Step one in migrating VMware VMs to Azure is to find VMs utilizing the Azure Migrate: Discovery and Evaluation instrument.
The Azure Migrate: Discovery and evaluation instrument is an Azure equipment you deploy in vCenter. Whenever you deploy it, it repeatedly discovers VMware VM workloads and gathers efficiency data.
Particularly, this light-weight Azure Migrate instrument gathers details about VM efficiency, functions working on the VMs servers, their dependencies, and databases.
Deploying this instrument is step one in making ready your VMware surroundings for a profitable migration to Azure Cloud. Within the remaining duties on this information, I’ll stroll you thru the steps to overview the necessities for deploying this instrument.
There are additionally steps to organize your Azure account and VMware surroundings, deploy the Azure Migrate: Discovery and evaluation instrument equipment in vCenter, and provoke the invention.
Let’s get this began!
Job 1: Configure Website-to-site VPN
Each time I carry out an on-premises VM to Azure migration, I first arrange a site-to-site (S2S) VPN connection from the on-premises web site to the Azure vNET, the place the VMs can be migrated.
It’s because, throughout the migration course of, VMs you migrate to Azure can work with on-prem VMs which have but to be migrated.
For instance, migrating one VM to Azure first could also be extra environment friendly when you have a database and an app hosted in two VMs. On this state of affairs, chances are you’ll not have sufficient home windows to vary each VMs on the identical day.
So, say you progress the database VM first. After the transfer, you possibly can configure the app to proceed utilizing the migrated database VM. Nonetheless, this may be inconceivable should you do not need a VPN connection to Azure.
One other nice instance is migrating Area Controllers. You’ll probably be unable emigrate all of your DCs to Azure in a single change window.
If this occurs, migrated DCs will proceed replicating with on-prem DCs utilizing the S2S VPN connection.
So, earlier than continuing with job 2 beneath, I strongly advocate making a site-to-site VPN (full steps 1 to 9) connection between your on-prem and Azure digital community.
Job 2: Assessment the Discovery Stipulations
Use the desk beneath to make sure your surroundings meets the necessities for deploying the Azure Migrate: Discovery and evaluation instrument.
| S/N | vCenter Server and ESXi host | Requirement |
|---|---|---|
| 1 | VMware VMs | It helps discovering the efficiency, configuration information, and apps on all Home windows and Linux variations. Examine supported OS variations.
To find put in apps, all VMware VMs should run VMware Instruments (model 10.2.1 or later), and Home windows Servers should run Home windows PowerShell 2.0 or greater. Use these hyperlinks to examine supported SQL Server variations and configuration, SQL authentication, and supported internet apps in Home windows OS and IIS variations, supported Linux OS and Tomcat variations. |
| 2 | Permissions for SQL Server entry | The Home windows or SQL account should meet the Azure migrate discovery instrument necessities to find Microsoft SQL Server cases and databases.
You need to use these steps to arrange the SQL account that meets the necessities. |
| 3 | vCenter Serve and ESXi host | Your vCenter server should be on model 5.5, 6.0, 6.5, 7.0, or 8.0. Equally, ESXi hosts should be model 5.5 or greater.
The vCenter server and ESXi hosts should additionally enable inbound TCP port 443. |
| 4 | Azure Migrate equipment | Your vCenter server ought to have 32 GB of RAM, 8 vCPUs, and roughly 80 GB of disk storage to assist the Azure Migrate equipment. It should even have an exterior digital swap and an web connection. |
Earlier than shifting on, based mostly on the knowledge within the desk above, verify the next and remediate any points:
- Your vCenter server has not less than 32 GB of RAM, 8 vCPUs, and 80 GB of storage.
- Additionally, test that the vCenter server has an exterior digital swap and entry to the web.
- Examine that port 443 is open on the vCenter server and all ESXi hosts it manages.
- Verify that your vCenter server is working not less than model 5.5
- Assessment the Home windows, Linux, and SQL server necessities utilizing the hyperlinks supplied in Desk 1.0
Job 3: Prep the Azure Account
Later on this information, you’ll create an Azure Migrate undertaking and register an Azure Migrate equipment. To carry out these duties, you require an Azure account with the permissions detailed within the desk beneath.
| S/N | Permission | Purpose for permission |
|---|---|---|
| 1 | Contributor or Proprietor at Azure Subscription | To create an Azure Key Vault, which is required throughout agentless server migration. |
| 2 | Software.ReadWrite.All permission | Required to register an software in Microsoft Entra |
When you created the Azure account you’re utilizing for this undertaking, your account can be assigned “Proprietor” permission on the subscription stage.
