What We'll Do
This is the final technical phase of the migration. By this point, email, files, identity, printing, and device management are all running from the cloud. The old servers have been idle — but monitored — for at least two weeks to confirm that nothing is still depending on them.
In this phase, we create final backups, power off the servers, simplify the network, and clean up DNS records. The goal is a clean, simple environment with no unnecessary hardware running and no lingering references to infrastructure that no longer exists.
Pre-Decommission Verification
Before powering off anything, we verify that every service has been fully migrated and is functioning correctly:
- All users confirmed accessing M365 via portal.office.com (no one depending on old Active Directory)
- All email flowing through Exchange Online (no dependency on old Exchange server)
- All files accessible via SharePoint and OneDrive (no dependency on file server)
- QuickBooks operational via QBO or hosted provider
- All printers working via direct IP at both office locations
- No reported issues during the 2-week parallel-run period
- Conditional Access blocking legacy auth, risky sign-ins, and non-US locations verified
- Confirm all XP and Win7 machines disconnected from the network
- Confirm VM inventory on BWHOST — verify all hosted VMs already powered off before touching the host
- Confirm no remaining AD-dependent services or LOB apps still authenticating against BWFILE domain controller
BWHOST / BOARDWALK-2013 serves as both a Domain Controller and a Hyper-V host. Before this machine is powered off, confirm that every virtual machine it hosts (BWEXCH, BWFILE, and any others) has already been powered off and validated as fully migrated. Power off VMs first, verify services, then power off the host. Reversing this order takes down all remaining on-premises services simultaneously.
Server Decommission
Once the verification checklist is complete, we power off each server in sequence:
- Create final backup of all server data to external archive drive
- Power off BWEXCH (Exchange virtual machine)
- Power off BWFILE (File server / Domain Controller)
- Power off BWHOST / BOARDWALK-2013 (Hyper-V host / Domain Controller)
- Power off BWVHOST (Dell T440 Hyper-V host)
- Power off NAS (10.0.0.200, backup target)
A full backup of all server data will be archived to an external drive before any server is powered off. This archive provides a safety net and meets data retention requirements. Servers will remain physically in place (powered off) for 30 days before any discussion of removal.
Network Simplification
With on-premises servers out of the picture, the network can be significantly simplified:
- Disconnect site-to-site VPN between Reading and Wakefield (no longer needed — all services are cloud-based)
- Simplify firewall rules — only internet access and content filtering needed
- Evaluate firewall licensing — SonicWall TZ 570 and Sophos XG may be downsized when licenses expire
- Remove old workstations (XP, Windows 7) — wipe drives per data handling procedures
DNS Cleanup
External DNS records that pointed to the old servers need to be cleaned up to avoid confusion and potential security issues:
- Remove A records pointing to old server IPs (mail, exchange, autodiscover)
- Keep 72.70.41.162 static IP block temporarily (cancel when SonicWall license expires)
- Website hosting on cPanel is unchanged — no action needed
What Stays
The internet connection, firewalls (with simplified rules), and the cPanel website hosting remain exactly as they are. The only things being decommissioned are the servers, the NAS, the VPN tunnel, and the old workstations — all of which have been replaced by cloud services and new PCs.