that can be used to deploy and
manage a set of identical VMs. With all VMs configured
the same, scale sets are designed to support true auto-
scale, and no pre-provisioning of VMs is required. So, it's
easier to build large-scale services that target big
compute, big data, and containerized workloads.
VMSS should be used for applications that need to scale
compute resources out and in, and are highly available
given that they are deployed behind the Azure load
balancer and balanced across fault and update domains.
The VMs that are part of the VMSS can be configured
using the VM Custom Script extension, via Azure
Automation Desired State Configuration (DSC) or other
VM exertions such as CHEF or Puppet. By using
automation to configure the application on the VMs that
are created by the VMSS there is no need for the
administrator to take any actions during a scaling event.
The required VMs will be created by the autoscaling rule
and then we then boot for the first time they will be
configured with the application.
REGION PRICING DIFFERENCES
With 42 announced regions, more than any other cloud
provider, Azure makes it easy to choose the datacenter
and regions that's right for you and your customers.
Within each of these regions there are services that are
made available and each have a cost associated with
them.
With that in mind, it is important to understand that there
are two variables to these services:
• Availability: not all services are available in every
region
• Cost: service costs vary by Azure Region
Availability of services is based entirely on when
Microsoft provides the service to a region. For example,
there are many different Virtual Machine families in Azure
which are named using letters from the alphabet such as
A, B, D, M amongst others. These VM types aren’t always
available in every region when they are released by
Microsoft. Some VM types are available in many regions
while others are only available in a few. The DV2 series of
VMs is an example of almost full coverage across all of
Azure. This contrasts with the M series VMs which are only
available in two US regions and one in Europe.
There is also an availability gap between the Azure
Commercial Cloud and the Azure Government or Country
Clouds (Germany and China). The Azure Government and

Country Clouds are entirely separate Azure instances and
not connected to the Azure Commercial Cloud. The
services that are available to the Government and Country
Clouds vary dramatically with large gaps, so it is very
important to understand what your clients’ needs are and
where they should deploy.
Cost is of course top of mind as the partner that is
working with a client to them move to Azure. Each of
these regions has their own price list and these prices do
fluctuate over time. In some cases, the cost difference
between a service in one region as compared to another
may be relatively insignificant. In other cases, it can
become a critical concern.
Using the Azure Calculator, you can see the standard
pricing by region for a VM (not all regions are supported
in the calculator). For example, the price of a DS3_V2 in
East US may be $409.92 a month, while in East US2 it may
only be $359.41.
Tax consequences should also be considered when pricing
solutions for your customers. Depending upon their
location and registrations with local governments,
different taxes will apply. In Ireland and the EU there are
rules that dictate the collection and payment of VAT. In
the United States and Canada there are rules with respect
to tax-exemptions status. It is best to work directly with
your Microsoft reseller or distribution partner to
determine the exact nature of tax issues for your clients.
This is a very important topic as proper billing and
contract procedures must be followed or, in some cases,
Microsoft may collect taxes which will make the
customer’s Azure bill much higher than anticipated.
More information on Pricing in Azure can be found in the
Azure Price FAQ.
AZURE SQL DATABASE ELASTIC POOLS
Azure SQL Database elastic pools help customer manage
and scale multiple Azure SQL databases. SQL Database
elastic pools are a simple, cost-effective solution for
managing and scaling multiple databases that have
varying and unpredictable usage demands. The databases
in an elastic pool are on a single Azure SQL Database
server and share a set number of resources (elastic
Database Transaction Units (eDTUs) at a set price. Elastic
pools in Azure SQL Database enable SaaS developers to
optimize the price performance for a group of databases
within a prescribed budget while delivering performance
elasticity for each database.
Pools are well suited for many databases with specific
utilization patterns. For a given database, this pattern is
characterized by low average utilization with relatively
infrequent utilization spikes.
The more databases you can add to a pool the greater
your savings become. Depending on your application
utilization pattern, it is possible to see savings with as few
as two S3 tier databases.
Elastic Pools automatically scale performance and storage
capacity for elastic databases on the fly. You can control
the performance assigned to a pool, add or remove elastic
databases on demand, and define performance of elastic
databases without affecting the overall cost of the pool.
There are built-in sizing recommendations that
proactively identify databases which would benefit from
pools and allow “what-if” analysis for quick optimization
to meet your performance goals. Rich performance
monitoring and troubleshooting dashboards help you
visualize historical pool utilization.
There are three different performance and pricing tiers:
Basic, Standard, and Premium. Each of these pools offer a
broad spectrum of performance, storage, and pricing
options. Pools can contain up to 400 elastic databases.
Elastic databases can auto-scale up to 1,000 elastic
database transaction units (eDTUs).
AZURE BLOB STORAGE (HOT, COLD & ARCHIVE)
Azure Blob Storage is a Microsoft-managed cloud service
providing storage that is highly available, secure, durable,
scalable, and redundant. Microsoft takes care of
maintenance and handles critical problems that may arise
with the service.

