Strategic Datacenter Modernization

Azure MEG Integration: Migrating 238+ VMs & 60 Multi-Tier Applications

Modernization Roadmap

The Business Case: TCO & Readiness

01

Assessment (MRA): Achieved a 85% Readiness Score. Identified $500k CapEx avoidance over 3 years.

Current State: $1.2M 3-year TCO (Legacy lease, PDU refresh, idle capacity).
Future State (Azure): $840k 3-year TCO (Optimized via Right-sizing Reports & AHB).
Scale: 238+ VMs, 60 Applications, 30TB SQL/Blob Data.

3-Year Estimated Savings

$1.2M

$840k

-30% Reduction

Validated via Azure Migrate Business Case Report

Architecture: Enterprise-Scale Landing Zone

02

Identity: Extended AD to Azure via Domain Controllers in Identity Subscription.
Connectivity: Hub-and-Spoke topology ensuring traffic segregation via Azure Firewall.
Resiliency: Established 15-minute RPO using Azure Site Recovery (ASR) as the migration engine.
Governance: Enforced "Zero Trust" via Azure Policy at the Management Group scope.

On-Prem (Hyper-V)

ExpressRoute / ASR

HUB (Firewall/VNET)

SPOKE A
(Prod)

SPOKE B
(Dev/Test)

Discovery & Assessment Analytics

03

App & Server Assessment

Utilized Azure Migrate: Discovery and Assessment to generate per-VM readiness reports.

Readiness Stats: 210 Ready, 28 Ready with conditions (Driver updates).
Right-sizing: Identified 15% CPU over-provisioning; reduced costs by switching to D-Series VMs.

Action Center Troubleshooting

Resolved 12 WMI connectivity errors and firewall blocks using the Azure Migrate Action Center to ensure 100% discovery coverage.

Dependency Mapping

Implemented Agentless Dependency Analysis to visualize multi-tier app flows.

Mapping 'Chatty' dependencies to ensure Wave integrity.

Secure Connectivity & RBAC

04

Private Link Integration

Configured Azure Migrate over Private Endpoints to ensure all discovery and metadata stayed within the private network.

Critical Firewall Port Requirements

Port	Service	Direction
TCP 443	HTTPS / API	Outbound to Azure
TCP 445	SMB/WMI Discovery	Appliance to Target
TCP 135	RPC Discovery	Appliance to Target

Migration RBAC Governance

Enforced Least Privilege for migration personas:

Discovery Lead: `Contributor` on the Azure Migrate project.
Replication Lead: `Virtual Machine Contributor` + `Site Recovery Contributor`.
Assessment Ops: `Reader` on the Target Subscriptions.

Enterprise Billing & Governance

05

Financial Architecture: Aligned the 238+ VM footprint with the EA (Enterprise Agreement) billing model for maximum cost transparency.

Billing Hierarchy Detail

Structured the **EA / MCA** environment to ensure chargeback accuracy:

 Billing Account (Enrollment)
 Department (e.g.,
                                    Financial Services)
 Account (Production
                                    Ops)
 Subscription (Workload A, B,
                                    C)

EA vs. MCA Model

Transitioned from legacy EA Direct to a modern Microsoft Customer Agreement (MCA) to leverage improved Azure Cost Management APIs.

CSP & EA Optimization

Evaluated **CSP** vs **EA** for enrollment accounts to simplify invoicing across departments.

Operational Readiness & Wave Planning

06

Governance: Aligned with the Microsoft Migration Execution Guide (MEG) for risk-free cutovers.

T-Minus Communication Plan

T-30 Days: Stakeholder notification & Change Request (CR) submission.
T-7 Days: Application "Blackout" period starts; final data sync check.
T-24 Hours: Final "Go/No-Go" readiness call with all Leads.
T-2 Hours: The Point of No Return. Trigger rollback if latency > 200ms.

Wave Matrix

12 Waves

Grouped by dependency clusters to eliminate cross-cloud lag.

Mission Results: Datacenter Exit

07

$500k

CapEx Saved

via Right-sizing Reports

238+

VMs Migrated

60 Apps In-Production

100%

Service Uptime

Zero rollback incidents

Back to Projects