Close this search box.

Understanding the migration source systems: typical (SMB) workloads

Before designing any cloud landing zone for (SMB) customers, you need to have a perfect understanding of what workloads you can expect at the source system.

Take a look at my drawing; I used to sell similar PODs in a multi-tenant shop. Each customer had their own virtual datacenter (not using VMware vCloud Director; but a similar concept).

How minimal/typical (SMB) IT looks like?

I. Core/Networking services

I am not going into the details of SMB customers’ basic networking services, but you can imagine a standard boring subnet with DNS, DHCP services enabled. Active Directory is likely on Windows box unless Linux shop with OpenLDAP, Samba and some kind of open source Office, etc. Typical NAT, computers (servers and desktops) can access public internet (outbound traffic) and users can access some of the internal services – port forwarding (VPN most likely) connecting from externally (inbound traffic).

II. Likely Windows based workloads

II/1 Identity Services (Windows Active Directory)

Beyond networking, identity is the most critical and foundational service for every customer. It’s an obvious fact when you have multiple computers joined to Domain you need to have a centralized registry to manage usernames and passwords; see objects in the domain (such as joined computers) and be able to allocate some policies to the computers.

II/2 File Server Services (Samba, CIFS, SMB file share)

There is user data stored as files. Most created by users: documents, presentations, charts, drawings, etc.

Some of the files used by applications as shared files to save user work (think about dBase, Microsoft Access, or just text files (XML, JSON, etc.) to store data.

When it comes to working together i.e. opening & editing the same Excel or PowerPoint together as a Team; Microsoft 365 requires users to put files on “modern online cloud-based locations” such as One Drive and SharePoint. They operate behind Microsoft Teams.

If you have such requirements; I am not sure that even Azure Files/Sync is a good idea. I will investigate this topic later, but it seems Microsoft wants users to put their Office documents on their cloud storage if they want to work together and legacy SMB storage (such as NetApp) is not necessarily preferred.

II/3 Database Services (OSS databases; MS SQL Server, Oracle, DB2, etc.)

There is user data stored in databases. Because of securing legacy LOB applications, you do not want to move the database and the client app too far from each other. There is something called database cursor/window and fetching. Still, in 2022 there are many LOB apps designed for low latency LAN where the connection between the database server and desktops running the application is low. If you introduce a high latency VPN connection between database and client applications there is a risk of a bad user experience (depending on how the application has been coded).

This dilemma introduces the need for Terminal Server (Remote Desktop Session Host) or Virtual Desktop Infrastructure; where applications run next to the database (in the same local network) and users just connect their remote terminal sessions (the keyboard-video-mouse travel on the network; not the database records).

For database migrations, I used this tool at Microsoft to estimate if the application will work in PaaS or you need Managed SQL Instance (IaaS) or SQL in a VM. A combination of a Virtual Desktop and SQL PaaS is a nice design.

II/4 Terminal Server (RDSH/VDI) or Virtual Desktop Services

As mentioned before; the most reliable and secure way of doing remote work is to provide a full desktop/or application streamed to the user. Citrix XenApp and VMware Horizon leading this market. When it comes to Windows only (with a limited connection broker) you will see multiple alternatives. At the end of the day, it’s about

  • good user experience – it’s mainly about the display protocol; Citrix ICA/HDX is the obvious leader; VMware improved a lot over the years, AWS has WorkSpaces leverage Teradici PCoIP, most cases Microsoft RDP does a good job.
  • an easy way of printing – this is soo basic, but sometimes can go complicated; shared (IP) vs. personal printers/scanners (USB)
  • enjoy bi-directional audio – imagine a Zoom, Microsoft Teams, Google Meet, or Cisco Webex call without having audio while you need to share your screen with colleagues.
  • RAW USB device redirection – sometimes it works, sometimes it does not work. Supported WebCams might work via RDP virtual channel; however RAW USB recreation requires special software (drivers) and/or hardware equipment. And remember, USB cables are not necessarily designed for IP redirection (ultra-low latency expected by drivers and applications)

II/5 Backup Solution for VMs, Files, Databases

VM image (block) or File Level? Application, Crash, or File level consistent? What are the RTO and RPO? Many questions here. Some people do not want to spend money on this; so they use free scripts (ghetto VM backup) partly do the job. Some people still stop VMs and copy overnight with PowerShell. Not even using incremental backup. OMG.

Assuming people using backup software; Microsoft shop likely using System Center Data Protection Manager to do this job. When they start using Azure; they will see similar (same) software called Azure Backup Server. VMware has Data Protection. Do not forget about super popular 3rd party backup and replication software such as Veeam. Remember, you can run Veeam on-premies and in multiple clouds Azure , AWS or GCP as Veeam appliance available.

