MonthJanuary 2019

Tag All Resources Based On Resource Type In Resource Group

Recently I’ve been working closely with a few of our Azure Consultants in our delivery team around defining best practices and how we can speed up/automate as much of our deployment standards on a clients Azure environment.

At the moment we are focusing a lot on governance standards, these encompass features like:

  • Azure Policy
  • Resource Tags
  • Management Groups
  • etc…

Resource Tags are an essential part of any Azure environment. My take on them is the more there are the better! (As long as keys are consistent across resources of course)

The Problem…

We do a lot of retro-tagging on resources in our clients Azure environments to assist in bringing them inline with our standards. And also to enable their Azure subscriptions to slot into our management tools, which we use tags heavily for to control certain things etc…

One problem we face quite regularly is that some resources have started to of been tagged, whilst others haven’t. Normally we find the tags that have made their way onto resources is actually down to a deployment template from a marketplace resource. like Jenkins Server, rather than being manually created and set by an IT admin.

This normally means that scripting tag creation/setting on resources with most of the existing PowerShell scripts we have and are also available over the internet are unusable. This is because these scripts generally just replace the tags, if any are in place already; not ideal at all!

The Solution…

So with the above problem becoming ever more a time consuming block for our teams internally, I decided to get my head down in VS Code and write a new PowerShell script that will overcome this issue!

I’m glad to say that after about 3/4 hours of work and constant testing with different environment scenarios, I accomplished it!

The script is available on my ‘PublicScrips’ GitHub repository here!

Please feel free to download, use, edit, alter and report any issues with the script either below in the comments or via GitHub directly and I will do my best in my spare time to resolve any issues reported.

Obviously as with any script you find on the internet, please test it on a subset of resources before letting it loose on your entire environment. Whilst I have tested this script over 50+ times and on different environments to ensure if handled all possible scenarios, I cannot guarantee that to anyone that it is 100% error free (although I don’t think its bad, even if I do say so myself 😀 ).

Summary

Enjoy the script! And please do let me know of any issues you find.

Also let me know of any future feature requests or other common scripting issues you face that you may like me to tackle in the future, in the comments below or via Twitter!

Like, Share, Follow!
error

Azure Subscription Migrations

** UPDATE – 07/05/2019 – Version 4 of the Azure Resource Migration Support Tool released – Click on link below to get a copy of it **

Recently I have had an abundance of requests from our sales teams & account managers regarding Azure Subscription migrations. Whether it be from PAYG (Pay-As-You-Go) to CSP, EA to CSP, CSP to PAYG or just PAYG to PAYG.

Whatever the source and destination subscription model is, the answer I give is the same!

Every migration for each customer is going to be different 99% of the time and in the majority of cases is not as simple as the click of the migrate button from within the portal and away you go. Perhaps one day it will be; I’ll be a very happy man that day for sure!

So in this post I will share with you how I approach these requests and a tool I have developed to help speed the assessment process up significantly.

Please note this article will focus on subscription level migrations, however the tool accommodates for Resource Group level migrations as well!

Before you even think about migrating…

There are a few key points of information that you need to gather/understand when starting with one of these requests.

  1. Why does the customer want to migrate subscriptions?
  2. What subscription model are the source and destination subscriptions using; or going to use?
    1. PAYG
    2. CSP
    3. EA
    4. Other… (MSDN, BizSpark etc…)
  3. An export of all resources from all of the source subscriptions.
  4. Timescales for migration completion.

All of these questions are important to have an answer for before beginning your approach to the migration.

Questions 1 and 4 are more to help understand the “why” from the customer and to set expectations early on timescales. Because we all know sometimes timescale expectations can be unrealistic and it’s important for us to reset them accordingly if so.

Questions 2 and 3 will help define some technical paths you will need to follow and various limitations that each combination may have.

Subscription Migration Support Matrix

I feel know is a good time to lay out all of the combinations for subscription migrations and what initial approach should be taken.

Apologies for the length of this table but there are a lot of possible different combinations!

Source
Subscription
Model
Destination
Subscription
Model
Migration
Supported
Migration
Approach
Notes
PAYGEAYesJust a back-end Azure billing change.
No downtime
PAYGCSPYesResources must be migrated between subscriptions.
Possible downtime & limitations.
Check services are available in CSP.
No classic (ASM) resource supported in CSP.
PAYGMSDN/BizSparkYesResources must be migrated between subscriptions.
Possible downtime & limitations.
PAYGPAYGYesResources must be migrated between subscriptions.
Possible downtime & limitations.
EAPAYGYesResources must be migrated between subscriptions.
Possible downtime & limitations.
EACSPYesResources must be migrated between subscriptions.
Possible downtime & limitations.
Check services are available in CSP.
No classic (ASM) resource supported in CSP.
EAMSDN/BizSparkYesResources must be migrated between subscriptions.
Possible downtime & limitations.
EAEAYes/No/Not NormalIf different Azure AD Tenant same as EA to PAYG.
If same Azure AD Tenant, why are you migrating as you can just change subscription owner instead.
N.B. this not a migration I have ever come across to date.
MSDN/BizSparkEAYesJust a back-end Azure billing change.
No downtime
MSDN/BizSparkPAYGYesResources must be migrated between subscriptions.
Possible downtime & limitations.
MSDN/BizSparkCSPYesResources must be migrated between subscriptions.
Possible downtime & limitations.
MSDN/BizSparkMSDN/BizSparkYesResources must be migrated between subscriptions.
Possible downtime & limitations.
CSPMSDN/BizSparkYes/Not NormalResources must be migrated between subscriptions.
Possible downtime & limitations.
CSPEAYes/No/Not NormalBelieve this would have to be treated as if it were PAYG to PAYG as CSP subscription has some back-end billing differences. Therefore doubtful that EA subscription import/billing change process will not work.
Resources must be migrated between subscriptions.
Possible downtime & limitations.
CSPPAYGYesResources must be migrated between subscriptions.
Possible downtime & limitations.
CSPCSPYesBack end billing change but must be requested in certain way and currently no automated way to do this.
See: https://docs.microsoft.com/en-us/azure/cloud-solution-provider/customer-management/switch-subscription-to-different-csp-partner

Assessing Resource Migrations Between Subscriptions

As you have seen in the table above, the majority of migrations require you to migrate the actual Azure resources between subscriptions. As mentioned before and in the table rows, this sometime incurs downtime and also there are various limitations per Azure resource type (VM’s, NSG’s, App Services etc…).

