Lessons Learned migrate between Azure EA and Azure CSP Subscription.

Hello,

Welcome to my first blog ever.

This blog is about a migration a recently did for a customer and the things i learned .

The customer needs Resources  to migrate between 2 different Azure Tenants and from Enterprise Agreement to CSP Subscription.

It’s not possible to do a convert from Azure EA Subscription to CSP. You need to move resources from source subscription (EA) to destination subscription (CSP). This is a manual process and takes a bit of time.

First of all subscriptions needs to be associated with eachother

  1. Assign the MSA account as the Service Administrator on the source subscription
  2. Using the MSA account -> change the Default Directory to the destination director
  3. Using the MSA account -> Add destination directory admin user as a co-administrator to source subscription

Once this done login in the CSP tenant and now see if you can see the subscription which you’ve assigned yourself access to.

This process can take up to 15 or 30 minutes depending on the resources in your EA subscription , as this process got stuck while i was doing it i contacted Microsoft to see if they could help me out. Solution : just un-assign and assign it again the whole process starts again and then it will be there .

At the moment i got my subscription visible in the CSP tenant i was able to move Resources like the normal procedure within the Ibiza Portal.

Just Move and then select to another Subscription instead of Another Resource Group.

While migrating i learned the following things :

  1. Make Sure no SSL Certificates are bind to the Webapps or Custom Domains.
  2. Classic Resources are not able to move
  3. Marketplace items are not able to move
  4. Sendgrid is not supported in CSP
  5. Scalesets cannot be moved when containing a Managed disk
  6. Resources linked to eachother need to be in the same resourcegroup before a move can be done.
  7. Try Recreating resources which can not be moved via ARM Templates

 

 

 Services that enable move:

For now, the services that enable moving to both a new resource group and subscription are:

  • API Management
  • App Service apps (web apps) – see App Service limitations
  • Application Insights
  • Automation
  • Batch
  • Bing Maps
  • CDN
  • Cloud Services – see Classic deployment limitations
  • Cognitive Services
  • Content Moderator
  • Data Catalog
  • Data Factory
  • Data Lake Analytics
  • Data Lake Store
  • DNS
  • Azure Cosmos DB
  • Event Hubs
  • HDInsight clusters – see HDInsight limitations
  • IoT Hubs
  • Key Vault
  • Load Balancers
  • Logic Apps
  • Machine Learning
  • Media Services
  • Mobile Engagement
  • Notification Hubs
  • Operational Insights
  • Operations Management
  • Power BI
  • Redis Cache
  • Scheduler
  • Search
  • Server Management
  • Service Bus
  • Service Fabric
  • Storage
  • Storage (classic) – see Classic deployment limitations
  • Stream Analytics
  • SQL Database server – The database and server must reside in the same resource group. When you move a SQL server, all its databases are also moved.
  • Traffic Manager
  • Virtual Machines
  • Virtual Machines with certificate stored in Key Vault – Move to new resource group in same subscription is enabled, but cross subscription move is not enabled.
  • Virtual Machines (classic) – see Classic deployment limitations
  • Virtual Machine Scale Sets
  • Virtual Networks – Currently, a peered Virtual Network cannot be moved until VNet peering has been disabled. Once disabled, the Virtual Network can be moved successfully and the VNet peering can be enabled. In addition, a Virtual Network cannot be moved to a different subscription if the Virtual Network contains any subnet with resource navigation links. For example, a Virtual Network subnet has a resource navigation link when a Microsoft.Cache redis resource is deployed into this subnet.
  • VPN Gateway

 

Services that do not enable move

The services that currently do not enable moving a resource are:

  • AD Domain Services
  • AD Hybrid Health Service
  • Application Gateway
  • Availability sets with Virtual Machines with Managed Disks
  • BizTalk Services
  • Container Service
  • Express Route
  • DevTest Labs – Move to new resource group in same subscription is enabled, but cross subscription move is not enabled.
  • Dynamics LCS
  • Images created from Managed Disks
  • Managed Disks
  • Managed Applications
  • Recovery Services vault – also do not move the Compute, Network, and Storage resources associated with the Recovery Services vault, see Recovery Services limitations.
  • Security
  • Snapshots created from Managed Disks
  • StorSimple Device Manager
  • Virtual Machines with Managed Disks
  • Virtual Networks (classic) – see Classic deployment limitations
  • Virtual Machines created from Marketplace resources – cannot be moved across subscriptions. Resource needs to be deprovisioned in the current subscription and deployed again in the new subscription

i used the following sources :

  1. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources
  2. https://blogs.technet.microsoft.com/hybridcloudbp/2016/08/26/azure-subscription-migration-to-csp/
  3. Microsoft Center of Excellence team prepared a great set of materials called “Azure EA/Direct to CSP Migration Accelerator”. It includes slide decks, migration guides and ready-to-use scripts. You can download it here
Questions or Comments just ask!
Regards,
Jeroen

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *