Use the adopt and migrate methodology

There are multiple elements in the migration process. Most of this process is documented through the Cloud Adoption Framework Adopt methodology that focuses on how you can migrate and modernize existing workloads.

This article guides you the key steps and considerations for migrating your workloads to Microsoft Cloud for Sovereignty with confidential computing.

Decide whether to migrate or modernize first

The first step in the adopt and migrate methodology is to decide whether you want to migrate or modernize your workloads. Migrating means moving your existing workloads to the cloud with minimal or no changes, while modernizing means transforming your workloads to take advantage of cloud-native features and services.

Most cloud journeys start with migrating (“rehost”) applications using lift and shift. It helps to give you an immediate cloud-readiness test by testing your migration to ensure your organization has the people and processes in place to adopt the cloud.

The Azure migration guide helps you through most of the process to move workloads. The following section covers guidance that could help you speed up deployment or, at least, should be considered if you're moving to confidential computing.

Azure Architecture Center

Microsoft Cloud for Sovereignty is committed to providing learnings from deployments. The collaboration with the Azure Architecture Center also adds guidance for key vault deployments and monitoring a regulated industry.

The Azure Architecture Center contains helpful designs for cloud guidance and architecture on many different use cases. It's a good starting point for migrations and modernization.

Key management

During your planning, it's important to document how you would manage key management and attestation.

Before you migrate any workload, you need to configure and deploy the supporting infrastructure. This step is important if you plan to use the Azure Key Vault (AKV) Managed HSM that has a different operating model to Azure Key Vault.

Choose your confidential computing deployment model

What you are trying to protect from, influences the Confidential computing deployment models. Microsoft Cloud for Sovereignty has documentation explaining how Sovereignty supported in Azure Confidential Computing integrates with our product.

VM migrations to Azure confidential VMs

To run on a confidential VM, OS images need to meet certain security and compatibility requirements. This step ensures that confidential VMs are securely mounted, attested to, and protected from the underlying cloud infrastructure by using the Trusted Execution Environments (TEE).

For the latest confidential VM solutions, support OS, and feature support, refer to About Azure confidential VMs

SQL Server on confidential VMs

If you're moving SQL Server to Confidential VMs, then refer to Deploy SQL Server to an Azure confidential VM and then migrate databases using the Migration guide: SQL Server to SQL Server on Azure Virtual Machines.

Other confidential computing scenarios

Confidential computing support is expanding from a foundational virtual machine, GPU, and container offerings to data, virtual desktop, and many more planned based on customer demand.

For the latest Azure offerings that support Azure Confidential computing, visit Confidential Computing on Azure.

Align with the Azure Well-Architected Framework

Before you execute the migration or modernization, carry out a Well-Architect Framework review assessment using the five pillars of architecture excellence. The pillars are:

• Reliability
• Security
• Cost Optimization
• Operational Excellence
• Performance Efficiency

Mission-critical workload documentation

If the workload is Mission-critical, we suggest that you learn about building reliable workloads on Microsoft Azure and understand our Mission-critical workload documentation.

Migrate and modernize

The cloud adoption framework has several illustrations on how to approach migrations:

• The One Migrate approach to migrating the IT portfolio
• Overview of application migration examples for Azure

Next steps

After you complete the Cloud Adoption Framework migration guidance, assessed your workloads, and reviewed your proposed architecture through the well-architect framework, you should commit to a go-forward plan. This plan can be tracked in the previously mentioned Cloud Adoption Plan Azure DevOps Template.

• Align workload migrations to manage methodology