What Is Meant by “Cloud Migration Triggers”?

In a previous post, you learned that the two main reasons a cloud migration is initiated are to improve performance and/or to reduce costs. While this is true, cloud migration is not a regular discussion for the bulk of Information Technology departments within enterprises worldwide.

While this topic is discussed more often than five years ago, it’s not as common as discussions about server decommissioning or system patching. So, it’s not common, just more common than usual (now say that ten times fast … No prize, sorry).

These conversations are more likely to happen after a trigger event. Basically, they take place after events that open the cloud as a potential solution. Common events that can lead to discussions about cloud migration are called ‘cloud migration triggers’.

Cloud migration triggers are the events that are likely to happen to an enterprise, which will commonly lead to a discussion about cloud migration as a solution to the issue(s) at hand.

So, what are some of these ‘cloud migration triggers’?

Some of those triggers are:

  1. Threats to the security of computers and computing resources
  2. Need for the ability to quickly scale up/down for the needs of specific applications/data sets
  3. Cost concerns, aka reductions of the going-forward budget
  4. Needs for redundancy of data sets or computational power across multiple geographies
  5. Options for avoiding renewal of datacenter contracts (e.g., the renewal comes with a substantial increase in cost for similar services)

What will happen is that one or more of the above will become a trigger for the enterprise. As a result, the company will start having internal discussions about the cloud being a possible solution to the problem(s). So, in short, cloud migration triggers are common situations that lead to a discussion about moving a company’s computer-related assets to the cloud.

What Is Meant By “Guest Machine” and “Host Machine”?

Imagine that you are hired to help migrate 20 servers to a Microsoft Azure cloud tenet. The servers are all VMware virtual machines running on two separate 4-host clusters and are accessible via the local vSphere 6.7 install.

At the initial team meeting, everyone introduces themselves to the group. Primary assignments are distributed afterward. Your primary assignment is to compile a list of all the guests and hosts in that instance of vSphere.

Additionally, you are to compile the following information for all the guest machines (per guest):

vCPU count
Memory size
Hard Disk 1 size (primary boot drive)
Whether the most recent VMWare Tools are installed on it

You instinctively know this is nothing more than a table. You can research this data and put together a simple Excel spreadsheet with this information … you only have one problem:


You pull a colleague to the side at the breakfast counter before the next workday and ask them this question. You also explain you are new to VMware and are learning the terminology.

They respond with, “It can get confusing, I know. Just remember: the guests run on hosts.”

They then run … cold vegetarian omelets are not a great way to start the day, as you know from your college dorm years.


Think of it this way. Let’s imagine you have a friend over to visit your home. You are the host, and they are the guest.

The host owns most of the stuff inside the home and also the house itself (assume homeownership). The guest can gain access to many things in the host’s home, but at that moment, the guest and what they can do is limited in some way to what the host has to offer.

This is similar to guest and host machines. The host has all the resources, and the guest is utilizing the host’s resources as much as possible and as needed. In this sense, the host is the hardware, and the guest is the combined operating system and applications.

So, in short, a guest is the operating system and the things that run on it, and the host is the computer hardware and parts that the operating system is running on.

Another way to think of this is to say, “the operating system and applications (guest) are hosted on the hardware.”

What Is Meant by “Patch Management” When Discussing Migrations?


You have successfully migrated (in this instance) 10 Windows 2016 DataCenter servers. Each runs part of the Supply Chain ecosystem. They are all VMWare Virtual Servers, each with 8 GB of vRam, 2 vCPUs, and a 200 GB Hard Disk.

You migrated the systems to a private cloud instance in the Microsoft Azure subscription using AVS (Azure VMware Solution). This utilized the HCX appliance installed in the common vSphere instance that hosted these guests.

Additionally, an Edge Router was successfully installed at the company’s datacenter. The Edge router was configured with an Express Route set up to transfer migration traffic ALONE. Finally, the Edge Routers at both the local and Microsoft datacenters were set up with Microsoft Enterprise Edge for Express Route Global Reach.

You are now able to log into the newly-created vSphere instance. You see three hosts in this vSphere, and each VMware virtual guest is listed under the hosts.

