What Is Meant By “Guest Machine” and “Host Machine”?

Imagine that you are hired to help migrate 20 servers to a Microsoft Azure cloud tenet. The servers are all VMware virtual machines running on two separate 4-host clusters and are accessible via the local vSphere 6.7 install.

At the initial team meeting, everyone introduces themselves to the group. Primary assignments are distributed afterward. Your primary assignment is to compile a list of all the guests and hosts in that instance of vSphere.

Additionally, you are to compile the following information for all the guest machines (per guest):

vCPU count
Memory size
Hard Disk 1 size (primary boot drive)
Whether the most recent VMWare Tools are installed on it

You instinctively know this is nothing more than a table. You can research this data and put together a simple Excel spreadsheet with this information … you only have one problem:

WHAT IS A GUEST MACHINE?

You pull a colleague to the side at the breakfast counter before the next workday and ask them this question. You also explain you are new to VMware and are learning the terminology.

They respond with, “It can get confusing, I know. Just remember: the guests run on hosts.”

They then run … cold vegetarian omelets are not a great way to start the day, as you know from your college dorm years.

OK, WHAT IS A HOST MACHINE?

Think of it this way. Let’s imagine you have a friend over to visit your home. You are the host, and they are the guest.

The host owns most of the stuff inside the home and also the house itself (assume homeownership). The guest can gain access to many things in the host’s home, but at that moment, the guest and what they can do is limited in some way to what the host has to offer.

This is similar to guest and host machines. The host has all the resources, and the guest is utilizing the host’s resources as much as possible and as needed. In this sense, the host is the hardware, and the guest is the combined operating system and applications.

So, in short, a guest is the operating system and the things that run on it, and the host is the computer hardware and parts that the operating system is running on.

Another way to think of this is to say, “the operating system and applications (guest) are hosted on the hardware.”

What Is Meant by “The Migration Is Not Done Once All the Servers Are Migrated”?

Congratulations!

You have migrated the last of the servers from the datacenter into Azure VMware Solution’s Azure Private Cloud. You can see all of the migrated VMware guests listed on the new vSphere instance with three ‘virtual’ hosts load-balancing the full load of all servers that have been migrated (for now, let’s say you migrated a total of ten virtual machines). The servers are all running without operational issues in the AVS vSphere. Furthermore, you don’t see any alerts in the details tabs.

CONGRATULATIONS! YOU ARE NOT DONE!

WHAT?
WHAT GIVES?!

For anyone who plans to move into cloud migration engineering or architecture, please keep the following phase locked into your memory: “THE MIGRATION IS NOT DONE, JUST BECAUSE ALL THE SERVERS ARE MIGRATED.”

…let me explain.

Yes, getting the physical servers migrated is a major accomplishment! You should feel like a load has been lifted off of your back. However, do not be tempted to think you’ve completed your migration work just because the servers are up and running in the new environment.

Here’s the key: the migration is done when the clients are operational in the new environment.

The difference is the presence of post-migration workloads. Once the servers and related infrastructure are migrated and tested while working, you have to ensure the clients can get to the new location and that the testing results align with pre-migration results.

Specifically, the migration is done when the clients are working the way they used to before migration into the new environment with few changes to the overall work approach and execution.

Remember, we are migration engineers and architects who work to serve the clients’ needs (company, customers, etc.). IT’S ONLY WHEN THE END-USERS ARE WORKING ‘NORMALLY’ IN THE NEW ENVIRONMENT THAT WE CAN START TO CONSIDER THE CLOSURE OF THE PROJECT WITH SUCCESS.

…NEVER forget the above.

What Is Meant by “Patch Management” When Discussing Migrations?

Congratulations!

You have successfully migrated (in this instance) 10 Windows 2016 DataCenter servers. Each runs part of the Supply Chain ecosystem. They are all VMWare Virtual Servers, each with 8 GB of vRam, 2 vCPUs, and a 200 GB Hard Disk.

You migrated the systems to a private cloud instance in the Microsoft Azure subscription using AVS (Azure VMware Solution). This utilized the HCX appliance installed in the common vSphere instance that hosted these guests.

Additionally, an Edge Router was successfully installed at the company’s datacenter. The Edge router was configured with an Express Route set up to transfer migration traffic ALONE. Finally, the Edge Routers at both the local and Microsoft datacenters were set up with Microsoft Enterprise Edge for Express Route Global Reach.

