Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A workload must be cloud-ready before migration to Azure. Cloud readiness reduces cutover risk and ensures compatibility with Azure services. You should validate, secure, and automate workloads in Azure before production cutover. Use your Azure architecture plan and your workload assessment.
Fix compatibility issues in Azure
Azure compatibility issues block workload migration and must be resolved before production deployment. Azure environments require specific configurations, supported operating systems, and current drivers to function correctly. You should address these issues systematically to ensure successful execution of your migration.
Deploy all workload resources
Create Azure subscriptions for workload environments. Create separate subscriptions for development, test, and production environments to ensure proper isolation, cost tracking, and governance. Place subscriptions in the appropriate management group and apply environment-specific governance policies, role-based access control assignments, and cost management budgets. For more information, see Create your subscriptions.
Use your architecture plan. Use the architecture plan you created during cloud adoption planning to deploy the right Azure architecture. Ensure that the architecture aligns with any updated workload requirements. For architecture planning, see Azure architecture planning.
Deploy all workload components. In a test subscription, create compute (virtual machines, web apps, containers) datastores (databases, storage accounts), load balancers, managed identities, virtual networks, and DNS resources.
Validate the completeness of the test environment. Confirm that all dependencies, configurations, and integrations are present. Missing components can lead to false positives or undetected issues during testing.
Resolve compatibility issues
Review the documented compatibility requirements and known issues. Use the workload assessment from the CAF Plan phase. This assessment identifies unsupported configurations and dependencies that must be remediated.
Resolve each compatibility issue using Azure solutions. Apply the following remediations in the test environment: completed during the CAF Plan phase to understand documented compatibility requirements Address compatibility issues within your Azure test environment rather than modifying your source environment. See the following common compatibility problems:
| Compatibility issue | Solution | Why it matters |
|---|---|---|
| Unsupported OS versions | Upgrade to supported operating systems | Azure requires supported OS versions for security updates and platform compatibility |
| Legacy NIC drivers and BIOS | Update drivers and BIOS firmware | Modern drivers ensure network performance and security in Azure VMs |
| Local file I/O dependencies | Replace with Azure Blob Storage or Azure Files | Cloud-native storage provides better scalability and integration |
| Hardcoded IP addresses | Replace with service discovery mechanisms like DNS or app configurations | Dynamic addressing supports Azure networking and resilience |
| Host-based antivirus software | Integrate with Microsoft Defender for Cloud | Cloud-native security provides better threat detection and management |
| Hardcoded user accounts | Replace with managed identities | Managed identities eliminate credential management and improve security |
Validate workload functionality
After resolving compatibility issues, ensure your workloads function correctly in the Azure environment. Comprehensive testing is essential to confirm that all components, configurations, and integrations meet business and technical requirements. This validation process reduces risks and ensures a smooth transition to production deployment.
Validate network connectivity
Test connectivity between all components. Use Azure Network Watcher connection troubleshoot to verify that application tiers can communicate with each other and with external services. This validation confirms that network security groups, routing tables, and DNS configurations allow required traffic flow. This tool provides detailed insights into connectivity issues and identifies specific configuration problems that prevent communication.
Verify external service connectivity. Test connections to external APIs, databases, and external services that your workload depends on. Use Network Watcher to validate that outbound connectivity works correctly and that firewall rules allow required traffic. Document any connectivity requirements for production deployment.
Validate authentication flows
Test user authentication flows. Use test user accounts to verify that identity providers like Microsoft Entra ID are accessible and that authentication works correctly. Test different authentication scenarios including single sign-on, multifactor authentication, and password reset flows to ensure complete functionality.
Validate service-to-service authentication. Test authentication between application components using service principals and managed identities. Confirm that Azure role-based access control (RBAC) permissions are correctly configured and that services can authenticate to required resources like databases and storage accounts.
