Cloud Solution Providers (CSP) and enterprises IT organizations that manage resources across multiple tenants struggle while switching tenants, managing vaults and registers with credentials, and repetitive management activities when they do not have access to a centralized view of all their environments in Azure. Microsoft introduced Azure Lighthouse in 2019 to provide a single panel to manage, automate, scale, and improve governance in resources across multiple tenants. The integration of Azure Migrate to Azure Lighthouse has simplified the migration process allowing admins to discover, assess, and migrate workloads at scale while tenant admins still have full visibility and control of their environments.
What Are the Advantages of Using Azure Lighthouse?
Azure Lighthouse helps service providers and enterprises with multiple tenants build and deliver managed services with greater efficiency. Here are some of the advantages of using Azure Lighthouse.
- It provides delegated resource management capabilities to eliminate the need to add guest user accounts in the managed tenant’s Azure Active Directory. This helps in addressing security, privacy, and compliance concerns.
- Existing APIs, management tools, and workflows that include machines hosted outside of Azure can be used with delegated resources. This simplifies resource management and makes it more scalable.
- Tenant admins maintain visibility and control over the scopes and permissions they delegate for administration and can remove access if required.
How Does Azure Lighthouse Help in Streamlining Migrations?
When Azure Migrate tooling is used in migration projects to discover, assess, and migrate diverse workloads to Azure, the service provider generally has to access each subscription individually through a CSP (Cloud Solution Provider) subscription model or by creating a guest user on the target tenant. Accessing each tenant individually is not only an inefficient method for migrating and managing services but can also pose security risks.
With Azure Lighthouse, migration engagements are streamlined by leveraging Azure resource delegation to access all relevant Azure Migrate projects across multiple customer tenants and subscriptions using a single view from the managed tenant. Moreover, risks and security exposure can be reduced substantially by following the least privilege access model based on zero-trust security principles with Azure Lighthouse.
How to Migrate with Azure Lighthouse?
There are two commonly used scenarios for creating an Azure Migrate project with Azure Lighthouse depending upon contracts and migration requirements.
Azure Lighthouse Migration with Azure Migrate Project In Managing Tenant
When migration is performed with Azure Lighthouse by creating an Azure Migrate project in the managing tenant, the resources for the project, such as discovery and assessment data, will remain in the managing tenant. The data can be exported and shared with the serviced tenant. Because actions are initiated from the managing tenant, migration discovery and assessment projects can be done faster as certain steps to be performed in the customer subscriptions and tenants will be reduced.
Azure Lighthouse Migration with Azure Migrate Project In Customer Subscription Or Tenant
In this case, although discovery, assessment, and migration can be initiated from the managing tenant with the customer subscription/ tenant as the target, resources will not be created or stored in the managing tenant. With this approach, although the customers can keep resources in their own tenants, service providers and enterprises managing multiple tenants will not have to switch contexts frequently.
Apps4Rent Can Help with Azure Migration and Managed Services
While the integration of Azure Migrate into Azure Lighthouse streamlines Azure migrations at scale, most migrations are unique because of the variations in the on-premises infrastructure.
As a Tier 1 Microsoft CSP, Apps4Rent provides managed Azure services to migrate workloads and control delegated customer resources with advanced tools such as Azure Lighthouse and Microsoft recommended best practices. Email, chat or talk with our Microsoft-certified Azure architects available 24/7 for assistance.