Azure Blob Storage is a service for storing large amounts
of unstructured object data, such as text or binary data,
that can be accessed from anywhere in the world via HTTP
or HTTPS. You can use Blob storage to expose data
publicly to the world, or to store application data
privately.
Common uses for Azure Blob Storage include:
• Serving images or documents directly to a browser
• Storing files for distributed access
• Streaming video and audio
• Storing data for backup and restore, disaster recovery,
and archiving
• Storing data for analysis by an on-premises or Azure-
hosted service
Azure storage offers three Access Tiers for Blob object
storage. This enables customers to choose the most cost-
effective storage option, depending on their usage
patterns.
Access Tiers for Blob object storage:
• Hot: optimized for storing data that is accessed
frequently
• Cold: optimized for storing data that is infrequently
accessed and stored for at least 30 days
• Archive: optimized for storing data that is rarely
accessed and stored for at least 180 days with flexible
latency requirements (on the order of hours)
Today, data stored in the cloud is growing at an
exponential pace. To manage costs for your customers
expanding storage needs, it's helpful to organize your
data based on attributes like frequency-of-access and
planned retention period to optimize costs. Data stored in
the cloud can be different in terms of how it is generated,
processed, and accessed over its lifetime. Some data is
actively accessed and modified throughout its lifetime.
Some data is accessed frequently early in its lifetime, with
access dropping drastically as the data ages. Some data
remains idle in the cloud and is rarely, if ever, accessed
once stored.
Each of these data access scenarios benefits from a
different storage tier that is optimized for an access
pattern. With hot, cool, and archive storage tiers, Azure
Blob storage addresses this need for differentiated
storage tiers with separate pricing models.
Hot
Hot storage has higher storage costs than cool and
archive storage, but the lowest access costs.
Example usage scenarios for the hot storage tier include:
• Data that is in active use or expected to be accessed
(read from and written to) frequently
• Data that is staged for processing and eventual
migration to the cool storage tier

Cool
Cool storage tier has lower storage costs and higher
access costs compared to hot storage. This tier is intended
for data that will remain in the cool tier for at least 30
days.
Example usage scenarios for the cool storage tier include:
• Short-term backup and disaster recovery datasets
• Older media content not viewed frequently anymore
but is expected to be available immediately when
accessed
• Large data sets that need to be stored cost effectively
while more data is being gathered for future
processing. (For example, long-term storage of
scientific data, raw telemetry data from a
manufacturing facility)
Archive
Archive storage has the lowest storage cost and higher
data retrieval costs compared to hot and cool storage.
This tier is intended for data that can tolerate several
hours of retrieval latency and will remain in the archive
tier for at least 180 days.
While a blob is in archive storage, it is offline and cannot
be read (except the metadata, which is online and
available), copied, overwritten, or modified. Nor can you
take snapshots of a blob in archive storage. However, you
may use existing operations to delete, list, get blob
properties/metadata, or change the tier of your blob.
Example usage scenarios for the archive storage tier
include:
• Long-term backup, archival, and disaster recovery
datasets
• Original (raw) data that must be preserved, even after
it has been processed into final usable form. (For
example, Raw media files after transcoding into other
formats)
• Compliance and archival data that needs to be stored
for a long time and is hardly ever accessed. (For
example, Security camera footage, old X-Rays/MRIs
for healthcare organizations, audio recordings, and
transcripts of customer calls for financial services)
To read data in archive storage, you must first change the
tier of the blob to hot or cool. This process is known as
rehydration and can take up to 15 hours to complete.
Large blob sizes are strongly recommended for optimal
performance.