You could possibly use this account emigrate in a lab or check surroundings. Nonetheless, safety finest practices require making use of the precept of least privilege for manufacturing migration.
I strongly advocate creating one other Azure account devoted to the migration undertaking to satisfy this requirement. Within the following sub-tasks, I’ve defined easy methods to create an Azure account and grant it the least privileges required for the migration.
Job 3.1: Create an Azure Account
- Seek for and open Microsoft Entra ID. Then, click on +Add > Customers > Create new consumer.
- On the brand new account window, full the required fields and click on Assessment + create. Then, click on Create.
Job 3.2: Grant the Account the Required Permissions
Run the next PowerShell instructions from Azure Cloud Shell to grant the account “Software Administrator” function in Microsoft Entra and “Contributor” to your subscription.
#1. Get the consumer the consumer's ID$userID = (Get-AzADUser -UserPrincipalName <[email protected]>).Id
#2. Get the Azure Subscription Id - change AZ-100 to the primary few textual content within the subscription title
$subscriptionId = (Get-AzSubscription | The place-Object {$_.Title -like "*AZ-100*"}).Id
#3. Assign the Contributor function to the consumer within the subscription
$roleDefinition = Get-AzRoleDefinition -Title "Contributor"
New-AzRoleAssignment -ObjectId $userID -RoleDefinitionId $roleDefinition.Id -Scope "/subscriptions/$subscriptionId"
To grant the consumer the “Software Administrator” function, open the consumer’s properties in Microsoft Entra ID, click on “Assigned roles,” test “Software Administrator,” and at last, click on the Add button.
Earlier than continuing, verify that the consumer has the “Contributor” function within the subscription.
Job 4: Create VMware and Server Accounts
The Azure Migrate discovery equipment is a VMware equipment you deploy in vCenter. You require a vCenter account with these permissions to deploy it.
Equally, Azure Migrate wants a read-only vCenter account to find VMware VMs (servers). Lastly, to permit Azure Migrate to find put in functions and agentless dependency evaluation in VMware servers, allow the Visitor operations Privilege within the account.
Azure Migrate additionally requires an area or area account on with native administrator permission on Home windows server and on Linux servers, a sudo consumer account with permissions to execute ls and netstat instructions.
Based mostly on the abovementioned necessities, I’ll create an area vCenter account with these permissions. This account can be used for OVF deployment and agentless discovery.
Equally, I’ll create a website account – my check surroundings is a Home windows surroundings – and add the account to the native directors account for the VMware VMs working Home windows Server.
Job 4.1: Create a Native vCenter Account
On this sub-task, I’ll create a vCenter consumer and add the account to the vCenter native directors group.
- Sign up to vCenter by way of a browser, click on the menu, and select Administrator.
- Then, on the Single Signal On part, click on Customers and Teams, then, click on ADD underneath the Customers tab.
- Enter the account particulars and click on ADD.
- So as to add the newly created consumer to the Directors group, click on International Permissions underneath Entry Management, then click on ADD. After that, choose the choices in my second screenshot beneath and click on OK.
Earlier than shifting on to Job 4.2, verify that the account is within the listing.
Job 4.2: Create a Home windows Area Account
Open PowerShell as administrator and run these instructions. Run #1 and a couple of in a Area Controller and #3 on the Home windows VMware VM. If the VMware VM is a Area Controller, run command #4 so as to add the consumer to the area’s directors group
#1. Set the variables - change $ADLocation variable to the DN of the OU you wish to create the account$Username="azure-mig-dsad"
$ADLocation = 'OU=Service Accounts,DC=lab,DC=infopressmedia,DC=com'$Credential = (Get-Credential -UserName $Username -Message "Enter the password for the $Username")
#2. Create the consumer
New-ADUser -Title $Username -Path $ADLocation -PasswordNeverExpires $true -AccountPassword $Credential.Password -Enabled $true
#3. Add the Home windows area account to the Home windows VMware VM's native directors account - run this command on every Home windows VMware VM
Add-LocalGroupMember -Group "Directors" -Member "labazure-mig-dsad"
#4. Add the Home windows area account to the Home windows area directors group
Add-ADGroupMember -Identification "Directors" -Members azure-mig-dsad
In case you have Linux Servers in your VMware surroundings, see the Linux servers part in Create an account to entry servers.
The Azure Migrate agentless migration makes use of Vmware instruments to find functions put in on the VMware servers you’re migrating. So, it is very important verify that the most recent VMware instruments are put in on all VMs you plan emigrate.
Agentless dependency analysts will fail if a VM will not be working VMware instruments.
