Home / Nerdio Academy / Microsoft Azure / How to Migrate End-of-Support Windows Server 2008 to Azure in a Day

How to Migrate End-of-Support Windows Server 2008 to Azure in a Day

Vadim Vladimirskiy
Vadim VladimirskiyFounder & CEO, Nerdio
0 commentsJune 12, 2019Articles

Extended Support for Windows Server 2008 and 2008 R2 will end on January 14th, 2020 and Extended Support for SQL Server 2008 and 2008 R2 will end on July 9th, 2019.  End of support means the end of regular security updates.  With cyber attacks becoming more sophisticating and frequent, running apps and data on unsupported versions can create significant security and compliance risks.  The 2008 family of products was great for its time, but it is highly recommended upgrading to the most current version of better performance and regular security updates. 


End of support is an ideal time to transform your IT platform and move your infrastructure and applications the cloud, but it can be hard to quickly upgrade everything before the end of support timeline.  To address this need, Microsoft announced that Extended Security Updates will be available for FREE in Azure for 2008 and 2008 R2 version Windows Server and SQL Server for three more years after the end of support deadline.  This means that you can migrate these workloads to Azure with no application code changes and with near zero downtime, which will give you more time to plan your future path, including upgrading to newer versions and utilizing the rich set of platform and data services available in Azure. 


Nerdio has created a step-by-step guide to help you with the process of migrating Windows Server 2008 to Azure with the help of Nerdio for Azure automation and Azure Site Recovery (ASR). 


This 7-step process can be accomplished in only one day with little to no prior knowledge of Azure.  These steps are:  

  1. Obtain an Azure and Office 365 subscription from your CSP Provider or directly from Microsoft (est. 15 minutes) 
  2. Deploy a Nerdio for Azure account (est. 2-3 hours) 
  3. Enable Azure backup and create Recover Services Vault (est. 45 minutes) 
  4. Enable VPN Gateway and add site-to-site VPN Connection (est. 30 minutes) 
  5. Enable Nerdio Hybrid AD (est. 1-2 hours) 
  6. Use ASR to migrate Windows Server 2008 to Azure (est. 1 hour + data transfer time) 
  7. Use ASR to failover from on-prem server to Azure VM (est. 30 minutes 

Step 1Obtain an Azure and Office 365 subscription from your CSP Provider or directly from Microsoft 

(Estimated time: 15 minutes)


(If you already have an Azure and Office 365 subscription that you’d like to use skip to the Prerequisites section below). 

Direct CSP 

Log into your Partner Center and create a new Azure subscription and a new Office 365 subscription with at least 1 available E3 license.  You can also create a trial Office 365 E3 account. 

CSP Reseller 

Log into your CSP Provider’s portal and create a new Azure subscription and a new Office 365 subscription.  You can also create a trial Office 365 E3 account. 

If you are Not part of the CSP Program 

Reach out to your Microsoft distributor or visit Azure to sign up for a direct account.  You can also create a trial Office 365 E3 account. 


IMPORTANT: Free and Trial Azure subscriptions CANNOT be used since they do not have sufficient CPU core quota allowance. 



Once your Azure and Office 365 subscriptions are ready, make sure you have an administrator account ready for each (it may be the same account) that meets the following criteria: 


  • Global administrator in Office 365 
  • Domain part of the user is @tenant.onmicrosoft.com and NOT @company.com.  If you do not have such a user account log into Azure portal and create a new user from Active Directory module. 
  • Administrator has OWNER role assigned for the Azure subscription 


Also, be sure that your Office 365 subscription has at least one AVAILABLE E3 license.  This is going to be necessary during Nerdio deployment and can be removed after deployment is complete. 

Step 2: Deploy a Nerdio for Azure account

(Estimated time: 2-3 hours) 


If you do not have a Nerdio for Azure login you can sign up for a free trial. 


  • Log into https://app.nerdio.net with your Nerdio credentials. 
  • Click Add NFA account button on bottom right. 
  • Connect to Azure, select your Subscription and Region. 
  • Connect to Office 365. 
  • Specify Company name. 
  • Select Core under Plan if you are not planning to deploy virtual desktops; otherwise, select Enterprise and click Save button. 

windows server 2008 


  • The account will begin provisioning and will complete in 2 to 3 hours.  You will be notified via email.  Once the Account is ready it will say ACTIVE under Status.  

windows server 2008


  • Once the Nerdio account is ACTIVE, click on the Login button on the right to begin configuration. 

Step 3: Enable Azure backup and create Recover Services Vault

(Estimated time: 45 minutes) 


  • In Nerdio Admin Portal (NAP), go to Backup & DR and turn back ON.  

windows server 2008


  • Select Locally-redundant or Geo-redundant storage based on whether or not you need out-of-region backup of your servers once they are migrated to Azure.  

windows server 2008


  • Allow for the backup enable process to run for about 45 minutes. 
    • Nerdio will create the Recover Services Vault as part of this process.   
  • While this is running, move on to the next step. 

Step 4: Enable VPN Gateway and add site-to-site VPN Connection

(Estimated time: 30 minutes) 


  • In Nerdio Admin Portal (NAP), go to Network menu, select VPN connections and turn VPN ON.  

windows server 2008


  • Nerdio will configure the necessary VPN infrastructure in Azure. The process will take about 30 minutes.  
  • Once VPN is turned on, click Add VPN connection button.  
  • Type in Name, Gateway IP of the local firewall, Local Network IP and Subnet Mask and click Save

windows server 2008

windows server 2008


  • Once the VPN connection is added a pop-up will display the information needed to configure the local firewall.  After entering this information the VPN connection status will be Connected.  

Step 5: Enable Nerdio Hybrid AD

(Estimated time: 1-2 hours) 


In this step you will extend the existing Active Directory into the new Azure deployment. 

You can learn more about this functionality here. 


  • In Nerdio Admin Portal click Onboard->Domains. 
  • Scroll down to "Active Directory Domain Trust" section and click "Add Domain Trust" button.  

windows server 2008

windows server 2008


  • On the "Add Domain Trust" screen, first enter information about the on-prem domain controller, and then click "Test connection".  
  • Note: if NAP is unable to connect to the domain controller, you will see an error message like this:  

windows server 2008


  • If NAP is able to connect to domain controller, continue filling out rest of the fields on screen. 
  • Click Save.  The process can take up to an hour.  You can monitor the status of this task in the Management Tasks section of the screen. 

Step 6: Use ASR migrate Windows Server 2008 to Azure

(Estimated time: 1 hour + data transfer time) 


  • Log into Azure portal using the administrator account used in Step 2. 
  • Search for Recover Services vaults, open NerdioBackupVault-XXXXXXXXXX and under the Getting Started menu section select Site Recovery. 
  • Click on Prepare Infrastructure, this will start a  wizard that will allow you to define your Protection Goal.  

windows server 2008


  • Make the following selections:  
    • Where are your machines located? = On-Premises 
    • Where do you want to replicate your Machines to?  = To Azure   
    • Are your machines virtualized? = Not virtualized / Other 
  • Click OK this will advance you to the Deployment Planning.  The question is "Have you completed deployment planning?"
    • Select one of the two options [Yes I have done it or I will do it later]. It does not matter which one you pick.  Click OK
  • This will advance you to the Prepare source step.  Click the + Configuration Server button and on the Add Server blade you will see a button to download the vault registration key. 
    • This vault registration key will be used to register the Configuration Server we will discuss below. 

Prepare your on-premises environment for migration 

The Configuration server is a machine you place in your On-Premises environment.  It should be downloaded and installed on a standard Windows server that’s on the same LAN as the server being migrated.  

The configuration server registers with the Azure portal and acts as a staging appliance and extension of the Azure portal for controlling replication to and from Azure. You will need the Storage Vault Key you downloaded above to complete the configuration.  Depending on the size and number of servers you want to replicate to Azure, you will have to size your configuration server accordingly.


  1. On the machine you will use as the Configuration server, Run the Unified Setup installation file.  
  2. In Before You Begin, select Install the configuration server and process server. 
  3. In Third Party Software License, click I Accept to download and install MySQL. 
  4. In Registration, select the registration key you downloaded from the vault. 
  5. Select Connect directly to Azure Site Recovery without a proxy server. 
  6. In Prerequisites Check, Setup runs a check to make sure that installation can run. Items that need to be addressed will show up as warnings or errors.  
  7. In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed. 
  8. In Environment Details, select No. 
  9. In Install Location, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space. 
  10. In Network Selection, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment's requirements. In addition to the port 9443, Azure also opens port 443, which is used by a web server to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic. 
  11. In Summary, review the information and click Install. When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location. 
  12. Back in Azure portal, after registration finishes, the configuration server is displayed on the Settings > Servers page in the vault.  Click OK. 
  13. Reboot the server. 
  14. Open Cspsconfigtool (new shortcut on desktop) and go Manage Accounts tab. 
  15. Click Add Account button and specify the credentials that will be used to connect to the Windows 2008 Server that’s going to be migrated to Azure. 

Set up the Azure target environment 

Select and verify the target resources. 

  1. Click Prepare infrastructure > Target, and select the Azure subscription you want to use. 
  2. Specify the Resource Manager deployment model. 
  3. Site Recovery checks that you have one or more compatible Azure storage accounts and networks. 

