9.2 Requirements for Migrating Workloads to Azure

9.2.1 Minimum Azure Prerequisites

PlateSpin Migrate requires the use of Microsoft Azure Resource Management for migrating workloads into the Microsoft Azure cloud. For migrations to Microsoft Azure Cloud, you must prepare your Azure account, subscriptions, and services in the desired Azure global and sovereign cloud environment.

Table 9-1 describes the minimum configuration you must perform in the appropriate Azure environment before you can migrate workloads to Azure.

Table 9-1 Minimum Required Configuration for Your Azure Account

Azure Configuration

Description

Microsoft Azure Account

Create a account in the Azure environment where you will migrate workloads.

An administrator on the account is required to perform the Application setup, to enable PRE programmatic access, and to create a Contributor user that is to be used by Migrate.

Azure Subscription ID

The ID for the Azure Subscription in the specified Azure account that you want to bill for Azure-related costs. An account can have multiple subscriptions.

Contributor user for the subscription created in Azure Active Directory

A user created as a Contributor for the specified subscription in your Azure Active Directory.

In Migrate, you use the Contributor user credentials to add Azure as a target in Migrate. Migrate uses the credentials for this user when it accesses the Migrate Azure API through the related subscription.

Application ID

An ID that represents PlateSpin Migrate as it makes use of the Microsoft Azure API when it replicates or migrates workloads on your behalf to VMs in the target Azure account.

See Configuring an Application in Azure to Represent PlateSpin Migrate.

Azure Virtual Network and Subnet

You must create least one Virtual Network with a Subnet in the specified Subscription. If you have an site-to-site VPN set up, the subnet must be different than the default Gateway Subnet.

Network resources are never created automatically by PlateSpin Migrate, so they always must be set up manually in advance. For instructions, refer to Azure documentation.

Azure Storage account

Your VM disks will use the Azure page blob type of general-purpose storage, which can run on Standard (HDD) or Premium (SSD) storage media. A Standard Storage Account can be used for Azure VM sizes that use Standard or Premium storage media. A Premium Storage Account can be used only for Azure VM sizes that use Premium storage media.

If no Azure Storage Account is associated with a subscription, PlateSpin Migrate sets up a Standard general-purpose storage account to use as the datastore for the target VM. The datastore name is based on the Azure Resource Group for the Subscription.

If you want full control over your Azure Storage Accounts, configure a Standard or a Premium general-purpose storage account for each Azure Subscription before you begin migrating workloads to Azure. Your storage account is shown as a datastore for the target Azure Subscription in the Migrate Web Interface. For information about Azure Storage Accounts, refer to Azure documentation.

For more information about setting up your Azure cloud account to work with PlateSpin Migrate, see the white paper Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate on the PlateSpin Migrate Resources web page.

9.2.2 Azure Prerequisites for Using an On-Premise Migrate Server

If you set up an Azure site-to-site VPN (or an Azure Express Route connection) between the premises where your source workloads reside and the target Azure environment, you can deploy your PlateSpin Migrate server on-premises. Before you use PlateSpin Migrate to migrate workloads to Microsoft Azure, ensure that the following cloud access prerequisites are correctly configured and available:

Table 9-2 Ports Requirements for Migrate Server on Premise

Location

Port

Protocol

Remarks

On-premise source workload

Cloud-based target workload

TCP 443, outbound

HTTPS

The on-premise source workload and the cloud-based target workload must be able to communicate with the PlateSpin Migrate server through HTTPS (TCP/port 443) over the site-to-site VPN connection.

On-premise Migrate Server

TCP 443, outbound

HTTPS

The on-premise PlateSpin Migrate server must be able to communicate with the Microsoft Azure API endpoint.

On-premise source workloads

TCP 22

TCP 135, 445

UDP 135, 138 and TCP 39

SSH (Linux)

WMI/RPC/DCCOM

NetBIOS

The PlateSpin Migrate server must be able to communicate with the source workloads on the ports that are used for discovery. See Requirements for Discovery and Discovering Details for Source Workloads.

On-premise source workloads using Migrate Agent

TCP 22

TCP 443

SSH (Linux)

HTTPS

Instead of discovery, you can use the Migrate Agent utility to register source workloads with the Migrate server. See Requirements for Workload Registration and Registering Workloads and Discovering Details with Migrate Agent.

On-premise source workload

Cloud-based target workload

TCP 3725

Migrate

The cloud-based target workload must be able to communicate (target to source) with the on-premise source workload across the VPN. The source workload must be able to send data to the target workload during replication across the VPN.