Now there used to be a handy little tool that someone created for CSP migration assessments called the “Azure CSP Assessment”. This was an Azure hosted web app located here: https://azurecspassessment.azurewebsites.net/ but as you can see the site is now longer up and running 🙁

However using the tool was always a risk as the list of resources that support subscription migration and the various limitations changes at quite a pace; as does everything in the Azure world, right!

So it used to mean that I get an export of the customers source Azure subscription resources and resource types using the below PowerShell command:

Get-AzResource | Export-Csv PATHTOFILE.csv

Then using the exported CSV file I would use Excel and the following below pages on Azure Docs to go through each resource type and check its compatibility and limitations:

  1. https://docs.microsoft.com/en-gb/azure/azure-resource-manager/move-support-resources
  2. https://docs.microsoft.com/en-gb/azure/azure-resource-manager/resource-group-move-resources
  3. https://docs.microsoft.com/en-us/azure/cloud-solution-provider/overview/azure-csp-available-services – Only when migrating to CSP

To say this was long winded and painful is an understatement certainly!

Azure Resource Migration Support Tool

So that’s why I have created a handy Excel Workbook that does all the work in comparing against the information in links 1 and 2 above with a simple copy and paste of specific columns from the exported CSV.

I also thought it would be a shame not to share this tool so here it is available for any of you reading this to use for free!

Azure Resource Migration Support Tool V2

Azure Resource Migration Support Tool V4

All instructions on how to use the tool are on the “Intro Page” sheet within the workbook/spreadsheet.

I will be periodically checking the Azure Docs pages and updating any changes to resources that are now supported for migration to this tool and i will update this page with the latest version of the tool.

What do I do once I’ve used the tool to assess my resources…

Well firstly, please comment below or get in touch with me via Twitter, LinkedIn or e-mail me with any feedback or features you would like in newer releases of the tool.

Once you’ve done that and used the tool to assess your resources in your source subscription, it is highly likely you have a good idea about how you need to proceed.

I strongly suggest running this as a project within your company as it is not as simple as clicking a migrate button. I’ve even called it a “Virtual Data Centre Move” as it really can have the same potential devastating unplanned outages if you don’t treat it with the correct attention and detailed planning.

Personally I suggest building a project plan, if you have a Project Manager to help you, even better. Detail every task you are going to need to do before, during and after the migration, some examples below:

  • Create destination subscription
  • Attach destination subscription to existing (same as source subscription) Azure AD tenant – THIS IS MANDATORY AT THIS TIME, BOTH SUBSCRIPTIONS MUST BE IN THE SAME AZURE AD TENANT
  • Change Public IP SKUs for Resources: X, Y & Z
  • etc…

Once you have your plan built, start raising RFC/Changes (if required) to get this work completed. Some of this work may even require re-provisioning resources to get them on the correct SKUs etc… so it would also be prudent to get any other internal teams involved to assist with testing etc… if you aren’t able to do this yourself during your changes.

Nobody likes the dreaded out of hours phone call when something you couldn’t test doesn’t work after a change.

Once you’ve made all of the prerequisite changes, its now time to probably download the latest version of the tool, export all your resource into a CSV again and check for any additional changes that you may need to make as things may of changed from the Azure side.

If nothing has then that’s great news as you haven’t got to go back through the whole process again. You should now make sure that all Resource Providers in use in the source subscription are registered in the destination subscription.

To check the Resource Providers in use in the either subscription use the following PowerShell command (please note you’ll need to change subscriptions within your PowerShell session using the first 2 commands in the below block):

##Find Subscription ID##
Get-AzSubscription

##Change Subscription Within PowerShell Session##
Select-AzSubscription -SubscriptionId 'PASTE ID HERE'

##Check Resource Providers For Selected Subscription##
Get-AzResourceProvider -ListAvailable | Select-Object ProviderNamespace, RegistrationState

You should get the below output for the Resource Provider command. (I’m using CloudShell, check it out if you aren’t already):

Compare both subscription outputs against each other, using Export-Csv may be your friend here. And then register any providers in the destination subscription that are registered in the source subscription but not in the destination.

To register Resource Providers use the below command (again please note you’ll need to make sure you’ve changed your sessions selection to the correct subscription again using the above commands):

##Register Resource Provider##
Register-AzResourceProvider -ProviderNamespace 'PROVIDER NAMESPACE PLEASE CHANGE'

You should get the below output when registering a provider:

Once you have registered all the required providers run one last comparison check and then you can proceed to actually pushing that ‘Move to another subscription’ button on your resources/resource groups as per your plan.

Summary

As you can see by the length of this article the process is not always straight forward and can be quite a long process from start to finish.

Please let me know your feedback for the tool via any method that I mentioned above.

And more importantly I hope this article helps you plan your migration to be successful.

Like, Share, Follow!
error

© 2019 Jack Tracey

Theme by Anders NorénUp ↑