Azure Management Best Practices
There are a number of best practices that should be adhered to when migrating or operating
any workload in Azure. Following these established patterns helps avoid common pitfalls and
makes it easier to maintain your deployments in the long term.
Often, new Azure deployments start off as an experiment
from a learning exercise or a proof of concept that was
converted into a production workload. When these ad-
hoc type deployments occur it is easy to get started on
the wrong foot and implement anti-patterns accidently.
In this section we’ll review several key strategies that can
kick your migration projects off on the right foot and
avoid future problems.
First, we’ll take a detailed look at Azure subscriptions.
Avoiding subscription bloat while enforcing clear
management and security boundaries requires a
subscription management strategy. We’ll review several
different models for subscription management.
Next, we’ll consider how resources are organized and
named within each subscription. Resources are organized
using resource groups, and the correct resource grouping
as a large impact on how the resources are deployed and
managed. Resource naming, and the use of naming
conventions, is also important to promote consistency and
reduce human error during resource management
operations.
Organizing resources at deployment is just the start. It’s
also important to consider how resources will be managed
throughout their lifecycle. Accidentally deleting a
production resource can create a catastrophic application
outage. It’s also important to control resource creation, if
you are to control costs. With this in mind, we’ll review the
technologies in Azure that enable you to control the
resource lifecycle.
Finally, we’ll consider Security and Compliance, and
provide links to valuable resources provided by Microsoft
that can help you ensure your deployments are secure,
and meet any local or industry regulations.

Azure Subscriptions
An Azure subscription is the most fundamental entity used to organize Azure resources.
Before you can use Azure, you need an Azure
subscription. The subscription is the boundary for several
independent Azure concepts:
• Security boundary - each subscription forms an
administrative security boundary. A subscription
administrator has full control over resources within
that subscription and controls the subsequent
configuration of role-based access control and
policies within the subscription. Where controls must
be applied to more than one subscription, they must
be applied to each subscription independently—there
is no control mechanism that spans subscriptions.
• Service limits - The subscription is the boundary at
which many of the Azure Service Limits are applied.
Resource utilization forecasts need to be made at the
subscription level to ensure they stay within these
limits. For further details on Azure subscription limits,
see https://docs.microsoft.com/azure/azure-
subscription-service-limits
• Billing - the subscription forms the billing boundary.
All Azure resources within a subscription are billed at
the subscription scope. Different billing schemes (such
as pay-as-you-go, CSP, or Enterprise Agreement) are
applied at the subscription level.
With these points in mind, the Managed Service Providers
need to choose how to organize resources across
subscriptions. A common model is to use a separate
subscription for each application, and to use separate
subscriptions for production vs non-production
deployments. A single subscription can contain more than
one non-production deployment, in separate resource
groups. Keep the subscription model simple, whilst
retaining essential flexibility.
Subscription management and organization depends
greatly on whether the subscription is from an enterprise
agreement (EA) enrollment or whether it was provisioned
from a Cloud Solution Provider (CSP).
SUBSCRIPTIONS WITH AN ENTERPRISE
AGREEMENT
The Azure Enterprise Agreement portal allows large
enterprise customers of Azure to manage Azure
subscriptions and associated licensing information from a
central portal. Enterprise Agreement (EA) customers can
add Azure to their EA by making an upfront monetary
commitment to Azure. That commitment is consumed
throughout the year by using any combination of the
wide variety of cloud services Azure offers from its global
datacenters. Within a given enterprise enrollment,
Microsoft Azure has several roles that individuals play.

The Enterprise Administrator has the ability to add or associate accounts and departments to the enrollment, can view
usage data across all accounts and departments, and is able to see the monetary commitment balance associated to the
enrollment. There is no limit to the number of Enterprise Administrators on an enrollment.
Department Administrators can manage department properties, manage accounts under the department they administer,
download usage details, and view monthly usage and charges associated to their department if the Enterprise Administrator
has granted permission to do so.
The Account Owner can add subscriptions for their account, update the Service Administrator and Co-Administrator for an
individual subscription, view usage data for their account, and view account charges if the Enterprise Administrator has
provided access. Account Owners will not have visibility of the monetary commitment balance unless they also have
Enterprise Administrator rights.
SUBSCRIPTIONS WITHIN A CSP
The CSP model does not have the concept of departments and accounts. Instead, each CSP subscription is created within a
customer. The customer entity contains all the services that you have sold such as Office 365, Dynamics CRM, as well as Azure
subscriptions.
Azure CSP subscriptions are also subject to a small number of technical limitations. See Migrating existing VMs to CSP for
more information.