In the next meeting, you demonstrate this success on a network laptop connected to the room projector. You feel that you have climbed Mount Everest! You are ready to get the ‘GREAT JOB’ and plan the celebration…

…it’s at this time that the CyberSecurity professional on the project asks you, “So, how are we going to keep these new environments patched?”


In a fit of panic, you try to review what you remember of the project planning sessions. Was this even discussed? You start looking in the Microsoft Sharepoint repository with all the company contracts for IT — you want to see if that was included in the scope of work — NOPE !!

Ok, so what does this mean for the project?

In an attempt to keep things simple, “patch management” refers to the overall system/process that will successfully ensure all involved hardware and software updates and patches are installed regularly with as little manual intervention as possible.

This presents some challenging questions. How will the following be updated in a timely manner?

⦁ Windows operating systems
⦁ VMWare vSphere operating
⦁ VMWare ESXi on the hosts
⦁ Microsoft Dynamics supply chain (the supply chain base software)

Many answers CAN work, but each solution needs to be presented concerning success rate, cost, budgeting, and testing — POTENTIAL SOLUTIONS can include:

  1. Microsoft Intune (how Microsoft pushes updates for all their software; this includes Windows and Dynamics)
  2. Microsoft AVS (they maintain updates for their hosts ESXi and vSphere instances)

A discussion of options and their plus/delta needs to happen for the next steps to proceed properly.

To conclude, “patch management” refers to the overall system/process that will successfully ensure all involved hardware and software updates and patches are installed.


What Is Meant By “On-Prem Application”?

In my last piece, I talked about cloud-based applications. We discussed that when an infrastructure is being migrated, it’s essential to understand the soon-to-be-migrated environment’s architecture. As you recall, you need to know about the following:
backup schemas
client-access routines

…for all involved devices.
You can plan more effectively for a successful migration when you have a good understanding of the general scope of the migrating entities.

One of the many questions that you should ask for clarity on is, “Where is the application housed”? You will be given one of two answers for most applications: cloud-based or on-prem.

Now, let’s clarify the meaning of the second answer — ‘on-prem.’

When an application/suite is declared to be on-prem (on-premise, if you will), the majority of the network/servers/code/configurations/data warehouses needed for the application to perform as expected are located in a data center that is owned or partially controlled by your company.

Additionally, on-prem applications are customarily maintained by company support professionals. Sometimes these professionals are not direct employees of the company but can be directly hired via contracts or part of a support firm that the company hires to offer as-needed support for the application and infrastructure.

Supporting the application can include:
resolving operational issues
adjusting and updating configurations
maintaining the server hardware
keeping the operating systems that the application ‘sit’ on up to date
verifying and maintaining the security of the entire application and its data footprint

…and much more.

So, in short, ‘on-prem’ applications reside in locations usually owned (fully or partially) by the specific company in question.

What Is the Meaning of “Lift and Shift”?

Picture this:

You are working with a team of people tasked with migrating the supply chain servers and related applications, databases, websites, and more from the datacenter in Atlanta, Georgia, to a Microsoft Azure tenet. There are ten servers in total, and all were built in 2020. They each:

Run Windows Server 2019 Datacenter
Are Dell PowerEdge R820 16-Bay Servers containing four 2.20Ghz E5-4607 Six Core Processors and a total of 64 GB of Memory
Have a local RAID-5 configuration of two sets, each of 3 drives per set of 500MB SSDs for a total of 2 logical drives per server, each having 1TB of logical space

It is determined that we will use the Azure Migrate Tool to move each server to a suitable Azure VM in the new tenet named ‘Supply_Chain_202202.’

The latest information pertaining to this migration is that it will be a ‘lift and shift’ for all ten servers.

So, the grand question is:
What is the meaning of ‘lift and shift’?

Let’s assume for the sake of clarification that you have a portable fireproof safety box (like a SentrySafe 1200 Fireproof Box) which contains twenty 100-USD bills and ten 500-EUR bills. You have to move all the bills (USD and EUR) to a storage facility owned by a national conglomerate.

In the example above, taking the locked SentrySafe 1200 to the storage facility and locking the box with the bills inside the storage facility is ‘lift and shifting’ the dollar bills. The other main methodology is ‘re-homing,’ which is taking the dollar bills out of the SentrySafe 1200 and placing the bills by themselves directly into the storage space.