Conduct functional and performance testing
Execute comprehensive functional testing. Conduct user acceptance testing (UAT), integration testing, and regression testing to confirm that the application meets business and technical requirements. Test all critical user workflows and business processes to ensure they work correctly in the Azure environment. Document any functional issues and resolve them before production deployment.
Measure performance under realistic load conditions. Use Azure Load Testing to simulate realistic user traffic and measure response times, throughput, and resource utilization. Configure load tests to reflect expected production usage patterns and peak load scenarios. Load Testing provides detailed performance metrics and identifies bottlenecks that could affect user experience.
Validate performance against baseline. Reference the performance baseline metrics documented during the CAF Plan workload assessment. Compare test results to established performance baselines from your source environment. Identify any performance degradation and optimize configurations, scale resources, or modify code to meet performance targets.
Include stakeholders in acceptance testing. Conduct acceptance testing with business users to confirm that the workload meets business expectations and user experience requirements. Business validation ensures that the workload delivers expected value and functionality before production deployment.
Create reusable infrastructure
Once your modernized solution passes all tests in the nonproduction environment, you should capture the infrastructure setup and configurations as code, so it can be easily replicated in production and future environments. Reusable infrastructure means using infrastructure-as-code (IaC) templates and automation for consistency and speed.
Create IaC templates for proven configurations. Take the final architecture of your test environment (which mirrors what you want in prod) and codify it. Use Bicep, Terraform, or Azure Resource Manager templates to define your infrastructure. Parameterize these templates so they can be reused for different stages, like dev, test,prod with small tweaks like names or sizes. This setup ensures that the production environment you create matches what you tested. It avoids the human error in manually clicking around Azure portal to create resources. It also means if you ever need to recreate the environment, like for disaster recovery or deploying to new regions, you have the infrastructure deployment ready. For more information, see CAF Manage - Manage code-based deployments.
Store templates in version control. Check your infrastructure code into a Git repository (alongside the application code or in a separate repo). Use GitHub or Azure DevOps to manage IaC assets with proper version control. Version control enables code reviews, supports team collaboration, and encourages template reuse across projects. This approach provides complete traceability for infrastructure changes and supports rollback capabilities when issues occur.
Automate dependency installation and configuration. Create scripts or pipeline tasks to deploy these templates and also handle any required configuration or seeding tasks. Use Azure Pipelines, GitHub Actionsto run deployment jobs that take the IaC template and deploy to a target subscription/resource group. Automate installing app dependencies, configuring settings, and secrets management. The goal is one-click (or one-command) environment setup: from nothing to a fully running environment that matches what you tested.
Test the IaC and automation end-to-end. Use a separate Azure subscription or resource group as a sandbox and practice deploying your entire environment from scratch using your templates and scripts. Test that your IaC templates, pipelines, and scripts can create the complete infrastructure stack from nothing. Test different deployment scenarios including initial deployment, configuration updates, and rollback procedures to confirm the automation works correctly.
For more information, see Design a workload development supply change and Infrastructure as code in WAF.
Create deployment documentation
Even with automation, having good documentation around deployments is crucial for audit, for onboarding new team members, and for future maintenance. Deployment documentation should cover configurations, procedures, and rollback steps in human-readable form.
Document configuration settings and steps. Record all environment-specific settings, connection strings, service endpoints, and security configurations in accessible documentation. Include step-by-step deployment instructions, prerequisite requirements, and post-deployment validation steps. This documentation enables consistent deployments and supports troubleshooting when issues occur. If a new engineer had to deploy, they could read this document and follow along or understand the pipeline’s output.
Update rollback and recovery procedures. After you complete your tests, formalize steps to revert changes when deployment issues occur. Include rollback triggers, data backup and restoration procedures, and recovery validation steps. Test rollback and recovery procedures regularly to ensure they work correctly when needed. This preparation reduces downtime.
Collect all this documentation in a central location. Use SharePoint, GitHub, or a wiki to store this information. Ensure the team and support personnel know where to find it. In a high-stress incident, having clear docs at hand is a lifesaver.