COMMON SUBSCRIPTION MANAGEMENT
STRATEGIES
Common considerations when creating a subscription
creation strategy are
• Subscription Service Limits – will the migration be
impacted by service limits such as number of virtual
networks, or ExpressRoute connectivity? What about
future growth?
• Virtual Network Connectivity – how will resources
in each subscription connect to each other? Site-to-
Site, ExpressRoute, Virtual Network Peering?
• Security – role-based access control is setup per
subscription. How will this impact your subscription
creation strategy?
• Chargeback – how will you report and group Azure
consumption costs?
The following are some common strategies that you can
take when creating subscriptions. The key to understand is
there is not a single model, each approach comes with its
own caveats that you as the provider should understand
and plan for.
Subscription per Department (EA Only)
In this model, each department contains different types of
environments (e.g. prod, non-prod) and all Azure
resources are created in the same subscription.
Pros:
• Low ExpressRoute circuit costs
• Lower number of overall subscriptions to manage
Cons:
• Granular role-based access control model required to
allow permissions for different resources
• Higher risk of subscription limit Issues since many
potential services could be deployed into a single
subscription
• Mistake in management will affect all environments in
the department
Subscription per Environment
In this model, each environment contains the different
types of applications and workloads.
Pros:
• Minimized risk of running into subscription limit
issues
• Virtual network address spaces can be tailored per
application
• Minimized risk of impacting one environment by
changing the other
Cons:
• New ExpressRoute circuit required per 10th application
unless you are using ExpressRoute Premium which has
larger limits depending on circuit bandwidth
• More subscriptions to manage (RBAC, Policies,
Tagging, Chargeback)
Subscription per Application
Each application uses a different subscription.
Pros:
• Minimal subscription limit issues since each
application is in a subscription
• Per application RBAC model
Cons:
• Higher risk of running into cross subscription
connectivity limits unless applications are isolated
from each other
• More subscriptions to manage (RBAC, Policies,
Tagging, Chargeback)
RESOURCES
➔ Azure Onboarding Guide
➔ Azure Subscription Service Limits

Resource Organization
Consistent naming and tagging schemes help organize your Azure resources, making
management easier and reducing mistakes.
Even a simple application can involve a substantial
number of Azure resources, such as virtual machines,
network interfaces, IP addresses, storage accounts, virtual
networks, subnets, network security groups, etc. Without
disciplined and intuitive resource organization,
administrative mistakes are inevitable.
NAMING CONVENTIONS
Adopting a systematic and descriptive naming convention for
each Azure resource is a useful way of making the purpose of
each resource and the relationships between resources clearer.
This increases manageability and reduces the likelihood of
administrative mistakes.
Well-designed naming conventions enable you to identify
resources in the portal, on a bill, and within scripts. Most
likely, your customer will already have naming
conventions for their on-premises infrastructure. When
migrating to Azure, you should extend those naming
standards to your Azure resources where possible.
Naming conventions facilitate more efficient
management of the environment at all levels.
Designing a naming convention is not entirely
straightforward. Different Azure resource types have
different limitations on what names are permitted
(alphabet, case sensitivity, and length). Microsoft has
documented these rules and published a baseline
recommendation for a naming convention which can be
used as a starting point.
RESOURCE GROUPS
A resource group is a container that holds related
resources for an application. The resource group could
include all the resources for an application, or only those
resources that are logically grouped together. The service
designer decides how to allocate resources to resource
groups based on what makes the most sense for the
organization. Since resource groups are commonly used
as a security boundary for role-based access permissions,
a good general principle is to group resources that share
the same management lifecycle.
With Resource Manager, application designers can create
a simple template (in JSON format) that defines
deployment and configuration of entire application. This
template is known as a Resource Manager template and
provides a declarative way to define deployment. By using
a template, you can repeatedly deploy the application
throughout the app lifecycle and have confidence that
resources are deployed in a consistent state. We’ll cover
more about writing templates later. Since each template
must be deployed to a single resource group, the resource
groups structure also impacts your deployment template
design. Deployment to multiple resource groups can be
achieved at the expense of the additional complication of
breaking your deployment into separate, nested
templates.
TAGGING RESOURCES
In addition to a naming convention, resource tags can
also be used to organize Azure resources. Tags are key-
value pairs, with a maximum of 15 tags per resource or
resource group. Tags can be used for multiple purposes—
common scenarios include:
• Azure billing - supports filtering and grouping using
Tags, enabling tags to be used to implement internal
charge-backs or billing codes (‘billTo=IT-Chargeback-
1234’)
• Associating resources - for a particular application
across resource groups (‘application=payroll’)
• Resource owner - Identify ing the owner of a
particular resource (‘managedby=joe@contoso.com’).
• Environment – Identifying the environment of a
particular deployment (‘environment=staging’)

