Professional Documents
Culture Documents
e OVERVIEW
Common questions
Get started
g TUTORIAL
Start deployment
` DEPLOY
Manage
c HOW-TO GUIDE
Business case
Learn more
d TRAINING
Get involved
b GET STARTED
Unified migration platform: A single portal to start, run, and track your migration
to Azure.
Range of tools: A range of tools for assessment and migration. Azure Migrate
tools include Azure Migrate: Discovery and assessment and Migration and
modernization. Azure Migrate also integrates with other Azure services and tools,
and with independent software vendor (ISV) offerings.
Assessment, migration, and modernization: In the Azure Migrate hub, you can
assess, migrate, and modernize:
Servers, databases and web apps: Assess on-premises servers including web
apps and SQL Server instances and migrate them to Azure.
Databases: Assess on-premises SQL Server instances and databases to migrate
them to an SQL Server on an Azure VM or an Azure SQL Managed Instance or
to an Azure SQL Database.
Web applications: Assess on-premises web applications and migrate them to
Azure App Service and Azure Kubernetes Service.
Virtual desktops: Assess your on-premises virtual desktop infrastructure (VDI)
and migrate it to Azure Virtual Desktop.
Data: Migrate large amounts of data to Azure quickly and cost-effectively using
Azure Data Box products.
Integrated tools
The Azure Migrate hub includes these tools:
Azure Discover and assess Discover and assess on-premises servers running on
Migrate: servers including SQL VMware, Hyper-V, and physical servers in
Discovery and and web apps preparation for migration to Azure.
assessment
Tool Assess and migrate Details
Migration and Migrate servers Migrate VMware VMs, Hyper-V VMs, physical
modernization servers, other virtualized servers, and public cloud
VMs to Azure.
Web app Assess on-premises web Azure App Service Migration Assistant is a
migration apps and migrate them standalone tool to assess on-premises websites for
assistant to Azure. migration to Azure App Service.
Azure Data Migrate offline data Use Azure Data Box products to move large
Box amounts of offline data to Azure. Learn more.
7 Note
If you're in Azure Government, external integrated tools and ISV offerings can't
send data to Azure Migrate. You can use tools independently.
ISV integration
Azure Migrate integrates with several ISV offerings.
ISV Feature
Azure readiness: Assesses whether on-premises servers, SQL Servers and web apps
are ready for migration to Azure.
Azure sizing: Estimates the size of Azure VMs/Azure SQL configuration/number of
Azure VMware Solution nodes after migration.
Azure cost estimation: Estimates costs for running on-premises servers in Azure.
Dependency analysis: Identifies cross-server dependencies and optimization
strategies for moving interdependent servers to Azure. Learn more about
Discovery and assessment with dependency analysis.
The Discovery and assessment tool uses a lightweight Azure Migrate appliance that you
deploy on-premises.
The appliance runs on a VM or physical server. You can install it easily using a
downloaded template.
The appliance discovers on-premises servers. It also continually sends server
metadata and performance data to Azure Migrate.
Appliance discovery is agentless. Nothing is installed on discovered servers.
After appliance discovery, you can gather discovered servers into groups and run
assessments for each group.
Migration and modernization tool
The Migration and modernization tool helps in migrating servers to Azure:
Migrate Details
On-premises You can migrate physical servers to Azure. You can also migrate other
physical servers virtualized servers, and VMs from other public clouds, by treating them as
or servers physical servers for the purpose of migration. The Migration and
hosted on other modernization tool uses a replication appliance for the migration.
clouds
Web apps You can perform agentless migration of ASP.NET web apps at-scale to Azure
hosted on App Service using Azure Migrate.
Windows OS in
a VMware
environment
To get started, obtain a license or sign up for a free trial by following the tool
instructions. Each ISV or tool specifies tool licensing.
Each tool has an option to connect to Azure Migrate. Follow the tool instructions
to connect.
Track your migration across all tools from within the project.
Movere
Movere is a Software as a Service (SaaS) platform. It increases business intelligence by
accurately presenting entire IT environments within a single day. Organizations and
enterprises grow, change, and digitally optimize. As they do so, Movere provides them
with the needed confidence to see and control their environments, whatever the
platform, application, or geography.
Microsoft acquired Movere, and it's no longer sold as a standalone offer. Movere is
available through Microsoft Solution Assessment and Microsoft Cloud Economics
Program. Learn more about Movere.
We encourage you to also look at Azure Migrate, our built-in migration service. Azure
Migrate provides a central hub to simplify your cloud migration. The hub
comprehensively supports workloads like physical and virtual servers, databases, and
applications. End-to-end visibility lets you easily track progress throughout discovery,
assessment, and migration.
With both Azure and partner ISV tools built in, Azure Migrate has an extensive range of
features, including:
If you're looking for expert help to get started, Microsoft has skilled Azure Expert
Managed Service Providers to guide you. Check out the Azure Migrate website .
Current version: Use this version to create projects, discover on-premises servers,
and orchestrate assessments and migrations. Learn more about what's new in this
version.
Previous version: The previous version of Azure Migrate, also known as classic
Azure Migrate, supports only assessment of on-premises servers running on
VMware. Classic Azure Migrate is retiring in Feb 2024. After Feb 2024, classic
version of Azure Migrate will no longer be supported and the inventory metadata
in classic projects will be deleted. You can't upgrade projects or components in the
previous version to the new version. You need to create a new project, and add
assessment and migration tools to it. Use the tutorials to understand how to use
the assessment and migration tools available. If you had a Log Analytics workspace
attached to a classic project, you can attach it to a project of current version after
you delete the classic project.
To access existing projects in the Azure portal, search for and select Azure Migrate.
The Azure Migrate dashboard has a notification and a link to access old projects.
Next steps
Try our tutorials to assess VMware VMs, Hyper-V VMs, or physical servers.
Review frequently asked questions about Azure Migrate.
What's new in Azure Migrate
Article • 05/15/2023
Azure Migrate helps you to discover, assess, and migrate on-premises servers, apps, and
data to the Microsoft Azure cloud. This article summarizes new releases and features in
Azure Migrate.
Public Preview: Build business case using Azure Migrate for servers and workloads
running in your VMware environment. It helps you eliminate guess work in your
cost planning process and adds data driven insights to understand how Azure can
bring the most value to your business.
Key highlights:
On-premises vs Azure total cost of ownership.
Year on year cashflow analysis.
Resource utilization based insights to identify servers and workloads that are
ideal for cloud.
Quick wins for migration and modernization including end of support Windows
OS and SQL versions.
Long term cost savings by moving from a capital expenditure model to an
Operating expenditure model, by paying for only what you use.
General availability: Discover, assess, and migrate servers over a private network
using Azure Private Link. Learn more.
You can discover and assess VMware VMs, Hyper-V VMs, and physical servers.
You can migrate VMware VMs, Hyper-V VMs, and physical servers to Azure.
For VMware migration, you can use agentless or agent-based migration. Learn
more.
Review supported geographies and regions for Azure Government.
Agent-based dependency analysis isn't supported in Azure Government.
Features in preview are supported in Azure Government, agentless dependency
analysis, and application discovery.
Learn more about using tools and ISV offerings for assessment and migration in Azure
Migrate.
This article answers common questions about Azure Migrate. If you've questions after
you read this article, you can post them in the Azure Migrate forum . You also can
review these articles:
Using Azure Migrate provides interoperability and future extensibility with Azure
Migrate tools, other Azure services, and third-party tools.
The Migration and modernization tool is purpose-built for server migration to
Azure. It's optimized for migration. You don't need to learn about concepts and
scenarios that aren't directly relevant to migration.
There are no tool usage charges for migration for 180 days, from the time
replication is started for a VM. It gives you time to complete migration. You only
pay for the storage and network resources used in replication, and for compute
charges consumed during test migrations.
Azure Migrate supports all migration scenarios supported by Site Recovery. Also,
for VMware VMs, Azure Migrate provides an agentless migration option.
We're prioritizing new migration features for the Migration and modernization tool
only. These features aren't targeted for Site Recovery.
The Migration and modernization tool uses some back-end Site Recovery functionality
for lift-and-shift migration of some on-premises machines.
Azure Migrate doesn't move or store customer data outside of the region allocated,
guaranteeing data residency and resiliency in the same geography.
Does Azure Migrate offer Backup and Disaster
Recovery?
Azure Migrate is classified as customer managed Disaster Recovery, which means Azure
Migrate doesn't offer to recover data from an alternate region and offer it to customers
when the project region isn't available.
While using different capabilities, it's recommended that you export the software
inventory, dependency analysis, and assessment report for an offline backup.
In the event of a regional failure or outage in the Azure region that your project is
created in:
You may not be able to access your Azure Migrate projects, assessments, and other
reports for the duration of the outage. However, you can use the offline copies
that you've exported.
Any in-progress replication and/or migration will be paused and you might have to
restart it post the outage.
1. Get started by obtaining a license, or sign up for a free trial, in accordance with the
tool policy. Licensing for tools is in accordance with the ISV or tool licensing
model.
2. In each tool, there's an option to connect to Azure Migrate. Follow the tool
instructions and documentation to connect the tool with Azure Migrate.
You can track your migration journey from within the Azure Migrate project, across
Azure, and in other tools.
Next steps
Read the Azure Migrate overview.
Azure Migrate appliance: Common
questions
Article • 12/12/2022 • 8 minutes to read
This article answers common questions about the Azure Migrate appliance. If you have
other questions, check these resources:
The appliance can be deployed using a template for servers running in VMware or
Hyper-V environment (OVA template for VMware or VHD for Hyper-V).
If you don't want to use a template, you can deploy the appliance for VMware or
Hyper-V environment using a PowerShell installer script.
In Azure Government, you should deploy the appliance using a PowerShell installer
script. Refer to the steps of deployment here.
For physical or virtualized servers on-premises or any other cloud, you always
deploy the appliance using a PowerShell installer script.Refer to the steps of
deployment here.
Metadata is securely sent to the Azure Migrate service over the internet via HTTPS.
Metadata is stored in an Azure Cosmos DB database and in Azure Blob storage in a
Microsoft subscription. The metadata is encrypted at rest for storage.
The data for dependency analysis also is encrypted in transit (by secure HTTPS). It's
stored in a Log Analytics workspace in your subscription. The data is encrypted at
rest for dependency analysis.
1. The appliance connects to vCenter Server (port 443) by using the credentials you
provided when you set up the appliance.
2. The appliance uses VMware PowerCLI to query vCenter Server to collect metadata
about the servers that are managed by vCenter Server.
3. The appliance collects configuration data about servers (cores, memory, disks,
NICs) and the performance history of each server for the past month.
4. The collected metadata is sent to the Azure Migrate: Discovery and assessment
tool (over the internet via HTTPS) for assessment.
The only way to delete the appliance is to delete the resource group that contains the
project that's associated with the appliance.
However, deleting the resource group also deletes other registered appliances, the
discovered inventory, assessments, and all other Azure components in the resource
group that are associated with the project.
Also, you cannot reuse an existing project key on a reconfigured appliance. Make sure
you generate a new key from the desired subscription/project to complete the appliance
registration.
Only the appliance and the appliance agents are updated by these automatic updates.
The operating system is not updated by Azure Migrate automatic updates. Use
Windows Updates to keep the operating system up to date.
If no certificate has been provisioned on the server when it starts up, SQL Server
generates a self-signed certificate that is used to encrypt login packets. Learn more.
Next steps
Read the Azure Migrate overview.
Discovery and dependency analysis -
Common questions
Article • 03/31/2023 • 3 minutes to read
This article answers common questions about discovery and dependency analysis in
Azure Migrate. If you've other questions, check these resources:
7 Note
Agent-based dependency analysis isn't available in Azure Government. You can use
agentless dependency analysis
Log Analytics Not required. Azure Migrate uses the Service Map
solution in Azure Monitor logs for
dependency visualization. Learn more.
How it works Captures TCP connection data on Service Map agents installed on a
machines enabled for dependency machine gather data about TCP
visualization. After discovery, it processes and inbound/outbound
gathers data at intervals of five connections for each process.
minutes.
Data Source machine server name, process, Source machine server name, process,
application name. application name.
Visualization Dependency map of single server can Dependency map of a single server.
be viewed over a duration of one hour
to 30 days. Map can be viewed over an hour only.
Data export Last 30 days data can be downloaded Data can be queried with Log Analytics.
in a CSV format.
You need these agents only if you use agent-based dependency visualization.
For agentless visualization, you can view the dependency map of a single server from a
duration of between an hour and 30 days.
Next steps
Read the Azure Migrate overview.
Assessment - Common questions
Article • 12/13/2022 • 18 minutes to read
This article answers common questions about assessments in Azure Migrate. If you've
other questions, check these resources:
If the servers are powered on for the duration for which you're creating the
assessment
If only memory counters are missing and you're trying to assess servers in Hyper-V
environment. In this scenario, enable dynamic memory on the servers and
'Recalculate' the assessment to reflect the latest changes. The appliance can collect
memory utilization values for severs in Hyper-V environment only when the server
has dynamic memory enabled.
If all of the performance counters are missing, ensure that outbound connections
on ports 443 (HTTPS) are allowed.
7 Note
If the SQL Servers are powered on for the duration for which you're creating the
assessment.
If the connection status of the SQL agent in Azure Migrate is 'Connected', and
check the last heartbeat.
If Azure Migrate connection status for all SQL instances is 'Connected' in the
discovered SQL instance section.
If all of the performance counters are missing, ensure that outbound connections
on ports 443 (HTTPS) are allowed.
If any of the performance counters are missing, Azure SQL assessment recommends the
smallest Azure SQL configuration for that instance/database.
You didn't profile your environment for the duration for which you're creating the
assessment. For example, if you're creating an assessment with performance
duration set to one week, you need to wait for at least a week after you start the
discovery for all the data points to get collected. If you can't wait for the duration,
change the performance duration to a smaller period and Recalculate the
assessment.
Assessment isn't able to collect the performance data for some or all the servers in
the assessment period. For a high confidence rating, ensure that:
Servers are powered on for the duration of the assessment
Outbound connections on ports 443 are allowed
For Hyper-V Servers, dynamic memory is enabled
The connection status of agents in Azure Migrate are 'Connected' and check the
last heartbeat
For Azure SQL assessments, Azure Migrate connection status for all SQL
instances is "Connected" in the discovered SQL instance section.
For Azure VM and AVS assessments, few servers were created after discovery had
started. For example, if you're creating an assessment for the performance history
of last one month, but few servers were created in the environment only a week
ago. In this case, the performance data for the new servers won't be available for
the entire duration and the confidence rating would be low. Learn more.
For Azure SQL assessments, few SQL instances or databases were created after
discovery had started. For example, if you're creating an assessment for the
performance history of last one month, but few SQL instances or databases were
created in the environment only a week ago. In this case, the performance data for
the new servers won't be available for the entire duration and the confidence
rating would be low. Learn more.
The processor benchmark numbers are now considered along with the resource
utilization to ensure, we match the processor performance of your on-premises VMware
environment and recommend the target Azure SKU sizes accordingly. This is a way to
further improve the assessment recommendations to match your performance needs
more closely.
Due to this, the target Azure VM cost can differ from your earlier assessments of the
same target. Also, the number of cores allocated in the target Azure SKU could also vary
if the processor performance of target is a match for your on-premises VMware
environment.
You've chosen an Azure region where a particular series isn't supported. Azure VM
families shown in Azure VM assessment properties are dependent on the
availability of the VM series in the chosen Azure location, storage type and
Reserved Instance.
The VM series isn't support in the assessment and isn't in the consideration logic
of the assessment. We currently don't support B-series burstable, accelerated and
high performance SKU series. We're trying to keep the VM series updated, and the
ones mentioned are on our roadmap.
The number of Azure VM or AVS assessments
on the Discovery and assessment tool are
incorrect
To remediate this, select the total number of assessments to navigate to all the
assessments and recalculate the Azure VM or AVS assessment. The discovery and
assessment tool will then show the correct count for that assessment type.
The discovery is still in progress. We recommend that you wait for some time for
the appliance to profile the environment and then recalculate the assessment.
There are some discovery issues that you need to fix in Errors and notifications.
The SQL discovery is performed once every 24 hours and you might need to wait upto a
day for the latest configuration changes to reflect.
If you provisioned a 200 GiB Ultra Disk, with 20,000 IOPS and 1,000 MB/second and
deleted it after 20 hours, it will map to the disk size offer of 256 GiB and you'll be billed
for the 256 GiB, 20,000 IOPS and 1,000 MB/second for 20 hours.
For example, if an on-premises server has 4 cores and 8 GB of memory at 50% CPU
utilization and 50% memory utilization:
As-on-premises sizing will recommend an Azure VM SKU that has 4 cores and 8 GB
of memory.
Performance-based sizing will recommend a VM SKU that has 2 cores and 4 GB of
memory because the utilization percentage is considered.
Performance history
For performance-based sizing only, Azure Migrate collects the performance history of
on-premises machines, and then uses it to recommend the VM size and disk type in
Azure:
Utilization
When you create an assessment in Azure, depending on performance duration and the
performance history percentile value that is set, Azure Migrate calculates the effective
utilization value, and then uses it for sizing.
For example, if you set the performance duration to one day and the percentile value to
95th percentile, Azure Migrate sorts the 15-minute sample points sent by the collector
for the past day in ascending order. It picks the 95th percentile value as the effective
utilization.
Using the 95th percentile value ensures that outliers are ignored. Outliers might be
included if your Azure Migrate uses the 99th percentile. To pick the peak usage for the
period without missing any outliers, set Azure Migrate to use the 99th percentile.
How are import-based assessments different
from assessments with discovery source as
appliance?
Import-based Azure VM assessments are assessments created with machines that are
imported into Azure Migrate using a CSV file. Only four fields are mandatory to import:
Server name, cores, memory, and operating system. Here are some things to note:
Next steps
Read the Azure Migrate overview.
Business case (preview) - Common
questions
Article • 04/25/2023
This article answers common questions about Business case in Azure Migrate. If you
have other questions, check these resources:
General
1. Go to a business case and select Edit assumptions and choose Azure assumptions.
2. Select Reset next to Performance history duration date range is outdated
warning. You could also choose to change any other setting.
3. Select Save.
This will recalculate the business case with the updated assumptions and will enable the
export gesture.
A Business case helps you understand on-premises cost estimates, Azure cost estimates
and potential savings (TCO and YoY). It helps you understand Why Azure? and helps
understand the quick wins and unique Azure Benefits.
Azure You can get the most cost efficient For SQL Servers, sizing and cost comes
recommended and compatible target from the Recommended report with
to minimize recommendation in Azure across optimization strategy- minimize cost
cost Azure IaaS and Azure PaaS targets from Azure SQL assessment.
Migrate to all You can get a quick lift and shift For SQL Servers, sizing and cost comes
IaaS recommendation to Azure IaaS. from the Instance to SQL Server on Azure
(Infrastructure VM report.
as a Service)
For general servers and servers hosting
web apps, sizing and cost comes from
Azure VM assessment.
Modernize to You can get a PaaS preferred For SQL Servers, sizing and cost comes
PaaS recommendation that means, the from the Recommended report with
(Platform as a logic identifies workloads best fit optimization strategy - Modernize to PaaS
Service) for PaaS targets. from Azure SQL assessment.
General servers are recommended For web apps, sizing and cost comes from
with a quick lift and shift Azure App Service assessment. For
recommendation to Azure IaaS. general servers, sizing and cost comes
from Azure VM assessment.
7 Note
Next steps
Learn more about how to build a Business case.
Learn more about how to review the Business case reports.
Migration and modernization: Common
questions
Article • 03/31/2023 • 22 minutes to read
This article answers common questions about the Migration and modernization tool. If
you've other questions, check these resources:
General questions
Regardless of the migration option chosen, the first step to migrate a server using the
Migration and modernization tool is to start replication for the server. This performs an
initial replication of your VM/server data to Azure. After the initial replication is
completed, an ongoing replication (ongoing delta-sync) is established to migrate
incremental data to Azure. Once the operation reaches the delta-sync stage, you can
choose to migrate to Azure at any time.
Here are some considerations to keep in mind while deciding on the migration option.
Agentless migrations don't require any software (agents) to be deployed on the source
VMs/servers being migrated. The agentless option orchestrates replication by
integrating with the functionality provided by the virtualization provider. The Agentless
replication options are available for VMware VMs and Hyper-V VMs.
While the agentless migration offers another convenience and simplicity over the agent-
based replication options for the supported scenarios (VMware and Hyper-V), you may
want to consider using the agent-based scenario for the following use cases:
To learn more, review this article to compare migration options for VMware migrations.
For agentless VMware migrations, the target region is locked once you enable the
first replication.
For agent-based migrations (VMware, physical servers, and servers from other
clouds), the target region is locked once the “Create Resources” button is selected
on the portal while setting up the replication appliance.
For agentless Hyper-V migrations, the target region is locked once the “Create
Resources” button is selected on the portal while setting up the Hyper-V
replication provider.
The applications can continue to run at the source while letting you perform tests on a
cloned copy in an isolated sandbox environment. You can perform multiple tests, as
needed, to validate the migration, perform app testing, and address any issues before
the actual migration.