You are now able to log into the newly-created vSphere instance. You see three hosts in this vSphere, and each VMware virtual guest is listed under the hosts.

In the next meeting, you demonstrate this success on a network laptop connected to the room projector. You feel that you have climbed Mount Everest! You are ready to get the ‘GREAT JOB’ and plan the celebration…

…it’s at this time that the CyberSecurity professional on the project asks you, “So, how are we going to keep these new environments patched?”

YIKES!!!

In a fit of panic, you try to review what you remember of the project planning sessions. Was this even discussed? You start looking in the Microsoft Sharepoint repository with all the company contracts for IT — you want to see if that was included in the scope of work — NOPE !!

Ok, so what does this mean for the project?

In an attempt to keep things simple, “patch management” refers to the overall system/process that will successfully ensure all involved hardware and software updates and patches are installed regularly with as little manual intervention as possible.

This presents some challenging questions. How will the following be updated in a timely manner?

⦁ Windows operating systems
⦁ VMWare vSphere operating
⦁ VMWare ESXi on the hosts
⦁ Microsoft Dynamics supply chain (the supply chain base software)

Many answers CAN work, but each solution needs to be presented concerning success rate, cost, budgeting, and testing — POTENTIAL SOLUTIONS can include:

  1. Microsoft Intune (how Microsoft pushes updates for all their software; this includes Windows and Dynamics)
  2. Microsoft AVS (they maintain updates for their hosts ESXi and vSphere instances)

A discussion of options and their plus/delta needs to happen for the next steps to proceed properly.

To conclude, “patch management” refers to the overall system/process that will successfully ensure all involved hardware and software updates and patches are installed.

DISREGARD THIS, AND HACKING RISK INCREASES TREMENDOUSLY!

What Is Meant by ‘New Builds’ When Discussing Cloud Migration?

Let’s assume we plan to move two applications from the local datacenter into a Microsoft Azure subscription. We will call the applications “LiftAndShift” and “NewBuild.” For the purpose of simplicity, let’s assume each application is hosted on one server: “LiftAndShift1” and “NewBuild1”.

First, we create a space for these servers and applications to live on.

Since they share data and talk to each other via shared folders on each server, we decided to create a single tenet that will ‘house’ both servers above.

Next, we meet with the application portfolio team, stakeholders, and power users.

This meeting happens so that we can agree on a sequence of events for moving these two applications. This agreement is CRITICAL as both servers need each other, and we must minimize the risk of downtime while this migration takes place. Furthermore, we must test as many things as we can as we go through this process.

We decide to use the Azure Migrate Tool to move “LiftAndShift1” first. This server is currently a virtual machine hosted on a VMware EXSi cluster of hosts running ESXi 6.5 Update 3 (build 13932383). We then download the Azure Migrate Tool from the Microsoft Azure tenet we created.

Next, it is installed as an appliance (*.ova file) into vSphere. Finally, it is configured with an Admin-level account for both SQL on-prem and the Windows Active Directory (SPECIFICALLY USED JUST FOR THIS PURPOSE — AS DIRECTED BY LEADERSHIP, NAMELY THE CISO).

A cutover weekend plan is established.

The prior weekend, we ran an assessment for “LiftAndShift1” using that functionality in the Azure Migrate section of the Microsoft Azure portal. Since this application is very ‘lean’ (small), the VMware virtual server on which the application ‘sits’ is also quite small.

The Azure Migrate Tool successfully completes the initial assessment and recommends two drives and a B2s target to migrate this virtual server directly into the Azure Tenet.

The cutover of “LiftAndShift1” is a success, and the afterward testing completes with no major concerns.

In compliance with the plan created above, the “NewBuild1” server will not be migrated. Instead, we will move the server via a ‘new build’ process.

Now we commence with a ‘new build’ migration.

What does this mean? Simply stated, a ‘new build’ migration is when you first create a new server in the cloud with more than enough resources to run the application, data, etc.

Next, you install the most current version of the software the server will run on. There is one pre-requisite, though; you need to engage the vendor to assure you have access to the most current software. You’ll also need to get the support contracts and proper license structures for it.

Finally, you set up another cutover weekend where all the data is copied to the new location, and the new server is configured to work with the new data copy. It then needs to be tested by the power users to assure functionality.

So, when the expression ‘new build’ is used in the context of cloud migration (e.g., migrating a server to Microsoft Azure), it refers to creating a new server so house data will be updated and then copied to that new server. The base server (operating system, etc.) will NOT BE MIGRATED using tools like Azure Migrate Tool and the HCX appliances.