Set up a replication Policy  

  1. To create a new replication policy, click +Replication Policy. 
  2. In Create replication policy, specify a policy name: “Server Migration”. 
  3. In RPO threshold, specify the recovery point objective (RPO) limit. An alert is generated if the replication RPO exceeds this limit.  You can leave this at the default setting of 60 minutes. 
  4. In Recovery point retention, specify how long (in hours) the retention window is for each recovery point. Replicated servers can be recovered to any point in this window. Up to 24 hours retention is supported for machines replicated to premium storage, and 72 hours for standard storage.  You can leave this as the default 24 hours setting. 
  5. In App-consistent snapshot frequency, specify Off. Click OK to create the policy. 
  6. The policy is automatically associated with the configuration server.  This may take some time.  Click OK (twice) to complete the Prepare infrastructure portion of the setup.  

Enable Replication 

Enable replication for the Windows Server 2008 server to be migrated. You will select one or more servers to be replicated.  You will then finalize the replication settings. 


  1. Under Protected items, select Replicated items and click +Replicate button. 
  2. Select the Source and click OK. 
    1. Source: On-premises 
    2. Source location: Name of your Process server 
    3. Machine type: Physical Machines 
    4. Process server: Name of your Process server
  3. Select the Target and click OK. 
    1. Target: Azure 
    2. Subscription: Name of your Azure subscription 
    3. Post-failover resource group: Name of resource group used when deploying Nerdio (NerdioRG, by default) 
    4. Post-failover deployment mode: Resource Manager 
    5. Azure network: Configure now for selected machines 
    6. Post-failover Azure network: NerdioVnet 
    7. Subnet: LAN ( 
  4. Select Physical machines 
    1. Click + Physical machine button, fill out the info and click OK. 
      • Type in the Name of the Windows Server 2008 machine to be migrated. 
      • Type in the IP Address of the Windows Server 2008 machine to be migrated. 
      • Select OS Type to be Windows. 
    2. Wait for the source machine to be discovered, once it appears in the list select it and click OK. 
  5. Select Properties, fill out the information and click OK. 
    1. Default user account 
      • Managed Disk Type: Premium SSD or Standard SSD (depending on your servers disk performance needs) 
      • Cache Storage Account: stnXXXXXXXXXXX (stn following by a series of characters) 
      • User Account to Install Mobility Service: Friendly name of the account you set up on the processor server in Cspsconfigtool 
  6. Select Replication settings, click OK .
    1. Replication policy: select policy you created above. 
    2. Multi-VM consistency: No 
  7. Click Enable Replication button. 
    1. You can track progress of the replication in Protected items->Replicated items 
    2. After the replication job runs, the machine is ready for failover. 

Step 7: Use ASR to failover from on-prem server to Azure VM

(Estimated time: 30 minutes) 


  1. Log into Azure portal using the administrator account used in Step 2. 
  2. Search for Recovery Services vaults, open NerdioBackupVault-XXXXXXXXXX and under the Protected items menu section select Replicated items. 
  3. Click on the Windows 2008 server that is being replicate to open it. 
  4. Shut down the source server. 
  5. Click Failover button. 
    1. Acknowledge the warning, if one comes up. 
    2. Select a Recovery Point to fail over to. Select the Latest processed recovery point. 
  6. You can view the failover progress in the vault’s Monitoring section under Site Recovery jobs. 
  7. Check that the migrated VM appears in Nerdio Admin Portal (NAP) under Serves as expected. 
  8. Back in Azure portal, in NerdioBackupVault, under Protected items, click on Replicated items, right-click the server > Complete Migration. 
    This does the following:
    1. Finishes the migration process, stops replication for the server, and stops Site Recovery billing for the server. 
    2. This step cleans up the replication data. It doesn't delete the migrated VMs. 


Once the failover process completes, log into the Nerdio Admin Portal (NAP) and refresh the Servers screen. You’ll see your server listed there. 

You should consider the following: 


  • Test connectivity to the newly migrated VM from your on-premises network.  Ping it by name to make sure it replies.  If not, ping it by the IP address listed under the server name in NAP.   
  • Resize the newly migrated VM by clicking on the pencil icon under the VM Size column.  You should select the VM size that best fits the requirements for this workload.  The VM size automatically selected by ASR may not be the best option. 
  • Grow OS and data disks, if needed, by clicking on the pencil icon under the Storage column. 
  • To change the IP Address of the VM, if needed, select Manage IP from the actions menu to the right of the server. 
  • Configure auto-scaling by selecting auto-scale from the actions menu to the right of the VM.  This allows you to schedule the VM to be automatically shut down or resized outside of work hours. 
  • Verify that the server is being backed up in Azure by going to Backup & DR -> In-region Backup.  Look for a green icon indicating that backup is enabled.  Run a manual backup by clicking Backup now in the action menu next to the server name. 


You are all done!  You now have a production Azure environment running your Windows 2008 server and a domain controller for your AD.  The server is accessible to your users on the LAN via site-to-site VPN. 


Interested in learning more about Nerdio? Schedule your free trial.

Free trial