13_3 ‐ Migration from OCI to Azure: Process and Key Considerations - SanjeevOCI/Study GitHub Wiki

Migration from OCI to Azure: Process and Key Considerations

1. Migration Process Followed

Step 1: Assessment and Planning

  • Inventory Assessment:
    • Identified all OCI resources: compute instances, databases, storage, networking, and security configurations.
    • Evaluated dependencies between applications, databases, and external systems (e.g., payment gateways, APIs).
  • Migration Strategy:
    • Rehost (Lift-and-Shift) for compute and database workloads to minimize downtime.
    • Replatform for storage and application modernization using Azure-native services.
  • Sizing and Cost Estimation:
    • Used Azure Migrate to assess resource requirements and estimate costs.
    • Mapped OCI resources (e.g., shapes, storage tiers) to equivalent Azure resources.

Step 2: Infrastructure Setup in Azure

  • Networking:
    • Created a Virtual Network (VNet) with subnets for frontend, backend, and database layers.
    • Configured Azure VPN Gateway for hybrid connectivity between OCI and Azure during migration.
    • Set up NSGs (Network Security Groups) to control traffic at the subnet and NIC levels.
  • Compute:
    • Deployed Azure Virtual Machines for OCI compute instances.
    • Used Azure Kubernetes Service (AKS) for containerized workloads.
  • Database:
    • Provisioned Azure Database for PostgreSQL and Azure Database for Oracle for transactional and analytical workloads.
  • Storage:
    • Used Azure Blob Storage to replace OCI Object Storage.
    • Enabled Azure Storage Lifecycle Management for cost optimization.
  • Key Management:
    • Migrated encryption keys from OCI Vault to Azure Key Vault.

Step 3: Data Replication

  • Database Migration:
    • Used Azure Database Migration Service (DMS) for Oracle and PostgreSQL databases.
    • Enabled Change Data Capture (CDC) for near real-time replication to minimize downtime.
  • File Storage Migration:
    • Used AzCopy to transfer files from OCI Object Storage to Azure Blob Storage.
    • Verified data integrity post-migration.
  • Application Data:
    • Exported application configurations and re-imported them into Azure.

Step 4: Security Configuration

  • Identity and Access Management:
    • Integrated applications with Azure Active Directory (AAD) for Single Sign-On (SSO) and Role-Based Access Control (RBAC).
    • Migrated IAM policies from OCI to Azure RBAC.
  • Firewalls:
    • Deployed Azure Firewall in the Hub VNet for centralized traffic filtering and inspection.
    • Configured NSGs to allow only necessary traffic to Azure resources.
  • Encryption:
    • Ensured data at rest and in transit was encrypted using Azure Key Vault and TLS.

Step 5: Testing and Validation

  • Functional Testing:
    • Verified application functionality end-to-end in the Azure environment.
  • Performance Testing:
    • Simulated peak traffic to ensure scalability and performance.
  • Security Testing:
    • Validated firewall rules, NSGs, and IAM configurations.
  • Data Validation:
    • Compared source and target datasets to ensure data integrity.

Step 6: Cutover

  • DNS Update:
    • Updated DNS records to point to Azure-hosted resources.
  • Monitoring:
    • Enabled Azure Monitor and Application Insights for real-time monitoring and logging.
  • Rollback Plan:
    • Kept the OCI environment operational during the initial cutover as a fallback.

2. How Networking Was Handled

  • Hybrid Connectivity:
    • Established an IPSec VPN between OCI's Dynamic Routing Gateway (DRG) and Azure's VPN Gateway for secure data transfer during migration.
  • Routing:
    • Configured User-Defined Routes (UDRs) in Azure to route traffic between OCI and Azure subnets.
  • Segmentation:
    • Used Hub-and-Spoke Topology in Azure to centralize traffic control and inspection.
  • Public Access:
    • Used Azure Front Door for global traffic distribution and secure public access.

3. How Security Was Handled

  • Identity Management:
    • Migrated user roles and permissions to Azure Active Directory (AAD).
    • Enabled Conditional Access Policies for enhanced security.
  • Traffic Filtering:
    • Deployed Azure Firewall for centralized traffic inspection.
    • Configured NSGs to restrict traffic at the subnet and NIC levels.
  • Encryption:
    • Migrated encryption keys from OCI Vault to Azure Key Vault.
    • Ensured all data was encrypted at rest and in transit.

4. How Data Replication Was Handled

  • Databases:
    • Used Azure Database Migration Service (DMS) for Oracle and PostgreSQL databases.
    • Enabled Change Data Capture (CDC) for near real-time replication to minimize downtime.
  • File Storage:
    • Used AzCopy to transfer files from OCI Object Storage to Azure Blob Storage.
    • Verified data integrity post-migration.
  • Application Data:
    • Exported application configurations and re-imported them into Azure.

5. How Cutover Was Handled

  • DNS Update:
    • Updated DNS records to point to Azure-hosted resources.
  • Monitoring:
    • Enabled Azure Monitor and Application Insights for real-time monitoring and logging.
  • Rollback Plan:
    • Kept the OCI environment operational during the initial cutover as a fallback.

Outcome

  1. Seamless Migration: Applications and data were successfully migrated with minimal downtime.
  2. Enhanced Security: Leveraged Azure AD, Azure Firewall, and NSGs for robust security.
  3. Improved Scalability: Azure's global infrastructure ensured better performance and scalability.
  4. Cost Optimization: Reduced operational costs through Azure Reserved Instances and Storage Lifecycle Management.

Conclusion

This migration process demonstrates how networking, security, data replication, and cutover were carefully planned and executed to ensure a seamless transition from OCI to Azure.