Before you can migrate workloads to AWS with PlateSpin Migrate, you must set up your cloud environment. The PlateSpin Migrate server can be installed on-premise where the source workloads reside, or it can be installed in your AWS account.
Before you use PlateSpin Migrate to migrate workloads to AWS, ensure that the following cloud access prerequisites are correctly configured and available:
Table 8-1 Minimum Required Configuration for Your AWS Account
AWS Configuration |
Description |
---|---|
AWS Account |
To create an AWS account, go to Amazon Web Services Console. |
AWS EC2 Subscription |
PlateSpin supports only Amazon Virtual Private Cloud (VPC). |
Amazon Virtual Private Cloud (VPC) |
Create an AWS VPC to launch AWS resources into your virtual network. See Amazon Virtual Private Cloud Documentation. |
AWS user credentials |
You need an AWS Identity and Access Management (IAM) user in your AWS account, with an appropriate IAM role to perform migrations into the VPC using the AWS APIs. PlateSpin Migrate provides an AWS Role Tool to enable an administrative user to create a new IAM policy based on a default policy and assign an IAM user to the policy. See Section 8.9, Creating an IAM Policy and Assigning an IAM User to the Policy Enable Programmatic Access for the IAM user to generate an access key and a secret access key. AWS Management Console Access is optional, but it can be useful for troubleshooting. See Access Keys (Access Key ID and Secret Access Key). NOTE:We recommend that administrators regularly rotate access keys for IAM users. However, the keys must be rotated only after ensuring that no migration workflow is in progress. See For information about setting up the migration user group, policy, and user, see Section 8.9, Creating an IAM Policy and Assigning an IAM User to the Policy. |
Before you use an on-premise PlateSpin Migrate server to migrate workloads to AWS, ensure that the following prerequisites are correctly configured and available:
A PlateSpin Migrate license.
PlateSpin Migrate server installed on premise in a network that can properly access the source workloads.
A site-to-site VPN connection connecting the AWS gateway to your on-premise gateway. A public IP address for Migrate server is optional when you use a VPN.
For information, see the following AWS resources:
An AWS Security Group and the VPC gateway that provides the following inbound and outbound rules. For instructions, refer to Security Groups for Your VPC in the Amazon Web Services EC2 Documentation.
Inbound Rules
TCP, port 3725, custom
Provide an address range covering all source workloads.
SSH, port 22
Provide the IP address of the PlateSpin Migrate server.
RDP, port 3389
Provide the IP address of the machine you plan to use to launch an RDP connect to target workloads.
Outbound Rules
TCP, port 3725, custom
Provide an address range covering all source workloads.
Port 3725 is the default port number for data transfer. By default, the data transfer is initiated from the target workload to the source workload. The port number and direction for initiating the connection are configurable.
HTTPS, port 443
Provide the IP address of the PlateSpin Migrate server.
NTP, TCP, port 123
The minimum network-related prerequisites for a successful migration are:
The source and the target workload must be able to communicate with the PlateSpin Migrate server on port 443. The target workload is the replica of the source workload that will reside in AWS.
The PlateSpin Migrate server must be able to communicate with the AWS API endpoint on port 443.
The PlateSpin Migrate server must be able to communicate with the source workloads on the ports that are used for discovery. See Requirements for Discovery and Section 19.6, Discovering Details for Source Workloads.
You can alternatively use the Migrate Agent utility to register source workloads with the Migrate server using HTTPS (TCP/port 443). See Section 2.6.2, Requirements for Workload Registration and Section 19.7, Registering Workloads and Discovering Details with Migrate Agent.
The cloud-based target workload must be able to communicate (target to source) with the on-premise source workload on port 3725 (TCP) over the site-to-site VPN connection.
The port number is configurable. See port 3725 in Section 2.6.3, Requirements for Migration.
If you use Migrate Agent for registration and discovery, the default direction of the replication connection must be reversed (source to target) by changing advanced settings on the Migrate server. See Section 5.9, Configuring the Contact Direction for the Replication Port.
For detailed access and communication requirements across your migration network, see Access and Communication Requirements across Your Migration Network.
Before you use PlateSpin Migrate to migrate workloads to AWS, ensure that the following cloud access prerequisites are correctly configured and available:
A PlateSpin Migrate license.
Create an AWS Windows instance in the AWS Cloud and install the Migrate server with a public IP address. See Deploying PlateSpin Migrate Server in the Cloud
in the PlateSpin Migrate 2019.2 Installation and Upgrade Guide.
NOTE:The cloud-based Migrate server does not require a site-to-site VPN connection between your local data center and AWS Portal. When no VPN is provided between the source network and the cloud-based Migrate server, you can use Migrate Agent to register workloads with the cloud-based Migrate server using secure communications over the public Internet. Internet access and public IP addresses are required. For deployment information, see Figure 8-2, Cloud-Based Migrate Server for Automated Migration to AWS.
Configure migrations to AWS with a public IP address for the replication network.
(For non-VPN setup) In the PlateSpin Configuration settings on the Migrate server, change the SourceListensForConnection parameter from True to False. See Configuring the Contact Direction for the Replication Port
in the User Guide.
Allocate a Elastic IP address for the Migrate server to ensure that the IP address does not change when the server is restarted.
NOTE:A change in IP address on the PlateSpin Server breaks the heartbeat communications with source workloads.
An AWS Security Group and the VPC gateway that provides the following inbound and outbound rules. For instructions, see Security Groups for Your VPC in the Amazon Web Services EC2 Documentation.
Inbound Rules
TCP, port 3725, custom
Provide an address range covering all source workloads.
SSH, port 22
Provide the IP address of the PlateSpin Migrate server.
RDP, port 3389
Provide the IP address of the machine you plan to use to launch an RDP connect to target workloads.
Outbound Rules
TCP, port 3725, custom
Provide an address range covering all source workloads.
Port 3725 is the default port number for data transfer. By default, the data transfer is initiated from the target workload to the source workload. The port number and direction for initiating the connection are configurable.
HTTPS, port 443
Provide the IP address of the PlateSpin Migrate server.
TCP, port 123
The minimum network-related prerequisites for a successful migration are:
Open TCP port 443 in your network firewall for outbound traffic. The source workload must be able to register (using the Migrate Agent utility) and communicate with the cloud-based PlateSpin Migrate server through HTTPS (TCP/port 443). The PlateSpin Migrate Server uses secure SSL for communications with the workloads you want to migrate.
Open TCP port 3725 in your network firewall for outbound traffic. The on-premise source workload must be able to connect to the cloud-based target workload on TCP port 3725. The PlateSpin Migrate Server uses secure SSL for communications with the workloads you want to migrate.
The direction of the communication (source to target) is automatic, but the port number is configurable. For information about changing the default port setting, see port 3725 in Requirements for Migration.
Allow inbound connections in the Security Group for HTTPS (TCP port 443) and RDP (TCP port 3389) for the cloud-based Migrate server.
Install the Migrate Agent on the source workload, then register the workload with the cloud-based PlateSpin Migrate server. See Section 2.6.2, Requirements for Workload Registration and Section 19.7, Registering Workloads and Discovering Details with Migrate Agent.
To download the Migrate Agent, launch the PlateSpin Migrate Web Interface and click the Downloads tab. For information about installing and using the Migrate Agent, see Migrate Agent Utility.