8.2 Requirements for Migrating Workloads to Amazon Web Services

Before you can migrate workloads to AWS with PlateSpin Migrate, you must set up your cloud environment. The PlateSpin Migrate server can be installed on-premise where the source workloads reside, or it can be installed in your AWS account.

8.2.1 Minimum AWS Prerequisites

Before you use PlateSpin Migrate to migrate workloads to AWS, ensure that the following cloud access prerequisites are correctly configured and available:

Table 8-1 Minimum Required Configuration for Your AWS Account

AWS Configuration

Description

AWS Account

To create an AWS account, go to Amazon Web Services Console.

AWS EC2 Subscription

PlateSpin supports only Amazon Virtual Private Cloud (VPC).

Amazon Virtual Private Cloud (VPC)

Create an AWS VPC to launch AWS resources into your virtual network. See Amazon Virtual Private Cloud Documentation.

AWS user credentials

You need an AWS Identity and Access Management (IAM) user in your AWS account, with an appropriate IAM role to perform migrations into the VPC using the AWS APIs.

PlateSpin Migrate provides an AWS Role Tool to enable an administrative user to create a new IAM policy based on a default policy and assign an IAM user to the policy. See Section 8.9, Creating an IAM Policy and Assigning an IAM User to the Policy

Enable Programmatic Access for the IAM user to generate an access key and a secret access key. AWS Management Console Access is optional, but it can be useful for troubleshooting. See Access Keys (Access Key ID and Secret Access Key).

NOTE:We recommend that administrators regularly rotate access keys for IAM users. However, the keys must be rotated only after ensuring that no migration workflow is in progress. See Rotating Access Keys in the AWS Identity and Access Management User Guide.

For information about setting up the migration user group, policy, and user, see Section 8.9, Creating an IAM Policy and Assigning an IAM User to the Policy.

8.2.2 AWS Prerequisites for Using an On Premise Migrate Server

Before you use an on-premise PlateSpin Migrate server to migrate workloads to AWS, ensure that the following prerequisites are correctly configured and available:

  • A PlateSpin Migrate license.

  • PlateSpin Migrate server installed on premise in a network that can properly access the source workloads.

  • A site-to-site VPN connection connecting the AWS gateway to your on-premise gateway. A public IP address for Migrate server is optional when you use a VPN.

    For information, see the following AWS resources:

  • An AWS Security Group and the VPC gateway that provides the following inbound and outbound rules. For instructions, refer to Security Groups for Your VPC in the Amazon Web Services EC2 Documentation.

    Inbound Rules

    • TCP, port 3725, custom

      Provide an address range covering all source workloads.

    • SSH, port 22

      Provide the IP address of the PlateSpin Migrate server.

    • RDP, port 3389

      Provide the IP address of the machine you plan to use to launch an RDP connect to target workloads.

    Outbound Rules

    • TCP, port 3725, custom

      Provide an address range covering all source workloads.

      Port 3725 is the default port number for data transfer. By default, the data transfer is initiated from the target workload to the source workload. The port number and direction for initiating the connection are configurable.

    • HTTPS, port 443

      Provide the IP address of the PlateSpin Migrate server.

    • NTP, TCP, port 123

  • The minimum network-related prerequisites for a successful migration are:

    For detailed access and communication requirements across your migration network, see Access and Communication Requirements across Your Migration Network.

8.2.3 AWS Prerequisites for Using an AWS-Based Migrate Server

Before you use PlateSpin Migrate to migrate workloads to AWS, ensure that the following cloud access prerequisites are correctly configured and available:

  • A PlateSpin Migrate license.

  • Create an AWS Windows instance in the AWS Cloud and install the Migrate server with a public IP address. See Deploying PlateSpin Migrate Server in the Cloud in the PlateSpin Migrate 2019.5 Installation and Upgrade Guide.

    NOTE:The cloud-based Migrate server does not require a site-to-site VPN connection between your local data center and AWS Portal. When no VPN is provided between the source network and the cloud-based Migrate server, you can use Migrate Agent to register workloads with the cloud-based Migrate server using secure communications over the public Internet. Internet access and public IP addresses are required. For deployment information, see Figure 8-2, Cloud-Based Migrate Server for Automated Migration to AWS.

  • Configure migrations to AWS with a public IP address for the replication network.

  • (For non-VPN setup) In the PlateSpin Configuration settings on the Migrate server, change the SourceListensForConnection parameter from True to False. See Configuring the Contact Direction for the Replication Port in the User Guide.

  • Allocate a Elastic IP address for the Migrate server to ensure that the IP address does not change when the server is restarted.

    NOTE:A change in IP address on the PlateSpin Server breaks the heartbeat communications with source workloads.

  • An AWS Security Group and the VPC gateway that provides the following inbound and outbound rules. For instructions, see Security Groups for Your VPC in the Amazon Web Services EC2 Documentation.

    Inbound Rules

    • TCP, port 3725, custom

      Provide an address range covering all source workloads.

    • SSH, port 22

      Provide the IP address of the PlateSpin Migrate server.

    • RDP, port 3389

      Provide the IP address of the machine you plan to use to launch an RDP connect to target workloads.

    Outbound Rules

    • TCP, port 3725, custom

      Provide an address range covering all source workloads.

      Port 3725 is the default port number for data transfer. By default, the data transfer is initiated from the target workload to the source workload. The port number and direction for initiating the connection are configurable.

    • HTTPS, port 443

      Provide the IP address of the PlateSpin Migrate server.

    • TCP, port 123

  • The minimum network-related prerequisites for a successful migration are:

    • Open TCP port 443 in your network firewall for outbound traffic. The source workload must be able to register (using the Migrate Agent utility) and communicate with the cloud-based PlateSpin Migrate server through HTTPS (TCP/port 443). The PlateSpin Migrate Server uses secure SSL for communications with the workloads you want to migrate.

    • Open TCP port 3725 in your network firewall for outbound traffic. The on-premise source workload must be able to connect to the cloud-based target workload on TCP port 3725. The PlateSpin Migrate Server uses secure SSL for communications with the workloads you want to migrate.

      The direction of the communication (source to target) is automatic, but the port number is configurable. For information about changing the default port setting, see port 3725 in Requirements for Migration.

    • Allow inbound connections in the Security Group for HTTPS (TCP port 443) and RDP (TCP port 3389) for the cloud-based Migrate server.

  • Install the Migrate Agent on the source workload, then register the workload with the cloud-based PlateSpin Migrate server. See Section 2.6.2, Requirements for Workload Registration and Section 19.7, Registering Workloads and Discovering Details with Migrate Agent.

    To download the Migrate Agent, launch the PlateSpin Migrate Web Interface and click the Downloads tab. For information about installing and using the Migrate Agent, see Migrate Agent Utility.