Migrating workload from on-premises to cloud or between different cloud providers has always been a time-consuming and complicated task due to differences in application structures. Cloudendure is a SAAS offering from AWS that businesses can utilize for seamless migration of workload from any other source (Physical Servers, VM or cloud) to run natively in aws. CloudEndure helps in fast and reliable migration to aws with minimal service downtime using a self-service platform.

Cloudendure uses lift & shift approach with block-level continuous replication to copy data from the source machine to the target AWS environment along with automatic machine conversions to ensure compatibility of target machines.

Below is a sample AWS architecture diagram

Cloudendure agent: – Installed in the source machines identifies the disks and replicates data to Replication Server in aws by using API calls.

The Agent also communicates with the cloudendure service manager in the portal with the following data points.

• Monitoring metrics
• Replication status
• Backlog info
• OS and hardware info.

Installation Requirement

1. Linux

• Python is installed on the machine – Python 2 (2.4 or above) or Python 3 (3.0 or above).
• 1 GB of free disk on the root directory (/)
• 500 MB of free disk on the /tmp directory.
• /tmp is mounted as read+write.
• /tmp is mounted with the exec option.
• dhclient package is installed.

2. Windows

• .NET Framework version 4.5 or above
• 2 GB of free space

Communication Ports: – TCP Port 443 to communicate to the CloudEndure Service Manager and TCP Port 1500 for replication to the Target.

Replication Server: –

Replication server is managed by cloudendure and are used to continuously sync source disks to the cloud. Replica server is a t3.small instance that  runs when there is any replication in progress it replicates up to 15 source volumes simultaneously.

Converter Server: –

Converter Server is managed by cloudendure and it convert the replicated data in the from snapshots to an exact replica of the source server in the target environment. Conversion process involves injecting the appropriate AWS drivers, making appropriate bootloader changes, modifying network adapters, and triggering operating systems with AWS Key Management Service. Converter servers are terminated as soon as the conversion process is completed.

Migration process works in three stages

1. Initial Sync: –

Once the agent is installed in source machine, entire machines are replicated to the staging area and is completed once the status in the portal changes to continuous replication with zero lag.

2. Blueprint Configuration & Testing: –

Blueprint is the set of instruction for the target environment setup. Testing process launch target machines and run realistic tests, without affecting the on-premises environment.

3. Cutover: –

Cutover can be initiated once the data replication status is continuous, and the testing is completed. CloudEndure automatically converts machines to run in AWS and launches resources as per blueprint with the latest data.

This section describes a sample migration of LAMP stack from azure virtual machine to the AWS EC2 instance.

Prerequisites

• Azure account with a running Linux virtual machine
• Active AWS account

Getting Started

1. Subscribe to CloudEndure Migration

• Navigate to AWS Marketplace and search for CloudEndure Migration, then click on subscribe.

• Register for CloudEndure account and confirm user email address. Set up CloudEndure account password, and accept terms and conditions.

2. Sign in to the CloudEndure user console and create a project

• Sign in to cloudendure console at https://console.cloudendure.com/ with the credentials created in previous setup

• Choose the plus button in the upper-left corner of the console to create a project.

3. Generate and use AWS IAM credentials

• Navigate Identity and Access Management service in AWS console. choose “Policies,” and then choose “Create policy”, select JSON and paste the below policy.

{

“Version”: “2012-10-17”,

“Statement”: [

{

“Sid”: “VisualEditor0”,

“Effect”: “Allow”,

“Action”: “ec2:CreateTags”,

“Resource”: “arn:aws:ec2:*:*:*/*”,

“Condition”: {

“StringEquals”: {

“ec2:CreateAction”: “RunInstances”

}

}

},

{

“Sid”: “VisualEditor1”,

“Effect”: “Allow”,

“Action”: “ec2:CreateTags”,

“Resource”: “arn:aws:ec2:*:*:*/*”,

“Condition”: {

“StringEquals”: {

“ec2:CreateAction”: “CreateVolume”

}

}

},

{

“Sid”: “VisualEditor2”,

“Effect”: “Allow”,

“Action”: [

“ec2:RevokeSecurityGroupIngress”,

“ec2:DetachVolume”,

“ec2:AttachVolume”,

“ec2:DeleteVolume”,

“ec2:TerminateInstances”,

“ec2:StartInstances”,

“ec2:RevokeSecurityGroupEgress”,

“ec2:StopInstances”

],

“Resource”: [

“arn:aws:ec2:*:*:dhcp-options/*”,

“arn:aws:ec2:*:*:instance/*”,

“arn:aws:ec2:*:*:volume/*”,

“arn:aws:ec2:*:*:security-group/*”

],

“Condition”: {

“StringLike”: {

“ec2:ResourceTag/Name”: “CloudEndure*”

}

}

},

{

“Sid”: “VisualEditor3”,

“Effect”: “Allow”,

“Action”: [

“ec2:RevokeSecurityGroupIngress”,

“ec2:DetachVolume”,

“ec2:AttachVolume”,

“ec2:DeleteVolume”,

“ec2:TerminateInstances”,

“ec2:StartInstances”,

“ec2:RevokeSecurityGroupEgress”,

“ec2:StopInstances”

],

“Resource”: [

“arn:aws:ec2:*:*:dhcp-options/*”,

“arn:aws:ec2:*:*:instance/*”,

“arn:aws:ec2:*:*:volume/*”,

“arn:aws:ec2:*:*:security-group/*”

],

“Condition”: {

“StringLike”: {

“ec2:ResourceTag/CloudEndure creation time”: “*”

}

}

},

{

“Sid”: “VisualEditor4”,

“Effect”: “Allow”,

“Action”: [

“ec2:DisassociateAddress”,

“ec2:CreateDhcpOptions”,

“ec2:AuthorizeSecurityGroupIngress”,

“ec2:DeregisterImage”,

“ec2:DeleteSubnet”,

“ec2:DeleteSnapshot”,

“ec2:ModifySnapshotAttribute”,

“ec2:ModifyVolumeAttribute”,

“ec2:CreateVpc”,

“ec2:AttachInternetGateway”,

“ec2:GetConsoleScreenshot”,

“ec2:GetConsoleOutput”,

“elasticloadbalancing:DescribeLoadBalancer*”,

“ec2:CreateRoute”,

“ec2:CreateInternetGateway”,

“ec2:CreateSecurityGroup”,

“ec2:CreateSnapshot”,

“ec2:ModifyVpcAttribute”,

“ec2:ModifyInstanceAttribute”,

“ec2:ReleaseAddress”,

“ec2:AuthorizeSecurityGroupEgress”,

“ec2:AssociateDhcpOptions”,

“ec2:ImportKeyPair”,

“ec2:CreateTags”,

“ec2:RegisterImage”,

“ec2:ModifyNetworkInterfaceAttribute”,

“ec2:AssociateRouteTable”,

“ec2:CreateRouteTable”,

“ec2:DetachInternetGateway”,

“iam:ListInstanceProfiles”,

“ec2:AllocateAddress”,

“ec2:ReplaceNetworkAclAssociation”,

“ec2:CreateVolume”,

“kms:ListKeys”,

“ec2:Describe*”,

“ec2:DeleteVpc”,

“iam:GetUser”,

“ec2:CreateSubnet”,

“ec2:AssociateAddress”,

“ec2:DeleteKeyPair”,

“ec2:CreateNetworkAclEntry”,

“outposts:GetOutpostInstanceTypes”

],

“Resource”: “*”

},

{

“Sid”: “MigrationHubConfig”,

“Effect”: “Allow”,

“Action”: [

“mgh:GetHomeRegion”

],

“Resource”: “*”

},

{

“Sid”: “VisualEditor5”,

“Effect”: “Allow”,

“Action”: [

“ec2:RevokeSecurityGroupIngress”,

“mgh:CreateProgressUpdateStream”,

“kms:Decrypt”,

“kms:Encrypt”,

“ec2:RevokeSecurityGroupEgress”,

“ec2:DeleteDhcpOptions”,

“ec2:RunInstances”,

“kms:DescribeKey”,

“kms:CreateGrant”,

“ec2:DeleteNetworkAclEntry”,

“kms:ReEncrypt*”,

“kms:GenerateDataKey*”

],

“Resource”: [

“arn:aws:mgh:*:*:progressUpdateStream/*”,

“arn:aws:ec2:*:*:subnet/*”,

“arn:aws:ec2:*:*:key-pair/*”,

“arn:aws:ec2:*:*:dhcp-options/*”,

“arn:aws:ec2:*:*:instance/*”,

“arn:aws:ec2:*:*:volume/*”,

“arn:aws:ec2:*:*:security-group/*”,

“arn:aws:ec2:*:*:network-acl/*”,

“arn:aws:ec2:*:*:placement-group/*”,

“arn:aws:ec2:*:*:vpc/*”,

“arn:aws:ec2:*:*:network-interface/*”,

“arn:aws:ec2:*::image/*”,

“arn:aws:ec2:*:*:snapshot/*”,

“arn:aws:kms:*:*:key/*”

]

},

{

“Sid”: “VisualEditor6”,

“Effect”: “Allow”,

“Action”: [

“ec2:CreateTags”,

“mgh:ImportMigrationTask”,

“mgh:AssociateCreatedArtifact”,

“mgh:NotifyMigrationTaskState”,

“mgh:DisassociateCreatedArtifact”,

“mgh:PutResourceAttributes”

],

“Resource”: [

“arn:aws:mgh:*:*:progressUpdateStream/*/migrationTask/*”,

“arn:aws:ec2:*:*:subnet/*”,

“arn:aws:ec2:*::network-interface/*”,

“arn:aws:ec2:*:*:dhcp-options/*”,

“arn:aws:ec2:*::snapshot/*”,

“arn:aws:ec2:*:*:security-group/*”,

“arn:aws:ec2:*::image/*”

]

},

{

“Sid”: “VisualEditor7”,

“Effect”: “Allow”,

“Action”: “ec2:Delete*”,

“Resource”: [

“arn:aws:ec2:*:*:route-table/*”,

“arn:aws:ec2:*:*:dhcp-options/*”,

“arn:aws:ec2:*:*:instance/*”,

“arn:aws:ec2:*:*:volume/*”,

“arn:aws:ec2:*:*:security-group/*”,

“arn:aws:ec2:*:*:internet-gateway/*”

],

“Condition”: {

“StringLike”: {

“ec2:ResourceTag/Name”: “CloudEndure*”

}

}

},

{

“Sid”: “VisualEditor8”,

“Effect”: “Allow”,

“Action”: “ec2:Delete*”,

“Resource”: [

“arn:aws:ec2:*:*:route-table/*”,

“arn:aws:ec2:*:*:dhcp-options/*”,

“arn:aws:ec2:*:*:instance/*”,

“arn:aws:ec2:*:*:volume/*”,

“arn:aws:ec2:*:*:security-group/*”,

“arn:aws:ec2:*:*:internet-gateway/*”

],

“Condition”: {

“StringLike”: {

“ec2:ResourceTag/CloudEndure creation time”: “*”

}

}

},

{

“Sid”: “VisualEditor9”,

“Effect”: “Allow”,

“Action”: “ec2:ModifyVolume”,

“Resource”: “arn:aws:ec2:*:*:volume/*”,

“Condition”: {

“StringLike”: {

“ec2:ResourceTag/Name”: “CloudEndure*”

}

}

},

{

“Sid”: “VisualEditor10”,

“Effect”: “Allow”,

“Action”: “cloudwatch:GetMetricData”,

“Resource”: “*”

}

]

}

• Create a new user by navigating to “Users” in the IAM console and attach the above created policy to the user
• Navigate back to cloudendure console and select the project then click on “Setup & Info” tab from the left menu and navigate to “AWS Credentials.” paste the AWS access key ID and secret access key of the user created in the previous step into the corresponding fields, and then choose “Save.”

4. Configure replication settings

• In the CloudEndure user console, navigate to “Setup & Info,” and then choose “Replication settings.”
• Select source as “other Infrastructure” and target as the required aws region. Keep the rest of the settings as default and save.

5. Install CloudEndure agents on source Azure virtual machines

• In the CloudEndure user console, navigate to “Machines,” “Machine Actions,” “Add Machines.” Follow the instruction provided for linux machine.
• Once the installation is completed the agent identifies the disks and starts the initial sync. The server will get listed under machines in cloudendure console.

6. Configure the target machine’s blueprint

• In the CloudEndure console, choose a machine and then choose the Blueprint tab and enter the desired target environment parameters and save.

Important: Make sure the subnet chosen for the target machine has an IP range that can accommodate your source machine’s IP.

• CloudEndure launches a replication server in the target AWS account for the continuous data replication as specified in the replication settings. Replicated data is in the form of EBS snapshots.
• Once the data replication has finished and there is no lag seen on the CloudEndure console Launch the target machine in test mode for testing.
• In the CloudEndure console, in the Machines tab, select the box to the left of each source machine.
• In the “Launch x Target Machines” menu, choose “Test Mode. ” Choose “Continue” when prompted and the machines will be launched.
• Test Instance is launched in the same network as mentioned earlier in the Blueprint. It also uses the same security group as mentioned in the Blueprint.

• To test the target server, log in to the migrated server with the same username and password you used for the source server and edit the inbound rules in the security groups to allow traffic to the migrated server.

7. Schedule and perform a cutover

• In the Machines tab, select the box to the left of each source machine.
• In the “Launch x Target Machines” menu, choose “Cutover Mode.”
• Choose “Continue” when prompted. The machines will be launched.
• CloudEndure terminates the server which was launched in Test mode and replaces the server with a new one with the latest replicated data.