Is there a Rollback option for Azure Migrate?
You can use the Test Migration option to validate your application functionality and
performance in Azure. You can perform any number of test migrations and can execute
the final migration after establishing confidence through the test migration operation. A
test migration doesn’t affect the on-premises machine, which remains operational and
continues replicating until you perform the actual migration. If there were any errors
during the test migration UAT, you can choose to postpone the final migration and keep
your source VM/server running and replicating to Azure. You can reattempt the final
migration once you resolve the errors. Note: Once you've performed a final migration to
Azure and the on-premises source machine was shut down, you can't perform a rollback
from Azure to your on-premises environment.
If a target subnet (other than default) was specified as an input while enabling
replication, then Azure Migrate prioritizes using a subnet with the same name in
the Virtual Network selected for the test migration.
If the subnet with the same name isn't found, then Azure Migrate selects the first
subnet available alphabetically that isn't a Gateway/Application
Gateway/Firewall/Bastion subnet.
However, if you still choose to migrate your Windows Server 2003 to Azure, you can use
the Migration and modernization tool if your Windows Server is a VM running on
VMware or Hyper-V Review this article to prepare your Windows Server 2003 machines
for migration.
When replication is configured for a virtual machine, it first goes through an initial
replication phase. During initial replication, a VM snapshot is taken, and a full copy of
data from the snapshot disks are replicated to managed disks in your subscription. After
initial replication for the VM is complete, the replication process transitions to an
incremental replication (delta replication) phase. In the incremental replication phase,
data changes that have occurred since the last completed replication cycle are
periodically replicated and applied to the replica managed disks, thus keeping
replication in sync with changes happening on the VM. In the case of VMware virtual
machines, VMware changed block tracking technology is used to keep track of changes
between replication cycles. At the start of the replication cycle, a VM snapshot is taken
and changed block tracking is used to get the changes between the current snapshot
and the last successfully replicated snapshot. That way only data that has changed since
the last completed replication cycle needs to be replicated to keep replication for the
VM in sync. At the end of each replication cycle, the snapshot is released, and snapshot
consolidation is performed for the virtual machine. Similarly, in the case of Hyper-V
virtual machines, the Hyper-V replica change tracking engine is used to keep track of
changes between consecutive replication cycles.
When you perform the migrate operation on a replicating virtual machine, you've the
option to shut down the on-premises virtual machine, and perform one final
incremental replication to ensure zero data loss. On performing the migration, the
replica managed disks corresponding to the virtual machine are used to create the
virtual machine in Azure.
To get started, refer the VMware agentless migration and Hyper-V agentless migration
tutorials.
When replication starts for a VM, an initial replication cycle occurs in which full copies of
the disks are replicated. After the initial replication is completed, incremental replication
cycles (delta cycles) are scheduled periodically to transfer any changes that have
occurred since the previous replication cycle.
You can work out the bandwidth requirement based on the volume of data needed to
be moved in the wave and time within which you would like initial replication to
complete (ideally you’d want initial replication to have completed at least 3-4 days prior
to the actual migration window to give you sufficient time to perform a test migration
prior to the actual window and to keep downtime to a minimum during the window).
You can estimate the bandwidth or time needed for agentless VMware VM migration
using the following formula:
Time to complete initial replication = {size of disks (or used size if available) * 0.7
(assuming a 30 percent compression average – conservative estimate)}/bandwidth
available for replication.
PowerShell
In order to increase and decrease replication bandwidth based on a schedule, you can
leverage Windows scheduled task to scale the bandwidth as needed. One task will be
used to decrease the bandwidth, and another task will be used to increase the
bandwidth. Note: You need to create the NetQosPolicy, outlined above, prior to
executing the commands below.
PowerShell
#Timezone set on the Azure Migrate Appliance (VM) will be used; change the
frequency to meet your needs
#In this example, the bandwidth is being throttled every weekday at 8:00 AM
local time
#The bandwidth is being increased every weekday at 6:00 PM local time
$ThrottleBandwidthTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek
Monday,Tuesday,Wednesday,Thursday,Friday -At 8:00am
$IncreaseBandwidthTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek
Monday,Tuesday,Wednesday,Thursday,Friday -At 6:00pm
For example, if a VM takes four hours for a delta cycle, the next cycle is scheduled in two
hours, and not in the next hour. The process is different immediately after initial
replication, when the first delta cycle is scheduled immediately.
The agent-based migration method uses agent software installed on the server being
migrated to replicate server data to Azure. The replication process uses an offload
architecture in which the agent relays replication data to a dedicated replication server
called the replication appliance or Configuration Server (or to a scale-out Process
Server). Learn more about how the agent-based migration option works.
Note: The replication appliance is different from the Azure Migrate discovery appliance
and must be installed on a separate/dedicated machine.
When replication starts for a VM, an initial replication cycle occurs in which full copies of
the disks are replicated. After the initial replication is completed, incremental replication
cycles (delta cycles) are scheduled periodically to transfer any changes that have
occurred since the previous replication cycle.
For an agent-based method of replication, the Deployment Planner can help profile the
environment for the data churn and help predict the necessary bandwidth requirement.
To learn more, view this article
When replication is configured for a virtual machine, it first goes through an initial
replication phase. During initial replication, a VM snapshot is taken, and a full copy of
data from the snapshot disks are replicated to managed disks in your subscription. After
initial replication for the VM is complete, the replication process transitions to an
incremental replication (delta replication) phase. In the incremental replication phase,
data changes that have occurred since the last completed replication cycle are
periodically replicated and applied to the replica managed disks, thus keeping
replication in sync with changes happening on the VM. In the case of VMware virtual
machines, VMware changed block tracking technology is used to keep track of changes
between replication cycles. At the start of the replication cycle, a VM snapshot is taken
and changed block tracking is used to get the changes between the current snapshot
and the last successfully replicated snapshot. That way only data that has changed since
the last completed replication cycle needs to be replicated to keep replication for the
VM in sync. At the end of each replication cycle, the snapshot is released, and snapshot
consolidation is performed for the virtual machine. Similarly, in the case of Hyper-V
virtual machines, the Hyper-V replica change tracking engine is used to keep track of
changes between consecutive replication cycles.
When you perform the migrate operation on a replicating virtual machine, you've the
option to shut down the on-premises virtual machine, and perform one final
incremental replication to ensure zero data loss. On performing the migration, the
replica managed disks corresponding to the virtual machine are used to create the
virtual machine in Azure.
When replication starts for a VM, an initial replication cycle occurs in which full copies of
the disks are replicated. After the initial replication is completed, incremental replication
cycles (delta cycles) are scheduled periodically to transfer any changes that have
occurred since the previous replication cycle.
You can work out the bandwidth requirement based on the volume of data needed to
be moved in the wave and time within which you would like initial replication to
complete (ideally you’d want initial replication to have completed at least 3-4 days prior
to the actual migration window to give you sufficient time to perform a test migration
prior to the actual window and to keep downtime to a minimum during the window).
Next steps
Read the Azure Migrate overview.
Quickstart: Create an Azure Migrate
project using an ARM template
Article • 04/13/2023
This quickstart describes how to set up an Azure Migrate project Recovery by using an
Azure Resource Manager template (ARM template). Azure Migrate provides a
centralized hub to assess and migrate to Azure on-premises servers, infrastructure,
applications, and data. Azure Migrate supports assessment and migration of on-
premises VMware VMs, Hyper-V VMs, physical servers, other virtualized VMs, databases,
web apps, and virtual desktops.
This template creates an Azure Migrate project that will be used further for assessing
and migrating your Azure on-premises servers, infrastructure, applications, and data.
A resource manager template is a JavaScript Object Notation (JSON) file that defines the
infrastructure and configuration for your project. The template uses declarative syntax.
In declarative syntax, you describe your intended deployment without writing the
sequence of programming commands to create the deployment.
If your environment meets the prerequisites and you're familiar with using ARM
templates, select the Deploy to Azure button. The template will open in the Azure
portal.
Prerequisites
If you don't have an active Azure subscription, you can create a free account before
you begin.
JSON
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"migrateProjectName": {
"type": "string",
"maxLength": 13,
"metadata": {
"description": "Specifies a name for creating the migrate
project."
}
},
"location": {
"type": "string",
"allowedValues": [
"centralus",
"eastasia",
"northeurope",
"westeurope",
"westus2",
"australiasoutheast",
"uksouth",
"ukwest",
"canadacentral",
"centralindia",
"southindia",
"japaneast",
"japanwest",
"brazilsouth",
"koreasouth",
"koreacentral",
"francecentral",
"switzerlandnorth",
"australiaeast",
"southeastasia",
"centraluseuap",
"eastus2euap",
"canadaeast",
"southcentralus",
"usgovvirginia",
"usgovarizona"
],
"metadata": {
"description": "Specifies the location for all resources."
}
}
},
"resources": [
{
"type": "Microsoft.Migrate/MigrateProjects",
"apiVersion": "2020-05-01",
"name": "[parameters('migrateProjectName')]",
"location": "[parameters('location')]",
"tags": {
"Migrate Project": "[parameters('migrateProjectName')]"
},
"properties": {}
},
{
"type": "Microsoft.Migrate/MigrateProjects/Solutions",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('migrateProjectName'), '/Servers-
Assessment-ServerAssessment')]",
"dependsOn": [
"[resourceId('Microsoft.Migrate/MigrateProjects',
parameters('migrateProjectName'))]"
],
"properties": {
"tool": "ServerAssessment",
"purpose": "Assessment",
"goal": "Servers",
"status": "Active"
}
},
{
"type": "Microsoft.Migrate/MigrateProjects/Solutions",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('migrateProjectName'), '/Servers-
Discovery-ServerDiscovery')]",
"dependsOn": [
"[resourceId('Microsoft.Migrate/MigrateProjects',
parameters('migrateProjectName'))]"
],
"properties": {
"tool": "ServerDiscovery",
"purpose": "Discovery",
"goal": "Servers",
"status": "Inactive"
}
},
{
"type": "Microsoft.Migrate/MigrateProjects/Solutions",
"apiVersion": "2020-05-01",
"name": "[concat(parameters('migrateProjectName'), '/Servers-
Migration-ServerMigration')]",
"dependsOn": [
"[resourceId('Microsoft.Migrate/MigrateProjects',
parameters('migrateProjectName'))]"
],
"properties": {
"tool": "ServerMigration",
"purpose": "Migration",
"goal": "Servers",
"status": "Active"
}
}
]
}
1. To sign in to Azure and open the template, select the Deploy to Azure image.
1. Navigate to Azure Migrate by searching for Azure Migrate in the search bar on the
Azure portal.
2. Click the Discover, Assess, and Migrate button under the Servers, databases and
web apps tile.
3. Select the Azure subscription and Project as per the values specified in the
deployment.
Next steps
In this quickstart, you created an Azure Migrate project. To learn more about Azure
Migrate and its capabilities, continue to the Azure Migrate overview.
As part of your migration journey to Azure, you discover your on-premises inventory and workloads.
This tutorial shows you how to discover the servers that are running in your VMware environment by
using the Azure Migrate: Discovery and assessment tool, a lightweight Azure Migrate appliance. You
deploy the appliance as a server running in your vCenter Server instance, to continuously discover
servers and their performance metadata, applications that are running on servers, server
dependencies, web apps, and SQL Server instances and databases.
7 Note
Tutorials show you the quickest path for trying out a scenario. They use default options where
possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you begin this tutorial, check that you have these prerequisites in place:
Requirement Details
vCenter You need a server running vCenter Server version 7.0, 6.7, 6.5, 6.0, or 5.5.
Server/ESXi
host Servers must be hosted on an ESXi host running version 5.5 or later.
On the vCenter Server, allow inbound connections on TCP port 443 so that the appliance can
collect configuration and performance metadata.
The appliance connects to vCenter Server on port 443 by default. If the server running vCenter
Server listens on a different port, you can modify the port when you provide the vCenter Server
details in the appliance configuration manager.
On the ESXi hosts, make sure that inbound access is allowed on TCP port 443 for discovery of
installed applications and for agentless dependency analysis on servers.
Requirement Details
Azure vCenter Server must have these resources to allocate to a server that hosts the Azure Migrate
Migrate appliance:
appliance
- 32 GB of RAM, 8 vCPUs, and approximately 80 GB of disk storage.
- An external virtual switch and internet access on the appliance server, directly or via a proxy.
Servers All Windows and Linux OS versions are supported for discovery of configuration and
performance metadata.
For application discovery on servers, all Windows and Linux OS versions are supported. Check
the OS versions supported for agentless dependency analysis.
For discovery of installed applications and for agentless dependency analysis, VMware Tools
(version 10.2.1 or later) must be installed and running on servers. Windows servers must have
PowerShell version 2.0 or later installed.
To discover SQL Server instances and databases, check supported SQL Server and Windows OS
versions and editions and Windows authentication mechanisms.
To discover ASP.NET web apps running on IIS web server, check supported Windows OS and IIS
versions.
To discover Java web apps running on Apache Tomcat web server, check supported Linux OS
and Tomcat versions.
SQL Server To discover SQL Server instances and databases, the Windows or SQL Server account must be a
access member of the sysadmin server role or have these permissions for each SQL Server instance.
If you created a free Azure account, by default, you're the owner of the Azure subscription. If you're
not the subscription owner, work with the owner to assign permissions.
1. In the Azure portal, search for "subscriptions." Under Services in the search results, select
Subscriptions.
2. In Subscriptions, select the subscription in which you want to create a project.
4. Select Add > Add role assignment to open the Add role assignment page.
5. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.
Setting Value
Members azmigrateuser
To give the account the required permissions to register Azure AD apps:
1. In the portal, go to Azure Active Directory > Users > User Settings.
2. In User settings, verify that Azure AD users can register applications (set to Yes by default).
3. If App registrations is set to No, request the tenant, or global admin to assign the required
permissions. Alternately, the tenant or global admin can assign the Application Developer role
to an account to allow Azure AD app registration by users. Learn more.
Prepare VMware
On vCenter Server, check that your account has permissions to create a VM by using a VMware Open
Virtualization Appliance (OVA) virtual machine (VM) installation file. You must have these permissions
when you deploy the Azure Migrate appliance as a VMware VM by using an OVA file.
Azure Migrate must have a vCenter Server read-only account to discover and assess servers running
in your VMware environment. If you also want to run discovery of installed applications and
agentless dependency analysis, the account must have permissions enabled in VMware for VM guest
operations.
1. From an account that has admin privileges, in vSphere Web Client, on the Home menu, select
Administration.
5. In the menu under Administration, under Access Control, select Global Permissions.
6. Select the user account, and then select Read-only to assign the role to the account. Select OK.
7. To be able to start discovery of installed applications and agentless dependency analysis, in the
menu under Access Control, select Roles. In the Roles pane, under Roles, select Read-only.
Under Privileges, select Guest operations. To propagate the privileges to all objects in the
vCenter Server instance, select the Propagate to children checkbox.
7 Note
You can scope the vCenter Server account to limit discovery to specific vCenter Server
datacenters, clusters, hosts, folders of clusters or hosts, or individual servers. Learn how to scope
the vCenter Server user account.
7 Note
vCenter assets connected via Linked-Mode to the vCenter server specified for discovery will not
be discovered by Azure Migrate.
For Windows servers and web apps discovery, create an account (local or domain) that has
administrator permissions on the servers. To discover SQL Server instances and databases, the
Windows or SQL Server account must be a member of the sysadmin server role. Learn how to
assign the required role to the user account.
For Linux servers, provide a sudo user account with permissions to execute ls and netstat
commands or create a user account that has the CAP_DAC_READ_SEARCH and
CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files. If you're providing a sudo user
account, ensure that you have enabled NOPASSWD for the account to run the required
commands without prompting for a password every time sudo command is invoked.
7 Note
You can add multiple server credentials in the Azure Migrate appliance configuration manager
to initiate discovery of installed applications, agentless dependency analysis, and discovery of
web apps, and SQL Server instances and databases. You can add multiple domain, Windows
(non-domain), Linux (non-domain), or SQL Server authentication credentials. Learn how to add
server credentials.
Set up a project
To set up a new project:
1. In the Azure portal, select All services, and then search for Azure Migrate.
5. In Create project, select your Azure subscription and resource group. Create a resource group if
you don't have one.
6. In Project Details, specify the project name and the geography where you want to create the
project. Review supported geographies for public clouds and supported geographies for
government clouds.
7 Note
Use the Advanced configuration section to create an Azure Migrate project with private
endpoint connectivity. Learn more.
7. Select Create.
8. Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and assessment
tool is added by default to the new project.
7 Note
If you've already created a project, you can use that project to register more appliances to
discover and to assess more servers. Learn how to manage projects.
7 Note
If you can't set up the appliance by using the OVA template, you can set it up by running a
PowerShell script on an existing server running Windows Server 2016. Learn how to use
PowerShell to set up an Azure Migrate appliance.
The option to deploy an appliance using an OVA template isn't supported in Azure Government
cloud. Learn more on how to deploy an appliance for Azure Government cloud.
In 2: Download Azure Migrate appliance, select the OVA file, and then select Download.
Verify security
Before you deploy the OVA file, verify that the file is secure:
1. On the server on which you downloaded the file, open a Command Prompt window by using
the Run as administrator option.
2. Run the following command to generate the hash for the OVA file:
Bash
Import the downloaded file, and then create a server in the VMware environment:
1. In the vSphere Client console, select File > Deploy OVF Template.
2. In the Deploy OVF Template Wizard, select Source, and then enter the location of the OVA file.
3. In Name, enter a name for the server. In Location, select the inventory object in which the
server will be hosted.
4. In Host/Cluster, select the host or cluster on which the server will run.
5. In Storage, select the storage destination for the server.
6. In Disk Format, select the disk type and size.
7. In Network Mapping, select the network the server will connect to. The network requires
internet connectivity to send metadata to Azure Migrate.
8. Review and confirm the settings, and then select Finish.
Make sure that the appliance server can connect to Azure URLs for public clouds and government
clouds.
Configure the appliance
To set up the appliance for the first time:
7 Note
If you set up the appliance by using a PowerShell script instead of a downloaded OVA template,
you can skip the first two steps.
1. In vSphere Client, right-click the server, and then select Open Console.
2. Select or enter the language, time zone, and password for the appliance.
3. Open a browser on any computer that can connect to the appliance. Then, open the URL of the
appliance configuration manager: https://appliance name or IP address: 44368 .
Or, you can open the configuration manager from the appliance server desktop by selecting
the shortcut for the configuration manager.
In the configuration manager, select Set up prerequisites, and then complete these steps:
1. Connectivity: The appliance checks that the server has internet access. If the server uses a
proxy:
Select Setup proxy to specify the proxy address (in the form http://ProxyIPAddress or
http://ProxyFQDN , where FQDN refers to a fully qualified domain name) and listening port.
If you have added proxy details or disabled the proxy or authentication, select Save to
trigger connectivity and check connectivity again.
2. Time sync: Check that the time on the appliance is in sync with internet time for discovery to
work properly.
3. Install updates and register appliance: To run auto-update and register the appliance, follow
these steps:
7 Note
This is a new user experience in Azure Migrate appliance which is available only if you have
set up an appliance using the latest OVA/Installer script downloaded from the portal. The
appliances which have already been registered will continue seeing the older version of
the user experience and will continue to work without any issues.
a. For the appliance to run auto-update, paste the project key that you copied from the portal.
If you don't have the key, go to Azure Migrate: Discovery and assessment > Overview >
Manage existing appliances. Select the appliance name you provided when you generated
the project key, and then copy the key that's shown.
b. The appliance will verify the key and start the auto-update service, which updates all the
services on the appliance to their latest versions. When the auto-update has run, you can
select View appliance services to see the status and versions of the services running on the
appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure Login, select
Copy code & Login to copy the device code (you must have a device code to authenticate
with Azure) and open an Azure sign in prompt in a new browser tab. Make sure you've
disabled the pop-up blocker in the browser to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your Azure
username and password. Signing in with a PIN isn't supported.
7 Note
If you close the sign in tab accidentally without logging in, refresh the browser tab of
the appliance configuration manager to display the device code and Copy code &
Login button.
e. After you successfully sign in, return to the browser tab that displays the appliance
configuration manager. If the Azure user account that you used to sign in has the required
permissions for the Azure resources that were created during key generation, appliance
registration starts.
After the appliance is successfully registered, to see the registration details, select View
details.
4. Install the VDDK: The appliance checks that VMware vSphere Virtual Disk Development Kit
(VDDK) is installed. If the VDDK isn't installed, download VDDK 6.7 from VMware. Extract the
downloaded zip file contents to the specified location on the appliance, the default path is
C:\Program Files\VMware\VMware Virtual Disk Development Kit as indicated in the Installation
instructions.
The Migration and modernization tool uses the VDDK to replicate servers during migration to
Azure.
You can rerun prerequisites at any time during appliance configuration to check whether the
appliance meets all the prerequisites.
You should have set up an account with the required permissions as described earlier in
this article.
If you want to scope discovery to specific VMware objects (vCenter Server datacenters,
clusters, hosts, folders of clusters or hosts, or individual servers), review the instructions to
set discovery scope to restrict the account that Azure Migrate uses.
If you want to add multiple credentials at once, select Add more to save and add more
credentials. Multiple credentials are supported for discovery of servers across multiple
vCenter Servers using a single appliance.
2. In Step 2: Provide vCenter Server details, select Add discovery source to add the IP address or
FQDN of a vCenter Server. You can leave the port as the default (443) or specify a custom port
on which vCenter Server listens. Select the friendly name for credentials you would like to map
to the vCenter Server and select Save.
Select Add more to save the previous details and add more vCenter Server details. You can add
up to 10 vCenter Servers per appliance.
3. The appliance attempts to validate the connection to the vCenter Server(s) added by using the
credentials mapped to each vCenter Server. It displays the validation status with the vCenter
Server(s) IP address or FQDN in the sources table.
4. You can revalidate the connectivity to the vCenter Server(s) anytime before starting discovery.
Provide server credentials
In Step 3: Provide server credentials to perform software inventory, agentless dependency
analysis, discovery of SQL Server instances and databases and discovery of web apps in your
VMware environment., you can provide multiple server credentials. If you don't want to use any of
these appliance features, you can skip this step and proceed with vCenter Server discovery. You can
change this option at any time.
If you want to use these features, provide server credentials by completing the following steps. The
appliance attempts to automatically map the credentials to the servers to perform the discovery
features.
A friendly name.
A username.
A password. Select Save.
If you choose to use domain credentials, you also must enter the FQDN for the domain. The
FQDN is required to validate the authenticity of the credentials with the Active Directory
instance in that domain.
4. Review the required permissions on the account for discovery of installed applications,
agentless dependency analysis, and discovery of web apps and SQL Server instances and
databases.
5. To add multiple credentials at once, select Add more to save credentials, and then add more
credentials. When you select Save or Add more, the appliance validates the domain credentials
with the domain's Active Directory instance for authentication. Validation is made after each
addition to avoid account lockouts as the appliance iterates to map credentials to respective
servers.
In the configuration manager, in the credentials table, see the Validation status for domain
credentials. Only domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the issue, and then
select Revalidate credentials to reattempt validation of the credentials.
Start discovery
To start vCenter Server discovery, select Start discovery. After the discovery is successfully initiated,
you can check the discovery status by looking at the vCenter Server IP address or FQDN in the
sources table.
Software inventory identifies the SQL Server instances that are running on the servers. Using
the information it collects, the appliance attempts to connect to the SQL Server instances
through the Windows authentication credentials or the SQL Server authentication credentials
that are provided on the appliance. Then, it gathers data on SQL Server databases and their
properties. The SQL Server discovery is performed once every 24 hours.
Appliance can connect to only those SQL Server instances to which it has network line of sight,
whereas software inventory by itself may not need network line of sight.
Discovery of installed applications might take longer than 15 minutes. The duration depends on
the number of discovered servers. For 500 servers, it takes approximately one hour for the
discovered inventory to appear in the Azure Migrate project in the portal.
Software inventory identifies web server role existing on discovered servers. If a server is found
to have web server role enabled, Azure Migrate will perform web apps discovery on the server.
Web apps configuration data is updated once every 24 hours.
During software inventory, the added server credentials are iterated against servers and
validated for agentless dependency analysis. When the discovery of servers is finished, in the
portal, you can enable agentless dependency analysis on the servers. Only the servers on which
validation succeeds can be selected to enable agentless dependency analysis.
Web apps and SQL Server instances and databases data begin to appear in the portal within 24
hours after you start discovery.
By default, Azure Migrate uses the most secure way of connecting to SQL instances that is,
Azure Migrate encrypts communication between the Azure Migrate appliance and the source
SQL Server instances by setting the TrustServerCertificate property to true . Additionally, the
transport layer uses TLS to encrypt the channel and bypass the certificate chain to validate
trust. Hence, the appliance server must be set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server connection
properties on the appliance. Learn more to understand what to choose.
To start vCenter Server discovery, select Start discovery. After the discovery is successfully initiated,
you can check the discovery status by looking at the vCenter Server IP address or FQDN in the
sources table.
3. Select the discovered servers count to review the discovered inventory. You can filter the
inventory by selecting the appliance name and selecting one or more vCenter Servers from the
Source filter.
Next steps
Learn how to assess servers to migrate to Azure VMs.
Learn how to assess servers running SQL Server to migrate to Azure SQL.
Learn how to assess web apps to migrate to Azure App Service.
Review data the Azure Migrate appliance collects during discovery.
Tutorial: Discover servers running on Hyper-V
with Azure Migrate: Discovery and
assessment
Article • 04/13/2023
As part of your migration journey to Azure, you discover your on-premises inventory and
workloads.
This tutorial shows you how to discover the servers that are running in your VMware environment
by using the Azure Migrate: Discovery and assessment tool, a lightweight Azure Migrate appliance.
You deploy the appliance as a server on Hyper-V host, to continuously discover servers and their
performance metadata, applications that are running on servers, server dependencies, web apps,
and SQL Server instances and databases.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you start this tutorial, check you have these prerequisites in place.
Requirement Details
Hyper-V Hyper-V hosts on which servers are located can be standalone, or in a cluster.
host
The host must be running Windows Server 2019, Windows Server 2016, or Windows Server
2012 R2.
Verify inbound connections are allowed on WinRM port 5985 (HTTP), so that the appliance can
connect to pull server metadata and performance data, using a Common Information Model
(CIM) session.
Requirement Details
Appliance Hyper-V host needs resources to allocate a server for the appliance:
deployment
- 16 GB of RAM, 8 vCPUs, and around 80 GB of disk storage.
- An external virtual switch, and internet access on the appliance, directly or via a proxy.
Servers All Windows and Linux OS versions are supported for discovery of configuration and
performance metadata.
For application discovery on servers, all Windows and Linux OS versions are supported. Check
the OS versions supported for agentless dependency analysis.
To discover ASP.NET web apps running on IIS web server, check supported Windows OS and
IIS versions.For discovery of installed applications and for agentless dependency analysis,
Windows servers must have PowerShell version 2.0 or later installed.
To discover Java web apps running on Apache Tomcat web server, check supported Linux OS
and Tomcat versions.
SQL Server To discover SQL Server instances and databases, the Windows or SQL Server account must be
access a member of the sysadmin server role or have these permissions for each SQL Server instance.
If you just created a free Azure account, you're the owner of your subscription. If you're not the
subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create a project.
5. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.
Setting Value
Members azmigrateuser
6. To register the appliance, your Azure account needs permissions to register Azure Active
Directory apps.
7. In the Azure portal, navigate to Azure Active Directory > Users > User Settings.
8. In User settings, verify that Azure AD users can register applications (set to Yes by default).
9. In case the 'App registrations' settings is set to 'No', request the tenant/global admin to
assign the required permission. Alternately, the tenant/global admin can assign the
Application Developer role to an account to allow the registration of Azure Active Directory
App. Learn more.
Verify host Checks that the host is running a The host must be running Windows Server 2019,
requirements supported version of Hyper-V, and Windows Server 2016, or Windows Server 2012 R2.
the Hyper-V role.
Verify inbound connections are allowed on WinRM
Enables the WinRM service, and port 5985 (HTTP), so that the appliance can
opens ports 5985 (HTTP) and 5986 connect to pull server metadata and performance
(HTTPS) on the host (needed for data, using a Common Information Model (CIM)
metadata collection). session.
Verify Checks that you're running the script Check you're running PowerShell version 4.0 or
PowerShell on a supported PowerShell version. later on the Hyper-V host.
version
Step Script Manual
Create an Verifies that you have the correct Option 1: Prepare an account with Administrator
account permissions on the Hyper-V host. access to the Hyper-V host machine.
Allows you to create a local user Option 2: Prepare a Local Admin account, or
account with the correct permissions. Domain Admin account, and add the account to
these groups: Remote Management Users, Hyper-V
Administrators, and Performance Monitor Users.
Enable Enables PowerShell remoting on the To set up, on each host, open a PowerShell console
PowerShell host, so that the Azure Migrate as admin, and run this command: powershell
remoting appliance can run PowerShell Enable-PSRemoting -force
commands on the host, over a
WinRM connection.
Set up Hyper-V Checks that the Hyper-V Integration Enable Hyper-V Integration Services on each server.
integration Services is enabled on all servers
services managed by the host. If you're running Windows Server 2003, follow
these instructions.
2. Validate the script integrity using SHA256 hash file. Hashtag value is below. Run this
command to generate the hash for the script:
PowerShell
Example usage:
PowerShell
C:\>CertUtil -HashFile C:\Users\Administrators\Desktop\ MicrosoftAzureMigrate-
Hyper-V.ps1 SHA256
3. After validating the script integrity, run the script on each Hyper-V host with this PowerShell
command with elevated permissions:
PowerShell
PS C:\Users\Administrators\Desktop> MicrosoftAzureMigrate-Hyper-V.ps1
Hash Value
SHA256 0ad60e7299925eff4d1ae9f1c7db485dc9316ef45b0964148a3c07c80761ade2
For Windows servers, create an account (local or domain) that has administrator permissions
on the servers. To discover SQL Server instances and databases, the Windows or SQL Server
account must be a member of the sysadmin server role. Learn how to assign the required role
to the user account.
For Linux servers, provide a sudo user account with permissions to execute ls and netstat
commands or create a user account that has the CAP_DAC_READ_SEARCH and
CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files. If you're providing a sudo user
account, ensure that you have enabled NOPASSWD for the account to run the required
commands without prompting for a password every time sudo command is invoked.
7 Note
You can add multiple server credentials in the Azure Migrate appliance configuration manager
to initiate discovery of installed applications, agentless dependency analysis, and SQL Server
instances and databases. You can add multiple domain, Windows (non-domain), Linux (non-
domain), or SQL Server authentication credentials. Learn how to add server credentials.
Set up a project
Set up a new project.
1. In the Azure portal > All services, search for Azure Migrate.
2. Under Services, select Azure Migrate.
4. In Create project, select your Azure subscription and resource group. Create a resource group
if you don't have one.
5. In Project Details, specify the project name and the geography in which you want to create
the project. Review supported geographies for public and government clouds.
7 Note
Use the Advanced configuration section to create an Azure Migrate project with private
endpoint connectivity. Learn more.
6. Select Create.
7. Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and assessment
tool is added by default to the new project.
7 Note
If you have already created a project, you can use the same project to register additional
appliances to discover and assess more no of servers.Learn more
7 Note
If for some reason you can't set up the appliance using the template, you can set it up using a
PowerShell script on an existing Windows Server 2016 server. Learn more.
The option to deploy an appliance using an VHD template isn't supported in Azure
Government cloud. Learn more on how to deploy an appliance for Azure Government cloud.
This tutorial sets up the appliance on a server running in Hyper-V environment, as follows:
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the machine to which you downloaded the file, open an administrator command window.
2. Run the following PowerShell command to generate the hash for the ZIP file
1. Extract the zipped VHD file to a folder on the Hyper-V host that will host the appliance. Three
folders are extracted.
2. Open Hyper-V Manager. In Actions, click Import Virtual Machine.
3. In the Import Virtual Machine Wizard > Before you begin, click Next.
4. In Locate Folder, specify the folder containing the extracted VHD. Then click Next.
5. In Select Virtual Machine, click Next.
6. In Choose Import Type, click Copy the virtual machine (create a new unique ID). Then click
Next.
7. In Choose Destination, leave the default setting. Click Next.
8. In Storage Folders, leave the default setting. Click Next.
9. In Choose Network, specify the virtual switch that the appliance will use. The switch needs
internet connectivity to send data to Azure.
10. In Summary, review the settings. Then click Finish.
11. In Hyper-V Manager > Virtual Machines, start the appliance.
7 Note
If you set up the appliance using a PowerShell script instead of the downloaded VHD, the first
two steps in this procedure aren't relevant.
1. In Hyper-V Manager > Virtual Machines, right-click the appliance > Connect.
2. Provide the language, time zone, and password for the appliance.
3. Open a browser on any machine that can connect to the appliance, and open the URL of the
appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the appliance desktop by clicking the app shortcut.
In the configuration manager, select Set up prerequisites, and then complete these steps:
1. Connectivity: The appliance checks that the server has internet access. If the server uses a
proxy:
Select Setup proxy to specify the proxy address (in the form http://ProxyIPAddress or
http://ProxyFQDN , where FQDN refers to a fully qualified domain name) and listening
port.
If you have added proxy details or disabled the proxy or authentication, select Save to
trigger connectivity and check connectivity again.
2. Time sync: Check that the time on the appliance is in sync with internet time for discovery to
work properly.
3. Install updates and register appliance: To run auto-update and register the appliance, follow
these steps:
7 Note
This is a new user experience in Azure Migrate appliance which is available only if you
have set up an appliance using the latest OVA/Installer script downloaded from the
portal. The appliances which have already been registered will continue seeing the older
version of the user experience and will continue to work without any issues.
a. For the appliance to run auto-update, paste the project key that you copied from the
portal. If you don't have the key, go to Azure Migrate: Discovery and assessment >
Overview > Manage existing appliances. Select the appliance name you provided when
you generated the project key, and then copy the key that's shown.
b. The appliance will verify the key and start the auto-update service, which updates all the
services on the appliance to their latest versions. When the auto-update has run, you can
select View appliance services to see the status and versions of the services running on the
appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure Login, select
Copy code & Login to copy the device code (you must have a device code to authenticate
with Azure) and open an Azure Login prompt in a new browser tab. Make sure you've
disabled the pop-up blocker in the browser to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your Azure
username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the browser tab of
the appliance configuration manager to display the device code and Copy code &
Login button.
e. After you successfully log in, return to the browser tab that displays the appliance
configuration manager. If the Azure user account that you used to log in has the required
permissions for the Azure resources that were created during key generation, appliance
registration starts.
After the appliance is successfully registered, to see the registration details, select View
details.
You can rerun prerequisites at any time during appliance configuration to check whether the
appliance meets all the prerequisites.
1. On the appliance, run this command. HyperVHost1/HyperVHost2 are example host names.
In Local Computer Policy > Computer Configuration, click Administrative Templates >
System > Credentials Delegation.
Double-click Allow delegating fresh credentials, and select Enabled.
In Options, click Show, and add each Hyper-V host you want to discover to the list, with
wsman/ as a prefix.
In Credentials Delegation, double-click Allow delegating fresh credentials with NTLM-
only server authentication. Again, add each Hyper-V host you want to discover to the
list, with wsman/ as a prefix.
2. If you want to add multiple credentials at once, select Add more to save and add more
credentials. Multiple credentials are supported for discovery of servers in Hyper-V
environment.
3. In Step 2: Provide Hyper-V host/cluster details, select Add discovery source to specify the
Hyper-V host/cluster IP address/FQDN and the friendly name for credentials to connect to
the host/cluster.
4. You can either Add single item at a time or Add multiple items in one go. There's also an
option to provide Hyper-V host/cluster details through Import CSV.
If you choose Add single item, you need to specify friendly name for credentials and
Hyper-V host/cluster IP address/FQDN, and select Save.
If you choose Add multiple items (selected by default), you can add multiple records at
once by specifying Hyper-V host/cluster IP address/FQDN with the friendly name for
credentials in the text box. Verify the added records and select Save.
If you choose Import CSV, you can download a CSV template file, populate the file with
the Hyper-V host/cluster IP address/FQDN and friendly name for credentials. You then
import the file into the appliance, verify the records in the file and select Save.
5. On clicking Save, appliance will try validating the connection to the Hyper-V hosts/clusters
added and show the Validation status in the table against each host/cluster.
For successfully validated hosts/clusters, you can view more details by clicking on their IP
address/FQDN.
If validation fails for a host, review the error by clicking on Validation failed in the Status
column of the table. Fix the issue, and validate again.
To remove hosts or clusters, select Delete.
You can't remove a specific host from a cluster. You can only remove the entire cluster.
You can add a cluster, even if there are issues with specific hosts in the cluster.
6. You can revalidate the connectivity to hosts/clusters anytime before starting the discovery.
If you want to use these features, provide server credentials by completing the following steps. The
appliance attempts to automatically map the credentials to the servers to perform the discovery
features.
A friendly name.
A username.
A password. Select Save.
If you choose to use domain credentials, you also must enter the FQDN for the domain. The
FQDN is required to validate the authenticity of the credentials with the Active Directory
instance in that domain.
4. Review the required permissions on the account for discovery of installed applications,
agentless dependency analysis, and discovery SQL Server instances and databases.
5. To add multiple credentials at once, select Add more to save credentials, and then add more
credentials. When you select Save or Add more, the appliance validates the domain
credentials with the domain's Active Directory instance for authentication. Validation is made
after each addition to avoid account lockouts as the appliance iterates to map credentials to
respective servers.
In the configuration manager, in the credentials table, see the Validation status for domain
credentials. Only domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the issue, and then
select Revalidate credentials to reattempt validation of the credentials.
Start discovery
Select Start discovery, to kick off server discovery from the successfully validated host(s)/cluster(s).
After the discovery has been successfully initiated, you can check the discovery status against each
host/cluster in the table.
If you have provided server credentials, software inventory (discovery of installed applications)
is automatically initiated when the discovery of servers running on Hyper-V host(s)/cluster(s)
is finished.
Software inventory identifies the SQL Server instances that are running on the servers. Using
the information it collects, the appliance attempts to connect to the SQL Server instances
through the Windows authentication credentials or the SQL Server authentication credentials
that are provided on the appliance. Then, it gathers data on SQL Server databases and their
properties. The SQL Server discovery is performed once every 24 hours.
Appliance can connect to only those SQL Server instances to which it has network line of
sight, whereas software inventory by itself may not need network line of sight.
The time taken for discovery of installed applications depends on the number of discovered
servers. For 500 servers, it takes approximately one hour for the discovered inventory to
appear in the Azure Migrate project in the portal.
Software inventory identifies web server role existing on discovered servers. If a server is
found to have web server role enabled, Azure Migrate will perform web apps discovery on the
server. Web apps configuration data is updated once every 24 hours.
During software inventory, the added server credentials are iterated against servers and
validated for agentless dependency analysis. When the discovery of servers is finished, in the
portal, you can enable agentless dependency analysis on the servers. Only the servers on
which validation succeeds can be selected to enable agentless dependency analysis.
SQL Server instances and databases data begin to appear in the portal within 24 hours after
you start discovery.
By default, Azure Migrate uses the most secure way of connecting to SQL instances that is,
Azure Migrate encrypts communication between the Azure Migrate appliance and the source
SQL Server instances by setting the TrustServerCertificate property to true . Additionally, the
transport layer uses SSL to encrypt the channel and bypass the certificate chain to validate
trust. Hence, the appliance server must be set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server connection
properties on the appliance. Learn more to understand what to choose.
Next steps
Assess servers on Hyper-V environment for migration to Azure VMs.
Review the data that the appliance collects during discovery.
Tutorial: Discover physical servers with
Azure Migrate: Discovery and
assessment
Article • 04/13/2023
As part of your migration journey to Azure, you discover your servers for assessment
and migration.
This tutorial shows you how to discover on-premises physical servers with the Azure
Migrate: Discovery and assessment tool, using a lightweight Azure Migrate appliance.
You deploy the appliance as a physical server, to continuously discover servers and
performance metadata.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you start this tutorial, ensure you have these prerequisites in place.
Requirement Details
Requirement Details
Appliance You need a server to run the Azure Migrate appliance. The server should have:
Windows Allow inbound connections on WinRM port 5985 (HTTP) for discovery of Windows
servers servers.
To discover ASP.NET web apps running on IIS web server, check supported
Windows OS and IIS versions.
Linux Allow inbound connections on port 22 (TCP) for discovery of Linux servers.
servers
To discover Java web apps running on Apache Tomcat web server, check
supported Linux OS and Tomcat versions.
SQL Server To discover SQL Server instances and databases, the Windows or SQL Server
access account must be a member of the sysadmin server role or have these permissions
for each SQL Server instance.
7 Note
It is unsupported to install the Azure Migrate Appliance on a server that has the
replication appliance or mobility service agent installed. Ensure that the appliance
server has not been previously used to set up the replication appliance or has the
mobility service agent installed on the server.
If you just created a free Azure account, you're the owner of your subscription. If you're
not the subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select
Subscriptions.
3. Select Add > Add role assignment to open the Add role assignment page.
4. Assign the following role. For detailed steps, see Assign Azure roles using the
Azure portal.
Setting Value
Members azmigrateuser
5. To register the appliance, your Azure account needs permissions to register Azure
Active Directory apps.
6. In Azure portal, navigate to Azure Active Directory > Users > User Settings.
7. In User settings, verify that Azure AD users can register applications (set to Yes by
default).
8. In case the 'App registrations' settings is set to 'No', request the tenant/global
admin to assign the required permission. Alternately, the tenant/global admin can
assign the Application Developer role to an account to allow the registration of
Azure Active Directory App. Learn more.
Option 1
Create an account that has administrator privileges on the servers. This account
can be used to pull configuration and performance data through CIM connection
and perform software inventory (discovery of installed applications) and enable
agentless dependency analysis using PowerShell remoting.
7 Note
Option 2
The user account should be added to these groups: Remote Management Users,
Performance Monitor Users, and Performance Log Users.
If Remote management Users group isn't present, then add the user account to the
group: WinRMRemoteWMIUsers_.
The account needs these permissions for the appliance to create a CIM connection
with the server and pull the required configuration and performance metadata
from the WMI classes listed here.
In some cases, adding the account to these groups may not return the required
data from WMI classes as the account might be filtered by UAC. To overcome the
UAC filtering, user account needs to have necessary permissions on CIMV2
Namespace and sub-namespaces on the target server. You can follow the steps
here to enable the required permissions.
7 Note
For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on
the servers.
7 Note
To discover SQL Server databases on Windows Servers, both Windows and SQL
Server authentication are supported. You can provide credentials of both
authentication types in the appliance configuration manager. Azure Migrate
requires a Windows user account that is a member of the sysadmin server role.
7 Note
Option 2
If you can't provide user account with sudo access, then you can set 'isSudo'
registry key to value '0' in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance registry on the
appliance server and provide a non-root account with the required capabilities
using the following commands:
Command Purpose
setcap To collect
"cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_setuid, disk
cap_setpcap,cap_net_bind_service,cap_net_admin,cap_sys_chroot,cap_sys_admin, performance
cap_sys_resource,cap_audit_control,cap_setfcap=+eip" /sbin/lvm data
Command Purpose
To perform agentless dependency analysis on the server, ensure that you also set
the required permissions on /bin/netstat and /bin/ls files by using the following
commands:
sudo setcap CAP_DAC_READ_SEARCH,CAP_SYS_PTRACE=ep /bin/ls
For Windows servers and web apps discovery, create an account (local or domain)
that has administrator permissions on the servers. To discover SQL Server instances
and databases, the Windows or SQL Server account must be a member of the
sysadmin server role. Learn how to assign the required role to the user account.
For Linux servers, provide a sudo user account with permissions to execute ls and
netstat commands or create a user account that has the CAP_DAC_READ_SEARCH
and CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files. If you're
providing a sudo user account, ensure that you have enabled NOPASSWD for the
account to run the required commands without prompting for a password every
time sudo command is invoked.
7 Note
You can add multiple server credentials in the Azure Migrate appliance
configuration manager to initiate discovery of installed applications, agentless
dependency analysis, and discovery of web apps, and SQL Server instances and
databases. You can add multiple domain, Windows (non-domain), Linux (non-
domain), or SQL Server authentication credentials. Learn how to add server
credentials.
Set up a project
Set up a new project.
1. In the Azure portal > All services, search for Azure Migrate.
4. In Create project, select your Azure subscription and resource group. Create a
resource group if you don't have one.
5. In Project Details, specify the project name and the geography in which you want
to create the project. Review supported geographies for public and government
clouds.
7 Note
6. Select Create.
7. Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and
assessment tool is added by default to the new project.
7 Note
If you have already created a project, you can use the same project to register
additional appliances to discover and assess more no of servers. Learn more.
2. In Discover servers > Are your servers virtualized?, select Physical or other (AWS,
GCP, Xen, etc.).
3. In 1:Generate project key, provide a name for the Azure Migrate appliance that
you'll set up for discovery of physical or virtual servers. The name should be
alphanumeric with 14 characters or fewer.
4. Select Generate key to start the creation of the required Azure resources. Don't
close the Discover servers page during the creation of resources.
5. After the successful creation of the Azure resources, a project key is generated.
6. Copy the key as you'll need it to complete the registration of the appliance during
its configuration.
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
7 Note
The same script can be used to set up Physical appliance for either Azure public or
Azure Government cloud with public or private endpoint connectivity.
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud, and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover and assess physical servers (or servers running on other
clouds like AWS, GCP, Xen etc.) to an Azure Migrate project with default (public
endpoint) connectivity on Azure public cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
1. Open a browser on any server that can connect to the appliance, and open the
URL of the appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the desktop by selecting the app shortcut.
In the configuration manager, select Set up prerequisites, and then complete these
steps:
1. Connectivity: The appliance checks that the server has internet access. If the server
uses a proxy:
Select Setup proxy to specify the proxy address (in the form
http://ProxyIPAddress or http://ProxyFQDN , where FQDN refers to a fully
qualified domain name) and listening port.
2. Time sync: Check that the time on the appliance is in sync with internet time for
discovery to work properly.
3. Install updates and register appliance: To run auto-update and register the
appliance, follow these steps:
7 Note
b. The appliance will verify the key and start the auto-update service, which
updates all the services on the appliance to their latest versions. When the auto-
update has run, you can select View appliance services to see the status and
versions of the services running on the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure
Login, select Copy code & Login to copy the device code (you must have a
device code to authenticate with Azure) and open an Azure Login prompt in a
new browser tab. Make sure you've disabled the pop-up blocker in the browser
to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your
Azure username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the
browser tab of the appliance configuration manager to display the device
code and Copy code & Login button.
e. After you successfully sign in, return to the browser tab that displays the
appliance configuration manager. If the Azure user account that you used to
sign in has the required permissions for the Azure resources that were created
during key generation, appliance registration starts.
After the appliance is successfully registered, to see the registration details,
select View details.
You can rerun prerequisites at any time during appliance configuration to check whether
the appliance meets all the prerequisites.
2. For Windows server, select the source type as Windows Server, specify a friendly
name for credentials, add the username and password. Select Save.
3. If you're using password-based authentication for Linux server, select the source
type as Linux Server (Password-based), specify a friendly name for credentials,
add the username and password. Select Save.
4. If you're using SSH key-based authentication for Linux server, you can select
source type as Linux Server (SSH key-based), specify a friendly name for
credentials, add the username, browse and select the SSH private key file. Select
Save.
7 Note
By default, the credentials will be used to gather data about the installed
applications, roles, and features, and also to collect dependency data from
Windows and Linux servers, unless you disable the slider to not perform these
features (as instructed in the last step).
6. In Step 2:Provide physical or virtual server details, select Add discovery source to
specify the server IP address/FQDN and the friendly name for credentials to
connect to the server.
7. You can either Add single item at a time or Add multiple items in one go. There's
also an option to provide server details through Import CSV.
If you choose Add single item, you can choose the OS type, specify friendly
name for credentials, add server IP address/FQDN and select Save.
If you choose Add multiple items, you can add multiple records at once by
specifying server IP address/FQDN with the friendly name for credentials in
the text box. Verify the added records and select Save.
If you choose Import CSV (selected by default), you can download a CSV
template file, populate the file with the server IP address/FQDN and friendly
name for credentials. You then import the file into the appliance, verify the
records in the file and select Save.
8. Select Save. The appliance will try validating the connection to the servers added
and show the Validation status in the table against each server.
9. You can revalidate the connectivity to servers anytime before starting the
discovery.
10. Before initiating discovery, you can choose to disable the slider to not perform
software inventory and agentless dependency analysis on the added servers. You
can change this option at any time.
11. To perform discovery of SQL Server instances and databases, you can add
additional credentials (Windows domain/non-domain, SQL authentication
credentials) and the appliance will attempt to automatically map the credentials to
the SQL servers. If you add domain credentials, the appliance will authenticate the
credentials against Active Directory of the domain to prevent any user accounts
from locking out. To check validation of the domain credentials, follow these steps:
In the configuration manager credentials table, see Validation status for domain
credentials. Only the domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the
issue, and then select Revalidate credentials to reattempt validation of the
credentials.
Start discovery
select Start discovery, to kick off discovery of the successfully validated servers. After
the discovery has been successfully initiated, you can check the discovery status against
each server in the table.
How discovery works
It takes approximately 2 minutes to complete discovery of 100 servers and their
metadata to appear in the Azure portal.
Software inventory identifies the SQL Server instances that are running on the
servers. Using the information it collects, the appliance attempts to connect to the
SQL Server instances through the Windows authentication credentials or the SQL
Server authentication credentials that are provided on the appliance. Then, it
gathers data on SQL Server databases and their properties. The SQL Server
discovery is performed once every 24 hours.
Appliance can connect to only those SQL Server instances to which it has network
line of sight, whereas software inventory by itself may not need network line of
sight.
The time taken for discovery of installed applications depends on the number of
discovered servers. For 500 servers, it takes approximately one hour for the
discovered inventory to appear in the Azure Migrate project in the portal.
During software inventory, the added server credentials are iterated against servers
and validated for agentless dependency analysis. When the discovery of servers is
finished, in the portal, you can enable agentless dependency analysis on the
servers. Only the servers on which validation succeeds can be selected to enable
agentless dependency analysis.
SQL Server instances and databases data begin to appear in the portal within 24
hours after you start discovery.
By default, Azure Migrate uses the most secure way of connecting to SQL instances
that is, Azure Migrate encrypts communication between the Azure Migrate
appliance and the source SQL Server instances by setting the TrustServerCertificate
property to true . Additionally, the transport layer uses SSL to encrypt the channel
and bypass the certificate chain to validate trust. Hence, the appliance server must
be set up to trust the certificate's root authority. However, you can modify the
connection settings, by selecting Edit SQL Server connection properties on the
appliance. Learn more to understand what to choose.
Delete servers
After the discovery has been initiated, you can delete any of the added servers from the
appliance configuration manager by searching for the server name in the Add discovery
source table and by selecting Delete.
7 Note
If you choose to delete a server where discovery has been initiated, it will stop the
ongoing discovery and assessment which may impact the confidence rating of the
assessment that includes this server. Learn more
Next steps
Assess physical servers for migration to Azure VMs.
Review the data that the appliance collects during discovery.
Tutorial: Discover AWS instances with Azure
Migrate: Discovery and assessment
Article • 03/16/2023 • 14 minutes to read
As part of your migration journey to Azure, you discover your servers for assessment and migration.
This tutorial shows you how to discover Amazon Web Services (AWS) instances with the Azure
Migrate: Discovery and assessment tool, using a lightweight Azure Migrate appliance. You deploy
the appliance as a physical server, to continuously discover machine and performance metadata.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you start this tutorial, check you have these prerequisites in place.
Requirement Details
Appliance You need an EC2 VM on which to run the Azure Migrate appliance. The machine should
have:
- 16-GB RAM, 8 vCPUs, around 80 GB of disk storage, and an external virtual switch.
- A static or dynamic IP address, with internet access, either directly or through a proxy.
Windows Allow inbound connections on WinRM port 5985 (HTTP) for discovery of Windows
instances servers.
Linux instances Allow inbound connections on port 22 (TCP) for discovery of Linux servers.
The instances should use bash as the default shell, otherwise discovery will fail.
Prepare an Azure user account
To create a project and register the Azure Migrate appliance, you need an account with:
If you just created a free Azure account, you're the owner of your subscription. If you're not the
subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create a project.
4. Select Add > Add role assignment to open the Add role assignment page.
5. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.
Setting Value
Members azmigrateuser
6. To register the appliance, your Azure account needs permissions to register Azure Active
Directory apps.
7. In Azure portal, navigate to Azure Active Directory > Users > User Settings.
8. In User settings, verify that Azure AD users can register applications (set to Yes by default).
9. In case the 'App registrations' settings is set to 'No', request the tenant/global admin to assign
the required permission. Alternately, the tenant/global admin can assign the Application
Developer role to an account to allow the registration of Azure Active Directory App. Learn
more.
For Windows servers, set up a local user account on all the Windows servers that you want to
include in the discovery. Add the user account to the following groups: - Remote
Management Users - Performance Monitor Users - Performance Log users.
For Linux servers, you need a root account on the Linux servers that you want to discover.
Refer to the instructions in the support matrix for an alternative.
Azure Migrate uses password authentication when discovering AWS instances. AWS instances
don't support password authentication by default. Before you can discover instance, you need
to enable password authentication.
For Windows servers, allow WinRM port 5985 (HTTP). This allows remote WMI calls.
For Linux servers:
If you are using a root user to discover your Linux servers, ensure root sign in is allowed on
the servers.
Set up a project
Set up a new project.
1. In the Azure portal > All services, search for Azure Migrate.
4. In Create project, select your Azure subscription and resource group. Create a resource group
if you don't have one.
5. In Project Details, specify the project name and the geography in which you want to create
the project. Review supported geographies for public and government clouds.
6. Select Create.
7. Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and assessment
tool is added by default to the new project.
7 Note
If you have already created a project, you can use the same project to register additional
appliances to discover and assess more no of servers.Learn more
Set up the appliance
The Azure Migrate appliance is a lightweight appliance, used by Azure Migrate: Discovery and
assessment to do the following:
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the machine to which you downloaded the file, open an administrator command window.
2. Run the following command to generate the hash for the zipped file:
Installs agents and a web application for physical server discovery and assessment.
Install Windows roles, including Windows Activation Service, IIS, and PowerShell ISE.
Download and installs an IIS rewritable module.
Updates a registry key (HKLM) with persistent setting details for Azure Migrate.
Creates the following files under the path:
Config Files: %Programdata%\Microsoft Azure\Config
Log Files: %Programdata%\Microsoft Azure\Logs
1. Extract the zipped file to a folder on the server that will host the appliance. Make sure you
don't run the script on a machine on an existing Azure Migrate appliance.
3. Change the PowerShell directory to the folder where the contents have been extracted from
the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller-Server-Public>
.\AzureMigrateInstaller.ps1
For Azure Government:
PS C:\Users\Administrators\Desktop\AzureMigrateInstaller-Server-
USGov>.\AzureMigrateInstaller.ps1
The script will launch the appliance web application when it finishes successfully.
If you come across any issues, you can access the script logs at C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
1. Open a browser on any machine that can connect to the appliance, and open the URL of the
appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the desktop by selecting the app shortcut.
1. Connectivity: The appliance checks that the server has internet access. If the server uses a
proxy:
Select Setup proxy to specify the proxy address (in the form http://ProxyIPAddress or
http://ProxyFQDN , where FQDN refers to a fully qualified domain name) and listening
port.
If you have added proxy details or disabled the proxy or authentication, select Save to
trigger connectivity and check connectivity again.
2. Time sync: Check that the time on the appliance is in sync with internet time for discovery to
work properly.
3. Install updates and register appliance: To run auto-update and register the appliance, follow
these steps:
7 Note
This is a new user experience in Azure Migrate appliance which is available only if you
have set up an appliance using the latest OVA/Installer script downloaded from the
portal. The appliances which have already been registered will continue seeing the older
version of the user experience and will continue to work without any issues.
a. For the appliance to run auto-update, paste the project key that you copied from the
portal. If you don't have the key, go to Azure Migrate: Discovery and assessment >
Overview > Manage existing appliances. Select the appliance name you provided when
you generated the project key, and then copy the key that's shown.
b. The appliance will verify the key and start the auto-update service, which updates all the
services on the appliance to their latest versions. When the auto-update has run, you can
select View appliance services to see the status and versions of the services running on the
appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure Login, select
Copy code & Login to copy the device code (you must have a device code to authenticate
with Azure) and open an Azure Login prompt in a new browser tab. Make sure you've
disabled the pop-up blocker in the browser to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your Azure
username and password. Signing in with a PIN isn't supported.
7 Note
If you close the sign in tab accidentally without signing in, refresh the browser tab of
the appliance configuration manager to display the device code and Copy code &
Login button.
e. After you successfully sign in, return to the browser tab that displays the appliance
configuration manager. If the Azure user account that you used to sign in has the required
permissions for the Azure resources that were created during key generation, appliance
registration starts.
After the appliance is successfully registered, to see the registration details, select View
details.
You can rerun prerequisites at any time during appliance configuration to check whether the
appliance meets all the prerequisites.
1. In Step 1: Provide credentials for discovery of Windows and Linux physical or virtual servers,
select Add credentials.
2. For Windows server, select the source type as Windows Server, specify a friendly name for
credentials, add the username and password. Select Save.
3. If you are using password-based authentication for Linux server, select the source type as
Linux Server (Password-based), specify a friendly name for credentials, add the username and
password. Select Save.
4. If you are using SSH key-based authentication for Linux server, you can select source type as
Linux Server (SSH key-based), specify a friendly name for credentials, add the username,
browse, and select the SSH private key file. Select Save.
Azure Migrate supports the SSH private key generated by ssh-keygen command using
RSA, DSA, ECDSA, and ed25519 algorithms.
Currently Azure Migrate does not support passphrase-based SSH key. Use an SSH key
without a passphrase.
Currently Azure Migrate does not support SSH private key file generated by PuTTY.
Azure Migrate supports OpenSSH format of the SSH private key file as shown below:
5. If you want to add multiple credentials at once, select Add more to save and add more
credentials. Multiple credentials are supported for physical servers discovery.
7 Note
By default, the credentials will be used to gather data about the installed applications,
roles, and features, and also to collect dependency data from Windows and Linux servers,
unless you disable the slider to not perform these features (as instructed in the last step).
6. In Step 2:Provide physical or virtual server details, select Add discovery source to specify the
server IP address/FQDN and the friendly name for credentials to connect to the server.
7. You can either Add single item at a time or Add multiple items in one go. There is also an
option to provide server details through Import CSV.
If you choose Add single item, you can choose the OS type, specify friendly name for
credentials, add server IP address/FQDN, and select Save.
If you choose Add multiple items, you can add multiple records at once by specifying
server IP address/FQDN with the friendly name for credentials in the text box. Verify**
the added records and select Save.
If you choose Import CSV (selected by default), you can download a CSV template file,
populate the file with the server IP address/FQDN and friendly name for credentials. You
then import the file into the appliance, verify the records in the file and select Save.
8. On selecting Save, appliance will try validating the connection to the servers added and show
the Validation status in the table against each server.
If validation fails for a server, review the error by selecting Validation failed in the Status
column of the table. Fix the issue, and validate again.
To remove a server, select Delete.
9. You can revalidate the connectivity to servers anytime before starting the discovery.
10. Before initiating discovery, you can choose to disable the slider to not perform software
inventory and agentless dependency analysis on the added servers. You can change this
option at any time.
11. To perform discovery of SQL Server instances and databases, you can add additional
credentials (Windows domain/non-domain, SQL authentication credentials) and the appliance
will attempt to automatically map the credentials to the SQL servers. If you add domain
credentials, the appliance will authenticate the credentials against Active Directory of the
domain to prevent any user accounts from locking out. To check validation of the domain
credentials, follow these steps:
In the configuration manager credentials table, see Validation status for domain credentials.
Only the domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the issue, and
then select Revalidate credentials to reattempt validation of the credentials.
Start discovery
Select Start discovery, to kick off discovery of the successfully validated servers. After the discovery
has been successfully initiated, you can check the discovery status against each server in the table.
Software inventory identifies the SQL Server instances that are running on the servers. Using
the information it collects, the appliance attempts to connect to the SQL Server instances
through the Windows authentication credentials or the SQL Server authentication credentials
that are provided on the appliance. Then, it gathers data on SQL Server databases and their
properties. The SQL Server discovery is performed once every 24 hours.
Appliance can connect to only those SQL Server instances to which it has network line of
sight, whereas software inventory by itself may not need network line of sight.
The time taken for discovery of installed applications depends on the number of discovered
servers. For 500 servers, it takes approximately one hour for the discovered inventory to
appear in the Azure Migrate project in the portal.
During software inventory, the added server credentials are iterated against servers and
validated for agentless dependency analysis. When the discovery of servers is finished, in the
portal, you can enable agentless dependency analysis on the servers. Only the servers on
which validation succeeds can be selected to enable agentless dependency analysis.
SQL Server instances and databases data begin to appear in the portal within 24 hours after
you start discovery.
By default, Azure Migrate uses the most secure way of connecting to SQL instances that is,
Azure Migrate encrypts communication between the Azure Migrate appliance and the source
SQL Server instances by setting the TrustServerCertificate property to true . Additionally, the
transport layer uses SSL to encrypt the channel and bypass the certificate chain to validate
trust. Hence, the appliance server must be set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server connection
properties on the appliance. Learn more to understand what to choose.
Verify servers in the portal
After discovery finishes, you can verify that the servers appear in the portal.
Next steps
Assess physical servers for migration to Azure VMs.
Review the data that the appliance collects during discovery.
Additional resources
Documentation
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Migrate VMware virtual machines to Azure with server-side encryption(SSE) and customer-
managed keys(CMK) using the Migration and modernization tool - Azure Migrate
Learn how to migrate VMware VMs to Azure with server-side encryption(SSE) and customer-managed keys(CMK)
using the Migration and modernization tool
Show 5 more
Tutorial: Discover Google Cloud Platform
(GCP) instances with Azure Migrate:
Discovery and assessment
Article • 03/16/2023 • 14 minutes to read
As part of your migration journey to Azure, you discover your servers for assessment and
migration.
This tutorial shows you how to discover Google Cloud Platform (GCP) instances with the Azure
Migrate: Discovery and assessment tool, using a lightweight Azure Migrate appliance. You deploy
the appliance on a server on GCP, to continuously discover machine and performance metadata.
7 Note
Tutorials show the quickest path for trying out a scenario and using default options.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you start this tutorial, check you have these prerequisites in place.
Requirement Details
Appliance You need a server on GCP on which to run the Azure Migrate appliance. The
machine should have:
- 16-GB RAM, 8 vCPUs, around 80 GB of disk storage, and an external virtual switch.
Windows server Allow inbound connections on WinRM port 5985 (HTTP) for discovery of Windows
instances servers.
Requirement Details
Linux server instances Allow inbound connections on port 22 (TCP) for discovery of Linux servers.
If you just created a free Azure account, you're the owner of your subscription. If you're not the
subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create a project.
4. Select Add > Add role assignment to open the Add role assignment page.
5. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.
Setting Value
Members azmigrateuser
To register the appliance, your Azure account needs permissions to register Azure Active
Directory apps.
1. In the Azure portal, navigate to Azure Active Directory > Users > User Settings.
2. In User settings, verify that Azure AD users can register applications (set to Yes by default).
3. In case the 'App registrations' setting is set to 'No', request the tenant/global admin to
assign the required permission. Alternately, the tenant/global admin can assign the
Application Developer role to an account to allow the registration of Azure Active Directory
App. Learn more.
If you're using a root user to discover your Linux servers, ensure root login is allowed on
the servers.
Set up a project
Set up a new project.
1. In the Azure portal > All services, search for Azure Migrate.
4. In Create project, select your Azure subscription and resource group. Create a resource
group if you don't have one.
5. In Project Details, specify the project name and the geography in which you want to create
the project. Review supported geographies for public and government clouds.
6. Select Create.
7. Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and assessment
tool is added by default to the new project.
7 Note
If you have already created a project, you can use the same project to register additional
appliances to discover and assess more no of servers.Learn more.
Verify security
Check that the zipped file is secure before you deploy it.
1. On the machine to which you downloaded the file, open an administrator command window.
2. Run the following command to generate the hash for the zipped file:
Installs agents and a web application for GCP server discovery and assessment.
Install Windows roles, including Windows Activation Service, IIS, and PowerShell ISE.
Download and installs an IIS rewritable module.
Updates a registry key (HKLM) with persistent setting details for Azure Migrate.
Creates the following files under the path:
Config Files: %Programdata%\Microsoft Azure\Config
Log Files: %Programdata%\Microsoft Azure\Logs
1. Extract the zipped file to a folder on the server that will host the appliance. Make sure you
don't run the script on a machine on an existing Azure Migrate appliance.
3. Change the PowerShell directory to the folder where the contents have been extracted from
the downloaded zipped file.
4. Run the script named AzureMigrateInstaller.ps1 by running the following command:
PS C:\Users\administrator\Desktop\AzureMigrateInstaller-Server-Public>
.\AzureMigrateInstaller.ps1
PS C:\Users\Administrators\Desktop\AzureMigrateInstaller-Server-
USGov>.\AzureMigrateInstaller.ps1
The script will launch the appliance web application when it finishes successfully.
If you come across any issues, you can access the script logs at C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
1. Open a browser on any machine that can connect to the appliance and open the URL of the
appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the desktop by clicking the app shortcut.
In the configuration manager, select Set up prerequisites, and then complete these steps:
1. Connectivity: The appliance checks that the server has internet access. If the server uses a
proxy:
Select Setup proxy to specify the proxy address (in the form http://ProxyIPAddress or
http://ProxyFQDN , where FQDN refers to a fully qualified domain name) and listening
port.
If you have added proxy details or disabled the proxy or authentication, select Save to
trigger connectivity and check connectivity again.
3. Install updates and register appliance: To run auto-update and register the appliance, follow
these steps:
7 Note
This is a new user experience in Azure Migrate appliance which is available only if you
have set up an appliance using the latest OVA/Installer script downloaded from the
portal. The appliances which have already been registered will continue seeing the older
version of the user experience and will continue to work without any issues.
a. For the appliance to run auto-update, paste the project key that you copied from the
portal. If you don't have the key, go to Azure Migrate: Discovery and assessment >
Overview > Manage existing appliances. Select the appliance name you provided when
you generated the project key, and then copy the key that's shown.
b. The appliance will verify the key and start the auto-update service, which updates all the
services on the appliance to their latest versions. When the auto-update has run, you can
select View appliance services to see the status and versions of the services running on
the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure Login, select
Copy code & Login to copy the device code (you must have a device code to authenticate
with Azure) and open an Azure Login prompt in a new browser tab. Make sure you've
disabled the pop-up blocker in the browser to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your Azure
username and password. Signing in with a PIN isn't supported.
7 Note
If you close the sign in tab accidentally without logging in, refresh the browser tab of
the appliance configuration manager to display the device code and Copy code &
Login button.
e. After you successfully sign in, return to the browser tab that displays the appliance
configuration manager. If the Azure user account that you used to sign in has the required
permissions for the Azure resources that were created during key generation, appliance
registration starts.
After the appliance is successfully registered, to see the registration details, select View
details.
You can rerun prerequisites at any time during appliance configuration to check whether the
appliance meets all the prerequisites.
1. In Step 1: Provide credentials for discovery of Windows and Linux physical or virtual
servers, select Add credentials.
2. For Windows server, select the source type as Windows Server, specify a friendly name for
credentials, add the username and password. Select Save.
3. If you're using password-based authentication for Linux server, select the source type as
Linux Server (Password-based), specify a friendly name for credentials, add the username
and password. Select Save.
4. If you're using SSH key-based authentication for Linux server, you can select source type as
Linux Server (SSH key-based), specify a friendly name for credentials, add the username,
browse and select the SSH private key file. Select Save.
Azure Migrate supports the SSH private key generated by ssh-keygen command using
RSA, DSA, ECDSA, and ed25519 algorithms.
Currently Azure Migrate doesn't support passphrase-based SSH key. Use an SSH key
without a passphrase.
Currently Azure Migrate doesn't support SSH private key file generated by PuTTY.
Azure Migrate supports OpenSSH format of the SSH private key file as shown below:
5. If you want to add multiple credentials at once, select Add more to save and add more
credentials.
7 Note
By default, the credentials will be used to gather data about the installed applications,
roles, and features, and also to collect dependency data from Windows and Linux
servers, unless you disable the slider to not perform these features (as instructed in the
last step).
6. In Step 2:Provide physical or virtual server details, select Add discovery source to specify
the server IP address/FQDN and the friendly name for credentials to connect to the server.
7. You can either Add single item at a time or Add multiple items in one go. There's also an
option to provide server details through Import CSV.
If you choose Add single item, you can choose the OS type, specify friendly name for
credentials, add server IP address/FQDN and select Save.
If you choose Add multiple items, you can add multiple records at once by specifying
server IP address/FQDN with the friendly name for credentials in the text box. Verify**
the added records and select Save.
If you choose Import CSV (selected by default), you can download a CSV template file,
populate the file with the server IP address/FQDN and friendly name for credentials.
You then import the file into the appliance, verify the records in the file and select Save.
8. On clicking Save, the appliance will try validating the connection to the servers added and
show the Validation status in the table against each server.
If validation fails for a server, review the error by clicking on Validation failed in the
Status column of the table. Fix the issue, and validate again.
To remove a server, select Delete.
9. You can revalidate the connectivity to servers anytime before starting the discovery.
10. Before initiating discovery, you can choose to disable the slider to not perform software
inventory and agentless dependency analysis on the added servers. You can change this
option at any time.
11. To perform discovery of SQL Server instances and databases, you can add additional
credentials (Windows domain/non-domain, SQL authentication credentials) and the
appliance will attempt to automatically map the credentials to the SQL servers. If you add
domain credentials, the appliance will authenticate the credentials against Active Directory of
the domain to prevent any user accounts from locking out. To check validation of the domain
credentials, follow these steps:
In the configuration manager credentials table, see Validation status for domain credentials.
Only the domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the issue, and
then select Revalidate credentials to reattempt validation of the credentials.
Start discovery
Click Start discovery, to kick off discovery of the successfully validated servers. After the discovery
has been successfully initiated, you can check the discovery status against each server in the table.
Software inventory identifies the SQL Server instances that are running on the servers. Using
the information it collects, the appliance attempts to connect to the SQL Server instances
through the Windows authentication credentials or the SQL Server authentication credentials
that are provided on the appliance. Then, it gathers data on SQL Server databases and their
properties. The SQL Server discovery is performed once every 24 hours.
Appliance can connect to only those SQL Server instances to which it has network line of
sight, whereas software inventory by itself may not need network line of sight.
The time taken for discovery of installed applications depends on the number of discovered
servers. For 500 servers, it takes approximately one hour for the discovered inventory to
appear in the Azure Migrate project in the portal.
During software inventory, the added server credentials are iterated against servers and
validated for agentless dependency analysis. When the discovery of servers is finished, in the
portal, you can enable agentless dependency analysis on the servers. Only the servers on
which validation succeeds can be selected to enable agentless dependency analysis.
SQL Server instances and databases data begin to appear in the portal within 24 hours after
you start discovery.
By default, Azure Migrate uses the most secure way of connecting to SQL instances that is,
Azure Migrate encrypts communication between the Azure Migrate appliance and the source
SQL Server instances by setting the TrustServerCertificate property to true . Additionally, the
transport layer uses SSL to encrypt the channel and bypass the certificate chain to validate
trust. Hence, the appliance server must be set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server connection
properties on the appliance. Learn more to understand what to choose.
Verify servers in the portal
After discovery finishes, you can verify that the servers appear in the portal.
Next steps
Assess GCP servers for migration to Azure VMs.
Review the data that the appliance collects during discovery.
Additional resources
Documentation
Assessment best practices in Azure Migrate Discovery and assessment tool - Azure Migrate
Tips for creating assessments with Azure Migrate Discovery and assessment tool.
Discover SQL Server instances in an existing Azure Migrate project - Azure Migrate
Learn how to discover SQL Server instances in an existing Azure Migrate project.
Create an Azure VM assessment with Azure Migrate Discovery and assessment tool - Azure
Migrate
Describes how to create an Azure VM assessment with the Azure Migrate Discovery and assessment tool
Show 5 more
Build a business case (preview)
Article • 04/28/2023
This article describes how to build a Business case for on-premises servers and
workloads in your datacenter with Azure Migrate: Discovery and assessment tool.
Azure Migrate helps you to plan and execute migration and modernization projects to
Azure. Azure Migrate provides a centralized hub to track discovery, assessment, and
migration of on-premises infrastructure, applications, and data to Azure. The hub
provides Azure tools for assessment and migration, and third-party independent
software vendor (ISV) offerings.
Prerequisites
Make sure you've created an Azure Migrate project. You can also reuse an existing
project to use this capability.
Once you've created a project, the Azure Migrate: Discovery and assessment tool is
automatically added to the project.
Before you build the Business case, you need to first discover your IT estate. You
can choose one of the two discovery sources based on your use case:
Use more You need to set up an Azure Migrate appliance for Azure recommended
accurate VMware or Hyper-V or Physical/Bare-metal or other to minimize cost,
data clouds. The appliance discovers servers, SQL Server Migrate to all IaaS
insights instance and databases, and ASP.NET webapps and (Infrastructure as a
collected sends metadata and performance (resource Service), Modernize
via Azure utilization) data to Azure Migrate. Learn more. to PaaS (Platform as a
Migrate Service)
appliance
Discovery Details Migration strategies
Source that can be used to
build a business case
Build a You need to provide the server inventory in a .CSV file Migrate to all IaaS
quick and import in Azure Migrate to get a quick business (Infrastructure as a
business case based on the provided inputs. You don't need to Service)
case using set up the Azure Migrate appliance to discover
the servers for this option.
servers
imported
via a .csv
file
Helps remove guess work in your cost planning process and adds data insights
driven calculations.
It can be generated in just a few clicks after you have performed discovery using
the Azure Migrate appliance.
The feature is automatically enabled for existing Azure Migrate projects.
There are three types of migration strategies that you can choose while building your
Business case:
Azure You can get the most cost efficient For SQL Servers, sizing and cost comes
recommended and compatible target from the Recommended report with
to minimize recommendation in Azure across optimization strategy - minimize cost
cost Azure IaaS and Azure PaaS targets. from Azure SQL assessment.
Migrate to all You can get a quick lift and shift For SQL Servers, sizing and cost comes
IaaS recommendation to Azure IaaS. from the Instance to SQL Server on Azure
(Infrastructure VM report.
as a Service)
For general servers and servers hosting
web apps, sizing and cost comes from
Azure VM assessment.
Modernize to You can get a PaaS preferred For SQL Servers, sizing and cost comes
PaaS recommendation that means, the from the Instance to Azure SQL MI report.
(Platform as a logic identifies workloads best fit for
Service) PaaS targets. For web apps, sizing and cost comes
from Azure App Service assessment.
General servers are recommended
with a quick lift and shift For general servers, sizing and cost
recommendation to Azure IaaS. comes from Azure VM assessment.
7 Note
We recommend that you wait at least a day after starting discovery before you
build a Business case so that enough performance/resource utilization data points
are collected. Also, review the Notifications/Resolve issues blades on the Azure
Migrate hub to identify any discovery related issues prior to Business case
computation. It ensures that the IT estate in your datacenter is represented more
accurately and the Business case recommendations are more valuable.
3. In Business case name, specify a name for the Business case. Make sure the
Business case name is unique within a project, else the previous Business case with
the same name gets recomputed.
4. In Target location, specify the Azure region to which you want to migrate.
Azure SKU size and cost recommendations are based on the location that you
specify.
5. In Discovery source, specify the discovery source on which you wish to create the
business case. The options to build the business case using data discovered via the
appliance or imported via a .csv file is present based on the type of discovered
servers present in your project. The discovery source will be defaulted to the
option chosen by you while building the business case and you won't be able to
update this field later.
6. In Migration strategy, specify the migration strategy for your Business case:
With the default Azure recommended approach to minimize cost, you can get
the most cost-efficient and compatible target recommendation in Azure
across Azure IaaS and Azure PaaS targets.
With Migrate to all IaaS (Infrastructure as a Service), you can get a quick lift
and shift recommendation to Azure IaaS.
With Modernize to PaaS (Platform as a Service), you can get cost effective
recommendations for Azure IaaS and more PaaS preferred targets in Azure
PaaS.
7. In Savings options, specify the savings options combination that you want to be
considered while optimizing your Azure costs and maximize savings. Based on the
availability of the savings option in the chosen region and the targets, the business
case recommends the appropriate savings options to maximize your savings on
Azure.
8. In Discount (%) on Pay as you go, add any subscription-specific discounts you
receive on top of the Azure offer. The default setting is 0%. The discount isn't
applicable on top of reserved instance savings option.
10. Review the chosen inputs, and select Build business case.
11. You're directed to the newly created Business case with a banner that says that
your Business case is computing. The computation might take some time,
depending on the number of servers and workloads in the project. You can come
back to the Business case page after ~30 minutes and select Refresh.
Next steps
Learn more about how to review the Business case reports.
Tutorial: Assess VMware VMs for
migration to Azure VMs
Article • 03/14/2023 • 12 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity.
This article shows you how to assess discovered servers from your VMware environment
in preparation for migration to Azure VMs, using the Azure Migrate: Discovery and
assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you follow this tutorial to assess your servers for migration to Azure VMs, make
sure you've discovered the servers you want to assess:
To discover servers using the Azure Migrate appliance, follow this tutorial.
To discover servers using an imported CSV file, follow this tutorial.
As-is on- Assess based on server Recommended Azure VM size is based on the on-
premises configuration premises VM size.
data/metadata.
The recommended Azure disk type is based on what
you select in the storage type setting in the
assessment.
Run an assessment
Run an assessment as follows:
1. On the Get started page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess and select Azure VM.
3. In Assess servers > Assessment type, select Azure VM.
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
6. In Assessment settings, set the necessary values or retain the default values:
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider, to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider, to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
For example, consider a comfort factor of 2 for effective
utilization of 2 Cores. In this case, the assessment
considers the effective cores as 4 cores. Similarly, for the
same comfort factor and an effective utilization of 8 GB
memory, the assessment considers effective memory as 16
GB.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
10. In Select or create a group, select Create New and specify a group name.
11. Select the appliance, and select the VMs you want to add to the group. Then select
Next.
12. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
13. After the assessment is created, view it in Servers, databases and web apps >
Azure Migrate: Discovery and assessment > Assessments.
7 Note
Review an assessment
An assessment describes:
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure VM assessment.
3. Review the assessment summary. You can also edit the assessment properties, or
recalculate the assessment.
Review readiness
1. Select Azure readiness.
Ready for Azure: Used when Azure Migrate recommends a VM size and cost
estimates, for VMs in the assessment.
Ready with conditions: Shows issues and suggested remediation.
Not ready for Azure: Shows issues and suggested remediation.
Readiness unknown: Used when Azure Migrate can't assess readiness,
because of data availability issues.
3. Select an Azure readiness status. You can view VM readiness details. You can also
drill down to see VM details, including compute, storage, and network settings.
1. Review the monthly total costs. Costs are aggregated for all VMs in the assessed
group.
Cost estimates are based on the size recommendations for a server, its disks,
and its properties.
Estimated monthly costs for compute and storage are shown.
The cost estimation is for running the on-premises VMs on Azure VMs. The
estimation doesn't consider PaaS or SaaS costs.
2. Review monthly storage costs. The view shows the aggregated storage costs for
the assessed group, split over different types of storage disks.
3. You can drill down to see cost details for specific VMs.
The confidence rating helps you estimate the reliability of size recommendations in the
assessment. The rating is based on the availability of data points needed to compute the
assessment.
7 Note
Confidence ratings aren't assigned if you create an assessment based on a CSV file.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Next steps
Find server dependencies using dependency mapping.
Set up agentless or agent-based dependency mapping.
Tutorial: Assess SQL instances for
migration to Azure SQL
Article • 03/14/2023 • 15 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered SQL Server instances and databases in preparation
for migration to Azure SQL, using the Azure Migrate: Discovery and assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Before you follow this tutorial to assess your SQL Server instances for migration to
Azure SQL, make sure you've discovered the SQL instances you want to assess
using the Azure Migrate appliance, follow this tutorial.
If you want to try out this feature in an existing project, ensure that you have
completed the prerequisites in this article.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure SQL.
3. In Assess servers, the assessment type is pre-selected as Azure SQL and the
discovery source is defaulted to Servers discovered from Azure Migrate
appliance.
5. In Assessment settings, set the necessary values or retain the default values:
Section Setting Details
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
9. In Select or create a group > select Create New and specify a group name.
10. Select the appliance and select the servers you want to add to the group and
select Next.
11. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
12. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment, select the number next to Azure SQL
assessment. If you do not see the number populated, select Refresh to get the
latest updates.
13. Select the assessment name, which you wish to view.
7 Note
Review an assessment
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure SQL assessment.
3. Review the assessment summary. You can also edit the assessment settings or
recalculate the assessment.
Discovered entities
This indicates the number of SQL servers, instances, and databases that were assessed in
this assessment.
7 Note
2. Migrate all instances to Azure SQL MI: In this strategy, you can see the readiness
and cost estimates for migrating all SQL Server instances to Azure SQL Managed
Instance.
3. Migrate all instances to SQL Server on Azure VM: In this strategy, you can see the
readiness and cost estimates for migrating all SQL Server instances to SQL Server
on Azure VM.
4. Migrate all servers to SQL Server on Azure VM: In this strategy, you can see how
you can rehost the servers running SQL Server to SQL Server on Azure VM and
review the readiness and cost estimates. Even when SQL Server credentials are not
available, this report will provide right-sized lift-and-shift, that is, "Server to SQL
Server on Azure VM" recommendations. The readiness and sizing logic is similar to
Azure VM assessment type.
5. Migrate all SQL databases to Azure SQL Database In this strategy, you can see
how you can migrate individual databases to Azure SQL Database and review the
readiness and cost estimates.
Review readiness
You can review readiness reports for different migration strategies:
4. Select the instance name and drill-down to see the number of user databases,
instance details including instance properties, compute (scoped to instance) and
source database storage details.
5. Click the number of user databases to review the list of databases and their details.
6. Click review details in the Migration issues column to review the migration issues
and warnings for a particular target deployment type.
1. Review the monthly total costs. Costs are aggregated for all SQL instances in the
assessed group.
Cost estimates are based on the recommended Azure SQL configuration for
an instance/server/database.
The compute and storage costs are split in the individual cost estimates
reports and at instance/server/database level.
2. You can drill down at an instance level to see Azure SQL configuration and cost
estimates at an instance level.
3. You can also drill down to the database list to review the Azure SQL configuration
and cost estimates per database when an Azure SQL Database configuration is
recommended.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered ASP.NET web apps running on IIS web servers in
preparation for migration to Azure App Service, using the Azure Migrate: Discovery and
assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Before you follow this tutorial to assess your web apps for migration to Azure App
Service, make sure you've discovered the web apps you want to assess using the
Azure Migrate appliance, follow this tutorial
If you want to try out this feature in an existing project, ensure that you have
completed the prerequisites in this article.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Discover, assess
and migrate.
2. On Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure App Service.
3. In Create assessment, you will be able to see the assessment type pre-selected as
Azure App Service and the discovery source defaulted to Servers discovered from
Azure Migrate appliance.
Property Details
Target The Azure region to which you want to migrate. Azure App Service
location configuration and cost recommendations are based on the location that you
specify.
Isolation Select yes if you want your web apps to run in a private and dedicated
required environment in an Azure datacenter using Dv2-series VMs with faster
processors, SSD storage, and double the memory to core ratio compared to
Standard plans.
In Savings options (compute), specify the savings option that you want the
assessment to consider to help optimize your Azure compute cost.
Azure reservations (1 year or 3 year reserved) are a good option for the
most consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional
flexibility and automated cost optimization. Ideally post migration, you
could use Azure reservation and savings plan at the same time (reservation
will be consumed first), but in the Azure Migrate assessments, you can
only see cost estimates of 1 savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as
you go rate or based on actual usage.
You need to select pay-as-you-go in offer/licensing program to be able to
use Reserved Instances or Azure Savings Plan. When you select any
savings option other than 'None', the 'Discount (%)' setting is not
applicable. Offer | The Azure offer in which you're enrolled. The
assessment estimates the cost for that offer. Currency | The billing
currency for your account. Discount (%) | Any subscription-specific
discounts you receive on top of the Azure offer. The default setting is 0%.
EA subscription | Specifies that an Enterprise Agreement (EA) subscription
is used for cost estimation. Takes into account the discount applicable to
the subscription.
Leave the settings for reserved instances, and discount (%) properties with
their default settings.
7. In Select servers to assess > Assessment name > specify a name for the
assessment.
8. In Select or create a group, select Create New and specify a group name.
9. Select the appliance, and select the servers that you want to add to the group.
Select Next.
10. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
11. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment. Refresh the tile data by selecting the Refresh
option on top of the tile. Wait for the data to refresh.
Review an assessment
To view an assessment:
1. Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to the Azure App Service assessment.
2. Select the assessment name, which you wish to view.
3. Review the assessment summary. You can also edit the assessment properties or
recalculate the assessment.
This indicates the distribution of the assessed web apps. You can drill down to
understand the details around migration issues/warnings that you can remediate before
migration to Azure App Service. Learn More. You can also view the recommended App
Service SKU and plan for migrating to Azure App Service.
Review readiness
1. Select Azure App Service readiness.
2. Review Azure App Service readiness column in table, for the assessed web apps:
a. If there are no compatibility issues found, the readiness is marked as Ready for
the target deployment type.
b. If there are non-critical compatibility issues, such as degraded or unsupported
features that do not block the migration to a specific target deployment type,
the readiness is marked as Ready with conditions (hyperlinked) with warning
details and recommended remediation guidance.
c. If there are any compatibility issues that may block the migration to a specific
target deployment type, the readiness is marked as Not ready with issue details
and recommended remediation guidance.
d. If the discovery is still in progress or there are any discovery issues for a web
app, the readiness is marked as Unknown as the assessment could not compute
the readiness for that web app.
3. Review the recommended SKU for the web apps, which is determined as per the
matrix below:
Yes Yes I1
Yes No I1
No Yes P1v3
No No P1v2
Azure App Service readiness Determine App Service SKU Determine Cost estimates
Not ready No No
Unknown No No
4. Select the App Service plan link in the Azure App Service readiness table to see the
App Service plan details such as compute resources and other web apps that are
part of the same plan.
I1 8
P1v2 8
P1v3 16
Next steps
Learn how to perform at-scale agentless migration of ASP.NET web apps to Azure
App Service.
Learn more about how Azure App Service assessments are calculated.
Tutorial: Assess VMware servers for
migration to AVS
Article • 03/14/2023 • 13 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity.
This article shows you how to assess discovered VMware virtual machines/servers for
migration to Azure VMware Solution (AVS), using the Azure Migrate. AVS is a managed
service that allows you to run the VMware platform in Azure.
7 Note
Tutorials show the quickest path for trying out a scenario and using default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you follow this tutorial to assess your servers for migration to AVS, make sure
you've discovered the servers you want to assess:
To discover servers using the Azure Migrate appliance, follow this tutorial.
To discover servers using an imported CSV file, follow this tutorial.
As-is on- Assess based Recommended node size in AVS is based on the on-premises
premises on server VM/server size, along with the settings you specify in the
configuration assessment for the node type, storage type, and failure-to-
data/metadata. tolerate setting.
Performance- Assess based Recommended node size in AVS is based on CPU and memory
based on collected utilization data, along with the settings you specify in the
dynamic assessment for the node type, storage type, and failure-to-
performance tolerate setting.
data.
7 Note
Azure VMware Solution (AVS) assessment can be created for VMware VMs/servers
only.
Run an assessment
Run an assessment as follows:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment.
3. In Assess servers > Assessment type, select Azure VMware Solution (AVS).
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
For example, consider a comfort factor of 2 for effective
utilization of 2 Cores. In this case, the assessment
considers the effective cores as 4 cores. Similarly, for the
same comfort factor and an effective utilization of 8 GB
memory, the assessment considers effective memory as 16
GB.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
Section Setting Details
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
9. In Select servers to assess > Assessment name > specify a name for the
assessment.
10. In Select or create a group > select Create New and specify a group name.
11. Select the appliance and select the servers that you want to add to the group. Then
select Next.
12. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
7 Note
Review an assessment
An AVS assessment describes:
Azure VMware Solution (AVS) readiness: Whether the on-premises servers are
suitable for migration to Azure VMware Solution (AVS).
Number of Azure VMware Solution nodes: Estimated number of Azure VMware
Solution nodes required to run the servers.
Utilization across AVS nodes: Projected CPU, memory, and storage utilization
across all nodes.
Utilization includes upfront factoring in the cluster management overheads such
as the vCenter Server, NSX Manager (large), NSX Edge, if HCX is deployed also
the HCX Manager and IX appliance consuming ~ 44vCPU (11 CPU), 75 GB of
RAM and 722 GB of storage before compression and deduplication.
Limiting factor determines the number of hosts/nodes required to
accommodate the resources.
Monthly cost estimation: The estimated monthly costs for all Azure VMware
Solution (AVS) nodes running the on-premises VMs.
You can select Sizing assumptions to understand the assumptions that went in node
sizing and resource utilization calculations. You can also edit the assessment properties
or recalculate the assessment.
View an assessment
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure VMware Solution.
Review readiness
1. Select Azure readiness.
VMware HCX or Enterprise: For VMware servers, the VMware Hybrid Cloud
Extension (HCX) solution is the suggested migration tool to migrate your on-
premises workload to your Azure VMware Solution (AVS) private cloud.
Unknown: For servers imported via a CSV file, the default migration tool is
unknown. Though for VMware servers, it's suggested to use the VMware
Hybrid Cloud Extension (HCX) solution.
4. Select an AVS readiness status. You can view the server readiness details, and drill
down to see server details, including compute, storage, and network settings.
1. Review the monthly total costs. Costs are aggregated for all servers in the assessed
group.
Cost estimates are based on the number of AVS nodes required considering
the resource requirements of all the servers in total.
As the pricing is per node, the total cost doesn't have compute cost and
storage cost distribution.
The cost estimation is for running the on-premises servers in AVS. The AVS
assessment doesn't consider PaaS or SaaS costs.
2. Review monthly storage estimates. The view shows the aggregated storage costs
for the assessed group, split over different types of storage disks.
3. You can drill down to see cost details for specific servers.
The confidence rating helps you estimate the reliability of size recommendations in the
assessment. The rating is based on the availability of data points needed to compute the
assessment.
7 Note
Confidence ratings aren't assigned if you create an assessment based on a CSV file.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Next steps
Find server dependencies using dependency mapping.
Set up agentless or agent-based dependency mapping.
Tutorial: Assess Hyper-V VMs for
migration to Azure
Article • 03/14/2023 • 12 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity.
This article shows you how to assess discovered servers from your Hyper-V environment
for migration to Azure, using the Azure Migrate: Discovery and assessment tool.
Run an assessment.
Analyze an assessment.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you follow this tutorial to assess your servers for migration to Azure VMs,
make sure you've discovered the servers you want to assess:
To discover servers using the Azure Migrate appliance, follow this tutorial.
To discover servers using an imported CSV file, follow this tutorial.
As-is on- Assess based on server Recommended Azure VM size is based on the on-
premises configuration premises VM size.
data/metadata.
The recommended Azure disk type is based on what
you select in the storage type setting in the
assessment.
Run an assessment
Run an assessment as follows:
1. On the Get started page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess > Azure VM.
3. In Assess servers > Assessment type, select Azure VM.
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
6. In Assessment settings, set the necessary values or retain the default values:
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider, to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider, to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
For example, consider a comfort factor of 2 for effective
utilization of 2 Cores. In this case, the assessment
considers the effective cores as 4 cores. Similarly, for the
same comfort factor and an effective utilization of 8-GB
memory, the assessment considers effective memory as 16
GB.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
10. In Select or create a group, select Create New and specify a group name.
11. Select the appliance, and select the VMs you want to add to the group. Then select
Next.
12. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
13. After the assessment is created, view it in Servers, databases and web apps >
Azure Migrate: Discovery and assessment > Assessments.
7 Note
Review an assessment
An assessment describes:
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Assessments.
Review readiness
1. Select Azure readiness.
Ready for Azure: Used when Azure Migrate recommends a VM size and cost
estimates, for VMs in the assessment.
Ready with conditions: Shows issues and suggested remediation.
Not ready for Azure: Shows issues and suggested remediation.
Readiness unknown: Used when Azure Migrate can't assess readiness,
because of data availability issues.
3. Select an Azure readiness status. You can view VM readiness details. You can also
drill down to see VM details, including compute, storage, and network settings.
1. Review the monthly total costs. Costs are aggregated for all VMs in the assessed
group.
Cost estimates are based on the size recommendations for a machine, its
disks, and its properties.
Estimated monthly costs for compute and storage are shown.
The cost estimation is for running the on-premises VMs on Azure VMs. The
estimation doesn't consider PaaS or SaaS costs.
2. Review monthly storage costs. The view shows the aggregated storage costs for
the assessed group, split over different types of storage disks.
3. You can drill down to see cost details for specific VMs.
The confidence rating helps you estimate the reliability of size recommendations in the
assessment. The rating is based on the availability of data points needed to compute the
assessment.
7 Note
Confidence ratings aren't assigned if you create an assessment based on a CSV file.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Next steps
Find server dependencies using dependency mapping.
Set up agent-based dependency mapping.
Tutorial: Assess SQL instances for
migration to Azure SQL
Article • 03/14/2023 • 15 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered SQL Server instances and databases in preparation
for migration to Azure SQL, using the Azure Migrate: Discovery and assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Before you follow this tutorial to assess your SQL Server instances for migration to
Azure SQL, make sure you've discovered the SQL instances you want to assess
using the Azure Migrate appliance, follow this tutorial.
If you want to try out this feature in an existing project, ensure that you have
completed the prerequisites in this article.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure SQL.
3. In Assess servers, the assessment type is pre-selected as Azure SQL and the
discovery source is defaulted to Servers discovered from Azure Migrate
appliance.
5. In Assessment settings, set the necessary values or retain the default values:
Section Setting Details
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
9. In Select or create a group > select Create New and specify a group name.
10. Select the appliance and select the servers you want to add to the group and
select Next.
11. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
12. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment, select the number next to Azure SQL
assessment. If you do not see the number populated, select Refresh to get the
latest updates.
13. Select the assessment name, which you wish to view.
7 Note
Review an assessment
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure SQL assessment.
3. Review the assessment summary. You can also edit the assessment settings or
recalculate the assessment.
Discovered entities
This indicates the number of SQL servers, instances, and databases that were assessed in
this assessment.
7 Note
2. Migrate all instances to Azure SQL MI: In this strategy, you can see the readiness
and cost estimates for migrating all SQL Server instances to Azure SQL Managed
Instance.
3. Migrate all instances to SQL Server on Azure VM: In this strategy, you can see the
readiness and cost estimates for migrating all SQL Server instances to SQL Server
on Azure VM.
4. Migrate all servers to SQL Server on Azure VM: In this strategy, you can see how
you can rehost the servers running SQL Server to SQL Server on Azure VM and
review the readiness and cost estimates. Even when SQL Server credentials are not
available, this report will provide right-sized lift-and-shift, that is, "Server to SQL
Server on Azure VM" recommendations. The readiness and sizing logic is similar to
Azure VM assessment type.
5. Migrate all SQL databases to Azure SQL Database In this strategy, you can see
how you can migrate individual databases to Azure SQL Database and review the
readiness and cost estimates.
Review readiness
You can review readiness reports for different migration strategies:
4. Select the instance name and drill-down to see the number of user databases,
instance details including instance properties, compute (scoped to instance) and
source database storage details.
5. Click the number of user databases to review the list of databases and their details.
6. Click review details in the Migration issues column to review the migration issues
and warnings for a particular target deployment type.
1. Review the monthly total costs. Costs are aggregated for all SQL instances in the
assessed group.
Cost estimates are based on the recommended Azure SQL configuration for
an instance/server/database.
The compute and storage costs are split in the individual cost estimates
reports and at instance/server/database level.
2. You can drill down at an instance level to see Azure SQL configuration and cost
estimates at an instance level.
3. You can also drill down to the database list to review the Azure SQL configuration
and cost estimates per database when an Azure SQL Database configuration is
recommended.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered ASP.NET web apps running on IIS web servers in
preparation for migration to Azure App Service, using the Azure Migrate: Discovery and
assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Before you follow this tutorial to assess your web apps for migration to Azure App
Service, make sure you've discovered the web apps you want to assess using the
Azure Migrate appliance, follow this tutorial
If you want to try out this feature in an existing project, ensure that you have
completed the prerequisites in this article.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Discover, assess
and migrate.
2. On Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure App Service.
3. In Create assessment, you will be able to see the assessment type pre-selected as
Azure App Service and the discovery source defaulted to Servers discovered from
Azure Migrate appliance.
Property Details
Target The Azure region to which you want to migrate. Azure App Service
location configuration and cost recommendations are based on the location that you
specify.
Isolation Select yes if you want your web apps to run in a private and dedicated
required environment in an Azure datacenter using Dv2-series VMs with faster
processors, SSD storage, and double the memory to core ratio compared to
Standard plans.
In Savings options (compute), specify the savings option that you want the
assessment to consider to help optimize your Azure compute cost.
Azure reservations (1 year or 3 year reserved) are a good option for the
most consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional
flexibility and automated cost optimization. Ideally post migration, you
could use Azure reservation and savings plan at the same time (reservation
will be consumed first), but in the Azure Migrate assessments, you can
only see cost estimates of 1 savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as
you go rate or based on actual usage.
You need to select pay-as-you-go in offer/licensing program to be able to
use Reserved Instances or Azure Savings Plan. When you select any
savings option other than 'None', the 'Discount (%)' setting is not
applicable. Offer | The Azure offer in which you're enrolled. The
assessment estimates the cost for that offer. Currency | The billing
currency for your account. Discount (%) | Any subscription-specific
discounts you receive on top of the Azure offer. The default setting is 0%.
EA subscription | Specifies that an Enterprise Agreement (EA) subscription
is used for cost estimation. Takes into account the discount applicable to
the subscription.
Leave the settings for reserved instances, and discount (%) properties with
their default settings.
7. In Select servers to assess > Assessment name > specify a name for the
assessment.
8. In Select or create a group, select Create New and specify a group name.
9. Select the appliance, and select the servers that you want to add to the group.
Select Next.
10. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
11. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment. Refresh the tile data by selecting the Refresh
option on top of the tile. Wait for the data to refresh.
Review an assessment
To view an assessment:
1. Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to the Azure App Service assessment.
2. Select the assessment name, which you wish to view.
3. Review the assessment summary. You can also edit the assessment properties or
recalculate the assessment.
This indicates the distribution of the assessed web apps. You can drill down to
understand the details around migration issues/warnings that you can remediate before
migration to Azure App Service. Learn More. You can also view the recommended App
Service SKU and plan for migrating to Azure App Service.
Review readiness
1. Select Azure App Service readiness.
2. Review Azure App Service readiness column in table, for the assessed web apps:
a. If there are no compatibility issues found, the readiness is marked as Ready for
the target deployment type.
b. If there are non-critical compatibility issues, such as degraded or unsupported
features that do not block the migration to a specific target deployment type,
the readiness is marked as Ready with conditions (hyperlinked) with warning
details and recommended remediation guidance.
c. If there are any compatibility issues that may block the migration to a specific
target deployment type, the readiness is marked as Not ready with issue details
and recommended remediation guidance.
d. If the discovery is still in progress or there are any discovery issues for a web
app, the readiness is marked as Unknown as the assessment could not compute
the readiness for that web app.
3. Review the recommended SKU for the web apps, which is determined as per the
matrix below:
Yes Yes I1
Yes No I1
No Yes P1v3
No No P1v2
Azure App Service readiness Determine App Service SKU Determine Cost estimates
Not ready No No
Unknown No No
4. Select the App Service plan link in the Azure App Service readiness table to see the
App Service plan details such as compute resources and other web apps that are
part of the same plan.
I1 8
P1v2 8
P1v3 16
Next steps
Learn how to perform at-scale agentless migration of ASP.NET web apps to Azure
App Service.
Learn more about how Azure App Service assessments are calculated.
Tutorial: Assess physical servers for
migration to Azure
Article • 03/14/2023 • 12 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity.
This article shows you how to assess on-premises physical servers for migration to
Azure, using the Azure Migrate: Discovery and assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you follow this tutorial to assess your servers for migration to Azure VMs,
make sure you've discovered the servers you want to assess:
To discover servers using the Azure Migrate appliance, follow this tutorial.
To discover servers using an imported CSV file, follow this tutorial.
Make sure physical servers you want to assess aren't running Windows Server
2003, or SUSE Linux. Assessment isn't supported for these servers.
As-is on- Assess based on server Recommended Azure VM size is based on the on-
premises configuration premises VM size.
data/metadata.
The recommended Azure disk type is based on what
you select in the storage type setting in the
assessment.
Run an assessment
Run an assessment as follows:
1. On the Get started page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess > Azure VM.
3. In Assess servers > Assessment type, select Azure VM.
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
6. In Assessment settings, set the necessary values or retain the default values:
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider, to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
For example, consider a comfort factor of 2 for effective
utilization of 2 Cores. In this case, the assessment
considers the effective cores as 4 cores. Similarly, for the
same comfort factor and an effective utilization of 8-GB
memory, the assessment considers effective memory as 16
GB.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
10. In Select or create a group, select Create New and specify a group name.
11. Select the appliance, and select the VMs you want to add to the group. Then select
Next.
12. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
13. After the assessment is created, view it in Servers > Azure Migrate: Discovery and
assessment > Assessments.
7 Note
Review an assessment
An assessment describes:
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Assessments.
Review readiness
1. Select Azure readiness.
Ready for Azure: Used when Azure Migrate recommends a VM size and cost
estimates, for VMs in the assessment.
Ready with conditions: Shows issues and suggested remediation.
Not ready for Azure: Shows issues and suggested remediation.
Readiness unknown: Used when Azure Migrate can't assess readiness,
because of data availability issues.
3. Select an Azure readiness status. You can view VM readiness details. You can also
drill down to see VM details, including compute, storage, and network settings.
1. Review the monthly total costs. Costs are aggregated for all VMs in the assessed
group.
Cost estimates are based on the size recommendations for a server, its disks,
and its properties.
Estimated monthly costs for compute and storage are shown.
The cost estimation is for running the on-premises VMs on Azure VMs. The
estimation doesn't consider PaaS or SaaS costs.
2. Review monthly storage costs. The view shows the aggregated storage costs for
the assessed group, split over different types of storage disks.
3. You can drill down to see cost details for specific VMs.
The confidence rating helps you estimate the reliability of size recommendations in the
assessment. The rating is based on the availability of data points needed to compute the
assessment.
7 Note
Confidence ratings aren't assigned if you create an assessment based on a CSV file.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Next steps
Find server dependencies using dependency mapping.
Set up agent-based dependency mapping.
Tutorial: Assess SQL instances for
migration to Azure SQL
Article • 03/14/2023 • 15 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered SQL Server instances and databases in preparation
for migration to Azure SQL, using the Azure Migrate: Discovery and assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Before you follow this tutorial to assess your SQL Server instances for migration to
Azure SQL, make sure you've discovered the SQL instances you want to assess
using the Azure Migrate appliance, follow this tutorial.
If you want to try out this feature in an existing project, ensure that you have
completed the prerequisites in this article.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure SQL.
3. In Assess servers, the assessment type is pre-selected as Azure SQL and the
discovery source is defaulted to Servers discovered from Azure Migrate
appliance.
5. In Assessment settings, set the necessary values or retain the default values:
Section Setting Details
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
9. In Select or create a group > select Create New and specify a group name.
10. Select the appliance and select the servers you want to add to the group and
select Next.
11. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
12. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment, select the number next to Azure SQL
assessment. If you do not see the number populated, select Refresh to get the
latest updates.
13. Select the assessment name, which you wish to view.
7 Note
Review an assessment
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure SQL assessment.
3. Review the assessment summary. You can also edit the assessment settings or
recalculate the assessment.
Discovered entities
This indicates the number of SQL servers, instances, and databases that were assessed in
this assessment.
7 Note
2. Migrate all instances to Azure SQL MI: In this strategy, you can see the readiness
and cost estimates for migrating all SQL Server instances to Azure SQL Managed
Instance.