Controlling access to Azure Resources
With great power, comes great responsibility. Just as the cloud allows services to be
provisioned in minutes, critical services can just as easily be changed or deleted. Fortunately,
Azure provides comprehensive features to enable you to control access without losing agility.
A typical application will only use a small subset of the
wide range of resource types available in Azure. Allowing
unrestricted creation of resources allows consumption of
resources far beyond what was planned. This can cause
unexpectedly high bill or even affect the correct operation
of the application (for example, by causing subscription
limits to be breached).
Similarly, incorrectly modifying or accidentally deleting a
resource can cause an application outage. It is therefore
important to control who has access to Azure resources,
especially those supporting production applications, and
to control what operations are permitted by those who do
have access.
To summarize, the main governance challenges faced by
an organization running production services in Azure are:
• Prevent unexpected costs by controlling which
resources are deployed
• Control who has access to Azure resources, and what
changes they are permitted to make
• Separate the control of production from non-
production environments
• Prevent accidental resource changes or deletions that
are potentially service impacting
Azure provides three complementary mechanisms to
control what resource management operations are
permitted in a subscription, who has permission to
perform those operations, and to prevent accidental
mistakes. These are known as policies, role-based access
control, and resource locks.
• Azure Resource Manager Policy allows you define
rules or conventions that must be applied to
resources within a subscription. For example, a policy
may block the use of certain types of resource, or limit
the SKUs or service tier of another resource type, or
enforce or prevent the use of a particular Azure
region. Policies can also be used to enforce rules, such
as the inclusion of a tag to enable billing cross-
charging or enforcing a naming convention. Polices
can be applied to the entire subscription or scoped to
a resource group or resource.
• Role-based access control (RBAC) allows control over
the actions of a user or group of users. Each role
defines what actions are permitted, or not permitted,
on what types of resource. Once a role has been
defined, it can be applied to specific users or groups
of users (as defined in Azure AD), and applied at the
subscription, resource group or individual resource
scope.
• Resource Locks allow certain potentially damaging
management operations to be blocked. There are two
types of lock: ‘DoNotDelete’, which permits all actions
except deletion, and ‘ReadOnly’, which permits read
operations but blocks any updates or deletes. For
example, a ‘DoNotDelete’ lock may be applied to a
storage account containing critical data to prevent
accidental deletion, regardless of the role-based
access permissions granted to the user. The operation
can only proceed if the lock is first removed, which
provides a useful checkpoint to verify that the
operation really is intended. Adding and removing
locks themselves are controlled by separate RBAC
permissions, thereby providing role separation and
enabling operator activities to be reviewed. Whilst a
single lock can be applied at the subscription or
resource group scope, they are typically applied to
individual resources, allowing more fine-grained
control.
Azure Policy, RBAC and locks are complementary. Policies
focus on the resources in a subscription, regardless of the
user initiating each request. RBAC works at the user level,
controlling which operations are available to each user.
Resource locks prevent accidental modification or
deletion of individual resources. These three mechanisms
work together to provide a powerful toolkit to control
resource access whilst permitting necessary management
operations under suitable controls.