Job 6: Create an Azure Migrate Mission
Now that you just’ve ready the VMware surroundings, creating an Azure Migrate undertaking is time. Comply with these steps to create an Azure Migrate undertaking.
- Sign up to your Azure account, search Azure Migrate, and open the useful resource.
- On the Getting began tab, click on uncover, assess, migrate within the Servers, databases and internet apps part. After that, click on Create undertaking.
- Then, on the Create undertaking window, choose the subscription and useful resource group (RG) to create the undertaking underneath. Then, enter a reputation and choose the Azure area to create the undertaking.
When you do not need an current RG or wish to create a brand new one, click on Create new underneath the Useful resource group drop-down.
- After getting into the small print, click on Create, then look forward to the undertaking to be deployed. When the undertaking is absolutely created, proceed to Job 6 beneath.
Word that the Azure Migrate undertaking has two part: 1, Azure Migrate: Discovery and evaluation and a couple of, Migration and modernization.
Job 7: Obtain the Equipment’s OVA File
Job 7.1: Generate the Mission Key
- On the Azure Migrate: Discovery and evaluation part of the Azure Migrate undertaking, click on the Uncover drop-down and select Utilizing equipment.
- Then, click on the Are your servers virtualized? drop-down and select Sure, with VMware vSphere hypervisor.
- After that, on the 1: Generate undertaking key, enter a reputation for the VMware equipment within the Title your equipment area, then click on Generate key.
Whenever you click on Generate key, Azure will begin creating the required Azure assets – DO NOT shut the home windows whereas the assets are being created.
Azure create two assets – a Restoration Providers vault and a
Key vault – within the area you created the useful resource group.
- When Azure finishes creating the assets, it’ll generate the undertaking key. Copy the important thing and put it aside in a file.
Job 7.2: Obtain the OVF File
To obtain the Azure Migrate Discovery equipment VM OVF file, select the “.OVA file” possibility in 2: Obtain Azure Migrate equipment and click on the dowload hyperlink.
Job 7.3: Confirm the OVF File
After downloading the OVF file, earlier than importing it to your vCenter server, confirm the file’s safety utilizing these steps:
- Open Command Immediate as administrator. Then, run the command beneath to generate the hash for the downloaded OVA file.
CertUtil -HashFile <file_location> <hashing_agorithm>
I ran the command beneath to generate the has for my OVA file.
CertUtil -HashFile "D:Azure MigrateMicrosoftAzureMigration.ova" SHA256
- Word the has file and examine it to the hash for the most recent OVA file. The primary screenshot beneath, exhibits the hash file from the earlier hyperlink – the most recent OFA file as of September 2024 once I wrote this information.
In the meantime, the second screenshot exhibits the has of my downloaded OVA file. The has of the 2 information are the identical, so my downloaded file is secure!
Job 8: Set Up the Equipment in vCenter
Job 8.1: Configure the Equipment in vCenter
- Sign up to vCenter with an account that has the permission to create VMs utilizing OVA information.
- After that, add the OVA file into vCenter, then, look forward to the file to add.
- As soon as the OVA file is uploaded to vCenter, right-click the vCenter location you wish to deploy the OFA file and select Deploy OVF Template.
- Then, on the primary web page of the wizard, use select the second possibility and use the UPLOAD FILES button to pick out the OVA file from the folder you saved it in your laptop. As soon as the file is verified, click on Subsequent.
- Give the Azure Equipment a reputation and choose the vCenter location to deploy it – I’m deploying mine in my vCenter cluster. After the compactibility check, click on Subsequent once more to progress to the subsequent stage.
- After that, look forward to vCenter to show details about the template, then click on Subsequent.
- Lastly, choose the datastore, VM Community, and click on FINISH to deploy the Azure Migragrate VM equipment. Look forward to the equipment to be arrange in vCenter.
The Azure Migrate equipment is assigned 32 GB of RAM and 4 CPUs.
Since I’m working this migration in my residence lab – the vCenter server doesn’t have as much as 32 GB – I modified the equipment’s VM RAM to eight GB and a couple of vCPUs.
Job 7.2: Configure the Equipment
- Energy up the Azure Migrate equipment. Then, click on on it to open the console.
- On the VM’s console, settle for the license settlement, and set a password for the native administrator account. The Server can be assigned an IP tackle by your DHCP server.
Nonetheless, to have the ability to entry the equipment from a constant IP tackle, log in to the VM with the native administrator account and assign it a static IP tackle.
If you wish to entry the equipment by way of its title as a substitute of IP tackle, create a bunch A file. I can be managing mine by way of its IP tackle.
- From a browser on any PC that may attain the Azure Migrate VM equipment’s IP tackle, open its IP on port 44368.
The browser will show a warning, click on Superior and proceed. Then, sign up with the native administrator credentials of the equipment.
https://192.168.0.116:44368/
- When you sign up, settle for the Azure Migrate licence settlement. After that, the appliace will check connection to and time synch with Azure.
Job 8.3: Register the Equipment in Azure Migrate
To register the vCenter equipment with Azure, comply with these steps:
- Enter the undertaking key you copied in Job 6.1, step 3 within the registration area, and click on Confirm. The important thing can be verified, and the equipment will provoke an auto-update. In keeping with the notes, this will likely take as much as 5 minutes.
When you didn’t save the undertaking key earlier, open the comply with my numbering in screenshots 3-6 beneath.
- When the equipment auto-update is accomplished, the login button can be activated. Sign up to your account account by clicking the Login button.
Sign up with the Azure account you created for migration functions in Duties 3.1 and three.2. If the auto-update takes greater than 5 minutes, wait as it might take longer than that.
- Then, from the pop-up, click on Copy code and login.
- Paste the code and click on Subsequent.
- Then, sign up to Azure with the account you created for the migration. After signing in, look forward to the equipment to register in Azure.
If required, after siggning in, comply with the steps to obtain Microsoft authenticator app and arrange 2FA.
If the equipment registration fails, click on the error particulars, wait about 5 minutes, after which click on and click on Re-try.
- When the equipment is efficiently registered to Azure, obtain and set up the VMware Digital Disk Improvement Package.
- After downloading the file, extracting the zip, and copying them to C:Program FilesVMwareVMware Digital Disk Improvement Package, click on Confirm.
All sections of 1. Arrange stipulations ought to now be inexperienced. Progress to Job 8.
Job 9: Begin Azure Migrate Steady Discovery
Job 9.1: Arrange vCenter Server Particulars
- Scroll to 2. Handle credentials and discovery sources part. Then, in Step 1: Present vCenter Server credentials for discovery of VMware VMs, click on Add Credentials.
- Then, on the pop-up window, enter the native vCenter account you created in Job 4.1 and click on Save.
- Then, in Step 2: Present vCenter Server particulars, choose Add discovery supply. After that, enter the vCenter server’s FQDN or IP tackle and click on Save.
The Azure Migrate Discovery equipment will validate the vCenter and if profitable, the standing will show “Validation profitable.”
Job 9.2: Configure Server Credentials
- In Step 3: Present server credentials to carry out software program stock, agentless dependency evaluation, discovery of SQL Server cases and databases and discovery of internet apps in your VMware surroundings., click on Add credentials
- Then, within the Add credential pop-up, choose the sort, enter the small print, and click on Save.
On this part, you possibly can present a number of server credentials. Within the second screenshot beneath, I supplied the Home windows Area account credentials I created in Job 4.2. As proven within the first screenshot, you possibly can add Linux, SQL, and Home windows native credentials.
As soon as all these duties are accomplished, opening the undertaking in Azure shows the present state of the service well being.
Job 9.3: Begin VMware VM Discovery
To begin discovering vCenter VM workloads, click on Begin discovery and look forward to the invention to finish.
The invention ought to take between 20-25 minutes. When it’s accomplished, the Discovery standing ought to present a inexperienced tick and also you canm view the found stock in Azure.
Job 9.4: View Found VMware Information
To view the vCenter found stock in Azure, comply with these steps:
- Sign up to Azure, search Azure migrate and open the useful resource. After that, broaden Migration objectives and choose Servers, databases and internet apps.
The Azure Migrate: Discovery and evaluation ought to present the variety of found servers.
- To view the found servers, click on on the bumber.
My residence lab vCenter surroundings has 3 servers – a Area Controller (IPMvDC1), the Azure Migrate equipment VM (IPMvAzureAp) and the vCener Server (IPMvVCSA1).
The one VM related for my migration is the DC. As seen within the above screenshot, the Azure Migrate discovery instrument discovered 9 apps within the Area Controller.
- To view the found functions and the roles and options put in on the server, click on the appliance hyper-link.
Fianlly, to view the Home windows Server roles put in on the server, click on the Roles and options tab.
It is a simplified scenarior in comparison with a real-world which will embrace Linux servers, SQL, different database servers and different functions. Howver, by following this information, it is best to have accomplished the found part of the Azure Migrate course of.
To study extra, learn how discovery works.
With the invention stage accomplished, proceed to the half 2 of this information, assessing found VMs .