3. Migrate all instances to SQL Server on Azure VM: In this strategy, you can see the
readiness and cost estimates for migrating all SQL Server instances to SQL Server
on Azure VM.
4. Migrate all servers to SQL Server on Azure VM: In this strategy, you can see how
you can rehost the servers running SQL Server to SQL Server on Azure VM and
review the readiness and cost estimates. Even when SQL Server credentials are not
available, this report will provide right-sized lift-and-shift, that is, "Server to SQL
Server on Azure VM" recommendations. The readiness and sizing logic is similar to
Azure VM assessment type.
5. Migrate all SQL databases to Azure SQL Database In this strategy, you can see
how you can migrate individual databases to Azure SQL Database and review the
readiness and cost estimates.
Review readiness
You can review readiness reports for different migration strategies:
4. Select the instance name and drill-down to see the number of user databases,
instance details including instance properties, compute (scoped to instance) and
source database storage details.
5. Click the number of user databases to review the list of databases and their details.
6. Click review details in the Migration issues column to review the migration issues
and warnings for a particular target deployment type.
1. Review the monthly total costs. Costs are aggregated for all SQL instances in the
assessed group.
Cost estimates are based on the recommended Azure SQL configuration for
an instance/server/database.
The compute and storage costs are split in the individual cost estimates
reports and at instance/server/database level.
2. You can drill down at an instance level to see Azure SQL configuration and cost
estimates at an instance level.
3. You can also drill down to the database list to review the Azure SQL configuration
and cost estimates per database when an Azure SQL Database configuration is
recommended.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered ASP.NET web apps running on IIS web servers in
preparation for migration to Azure App Service, using the Azure Migrate: Discovery and
assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Before you follow this tutorial to assess your web apps for migration to Azure App
Service, make sure you've discovered the web apps you want to assess using the
Azure Migrate appliance, follow this tutorial
If you want to try out this feature in an existing project, ensure that you have
completed the prerequisites in this article.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Discover, assess
and migrate.
2. On Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure App Service.
3. In Create assessment, you will be able to see the assessment type pre-selected as
Azure App Service and the discovery source defaulted to Servers discovered from
Azure Migrate appliance.
Property Details
Target The Azure region to which you want to migrate. Azure App Service
location configuration and cost recommendations are based on the location that you
specify.
Isolation Select yes if you want your web apps to run in a private and dedicated
required environment in an Azure datacenter using Dv2-series VMs with faster
processors, SSD storage, and double the memory to core ratio compared to
Standard plans.
In Savings options (compute), specify the savings option that you want the
assessment to consider to help optimize your Azure compute cost.
Azure reservations (1 year or 3 year reserved) are a good option for the
most consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional
flexibility and automated cost optimization. Ideally post migration, you
could use Azure reservation and savings plan at the same time (reservation
will be consumed first), but in the Azure Migrate assessments, you can
only see cost estimates of 1 savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as
you go rate or based on actual usage.
You need to select pay-as-you-go in offer/licensing program to be able to
use Reserved Instances or Azure Savings Plan. When you select any
savings option other than 'None', the 'Discount (%)' setting is not
applicable. Offer | The Azure offer in which you're enrolled. The
assessment estimates the cost for that offer. Currency | The billing
currency for your account. Discount (%) | Any subscription-specific
discounts you receive on top of the Azure offer. The default setting is 0%.
EA subscription | Specifies that an Enterprise Agreement (EA) subscription
is used for cost estimation. Takes into account the discount applicable to
the subscription.
Leave the settings for reserved instances, and discount (%) properties with
their default settings.
7. In Select servers to assess > Assessment name > specify a name for the
assessment.
8. In Select or create a group, select Create New and specify a group name.
9. Select the appliance, and select the servers that you want to add to the group.
Select Next.
10. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
11. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment. Refresh the tile data by selecting the Refresh
option on top of the tile. Wait for the data to refresh.
Review an assessment
To view an assessment:
1. Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to the Azure App Service assessment.
2. Select the assessment name, which you wish to view.
3. Review the assessment summary. You can also edit the assessment properties or
recalculate the assessment.
This indicates the distribution of the assessed web apps. You can drill down to
understand the details around migration issues/warnings that you can remediate before
migration to Azure App Service. Learn More. You can also view the recommended App
Service SKU and plan for migrating to Azure App Service.
Review readiness
1. Select Azure App Service readiness.
2. Review Azure App Service readiness column in table, for the assessed web apps:
a. If there are no compatibility issues found, the readiness is marked as Ready for
the target deployment type.
b. If there are non-critical compatibility issues, such as degraded or unsupported
features that do not block the migration to a specific target deployment type,
the readiness is marked as Ready with conditions (hyperlinked) with warning
details and recommended remediation guidance.
c. If there are any compatibility issues that may block the migration to a specific
target deployment type, the readiness is marked as Not ready with issue details
and recommended remediation guidance.
d. If the discovery is still in progress or there are any discovery issues for a web
app, the readiness is marked as Unknown as the assessment could not compute
the readiness for that web app.
3. Review the recommended SKU for the web apps, which is determined as per the
matrix below:
Yes Yes I1
Yes No I1
No Yes P1v3
No No P1v2
Azure App Service readiness Determine App Service SKU Determine Cost estimates
Not ready No No
Unknown No No
4. Select the App Service plan link in the Azure App Service readiness table to see the
App Service plan details such as compute resources and other web apps that are
part of the same plan.
I1 8
P1v2 8
P1v3 16
Next steps
Learn how to perform at-scale agentless migration of ASP.NET web apps to Azure
App Service.
Learn more about how Azure App Service assessments are calculated.
Tutorial: Assess AWS instances for
migration to Azure
Article • 03/14/2023 • 7 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity.
This article shows you how to assess Amazon Web Services (AWS) instances for
migration to Azure, using the Azure Migrate: Discovery and assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you follow the steps in this tutorial, complete the first tutorial in this series
to discover your on-premises inventory.
Make sure AWS instances aren't running Windows Server 2003, or SUSE Linux.
Assessment isn't supported for these servers.
As-is on- Assess based on server Recommended Azure VM size is based on the on-
premises configuration premises VM size.
data/metadata.
The recommended Azure disk type is based on what
you select in the storage type setting in the
assessment.
Run an assessment
Run an assessment as follows:
1. On the Get started page > Servers, databases and web apps, select Discover,
assess and migrate.
2. In Azure Migrate: Discovery and assessment, select Assess > Azure VM.
3. In Assess servers > Assessment type > Azure VM.
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
In Target location, specify the Azure region to which you want to migrate.
Size and cost recommendations are based on the location that you specify.
Once you change the target location from default, you'll be prompted to
specify Reserved Instances and VM series.
In Azure Government, you can target assessments in these regions
In Storage type,
If you want to use performance-based data in the assessment, select
Automatic for Azure Migrate to recommend a storage type, based on disk
IOPS and throughput.
Alternatively, select the storage type you want to use for VM when you
migrate it.
In Savings options (compute), specify the savings option that you want the
assessment to consider, to help optimize your Azure compute cost.
Azure reservations (1 year or 3 year reserved) are a good option for the
most consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional
flexibility and automated cost optimization. Ideally post migration, you
could use Azure reservation and savings plan at the same time (reservation
will be consumed first), but in the Azure Migrate assessments, you can
only see cost estimates of 1 savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as
you go rate or based on actual usage.
You need to select pay-as-you-go in offer/licensing program to be able to
use Reserved Instances or Azure Savings Plan. When you select any
savings option other than 'None', the 'Discount (%)' and 'VM uptime'
properties aren't applicable.
7. In VM Size:
Cores 2 4
Memory 8 GB 16 GB
8. In Pricing:
11. In Select servers to assess > Assessment name, specify a name for the
assessment.
12. In Select or create a group, select Create New and specify a group name.
13. Select the appliance, and select the VMs you want to add to the group. Then select
Next.
14. In Review + create assessment, review the assessment details and select Create
Assessment to create the group and run the assessment.
15. After the assessment is created, view it in Servers, databases and web apps >
Azure Migrate: Discovery and assessment > Assessments.
7 Note
Review an assessment
An assessment describes:
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Assessments.
Review readiness
1. Select Azure readiness.
Ready for Azure: Used when Azure Migrate recommends a VM size and cost
estimates, for VMs in the assessment.
Ready with conditions: Shows issues and suggested remediation.
Not ready for Azure: Shows issues and suggested remediation.
Readiness unknown: Used when Azure Migrate can't assess readiness,
because of data availability issues.
3. Select an Azure readiness status. You can view VM readiness details. You can also
drill down to see VM details, including compute, storage, and network settings.
1. Review the monthly total costs. Costs are aggregated for all VMs in the assessed
group.
Cost estimates are based on the size recommendations for a server, its disks,
and its properties.
Estimated monthly costs for compute and storage are shown.
The cost estimation is for running the on-premises VMs on Azure VMs. The
estimation doesn't consider PaaS or SaaS costs.
2. Review monthly storage costs. The view shows the aggregated storage costs for
the assessed group, split over different types of storage disks.
3. You can drill down to see cost details for specific VMs.
7 Note
Confidence ratings aren't assigned if you create an assessment based on a CSV file.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Next steps
Find server dependencies using dependency mapping.
Set up agent-based dependency mapping.
Additional resources
Documentation
Discover AWS instances with Azure Migrate Discovery and assessment - Azure
Migrate
Learn how to discover AWS instances with Azure Migrate Discovery and assessment.
Assessment best practices in Azure Migrate Discovery and assessment tool - Azure
Migrate
Tips for creating assessments with Azure Migrate Discovery and assessment tool.
Assess VMware servers for migration to Azure VMware Solution (AVS) with Azure
Migrate - Azure Migrate
Learn how to assess servers in VMware environment for migration to AVS with Azure Migrate.
Show 5 more
Training
Module
Discover and assess your on-premises servers with Azure Migrate - Training
Explore the Azure Migrate tools for discovering and assessing your virtual machine servers. Learn
how to install and configure a virtual machine appliance in your virtualization host infrastructure.
Tutorial: Assess Google Cloud Platform
(GCP) VM instances for migration to
Azure
Article • 01/06/2023 • 7 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
determine cloud readiness, identify risks, and estimate costs and complexity.
This article shows you how to assess Google Cloud Platform (GCP) VM instances for
migration to Azure, using the Azure Migrate: Discovery and assessment tool.
7 Note
Tutorials show the quickest path for trying out a scenario and using default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you follow the steps in this tutorial, complete the first tutorial in this series
to discover your on-premises inventory.
As-is on- Assess based on server Recommended Azure VM size is based on the on-
premises configuration premises VM size.
data/metadata.
The recommended Azure disk type is based on what
you select in the storage type setting in the
assessment.
Run an assessment
Run an assessment as follows:
1. Go to Servers, databases and web apps > Azure Migrate: Discovery and
assessment.
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
In Target location, specify the Azure region to which you want to migrate.
Size and cost recommendations are based on the location that you specify.
Once you change the target location from default, you will be prompted to
specify Reserved Instances and VM series.
In Azure Government, you can target assessments in these regions.
In Storage type,
If you want to use performance-based data in the assessment, select
Automatic for Azure Migrate to recommend a storage type, based on the
disk IOPS and throughput.
Alternatively, select the storage type you want to use for VM when you
migrate it.
In Savings options (compute), specify the savings option that you want the
assessment to consider to help optimize your Azure compute cost.
Azure reservations (1 year or 3 year reserved) are a good option for the
most consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional
flexibility and automated cost optimization. Ideally post migration, you
could use Azure reservation and savings plan at the same time (reservation
will be consumed first), but in the Azure Migrate assessments, you can
only see cost estimates of 1 savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as
you go rate or based on actual usage.
You need to select pay-as-you-go in offer/licensing program to be able to
use Reserved Instances or Azure Savings Plan. When you select any
savings option other than 'None', the 'Discount (%)' and 'VM uptime'
properties are not applicable.
7. In VM Size:
Cores 2 4
Memory 8 GB 16 GB
8. In Pricing:
11. In Select servers to assess > Assessment name, specify a name for the
assessment.
12. In Select or create a group > Create New and specify a group name.
13. Select the appliance, and select the VMs you want to add to the group. Click Next.
14. In Review + create assessment, review the assessment details, and click Create
Assessment to create the group and run the assessment.
15. After the assessment is created, view it in Servers > Azure Migrate: Discovery and
assessment > Assessments.
7 Note
Review an assessment
An assessment describes:
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
click the number next to Assessments.
Review readiness
1. Click Azure readiness.
Ready for Azure: Used when Azure Migrate recommends a VM size and cost
estimates, for VMs in the assessment.
Ready with conditions: Shows issues and suggested remediation.
Not ready for Azure: Shows issues and suggested remediation.
Readiness unknown: Used when Azure Migrate can't assess readiness,
because of data availability issues.
3. Select an Azure readiness status. You can view the VM readiness details. You can
also drill down to see VM details, including compute, storage, and network
settings.
1. Review the monthly total costs. Costs are aggregated for all VMs in the assessed
group.
Cost estimates are based on the size recommendations for a server, its disks,
and its properties.
Estimated monthly costs for compute and storage are shown.
The cost estimation is for running the on-premises VMs on Azure VMs. The
estimation doesn't consider PaaS or SaaS costs.
2. Review monthly storage costs. The view shows the aggregated storage costs for
the assessed group, split over different types of storage disks.
3. You can drill down to see cost details for specific VMs.
7 Note
Confidence ratings aren't assigned if you create an assessment based on a CSV file.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Next steps
Find server dependencies using dependency mapping.
Set up agent-based dependency mapping.
Tutorial: Build a business case or assess
servers using an imported CSV file
Article • 04/28/2023
As part of your migration journey to Azure, you discover your on-premises inventory
and workloads.
This tutorial shows you how to build a business case or assess on-premises machines
with the Azure Migrate: Discovery and Assessment tool, using an imported comma-
separate values (CSV) file.
If you use a CSV file, you don't need to set up the Azure Migrate appliance to discover
servers. You can control the data you share in the file, and much of the data is optional.
This method is useful if:
You want to create a quick, initial business case or assessment before you deploy
the appliance.
You can't deploy the Azure Migrate appliance in your organization.
You can't share credentials that allow access to on-premises servers.
Security constraints prevent you from gathering and sending data collected by the
appliance to Azure.
7 Note
7 Note
Tutorials show the quickest path for trying out a scenario, and use default options
where possible.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
You can add up to 20,000 servers in a single CSV file, and in an Azure Migrate
project.
Operating system names specified in the CSV file must contain and match
supported names.
If you just created a free Azure account, you're the owner of your subscription. If you're
not the subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select
Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create an
Azure Migrate project.
4. Select Add > Add role assignment to open the Add role assignment page.
5. Assign the following role. For detailed steps, see Assign Azure roles using the
Azure portal.
Setting Value
Members azmigrateuser
6. In the portal, search for users, and under Services, select Users.
7. In User settings, verify that Azure AD users can register applications (set to Yes by
default).
Set up a project
Set up a new Azure Migrate project if you don't have one.
1. In the Azure portal > All services, search for Azure Migrate.
4. In Create project, select your Azure subscription and resource group. Create a
resource group if you don't have one.
5. In Project Details, specify the project name and the geography in which you want
to create the project. Review supported geographies for public and government
clouds.
7 Note
6. Select Create.
The Azure Migrate: Discovery and assessment tool is added by default to the new
project.
Prepare the CSV
Download the CSV template and add server information to it.
3. Select Download to download the CSV template. Alternatively, you can download
it directly .
Add server information
Gather server data and add it to the CSV file.
To gather data, you can export it from tools you use for on-premises server
management, such as VMware vSphere or your configuration-management
database (CMDB).
To review sample data, download our example file .
Server name Yes We recommend specifying the fully qualified domain name
(FQDN).
Storage in use (In No You can add how much storage is in use per server.
GB) This field will only be used in Azure VMware Solution
assessment sizing logic.
Disk 1 read No Data read from the disk per second, in MB per second.
throughput
Total disks read No Data read from the disk, in MB per second.
throughput
No Server
MAC
address.
For example, to specify all fields for a second disk, add these columns:
Disk 2 size
Disk 2 read ops
Disk 2 write ops
Disk 2 read throughput
Disk 2 write throughput
1. In Migration goals > Servers > Azure Migrate: Discovery and assessment, select
Discover.
2. In Discover machines, select Import using CSV
3. Upload the .csv file and select Import.
4. The import status is shown.
If warnings appear in the status, you can either fix them or continue without
addressing them.
To improve assessment accuracy, improve the server information as
suggested in warnings.
To view and fix warnings, select Download warning details .CSV. This
operation downloads the CSV with warnings included. Review the warnings
and fix issues as needed.
If errors appear in the status so that the import status is Failed, you must fix
those errors before you can continue with the import:
a. Download the CSV, which now includes error details.
b. Review and address the errors as necessary.
c. Upload the modified file again.
5. When the import status is Completed, the server information has been imported.
Refresh if the import process doesn't seem to be complete.
Assessment considerations
If you import servers by using a CSV file and creating an assessment with sizing
criteria as "performance-based":
For Azure VM assessment, the performance values you specify (CPU utilization,
Memory utilization, Disk IOPS and throughput) are used if you choose
performance-based sizing. You will not be able to provide performance history
and percentile information.
For Azure VMware Solution assessment, the performance values you specify
(CPU utilization, Memory utilization, Storage in use(GB)) are used if you choose
performance-based sizing. You will not be able to provide performance history
and percentile information.
To get an accurate OS suitability/readiness in Azure VM and Azure VMware
Solution assessment, please enter the Operating system version and architecture in
the respective columns.
Next steps
In this tutorial, you:
You can migrate VMware VMs to Azure using the Migration and modernization tool.
This tool offers a couple of options for VMware VM migration:
Azure You need permissions to create an Azure Migrate You need Contributor
permissions project, and to register Azure AD apps created when permissions on the
you deploy the Azure Migrate appliance. Azure subscription.
Appliance The Azure Migrate appliance is deployed on-premises. The Azure Migrate
deployment Replication appliance is
deployed on-premises.
Next steps
Migrate VMware VMs with agentless migration.
Additional resources
Documentation
Migrate VMware vSphere VMs with agent-based the Migration and modernization
tool - Azure Migrate
Learn how to run an agent-based migration of VMware vSphere VMs with Azure Migrate.
Show 5 more
Training
This article shows you how to migrate on-premises VMware VMs to Azure, using the
Migration and modernization tool, with agentless migration. You can also migrate
VMware VMs using agent-based migration. Compare the methods.
This tutorial is the third in a series that demonstrates how to assess and migrate
VMware VMs to Azure.
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you begin this tutorial, you should:
1. Complete the first tutorial to prepare Azure and VMware for migration.
2. We recommend that you complete the second tutorial to assess VMware VMs
before migrating them to Azure, but you don't have to.
3. Go to the already created project or create a new project
4. Verify permissions for your Azure account - Your Azure account needs permissions
to create a VM, and write to an Azure managed disk.
After creating the appliance, you check that it can connect to Azure Migrate:Server
Assessment, configure it for the first time, and register it with the Azure Migrate project.
Replicate VMs
After setting up the appliance and completing discovery, you can begin replication of
VMware VMs to Azure.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicate.
2. In Replicate, > Basics > Are your machines virtualized?, select Yes, with VMware
vSphere.
3. In On-premises appliance, select the name of the Azure Migrate appliance that
you set up > OK.
4. In Virtual machines, select the machines you want to replicate. To apply VM sizing
and disk type from an assessment if you've run one, in Import migration settings
from an Azure Migrate assessment?, select Yes, and select the VM group and
assessment name. If you aren't using assessment settings, select No.
5. In Virtual machines, select VMs you want to migrate. Then click Next: Target
settings.
6. In Target settings, select the subscription and target region. Specify the resource
group in which the Azure VMs reside after migration.
7 Note
The region for the project cannot be changed after the first replication is
initiated. Please select the region carefully.
7. In Virtual Network, select the Azure VNet/subnet which the Azure VMs join after
migration.
7 Note
To replicate VMs with CMK, you'll need to create a disk encryption set under
the target Resource Group. A disk encryption set object maps Managed Disks
to a Key Vault that contains the CMK to use for SSE.
Select No if you don't want to apply Azure Hybrid Benefit. Then click Next.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating. Then click Next.
11. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
7 Note
12. In Disks, specify whether the VM disks should be replicated to Azure, and select
the disk type (standard SSD/HDD or premium-managed disks) in Azure. Then click
Next.
13. In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
14. In Review and start replication, review the settings, and click Replicate to start the
initial replication for the servers.
7 Note
You can update replication settings any time before replication starts (Manage >
Replicating machines). You can't change settings after replication starts.
Service bus: The Migration and modernization tool uses the service bus to send
replication orchestration messages to the appliance.
Gateway storage account: The Migration and modernization tool uses the
gateway storage account to store state information about the VMs being
replicated.
Log storage account: The Azure Migrate appliance uploads replication logs for
VMs to a log storage account. Azure Migrate applies the replication information to
the replica managed disks.
Key vault: The Azure Migrate appliance uses the key vault to manage connection
strings for the service bus, and access keys for the storage accounts used in
replication.
When the Start Replication job finishes successfully, the machines begin their initial
replication to Azure.