Security and Compliance
Security is a critical requirement for cloud applications. Applications cannot be migrated to
Azure unless there is a high degree of confidence in the security of the migrated application
and all application data. A strong security stance and deep security skills are therefore
essential for any successful Managed Service Provider offering Azure services.
Security in the cloud is a shared responsibility between
Microsoft and the Azure customer developing and
hosting applications in Azure. Microsoft makes substantial
investments in the physical, logical and operational
security of its infrastructure, networks, and software. Azure
provides a wide range of features and tools which can be
used to secure applications hosted in Azure. It is the
responsibility of the Managed Service Provider to
understand and make appropriate use of Azure so that
the applications they manage are properly protected.
Security is a specialist topic, requiring both broad and
deep technical skills. Technical teams require appropriate
experience and training to properly design, implement,
and manage secure Azure solutions. Both the threat
landscape and the security features available in Azure are
continually evolving. On-going investment should be
made to review and update the security protections of
existing applications, and to ensure staff skills stay up-to-
date.
Microsoft Azure supports an extensive range of features
and services which can be used to secure Azure-based
applications, and to provide secure connectivity to on-
premises environments where required. In addition,
Microsoft publishes extensive guidance on security best
practices.
Use the following resources to deliver secure and
compliant customer solutions:
• Azure Security Center is an Azure service designed to
review all resources in your Azure environment and
provide reports and guidance on how to improve
their security to meet Azure best practices. It is a free
service, with an optional paid tier which additional
supports reporting for resources outside of Azure.
• The Microsoft Trust Center is a hub for security,
compliance and privacy guidance from Microsoft. This
includes all aspects of Microsoft’s software portfolio
(both on-premises and cloud), as well as guidance for
third parties on how develop their own applications
securely. It also has a section dedicated to Azure
Security.
• The Azure Trust Center provides links to additional
resources on security, compliance and privacy in
Azure.
• The Azure Security documentation hub contains both
an overview of the full suite of security features
available in Azure, as well as comprehensive guidance
on specific areas such as networking, storage,
compute, identity, and operations. Best practice
guidance is also included, as well as links to additional
resources.
• The Security best practices for IaaS workloads in Azure
documentation page contains further useful guidance
on secure Azure deployments.
The Microsoft Cloud Architecture resources includes a
series of posters providing a technical overview of core
Azure features areas aimed at Enterprise Architects. This
includes guidance on networking, hybrid cloud, storage,
identity, mobility, and security.
The Security Practice Development Playbook provides
further guidance for Microsoft Partners seeking to build a
practice with a specialist focus on security.

Infrastructure as Code
Automate infrastructure deployment and management through declarative or imperative
scripts.
Infrastructure as Code (IaC) is the process of writing scripts
to automate the deployment and configurations
management of infrastructure. Using automation to
manage your infrastructure enables you to:
• Increase accuracy and reliability of resource
deployment and configuration.
• Automate the process of replicating environment
configurations across dev, test, and production
environments.
• Add version control to infrastructure configuration
management.
Automation is also a key component to implementing
DevOps practices, and Infrastructure as Code fits in well
with the other aspects of DevOps such as Continuous
Integration (CI) and Continuous Deployment (CD).
There are two methods to writing scripts for
implementing Infrastructure as Code: Imperative and
Declarative. The imperative approach utilizes traditional
command-line scripts to define the step-by-step process
to modify current state to the desired end-state. The
declarative approach utilizes a definition file that declares
what the desired end-state is, and the tooling
automatically figures out how to modify the current state
to reach the desired end-state.
With the infrastructure deployment and configuration
automated with scripting, these scripts can then be
checked into Source Control, such as Git or Visual Studio
Team Services. This integration with Source Control adds
the ability to affectively track infrastructure version
changes over time in the same manner that all other
source code is tracked. It also enables Infrastructure as
Code (IaC) to be integrated into the release pipeline
through Continuous Integration (CI) and Continuous
Deployment (CD); alongside the source code for the
enterprise applications that may run on the infrastructure
being automated.
In this section, we’ll review three approaches to
automating infrastructure provisioning and management:
• Azure Resource Manager Templates: Declarative
templates formatted in JSON to define the
configuration of an Azure environment, deployed
through Azure Resource Manager.
• Automated scripts: Create imperative scripts using
Azure PowerShell and Azure CLI for managing Azure
resources.
• Azure SDKs and REST APIs: Build your own
management tools by leveraging the Azure SDKs and
REST APIs to automate Azure resource management.