Essentially, ‘lift and shift’ is moving the server ‘in one whole piece’ to the new location (in this case, Microsoft Azure). In this instance, it can be done using the Azure Migrate Tool process.

To clarify, ‘lift and shift’ moves the complete entity as one piece, while ‘re-homing’ refers to creating a new entity in the new location and just shifting the data and configurations.

What Is Meant by ‘New Builds’ When Discussing Cloud Migration?

Let’s assume we plan to move two applications from the local datacenter into a Microsoft Azure subscription. We will call the applications “LiftAndShift” and “NewBuild.” For the purpose of simplicity, let’s assume each application is hosted on one server: “LiftAndShift1” and “NewBuild1”.

First, we create a space for these servers and applications to live on.

Since they share data and talk to each other via shared folders on each server, we decided to create a single tenet that will ‘house’ both servers above.

Next, we meet with the application portfolio team, stakeholders, and power users.

This meeting happens so that we can agree on a sequence of events for moving these two applications. This agreement is CRITICAL as both servers need each other, and we must minimize the risk of downtime while this migration takes place. Furthermore, we must test as many things as we can as we go through this process.

We decide to use the Azure Migrate Tool to move “LiftAndShift1” first. This server is currently a virtual machine hosted on a VMware EXSi cluster of hosts running ESXi 6.5 Update 3 (build 13932383). We then download the Azure Migrate Tool from the Microsoft Azure tenet we created.

Next, it is installed as an appliance (*.ova file) into vSphere. Finally, it is configured with an Admin-level account for both SQL on-prem and the Windows Active Directory (SPECIFICALLY USED JUST FOR THIS PURPOSE — AS DIRECTED BY LEADERSHIP, NAMELY THE CISO).

A cutover weekend plan is established.

The prior weekend, we ran an assessment for “LiftAndShift1” using that functionality in the Azure Migrate section of the Microsoft Azure portal. Since this application is very ‘lean’ (small), the VMware virtual server on which the application ‘sits’ is also quite small.

The Azure Migrate Tool successfully completes the initial assessment and recommends two drives and a B2s target to migrate this virtual server directly into the Azure Tenet.

The cutover of “LiftAndShift1” is a success, and the afterward testing completes with no major concerns.

In compliance with the plan created above, the “NewBuild1” server will not be migrated. Instead, we will move the server via a ‘new build’ process.

Now we commence with a ‘new build’ migration.

What does this mean? Simply stated, a ‘new build’ migration is when you first create a new server in the cloud with more than enough resources to run the application, data, etc.

Next, you install the most current version of the software the server will run on. There is one pre-requisite, though; you need to engage the vendor to assure you have access to the most current software. You’ll also need to get the support contracts and proper license structures for it.

Finally, you set up another cutover weekend where all the data is copied to the new location, and the new server is configured to work with the new data copy. It then needs to be tested by the power users to assure functionality.

So, when the expression ‘new build’ is used in the context of cloud migration (e.g., migrating a server to Microsoft Azure), it refers to creating a new server so house data will be updated and then copied to that new server. The base server (operating system, etc.) will NOT BE MIGRATED using tools like Azure Migrate Tool and the HCX appliances.

Why Are Firewalls So Important to a Cloud Migration?

What is the essence of a cloud migration? What major function does cloud migration provide?
Simply stated, the general purpose of a cloud migration is to move resources in the datacenter to a cloud provider (such as Microsoft Azure cloud). These resources can include, but are not limited to:

• general-purpose servers
• routers
• switches
• circuits
• databases/data warehouses
• applications
• file shares/file servers
• client computers (using technologies such as Azure VDI or Windows 365)
• email and productivity software access (using technologies such as M365 [formerly Office 365])

And so much more.

Recently, I discussed two primary reasons companies are moving to the cloud. Please view my previous post on why companies migrate to Azure if you would like that information about the process.
Now, let’s look at the total migration objectively.

We are taking both data and data processing structures from our SECURE data centers that have gained our trust over the last years (even decades, at some Enterprises), and we are moving them to a new location. Even if this location was a vault in the FBI, there would be an element of concern about the overall effectiveness of the new location’s security process.