What Is a Datacenter?

When computers were first mass adopted in society, there were mainframes and large consoles were used to access the mainframe. These mainframes were as large as basements in modern homes or even larger; they required (at times) custom, dedicated power lines just to keep them powered.

Furthermore, they were extremely expensive (the Harvard Mark I mainframe….used in the 1940s and later … had a manufacturing cost of $200,000 USD — in 2020, that would be around $3 million USD). These mainframes were used to calculate (think SUPER calculators), primarily using information called data.

These machines were quite big; the Harvard Mark I was 9,500 pounds, or over 4 tons and was over 50 feet long. As more widespread adoption of these units became a reality, these units required massive amounts of customized real estate to house them.

Basically, you needed a large ‘center’ to house these machines that calculated new ‘data.’ Welcome to the idea of a datacenter!

A short, concise understanding of the term datacenter is a large area or room dedicated to housing larger computing devices and the network/electricity/etc. needed to keep them up and running as close to 100% of the time as possible.

Fast-forward to 2020. The typical modern datacenter may have some AS400 units (modern mainframe), but will also have large metal shelfs (called racks) which hold servers, network switches, network routers, network patch panels, backup tape drives, NAS and SAN storage units, and more. The main purpose of all these devices is to do the large calculation, manipulation, and distribution of information for an organization.

Think of it this way:

For most companies, most of the large data sets and information tables stored and updated/calculated against are stored in datacenters. Furthermore, the cloud concept is renting datacenter access from other companies (eg., Microsoft Azure).

To summarize, a data center is the large area or room dedicated to housing larger computing devices and the network/electricity/etc. needed to keep them up and running as close to 100% of the time as possible.

What Does On-Prem Mean?

Make no mistake; the cloud is the future of what business computing is going to be. Companies are now doing deeper investigations into how to use the cloud to increase profits and reduce costs. For companies like Microsoft Azure, this presents an outstanding opportunity as more companies move more of their computing tasks to the cloud.

However, this raises a question: if more businesses are moving to the cloud, where are they currently and how does it work right now?

Companies that are looking to move to cloud are largely looking to move computers and more that are currently in remote data centers and on-prem. When we say on-prem, what we mean is that the computers that do the massive processing and people who access that data are either on the same geographic campus or in the same building/complex.

Essentially, on-prem refers to being on the same premise as the person/people who are currently speaking.

Now, let’s connect this definition to the case above. The question was where are these companies currently, and how does that work right now?

Companies looking to move to the cloud in the future now have many computing resources on-prem, or in the same buildings as the people who utilize them. Examples include: on another floor of the same building, in the building next door, in a closet down the hallway, and more. The big computers (e.g., AS400 Mainframe, Cisco Nexus, Dell PowerEdge, EMC XtremIO, etc.) are usually in one or two locations if they are on-prem and all together in one big room. You may also find networking equipment in this location as well (e.g., Cisco Meraki, Cisco Catalyst 9300, Cisco Catalyst 8200 Edge uCPE, etc.).

So, in short, on-prem means at the same geographic location.

What Is The Cloud ?

There are many definitions and explanations for the question, “What is the cloud?” These explanations range from NIST government documentation to various YouTube videos to books such as “Explain The Cloud Like I’m 10” and “Cloud Computing For Beginners With Examples: Dummies Guide to Cloud Computing.” In short, there is no shortage of explanations for what the cloud is.

In the spirit of these events, I want to share my explanation of the common question, “What is the cloud?” Keep in mind, what I am going to respond with is more of a technical approach to this. A way of looking at this is to say it is an explanation for the technical professional.

What is the cloud? The cloud is virtualization in a data center the company does not own. For professionals, we have an awareness of virtualization and what it can do. What is needed for virtualization is a central location, which has computing power, network power, and storage power locally available. With the cloud, virtualization can continue WITHOUT THE NEED TO HAVE A LOCAL computer, network, and storage power. Furthermore, you rent those items as needed from a cloud service provider (such as Microsoft for Azure) on demand.

So, think of cloud computing as using any device with an internet connection to run apps on a set of machines you rent by the hour of computing time – you can run the apps just as if you were directly working with a computer you own; but you don’t have the computer purchase, warranties, and other costs to use a limited amount of the time.

So, in short: the cloud is virtualization in someone else’s data center.