Azure Resource Manager Templates
Implement declarative Infrastructure as Code using Azure Resource Manager
Azure Resource Manager Templates offer a declarative
method of implementing Infrastructure as Code (IaC) for
deploying and maintaining environment and
infrastructure deployments. Put simply, a template
consists of a text file, in JSON format, specifying the
resources in a given deployment.
Templates can be parameterized, allowing a small number
of inputs to control the type, number and size of resources
deployed. This allows the same template to be used for
multiple deployments in different environments, such as
Test, Pre-Production and Production.
Consistency across the Azure ecosystem allows for ARM
Templates to be written that can deploy environment
configurations to both the Azure public cloud and Azure
Stack without requiring any changes to the template.
Templates can be authored using a plain-text editor, or a
variety of IDEs (Integrated Development Environments),
such as Visual Studio 2017 and Visual Studio Code. These
editors enhance the authoring experience with syntax
highlighting, code completion, and other common IDE
features.
Templates can be easily deployed, either directly from
Visual Studio, using the Azure portal, PowerShell or CLI, or
even integrated into a Continuous Integration /
Continuous Delivery (CI/CD) pipeline using Visual Studio
Team Services, Jenkins, or some other automated build
and deployment tool.
Templates support two deployment modes, incremental
and complete. In both modes, all resources specified in
the template are deployed. The differences are in what
happens to pre-existing resources that are not specified in
the template—in incremental mode, they are unchanged,
whereas is complete mode, they are deleted. This enables
templates to be used both for clean deployments and to
update existing deployments.
Developing Azure Resource Manager Templates is a skill.
The template language supports a wide range of features,
some of them quite advanced such as conditionals and
nested templates. Learning to use the full power of
Templates is a highly worthwhile investment for any team
making significant use of Azure. Several guides and
samples are available to help you—see the links in the
Resources section below.
TEMPLATE AUTHORING TOOLS
• Azure Resource Manager Tools for Visual Studio
Code. Visual Studio Code (VS Code) is a free code IDE
from Microsoft. The Azure Resource Manager Tools is
an Extension to VS Code that adds syntax
highlighting, autocomplete, and other features to the
IDE for authoring ARM Templates with ease.
• Visual Studio Azure Resource Group project The
Azure Resource Group project (deployed as part of
the Azure SDK) template adds full IDE support to
Visual Studio 2015 and 2017 for authoring and
deploying ARM Templates directly within Visual
Studio.
• Azure portal Templates can also be loaded into the
Azure portal for easy deployment. The portal also
supports editing templates online and downloading
templates for editing offline. In fact, every
deployment you make using the Portal uses a
template, and you can download these templates
from the portal as a starting point for creating your
own.
RESOURCES
➔ Azure Resource Manager Overview
➔ Authoring Azure Resource Manager Templates
➔ Azure Quickstart Templates
➔ Sample templates from the Azure Resource Manager
team
➔ Create and deploy your first Azure Resource Manager
template

Automated Scripts
Implement Imperative Infrastructure as Code (IaC) using Command-Line scripts
Azure PowerShell and Azure CLI (cross-platform
command-line tool) offer an Imperative method of
implementing Infrastructure as Code (IaC) for deploying
and maintaining environment and infrastructure
deployments with the Microsoft Azure ecosystem. These
tools are designed for managing and administering Azure
resources from the command-line, and for building
automation scripts that work using Azure Resource
Manager.
Automation scripts written using either tool can easily be
checked into Source Control, such as Git or Visual Studio
Team Services, for added version control. The scripts can
even be integrated into a Continuous Integration /
Continuous Delivery (CI/CD) pipeline using Visual Studio
Team Services, Jenkins, or some other automated build
and deployment tool.
Azure PowerShell and Azure CLI can both be downloaded
and installed from the Azure downloads page. They are
also available via the Microsoft Web Platform Installer.
The tools are frequently updated, and it’s worthwhile
always making sure you have an up-to-date copy to
access the latest Azure features.
In addition to executing commands at the command-line
of the local machine, the Azure Cloud Shell within the
Azure Portal can be used to execute Azure PowerShell and
Azure CLI scripts directly within a web browser from any
machine. The Cloud Shell is accessed by clicking the Cloud
Shell icon in the toolbar at the top of the portal, or as a
standalone page at https://shell.azure.com.

