February 24, 2022. Russia launched a full-scale invasion of Ukraine. Olena Chepeliuk, then head of the design department at Kherson National Technical University (KNTU) was woken by her husband’s words: “Wake up, it has started.” The first minutes brought shock, adrenaline and fear for her family. Her phone was overwhelmed with calls; chats were flooded with messages.
At the exact same time, Oleh Artemenko from the university’s IT center received a call from a close friend: “Hide. This is going to last.”
In those chaotic first hours, no one was thinking about servers. Only when the initial shock subsided did the university leadership focus on re-establishing contact. Despite the danger, just two weeks after the invasion began, KNTU resumed classes online, giving students a lifeline to normalcy. But while the leadership and educators were rallying and saving the university community, the IT team was waging a battle of its own —invisible, but with everything on the line.
A critical digital asset
By the second day of the invasion, Oleksandr Melnychenko, then head of the IT department, and Artemenko realized the true scale of the threat. On the second floor of the main building operated a full-fledged educational datacenter. Removing the servers undetected during the occupation was out of the question, but leaving them meant losing the university’s entire digital memory.
On March 1, 2022, occupying forces took full control of Kherson. The only option left was to extract the data through the network before local internet providers were definitively seized.
Just a month prior, KNTU had completed a full modernization: a 10-gigabit network and a fully independent network infrastructure. But this technological advantage had now turned into a critical vulnerability. The drives contained not only scientific archives but also mobilization registries and personnel files. Under occupation, this infrastructure could be misused, turning sensitive databases into tools that could place hundreds of families at serious risk.
The university clearly understood the scale of this threat. That is why, in the early days of the occupation, the employee responsible for records made her way into the building and personally destroyed all the paper card files. The paper burned. But a complete digital copy of these documents remained on the data center’s drives—and now it had become the most dangerous thing in the building.
Escape to the cloud
There was only one way out: an urgent remote migration of the data to the cloud. The IT department leadership reached out to their partners at the URAN (Ukrainian Research and Academic Network) association, who immediately contacted Microsoft.
The conditions for migration were highly complex. Occupying forces were destroying digital connectivity on the city streets. The university’s direct communication channel was severed. The situation was further complicated by the fact that the occupiers had already gained access to local routers, so any sudden spike in traffic could immediately attract attention.
In peacetime, a migration of this scale requires months of planning. Now, every minute counted.
For the teams at Microsoft, requests from Ukraine were prioritized. The company’s emergency response channels were activated, mobilizing engineering and security teams around the world to protect the data.
An exhausting effort began. Since Artemenko was blocked on the left bank of the Dnipro River, someone physically present at the university needed to operate the hardware. This risky role was taken on by an IT department employee. She passed through checkpoints every day to reach the main building, right beneath the windows of which lay an unexploded missile. On each trip, she carried out critical system keys on portable drives—risking her life every time she passed through a checkpoint.
The migration to Microsoft Azure took place mostly at night. One evening, at a highly critical moment, the connection speed dropped to 10 megabits per second. Local providers, now controlled by the occupiers, limited the speed per single connection—but did not limit their total number.
Artemenko took advantage of this: he wrote special scripts that automatically sliced the data arrays into thousands of small fragments. Using the Microsoft AzCopy utility, these pieces were sent in thousands of parallel threads to the cloud.
Microsoft’s technical experts today call these actions exceptional. The ability to write scripts, divide nearly 20 terabytes of data, and transfer it through a limited 10 Mbps channel under extreme pressure was world-class engineering under extreme pressure. Artemenko worked systematically: he transferred a portion of the array, verified the integrity of the files in the cloud—and only then physically destroyed the original in Kherson. When the last file crossed the digital border, he remotely locked the hard drives at the BIOS level, turning the servers into a pile of expensive scrap metal.
Metal left behind
When the occupying troops finally reached the university’s datacenter, they found only locked equipment. The IT team had previously switched some cameras to a hidden Wi-Fi channel, allowing the Ukrainian team—now relocated to safer ground—to watch in real time as the occupiers moved through the server room.
“They took everything most valuable and lightest,” Artemenko says. “Memory modules, processors, network cards. Apparently, there was a strict weight limit during their escape. That’s why the heavy hard drives were left lying around, while they took all the small SSDs.”
While the servers were rendered useless, not a single byte of data was compromised. Everything that mattered most was in the cloud, securely protected.
A new security perimeter
This protection was tested when occupation authorities attempted to build a “clone” of KNTU, appointing a former staff member as its head. Despite this, they quickly realized seizing the building was not enough.
Identity management had also moved to the cloud via Microsoft Entra ID, so the Ukrainian administration retained full control over the digital perimeter. This allowed them to block compromised corporate accounts and revoke access rights to all internal services. The digital keys remained with the university team.
This case practically proved a key rule of modern security architecture: the physical seizure of servers no longer means control over the organization. When identities, access rights and credentials are controlled from the cloud, digital identity—not hardware—becomes the true line of defense.
The unique campus
Today, KNTU exists as a unique virtual campus—it has no single physical address. The administration, led by Rector Olena Chepeliuk, works from Khmelnytskyi. The servers are protected in Azure, and students are scattered around the world. Thanks to Teams, lectures and exams continue seamlessly.
However, some students remain in the occupied territories.
“We have a student who is there right now,” Chepeliuk’s voice trembles. “She doesn’t miss a single class. To connect to her studies, she has to search for an internet signal every time, risking her own safety. She does this just to hear the Ukrainian language and see her teachers. Her attendance is better than that of students who are now completely safe somewhere in Europe.”
For students who risk their safety each time they log on, the university in the cloud is not just education. It is a strong connection to a free Ukraine. The close partnership between Microsoft and KNTU, provided free of charge by Microsoft as part of a technology support program, guaranteed the continuity of the educational process under the most difficult conditions. The company views education as critical infrastructure, guided by a simple principle: a country that continues to learn, continues to exist.
Epilogue: Lessons for the World
KNTU emerged from this trial technologically stronger. In Chepeliuk’s temporary office, one entire wall is dedicated to her home—covered in photographs of iconic places in the Kherson region. Some of these symbols no longer exist, destroyed by the war. Yet the university carefully preserves this memory, and the team is already designing new office furniture with an eye toward exactly how it will be arranged in rebuilt Kherson classrooms.
Ukraine’s case proves: data loss threats are no longer hypothetical, and it makes no difference what destroys the servers—military action, massive floods, fires, or ransomware. They all lead to the same result. Moving to the cloud is no longer just a matter of convenience or cost—it is a matter of digital survival. In a world of constant uncertainty, only cloud technologies can guarantee geographical redundancy, identity-based security, and, ultimately, an organization’s “digital immortality.” Kherson University left broken machines and empty hard drives for those who came. But thanks to the cloud, it kept its heart, its memory and its future intact.
Technical reference: The architecture of rescue
- Data Transfer: Evacuation of over 20 terabytes of mission-critical databases using Microsoft Azure Blob Storage and Microsoft AzCopy under extreme network constraints.
- Security and Access: Implementation of Microsoft Entra ID for identity management. A strict geo-block instantly cut off unauthorized actors from management systems.
- Educational Process: Deployment of Microsoft 365 and Teams to conduct lectures and exams online, uniting students across the globe.
Partnership: Rapid technical implementation and coordination thanks to partners from the URAN (Ukrainian Research and Academic Network).
Reporting and interviews by Ilya Strelnikov.