This year I thought I’d try and embrace as much of the Microsoft Cloud technology that is available. However, I’d try and approach it through the lens of a SMB business moving to the cloud but also lay it out in a staged manner for easier comprehension. This post therefore represents the first in a series of posts that covers the methods and configuration you can take in moving your infrastructure to the cloud.
That said, there is no one single approach or method that will work for all. However, by running through the various options and also explaining what value these may have, hopefully people will get a better idea of all the options that are available. As I said, there isn’t necessarily any right or wrong here, just my thoughts on the approach that I take given typical scenarios I see.
The first thing you’ll need to go and do is get a Microsoft 365 tenant. I’ll cover off what I recommend specifically and why in later posts, but for now, you’ll need to have a tenant.
Next, you’ll need to add a paid Azure subscription to this same tenant. I have detailed about this approach here:
Deploy Office 365 and Azure together
In short, doing so will give you more options and capabilities, especially when it comes to infrastructure. The good news is that you’ll only pay for what you use, so as you build your solution out you can keep costs down.
With you Microsoft 365 and Azure subscriptions in place, I would suggest that the starting point should be a site to site VPN to Azure. This basically extends your on premises network to Azure.
In my situation, I have Ubiquiti equipment so I followed articles like:
Connecting Ubiquiti Unifi USG to Azure via VPN
The Azure Site to Site VPN documentation is here:
Create a Site-to- Site connection in the Azure portal
This article is also handy:
Step by step: Configuring a site to site VPN gateway between Azure and on premises
Given that there are already a lot of detailed documents out there on doing this I’m not going to cover this off here. However, you’ll basically need to:
1. Create a virtual network in Azure.
2. Create a virtual network gateway in Azure and connect to the virtual network you created above.
3. Create a connection from the virtual network gateway in Azure back to your on premises environment.
4. Configure the on premises equipment to connect to Azure.
When complete, you should have something that looks like the above. There isn’t a lot that you can do with this configuration just yet, but it is going to be the basis for what is used going forward. What it gives us in effect is a single network that spans both on premises and Azure.
Now, let’s consider the costs.
An Azure virtual network is free.
There are a number of different VPN options in Azure per:
In this case I’m going to select the Basic VPN, simply because it has enough bandwidth and tunnels, etc for my needs. However, the Basic VPN is typically only recommended for dev/test environments, but to keep costs down here I’ll use that going forward.
So, if I now use the Azure Pricing Calculator to get an estimate of the costs I get the above (in Australian dollars out of an Australian datacenter). Cost will vary depending on currency and location. You should also note that basically:
1. Data transfers into Azure are free.
2. You get the first 5 GB of data transfers out of Azure for free also.
So my expected initial VPN cost will be:
AU$36.08 per month
for up to 5GB of outbound (unlimited inbound) traffic.
What’s the comparison cost if we step up to the next level of VPN?
You see that the cost jumps to AU$190.44 per month.
How easy is it to change VPN gateways in azure if you wanted to? Deleting and re-creating is easy, the downside is simply the time taken. This is because the time required to spin up a VPN Gateway in Azure is between 30 – 45 minutes generally. When you do so, you may also get a different external IP address for the gateway, which would mean a change to the configuration of the on premises environment. However, all of this isn’t difficult to do if needed. So for now, I’m going to stay with the Basic gateway because it is all I need and I want to keep costs down.
When I look at my bill for the month, as it turns out, the cost of the Basic VPN Gateway for the month, shown above, is pretty much what the calculator determined. The variance is probably just a small amount of outbound data that I used. So, you can be pretty confident that the cost of the VPN with less than 5GB of outbound traffic will be a fixed cost per month. We’ll cover how to budget for outbound traffic in upcoming articles, so stay tuned. However, for now, I know I am going to have a fixed cost of AU$36.08 for just my Basic VPN gateway every month. Add that to the budget.
In summary, one of the first steps in migrating an on premises environment to the cloud is to establish a site to site VPN. You can do this easily with Azure and the expected costs for the most configuration is around AU$36 per month. The benefit of this is that you have now extended you on premises network to Azure and can start taking advantage of the services there.
Watch out for upcoming articles on the next stages of this process.
CIAOPS 
3 thoughts on “Moving to the Cloud–Part 1”