How much does the backup cost on-premises and what’s the expected cost in Cloud? Looks like an easy question, but actually, it’s not. Consider RAW data vs. decrypted data travels on the network. Think about complex retention policies.

II/6 Monitoring and Management Solution

How much space is left on the OS disk (/root or C:\)? Have you installed the latest updates on the OS? What process is killing the CPU on a particular VM? What about noisy neighbors on networking?

Some SMB uses free software to track this. Very few have System Center Operations Manager. VMware offers Update Manager and vRealize Operations. In the cloud, you will have a major dilemma about how to design the same thing at a reasonable price.

III. Likely Linux/OSS based workloads

III/1 DNS – public domain services

This is likely the “bind” service. Probably it’s combined with email and website offering since the same DNS zone was used.

III/2 E-mail – webmail and SMTP, IMAP, POP3, MAPI, etc.

I used free software (such as FreeBSD/SendMail) and later Zimbra (VMware used to offer it). They are all nice, however, Exchange Online (Microsoft 365) and Gmail (Google Workspace) are much better options. Maintaining on-premises mail systems is quite expensive. You can still check and ask local service providers and their offers. But they might not meet the quality of the hyper scalers. Think about SPAM filtering and RBLs. It’s not an easy one. I would move the email to SaaS without any doubt.

III/3 Web sites, App Services – WordPress and similar

Likely every SMB has a website. Moving it to the cloud might work, however, a low-cost WordPress PaaS hosting can always compete with public cloud PaaS offerings. This blog actually runs on SiteGround, which is actually migrated recently to the Google Cloud Platform.

This introcudes a new topic on App Migration. At Microsoft I used this tool to check how IIS can run on Azure App Service. It supports Linux workloads as well.

I will take a look on Cloud Adaption Frameworks: compare and understand what they offer for SMB customers landing in Cloud. I hope its easy to understand and explain to others while not introducing additional complexity to smaller (up to 25 VM) migration projects.

Microsoft Cloud Adoption Framework for Azure – Cloud Adoption Framework | Microsoft Docs

AWS Cloud Adoption Framework (

Adoption Framework  |  Google Cloud

Cloud Adoption Framework | Oracle

Cloud Methodology: Evaluate Cloud Migration Needs & Downtime Tolerance – Alibaba Cloud

Related posts

Comparison of VMware relocation options in public cloud

I keep researching this topic from several perspectives: regional availability, provided architecture, most popular use cases, VMware software versions, provided hardware configuration, and finally the price of a 3-node vSphere cluster in the Cloud.

AWS MiGratioN, GCP Migrate4Cloud, and Azure Migrate pros and cons

It’s been more than 5 years since I am testing and comparing 1st party migration tools. I have seen these tools getting better over the years, with major improvements by acquisitions, end-of-life products, continuous changes, and improvements not just the tools but the methodology around, well-architected, CaF, the concept of the landing zone, 5Rs become 7Rs. In this article, I am sharing my experiences with the most commonly used cloud migration tools.

Oracle Database service for Azure – connecting Azure VM and Power App

I have connected a Database Admin Azure VM running Oracle’s SQL Developer (Windows version) and a Microsoft Power Platform application displaying Oracle’s HR demo schema (via on-premises data gateway on Azure VM connecting with Power Platform’s Oracle Premium Connector) to the same Oracle Database hosted on OCI.

Oracle Database service for Azure – linking subscriptions

As part of my multi-cloud research, I wanted to test Oracle Database Service for Azure. In this article, you will see how to sign up for the new service and how to link Oracle and Azure accounts. I used Frankfurt datacenters, Azure MSDN, and OCI paid account (Free Tier does not work) using my private Azure Active Directory.

Why multi-cloud is the way to go? VMware and Oracle perspective.

While cloud migration is still a popular topic during customer discussions, I have noticed that more and more customers are considering an exit plan from one cloud (vendor lock-in) to another cloud meaning there is an increase in multi-cloud migration demand. VMware, Oracle, and SAP are the major workloads in on-premises data centers today. Based on my research both VMware and Oracle are very vocal about the importance of having a multi-cloud strategy.

AWS Site-to-Site VPN using MikroTik RouterOS

There are two ways of approaching this challenge. (#1) running MikroTik virtual appliance (CHR) in AWS (#2) using Virtual Private Gateway, a “cloud-native” networking solution provided by AWS. Each solution has its own benefits.