This security concern is one of the most important challenges to overcome with any Azure cloud migration. Specifically, the client or company’s concern that even with a super-secure company like Microsoft, the design of the new environment — or more specifically, the process used to migrate and position the resources — will not be as secure as what is already in the current ‘legacy’ datacenter.
This is where the firewall comes into play.

The firewall is key and very important to the migration process to help reduce concerns like this, both logically and practically. In short, firewalls are resources that function as guards at the gate; they either allow data to pass along or reject it.

Typically, a Network Engineer will program a process/algorithm that will instruct the firewall what data to accept. The standard practice in Network Engineering is to list everything that will be accepted. The last step is to essentially ‘deny anything that does not fit what I have already allowed.’ In Network Engineering lingo, this is called the ‘deny all’ statement.

The usual configurations for a firewall include a name or label for each rule, the source IP address, the destination IP address, the ports that should be allowed, and the protocols that should be allowed. I have added an example below this statement:

Name: NEW_RDP_PORTS_CR19521958
Protocol: TCP
Source Addresses:
Destination IP Adresses:
Destination Ports: 81052

Do you notice the part of the name that’s written as “CR19521958” in the above example? It is added to define the Change Management request that approved placing this new rule into the infrastructure.

Now that we have all of that out of the way, let’s quickly answer the question at hand:

Why are firewalls so important to a cloud migration?

The simple answer is that they are a key line of defense against data hacks — infrastructure security.

Basically, a firewall (or many of them) is the first device that all data is filtered through as soon as it is out of the WAN cloud (think internet traffic; coming and going). This super-specific filtering process adds major security to any environment — and that makes your Cyber Security team VERY HAPPY!


What Is A Network?

What is a network?


You are having a conversation with a group of computer professionals. The conversation is about a recent event where a popular company’s website was not accessible from anyone’s internet for two days. People debate the cause and reasons for this event and what could have been done to prevent or at least reduce the chances of this event happening.

Then, in one second, confusion takes over. What was easy to understand is now confusing.

You will hear the word ‘network,’ but what does that mean? Furthermore, how is this used in the discussion above? Have no fear, for we will cover this and make it easy to understand.

The short answer is this: A network is a group of items that have a link or connection. THAT’S IT.

Let’s place a real-life example here to demonstrate this.

Think about the group of people who call you the most. If you have an Andriod operating system on your cell phone, you can open the phone app and see which contacts are listed under “Frequently Contacted.” These are the people the phone has recognized as those you contact the most overall. They are the people with who you have the most — at least on that phone — conversations.

It is these people that you have a connection, a link, with. You shared ideas and concepts on a regular basis with these people. In many cases, your thoughts have impacted them in some ways, and the same is vice versa for you.

You and these people have formed a network.

In the same way, information is shared with members in this Frequently Contacted list; devices that share data in a similar way are part of a network. If you can group devices that communicate with each other (share data)   they are a network.

There can be many examples of networks in a company’s computer setup.

Network of computers,

Network of routers,

Network of switches,

Network of mainframes,

First-floor network of computers, second-floor network of computers … the list can go on for a long time …

So, in short, a network is a group that shares data (linked/connected).

What Is The Cloud ?

There are many definitions and explanations for the question, “What is the cloud?” These explanations range from NIST government documentation to various YouTube videos to books such as “Explain The Cloud Like I’m 10” and “Cloud Computing For Beginners With Examples: Dummies Guide to Cloud Computing.” In short, there is no shortage of explanations for what the cloud is.

In the spirit of these events, I want to share my explanation of the common question, “What is the cloud?” Keep in mind, what I am going to respond with is more of a technical approach to this. A way of looking at this is to say it is an explanation for the technical professional.

What is the cloud? The cloud is virtualization in a data center the company does not own. For professionals, we have an awareness of virtualization and what it can do. What is needed for virtualization is a central location, which has computing power, network power, and storage power locally available. With the cloud, virtualization can continue WITHOUT THE NEED TO HAVE A LOCAL computer, network, and storage power. Furthermore, you rent those items as needed from a cloud service provider (such as Microsoft for Azure) on demand.

So, think of cloud computing as using any device with an internet connection to run apps on a set of machines you rent by the hour of computing time – you can run the apps just as if you were directly working with a computer you own; but you don’t have the computer purchase, warranties, and other costs to use a limited amount of the time.

So, in short: the cloud is virtualization in someone else’s data center.