The port number is configurable. See port 3725 in Requirements for Migration.

If you use Migrate Agent for registration and discovery, the default direction of the replication connection must be reversed (source to target) by changing advanced settings on the Migrate server. See Configuring the Contact Direction for the Replication Port.

Network Security Group in Azure for the cloud-based target workloads

TCP 443, inbound

TCP 3389, inbound

TCP 22, inbound

HTTPS

RDP (Windows)

SSH (Linux)

Allow inbound connections in the Network Security Group for the cloud-based target workloads.

For information about creating and configuring a Network Security Group in Azure, refer to Create, Change, or Delete a Network Security Group in Microsoft Azure Documentation.

9.2.3 Azure Prerequisites for Using an Azure-Based Migrate Server

Before you use PlateSpin Migrate to migrate workloads to Microsoft Azure, ensure that the following cloud access prerequisites are correctly configured and available:

  • A PlateSpin Migrate license.

  • Deploy an Azure Marketplace image of the PlateSpin Migrate server in the target Azure environment, or create an Azure Windows instance in the target Azure environment and install the Migrate server with a public IP address. See Deploying PlateSpin Migrate Server in the Cloud in the PlateSpin Migrate 2018.11 Installation and Upgrade Guide.

    NOTE:The cloud-based Migrate server does not require a site-to-site VPN connection between your local data center and Microsoft Azure Portal. When no VPN is provided between the source network and the cloud-based Migrate server, you can use Migrate Agent to register workloads with the cloud-based Migrate server using secure communications over the public Internet. Internet access and public IP addresses are required. For deployment information, see Figure 8-2, Cloud-Based Migrate Server for Automated Migration to AWS.

  • Specify Static as the allocation method for the public IP address of the Migrate server to ensure that the IP address does not change when the server is restarted.

    NOTE:A change in IP address on the PlateSpin Server breaks the heartbeat communications with source workloads.

    You cannot specify the actual IP address assigned to the public IP resource. Azure allocates and reserves an IP address from a pool of its available IP addresses in the Azure location where you deploy the Migrate server. The address persists through server restarts. Azure releases the IP address only when you delete the resource or change the resource’s allocation method to Dynamic.

  • Install the Migrate Agent on the source workload, then register the workload with the cloud-based PlateSpin Migrate server. See Registering Workloads and Discovering Details with Migrate Agent.

    To download the Migrate Agent, launch the PlateSpin Migrate Web Interface and click the Downloads tab. For information about installing and using the Migrate Agent, see Migrate Agent Utility.

  • The minimum network-related prerequisites for a successful migration when the Migrate Server is in Azure are described in Table 9-3.

Table 9-3 Ports Requirements for Migrate Server in Azure

Location

Port

Protocol

Remarks

Source workload

Network firewall

TCP 443, outbound

HTTPS

Required to allow the source workload to register (using the Migrate Agent utility) and communicate with the cloud-based PlateSpin Migrate server. The PlateSpin Migrate Server uses secure SSL for communications with the workloads you want to migrate.

Source workload

Network firewall

Network Security Group (NSG) in Azure

TCP 3725, outbound

Migrate

Required to allow communications with the target machine and to transfer data from the source to the target during replication.

The direction of the communication (source to target) is automatic, but the port number is configurable.For information about changing the default port setting, see port 3725 in Requirements for Migration.

For information about creating and configuring a Network Security Group in Azure, refer to Create, Change, or Delete a Network Security Group in Microsoft Azure Documentation.

NSG in Azure for the Migrate Server

TCP 443, inbound

TCP 3389, inbound

HTTPS

RDP

Allow inbound connections in the Network Security Group for the cloud-based Migrate server.

The <Migrate-server-name>-nsg is created automatically when you deploy the Migrate server in Azure.

NSG in Azure for the Migrate Server

TCP 61613, inbound

STOMP

If you use PlateSpin Transformation Manager with the cloud-based Migrate server, allow inbound connections in the Network Security Group for STOMP communications related to Event Messaging.

NOTE:No messages are published by Event Messaging unless you open port 61613 on the Migrate server host to allow registration by subscribers, and a PlateSpin Migrate Connector subscribes. See Enabling Event Messaging for PlateSpin Migration Factory.

NSG in Azure for the Migrate Server

TCP 123, outbound

Network Time Protocol (NTP)

Add this port setting to the security group if you are using an NTP service outside the virtual network where you deploy the Migrate server.

NSG in Azure for the Migrate Server

TCP 22, outbound

SSH

This port allows outbound communications from the Migrate server to Linux workloads.