Azure SDKs and REST APIs
Custom code can be built to automate Azure resources, too.
The Azure SDKs (Software Development Kits), in addition to templates and command-line tools, can be used for both
working with Azure Resources, as well as implementing the automation of deployment, configuration, and management of
Azure Resources. These tools help add additional automation capabilities to grant the capacity to work with and automate
resources in Microsoft Azure.
The Azure Development SDKs are a set of reusable libraries built by Microsoft that work with Azure Resource Manager to
manage Azure resources. These SDKs enable any custom automation scenario to be built out; in addition to the integration
of Azure services with custom code. This allows you to use or build exactly the right tool to solve the problem at hand.
These libraries support a wide array of programming languages and platforms, including:
• .NET Framework
• .NET Core
• Java
• Node.js
• PHP
• Python
• Ruby
• Android
• iOS
You can also manage Azure resources by calling the Azure Resource Manager REST APIs directly, using your own code
instead of the SDKs. These APIs are the foundation of all resource management in Azure—indeed, the Azure portal,
PowerShell, CLI and SDKs all use these Azure REST APIs. Using the REST APIs gives you direct access to all Azure resource
management features.
RESOURCES
➔ Azure SDK Downloads
➔ Azure REST API Reference

PLAYBOOK SUMMARY PAGE 142
Playbook Summary
Thank you for taking the time to review this playbook. We hope you have gained new insight
into the business opportunity that application migration and modernization offers. We also
hope you have gained valuable technical knowledge on how to execute a migration or
modernization project and how to build your cloud migration practice.
We created this playbook to help you, our Managed Service Provider partners, adapt your businesses to embrace the
opportunity offered by migrating applications to run in Azure.
In the first section, Define Your Strategy, we helped you understand the unique business opportunity in front of you. We
explained some of the ways you can differentiate your business, and how you can leverage Microsoft incentive programs to
boost your revenue.
In the next section, Hire & Train, we explained the skills you would need in your migration team, and provided guidance on
how to evaluate new hires or up-skill existing staff to meet those needs. We also provided several training resources you can
use, both online and instructor-led.
We then moved to the technical content, which forms the bulk of this playbook, starting with a chapter on Building a
Migration Assessment. This included detailed guidance on the three stages of the assessment process—discovery, planning
and evaluation--, and the expected contents of the resulting migration assessment plan.
Next, we discussed migration execution, starting with Migrating to Azure Infrastructure Services. Here we provided
guidance on the various Azure services to use to build a cloud-based infrastructure. We also discussed the tools available to
assist you with the migration process, and some of the technical challenges and option in specific cases, such as migrating
databases.
We then moved on to discuss Modernizing Applications, use Azure’s platform services. We started with the business
benefits of embracing a platform approach, before drilling deeper into the design principles behind ‘cloud-native’
applications and some of the technologies available in Azure to implement them.
In the Optimize & Manage chapter, we focused on cost optimization, discussing the various programs and techniques
available to you to reduce your Azure spend. Reducing your Azure spend is one of the most effective ways in which a
Managed Service Provider can demonstrate clear value to their customers.
In Best Practices, we discussed a variety of proven techniques to make your Azure usage easier to manage. By organizing
your subscriptions and resources, and using the range of techniques provided to control access, you can greatly improve the
long-term manageability of your deployments as well as reducing the risks associated with service management mistakes.
Finally, in Leveraging Reusable IP, we discussed the importance of developing repeatable processes and tools to help drive
efficiency, quality, and time to completion in any migration project.
FEEDBACK
We hope you found this playbook valuable. Share feedback on how we can improve this and other playbooks by emailing
playbookfeedback@microsoft.com.
July 2018

Microsoft cloud migration and modernization playbook 031819 (1) (2)

Recommended

More Related Content

What's hot (20)

Similar to Microsoft cloud migration and modernization playbook 031819 (1) (2) (20)

More from didicadoida (12)

Recently uploaded (20)

Microsoft cloud migration and modernization playbook 031819 (1) (2)