Before you install PlateSpin Migrate server in the cloud, ensure that you understand the following requirements for your cloud environment.
Set up an account in the cloud environment. Ensure that the cloud account is correctly configured and available. See Table 2-1 for an AWS account or Table 2-2 for an Azure account, as appropriate for your migration environment.
Table 2-1 AWS Account Requirements
|
AWS Configuration |
Description |
|---|---|
|
AWS Account |
To create an AWS account, go to Amazon Web Services Console. |
|
AWS EC2 Subscription |
PlateSpin supports only Amazon Virtual Private Cloud (VPC). |
|
Amazon Virtual Private Cloud (VPC) |
Create an AWS VPC to launch AWS resources into your virtual network. See Amazon Virtual Private Cloud Documentation. |
|
AWS user credentials |
You need an AWS Identity and Access Management (IAM) user in your AWS account, with an appropriate IAM role to perform migrations into the VPC using the AWS APIs. PlateSpin Migrate provides an AWS Role Tool to enable an administrative user to create a new IAM policy based on a default policy and assign an IAM user to the policy. See Creating an IAM Policy and Assigning an IAM User to the Policy in the PlateSpin Migrate 2019.2 User Guide. Enable Programmatic Access for the IAM user to generate an access key and a secret access key. AWS Management Console Access is optional, but it can be useful for troubleshooting. See Access Keys (Access Key ID and Secret Access Key). NOTE:We recommend that administrators regularly rotate access keys for IAM users. However, the keys must be rotated only after ensuring that no migration workflow is in progress. See |
Table 2-2 Azure Account Requirements
|
Azure Configuration |
Description |
|---|---|
|
Microsoft Azure Account. |
Create a account in the Azure environment where you will migrate workloads: An administrator on the account is required to perform the Application setup, to enable PRE programmatic access, and to create a Contributor user that is to be used by Migrate. |
|
Azure Subscription ID |
The ID for the Azure Subscription in the specified Azure account that you want to bill for Azure-related costs. An account can have multiple subscriptions. |
|
Contributor user for the subscription created in Azure Active Directory |
A user created as a Contributor for the specified subscription in your Azure Active Directory. In Migrate, you use the Contributor user credentials to add Azure as a target in Migrate. Migrate uses the credentials for this user when it accesses the Migrate Azure API through the related subscription. |
|
Azure Virtual Network and Subnet |
You must create least one Virtual Network with a Subnet in the specified Subscription. If you have an site-to-site VPN set up, the subnet must be different than the default Gateway Subnet. |
A cloud-based PlateSpin Migrate server does not require a site-to-site VPN connection between your local data center and the target cloud platform. When no VPN is provided:
Internet access is required.
Public IP addresses are required for the PlateSpin Migrate server, the replication network, and target machines. A public IP address is not required for the source machine when you use the Migrate Agent. If you do not use the Migrate Agent, then all components need public IP addresses.
Use Migrate Agent to register workloads with the cloud-based Migrate server. Migrate Agent uses secure communications over the public Internet.
You should encrypt data transfer between the source network and cloud location.
For cloud targets, compression is enabled by default with a setting of Optimal.
Use a static IP address for the Migrate server to ensure that the IP address does not change when the server is restarted. A change in IP address on the PlateSpin Server breaks the heartbeat communications with source workloads.
AWS: Specify Elastic as the allocation method for the public IP address for the Migrate server.
Azure: Specify Static as the allocation method for the public IP address of the Migrate server.
NOTE:You cannot specify the actual IP address assigned to the public IP resource. The cloud vendor allocates and reserves an IP address from a pool of its available IP addresses in the location where you deploy the Migrate server.
Ensure that the network security group for the PlateSpin Migrate server allows the minimum port settings described in Section 2.3, Required Network Security Group Settings for PlateSpin Migrate Server.
Transport Layer Security (TLS) 1.2 is automatically enabled for the Windows operating system on the PlateSpin Migrate Server virtual host for Migrate servers available in a cloud marketplace. TLS 1.0 and TLS 1.0 are disabled by default.
Migrate provides scripts to easily enable or disable TLS 1.0 and TLS 1.1 on the Migrate server virtual host in the C:\Windows\OEM folder: