Migrating from Virtual Machine Endpoints to Network Security Groups NSG

2
votes

I'm in the process of migrating an existing Azure classic VM to a newer Resource Manager based VM and would appreciated some advice.

The new architecture will have

  • Load Balancer bound to a public IP
  • 1 Virtual Network
  • 1 Network Security Group
  • 1 Subnet
  • 1 NIC
  • 1 VM

What is the best way to migrate the old endpoints and associated ACL's to the new structure? Is it to add what were the Endpoints and ACLs as individual Inbound Security Rules to the new Network Security Group?

Thanks.

2
azureazure-virtual-network

2 Answers

5
votes

Is it to add what were the Endpoints and ACLs as individual Inbound Security Rules to the new Network Security Group?

In brief, yes.

The "Endpoint ACLs" is not supported the migration. You may remove it before the migration then add it back to the network security group later.

Here is an article about the unsupported features and configurations during the migration.

Also, here are some references might be helpful.

0
votes

I believe you are able to setup classic network security groups before migration to ARM then they will migrate. This will help prevent downtime during the migration process when you have no control to access the portal and reconnect the NSG's.