During initial replication, a VM snapshot is created. Disk data from the snapshot is
replicated to replica managed disks in Azure.
After initial replication finishes, delta replication begins. Incremental changes to
on-premises disks are periodically replicated to the replica disks in Azure.
Running a test migration checks that migration will work as expected, without
impacting the on-premises machines, which remain operational, and continue
replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production VNet in your Azure subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
1. In Migration goals > Servers, databases and web apps > Migration and
modernization, select Test migrated servers.
3. In Test migration, select the Azure VNet in which the Azure VM will be located
during testing. We recommend you use a non-production VNet.
4. Choose the subnet to which you would like to associate each of the Network
Interface Cards (NICs) of the migrated VM.
5. The Test migration job starts. Monitor the job in the portal notifications.
6. After the migration finishes, view the migrated Azure VM in Virtual Machines in
the Azure portal. The machine name has a suffix -Test.
7. After the test is done, right-click the Azure VM in Replicating machines, and click
Clean up test migration.
7 Note
You can now register your servers running SQL server with SQL VM RP to take
advantage of automated patching, automated backup and simplified license
management using SQL IaaS Agent Extension.
Select Manage > Replicating servers > Machine containing SQL server
> Compute and Network and select yes to register with SQL VM RP.
Select Azure Hybrid benefit for SQL Server if you have SQL Server
instances that are covered with active Software Assurance or SQL Server
subscriptions and you want to apply the benefit to the machines you're
migrating.hs.
Migrate VMs
After you've verified that the test migration works as expected, you can migrate the on-
premises machines.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicating servers.
3. In Migrate > Shut down virtual machines and perform a planned migration with
no data loss, select Yes > OK.
By default Azure Migrate shuts down the on-premises VM, and runs an on-
demand replication to synchronize any VM changes that occurred since the
last replication occurred. This ensures no data loss.
If you don't want to shut down the VM, select No
4. A migration job starts for the VM. Track the job in Azure notifications.
5. After the job finishes, you can view and manage the VM from the Virtual Machines
page.
Complete the migration
1. After the migration is done, right-click the VM > Complete migration. This stops
replication for the on-premises machine, and cleans up replication state
information for the VM.
2. We automatically install the VM agent for Windows VMs and Linux during
migration.
3. Verify and troubleshoot any Windows activation issues on the Azure VM.
4. Perform any post-migration app tweaks, such as updating host names, database
connection strings, and web server configurations.
5. Perform final application and migration acceptance testing on the migrated
application now running in Azure.
6. Cut over traffic to the migrated Azure VM instance.
7. Remove the on-premises VMs from your local VM inventory.
8. Remove the on-premises VMs from local backups.
9. Update any internal documentation to show the new location and IP address of
the Azure VMs.
This article shows you how to migrate on-premises VMware vSphere VMs to Azure, using
the Migration and modernization tool, with agent-based migration. You can also migrate
VMware vSphere VMs using agentless migration. Compare the methods.
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you begin this tutorial, review the VMware vSphere agent-based migration
architecture.
Prepare Azure
Complete the tasks in the table to prepare Azure for agent-based migration.
Task Details
Task Details
Create an Azure Migrate Your Azure account needs Contributor or Owner permissions to create
project a project.
Verify Azure account Your Azure account needs permissions to create a VM, and write to an
permissions Azure managed disk.
Set up an Azure network Set up a network that Azure VMs will join after migration.
1. In the Azure portal, open the subscription, and select Access control (IAM).
2. In Check access, find the relevant account, and select it to view permissions.
If you just created a free Azure account, you're the owner of your subscription.
If you're not the subscription owner, work with the owner to assign the role.
) Important
1. To use a dedicated account, create a role at the vCenter Server level. Give the role a
name such as Azure_Migrate.
2. Assign the role the permissions summarized in the table below.
3. Create a user on the vCenter Server or vSphere host. Assign the role to the user.
Replication Create a role (Azure Site Recovery) with User assigned at datacenter level, and
the required permissions, and then assign has access to all the objects in the
the role to a VMware vSphere user or datacenter.
group
To restrict access, assign the No access
Data Center object –> Propagate to Child role with the Propagate to child object,
Object, role=Azure Site Recovery to the child objects (vSphere hosts,
datastores, VMs, and networks).
Datastore -> Allocate space, browse
datastore, low-level file operations,
remove file, update virtual machine files
The Azure Migrate replication appliance can do a push installation of this service
when you enable replication for a machine, or you can install it manually, or using
installation tools.
In this tutorial, we're going to install the Mobility service with the push installation.
For push installation, you need to prepare an account that the Migration and
modernization tool can use to access the VM. This account is used only for the push
installation, if you don't install the Mobility service manually.
It's important to make these changes before you begin migration. If you
migrate the VM before you make the change, the VM might not boot up in
Azure.
Review Windows and Linux changes you need to make.
7 Note
1. In the Azure Migrate project, select Servers, databases and web apps under
Migration goals.
2. In Servers, databases and web apps > Migration and modernization, click
Discover.
3. In Discover machines > Are your machines virtualized?, click Yes, with VMware
vSphere hypervisor.
5. In Target region, select the Azure region to which you want to migrate the
machines.
7 Note
If you selected private endpoint as the connectivity method for the Azure
Migrate project when it was created, the Recovery Services vault will also be
configured for private endpoint connectivity. Ensure that the private endpoints
are reachable from the replication appliance: Learn more
10. Note the name of the resource group and the Recovery Services vault. You need
these during appliance deployment.
Import the template into VMware vSphere
After downloading the OVF template, you import it into VMware vSphere to create the
replication application on a VMware vSphere VM running Windows Server 2016.
1. Sign in to the VMware vCenter Server or vSphere ESXi host with the VMware
vSphere Client.
2. On the File menu, select Deploy OVF Template to start the Deploy OVF Template
Wizard.
5. In Select name and folder and Select configuration, accept the default settings.
6. In Select storage > Select virtual disk format, for best performance select Thick
Provision Eager Zeroed.
8. In Ready to complete, to set up the VM with the default settings, select Power on
after deployment > Finish.
Tip
If you want to add an additional NIC, clear Power on after deployment >
Finish. By default, the template contains a single NIC. You can add additional
NICs after deployment.
2. Select the NIC (by default there's only one NIC) that the replication appliance uses
for VM discovery, and to do a push installation of the Mobility service on source
machines.
3. Select the NIC that the replication appliance uses for connectivity with Azure. Then
select Save. You cannot change this setting after it's configured.
Tip
If for some reason you need to change the NIC selection and you have not
clicked the Finalize configuration button in step 12, you can do so by clearing
your browser cookies and restarting the Configuration Server Management
Wizard.
4. If the appliance is located behind a proxy server, you need to specify proxy settings.
5. When prompted for the subscription, resource groups, and vault details, add the
details that you noted when you downloaded the appliance template.
6. In Install third-party software, accept the license agreement. Select Download and
Install to install MySQL Server.
7. Select Install VMware PowerCLI. Make sure all browser windows are closed before
you do this. Then select Continue.
7 Note
10. Enter the credentials for the account you created for VMware discovery. Select Add
> Continue.
11. In Configure virtual machine credentials, enter the credentials you created for push
installation of the Mobility service, when you enable replication for VMs.
For Windows machines, the account needs local administrator privileges on the
machines you want to replicate.
For Linux, provide details for the root account.
After the replication appliance is registered, Azure Migrate Server Assessment connects to
VMware servers using the specified settings, and discovers VMs. You can view discovered
VMs in Manage > Discovered items, in the Other tab.
Replicate VMs
Select VMs for migration.
7 Note
In the portal you can select up to 10 machines at once for replication. If you need to
replicate more, then group them in batches of 10.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, click Replicate.
2. In Replicate, > Source settings > Are your machines virtualized?, select Yes, with
VMware vSphere.
3. In On-premises appliance, select the name of the Azure Migrate appliance that you
set up.
4. In vCenter server, specify the name of the vCenter server managing the VMs, or the
vSphere server on which the VMs are hosted.
6. In Guest credentials, specify the VM admin account that will be used for push
installation of the Mobility service. Then click Next: Virtual machines.
9. Check each VM you want to migrate. Then click Next: Target settings.
10. In Target settings, select the subscription, and target region to which you'll migrate,
and specify the resource group in which the Azure VMs will reside after migration.
11. In Virtual Network, select the Azure VNet/subnet to which the Azure VMs will be
joined after migration.
12. In Cache storage account, keep the default option to use the cache storage account
that is automatically created for the project. Use the dropdown if you'd like to
specify a different storage account to use as the cache storage account for
replication.
7 Note
If you selected private endpoint as the connectivity method for the Azure
Migrate project, grant the Recovery Services vault access to the cache
storage account. Learn more
To replicate using ExpressRoute with private peering, create a private
endpoint for the cache storage account. Learn more
7 Note
To replicate VMs with CMK, you'll need to create a disk encryption set under the
target Resource Group. A disk encryption set object maps Managed Disks to a Key
Vault that contains the CMK to use for SSE.
Select No if you don't want to apply Azure Hybrid Benefit. Then click Next.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating. Then click Next.
16. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
17. In Disks, specify whether the VM disks should be replicated to Azure, and select the
disk type (standard SSD/HDD or premium managed disks) in Azure. Then click Next.
You can exclude disks if the mobility agent is already installed on that server.
Learn more.
18. In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
19. In Review and start replication, review the settings, and click Replicate to start the
initial replication for the servers.
7 Note
You can update replication settings any time before replication starts, Manage >
Replicating machines. Settings can't be changed after replication starts.
When the Start Replication job finishes successfully, the machines begin their initial
replication to Azure.
After initial replication finishes, delta replication begins. Incremental changes to on-
premises disks are periodically replicated to the replica disks in Azure.
Running a test migration checks that migration will work as expected, without
impacting the on-premises machines, which remain operational, and continue
replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production VNet in your Azure subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
3. In Test Migration, select the Azure VNet in which the Azure VM will be located after
the migration. We recommend you use a non-production VNet.
4. The Test migration job starts. Monitor the job in the portal notifications.
5. After the migration finishes, view the migrated Azure VM in Virtual Machines in the
Azure portal. The machine name has a suffix -Test.
6. After the test is done, right-click the Azure VM in Replicating machines, and click
Clean up test migration.
7 Note
You can now register your servers running SQL server with SQL VM RP to take
advantage of automated patching, automated backup and simplified license
management using SQL IaaS Agent Extension.
Select Manage > Replicating servers > Machine containing SQL server >
Compute and Network and select yes to register with SQL VM RP.
Select Azure Hybrid benefit for SQL Server if you have SQL Server
instances that are covered with active Software Assurance or SQL Server
subscriptions and you want to apply the benefit to the machines you're
migrating.hs.
Migrate VMs
After you've verified that the test migration works as expected, you can migrate the on-
premises machines.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicating servers.
2. In Replicating machines, right-click the VM > Migrate.
3. In Migrate > Shut down virtual machines and perform a planned migration with
no data loss, select Yes > OK.
4. A migration job starts for the VM. Track the job in Azure notifications.
5. After the job finishes, you can view and manage the VM from the Virtual Machines
page.
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Migrate VMware VMs to Azure
(agentless) - PowerShell
Article • 05/11/2023
In this article, you'll learn how to migrate discovered VMware VMs with the agentless
method using Azure PowerShell for Migration and modernization.
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible and
don't show all possible settings and paths.
If you don't have an Azure subscription, create a free account before you begin.
1. Prerequisites
Before you begin this tutorial, you should:
1. Complete the Tutorial: Discover VMware VMs with Server Assessment to prepare
Azure and VMware for migration.
2. Complete the Tutorial: Assess VMware VMs for migration to Azure VMs before
migrating them to Azure.
3. Install the Az PowerShell module
Azure PowerShell
Connect-AzAccount
Azure PowerShell
As part of prerequisites, you would have already created an Azure Migrate project. Use
the Get-AzMigrateProject cmdlet to retrieve details of an Azure Migrate project. You'll
need to specify the name of the Azure Migrate project ( Name ) and the name of the
resource group of the Azure Migrate project ( ResourceGroupName ).
Azure PowerShell
Azure PowerShell
Azure PowerShell
# View Azure Migrate project details
Write-Output $MigrateProject
To retrieve a specific VMware VM in an Azure Migrate project, specify name of the Azure
Migrate project ( ProjectName ), resource group of the Azure Migrate project
( ResourceGroupName ), and the VM name ( DisplayName ).
Azure PowerShell
You can also retrieve all VMware VMs in an Azure Migrate project by using the
( ProjectName ) and ( ResourceGroupName ) parameters.
Azure PowerShell
If you have multiple appliances in an Azure Migrate project, you can use ( ProjectName ),
( ResourceGroupName ), and ( ApplianceName ) parameters to retrieve all VMs discovered
using a specific Azure Migrate appliance.
Azure PowerShell
Service bus: Migration and modernization uses the service bus to send replication
orchestration messages to the appliance.
Gateway storage account: Migration and modernization uses the gateway storage
account to store state information about the VMs being replicated.
Log storage account: The Azure Migrate appliance uploads replication logs for
VMs to a log storage account. Azure Migrate applies the replication information to
the replica-managed disks.
Key vault: The Azure Migrate appliance uses the key vault to manage connection
strings for the service bus, and access keys for the storage accounts used in
replication.
Before replicating the first VM in the Azure Migrate project, run the following command
to provision the replication infrastructure. This command provisions and configures the
aforementioned resources so that you can start migrating your VMware VMs.
7 Note
One Azure Migrate project supports migrations to one Azure region only. Once you
run this script, you can't change the target region to which you want to migrate
your VMware VMs. You'll need to run the Initialize-
AzMigrateReplicationInfrastructure command if you configure a new appliance in
In the article, we'll initialize the replication infrastructure so that we can migrate our VMs
to Central US region.
Azure PowerShell
Target Mandatory Specify the subscription and resource group that the VM should be
subscription migrated to by providing the resource group ID using the
and resource ( TargetResourceGroupId ) parameter.
group
Target virtual Mandatory Specify the ID of the Azure Virtual Network and the name of the
network and subnet that the VM should be migrated to by using the
subnet ( TargetNetworkId ) and ( TargetSubnetName ) parameters respectively.
Machine ID Mandatory Specify the ID of the discovered machine that needs to be replicated
and migrated. Use ( InputObject ) to specify the discovered VM
object for replication.
Target VM Mandatory Specify the name of the Azure VM to be created by using the
name ( TargetVMName ) parameter.
Target VM Mandatory Specify the Azure VM size to be used for the replicating VM by
size using ( TargetVMSize ) parameter. For instance, to migrate a VM to
D2_v2 VM in Azure, specify the value for ( TargetVMSize ) as
"Standard_D2_v2".
License Mandatory To use Azure Hybrid Benefit for your Windows Server machines that
are covered with active Software Assurance or Windows Server
subscriptions, specify the value for ( LicenseType ) parameter as
WindowsServer. Otherwise, specify the value as NoLicenseType.
OS Disk Mandatory Specify the unique identifier of the disk that has the operating
system bootloader and installer. The disk ID to be used is the unique
identifier (UUID) property for the disk retrieved using the Get-
AzMigrateDiscoveredServer cmdlet.
Boot Optional To use a boot diagnostic storage account, specify the ID for
Diagnostic ( TargetBootDiagnosticStorageAccount ) parameter.
Storage - The storage account used for boot diagnostics should be in the
Account same subscription that you're migrating your VMs to.
- By default, no value is set for this parameter.
Tags Optional Add tags to your migrated virtual machines, disks, and NICs.
Use ( Tag ) to add tags to virtual machines, disks, and NICs.
or
Use ( VMTag ) for adding tags to your migrated virtual machines.
Use ( DiskTag ) for adding tags to disks.
Use ( NicTag ) for adding tags to network interfaces.
For example, add the required tags to a variable $tags and pass the
variable in the required parameter. $tags =
@{Organization=”Contoso”}
Azure PowerShell
Azure PowerShell
# Retrieve the Azure virtual network and subnet that you want to migrate to
$TargetVirtualNetwork = Get-AzVirtualNetwork -Name MyVirtualNetwork
Azure PowerShell
Azure PowerShell
DiskId - Specify the unique identifier for the disk to be migrated. The disk ID to be
used is the unique identifier (UUID) property for the disk retrieved using the Get-
AzMigrateDiscoveredServer cmdlet.
IsOSDisk - Specify "true" if the disk to be migrated is the OS disk of the VM, else
"false".
DiskType - Specify the type of disk to be used in Azure.
In the following example, we'll replicate only two disks of the discovered VM. We'll
specify the OS disk and use different disk types for each disk to be replicated. The
cmdlet returns a job which can be tracked for monitoring the status of the operation.
Azure PowerShell
Azure PowerShell
$DisksToReplicate += $OSDisk
$DisksToReplicate += $DataDisk
Azure PowerShell
Azure PowerShell
# Retrieve the Azure virtual network and subnet that you want to migrate to
$TargetVirtualNetwork = Get-AzVirtualNetwork -Name MyVirtualNetwork
Azure PowerShell
Azure PowerShell
8. Monitor replication
Replication occurs as follows:
When the Start Replication job finishes successfully, the machines begin their initial
replication to Azure.
During initial replication, a VM snapshot is created. Disk data from the snapshot is
replicated to replica-managed disks in Azure.
After initial replication finishes, delta replication begins. Incremental changes to
on-premises disks are periodically replicated to the replica disks in Azure.
Azure PowerShell
# List replicating VMs and filter the result for selecting a replicating VM.
This cmdlet will not return all properties of the replicating VM.
$ReplicatingServer = Get-AzMigrateServerReplication -ProjectName
$MigrateProject.Name -ResourceGroupName $ResourceGroup.ResourceGroupName -
MachineName MyTestVM
Azure PowerShell
You can track the Migration State and Migration State Description properties in the
output.
For initial replication, the values for Migration State and Migration State
Description properties will be InitialSeedingInProgress and Initial replication
respectively.
During delta replication, the values for Migrate State and Migration State
Description properties will be Replicating and Ready to migrate respectively.
After you complete the migration, the values for Migrate State and Migration
State Description properties will be Migration succeeded and Migrated
respectively.
Output
osoft.RecoveryServices/vaults/xxx/replicationJobs/None
CurrentJobName : None
CurrentJobStartTime : 1/1/1753 1:01:01 AM
EventCorrelationId : 9d435c55-4660-41a5-a8ed-dd74213d85fa
Health : Normal
HealthError : {}
Id :
/Subscriptions/xxx/resourceGroups/xxx/providers/Micr
osoft.RecoveryServices/vaults/xxx/replicationFabrics/xxx/replicationProtecti
onContainers/xxx/
replicationMigrationItems/10-150-8-52-
b090bef3-b733-5e34-bc8f-eb6f2701432a_5009e941-3e40-
39b2-1e14-f90584522703
LastTestMigrationStatus :
LastTestMigrationTime :
Location :
MachineName : MyTestVM
MigrationState : InitialSeedingInProgress
MigrationStateDescription : Initial replication
Name : 10-150-8-52-b090bef3-b733-5e34-bc8f-
eb6f2701432a_5009e941-3e40-39b2-1e14-f90584522703
PolicyFriendlyName : xxx
PolicyId :
/Subscriptions/xxx/resourceGroups/xxx/providers/Micr
osoft.RecoveryServices/vaults/xxx/replicationPolicies/xxx
ProviderSpecificDetail :
Microsoft.Azure.PowerShell.Cmdlets.Migrate.Models.Api20180110.VMwareCbtMigra
tionDetails
TestMigrateState : None
TestMigrateStateDescription : None
Type :
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionCo
ntainers/replicationMigrationItems
Azure PowerShell
Write-Output $replicatingserver.ProviderSpecificDetail
You can track the initial replication progress using the Initial Seeding Progress
Percentage properties in the output.
Output
"DataMoverRunAsAccountId":
"/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.OffAzure/VMwareSi
tes/xxx/runasaccounts/xxx",
"FirmwareType": "BIOS",
"InitialSeedingProgressPercentage": 20,
"InstanceType": "VMwareCbt",
"LastRecoveryPointReceived": "\/Date(1601733591427)\/",
"LicenseType": "NoLicenseType",
"MigrationProgressPercentage": null,
"MigrationRecoveryPointId": null,
"OSType": "Windows",
"PerformAutoResync": "true",
When the Start Replication job finishes successfully, the machines begin their initial
replication to Azure.
During initial replication, a VM snapshot is created. Disk data from the snapshot is
replicated to replica-managed disks in Azure.
After initial replication finishes, delta replication begins. Incremental changes to
on-premises disks are periodically replicated to the replica disks in Azure.
Azure PowerShell
VM Name Optional Specify the name of the Azure VM to be created by using the
[ TargetVMName ] parameter.
VM size Optional Specify the Azure VM size to be used for the replicating VM by using
[ TargetVMSize ] parameter. For instance, to migrate a VM to D2_v2 VM in
Azure, specify the value for [ TargetVMSize ] as Standard_D2_v2 .
Virtual Optional Specify the ID of the Azure Virtual Network that the VM should be
Network migrated to by using the [ TargetNetworkId ] parameter.
Network Optional Specify the name of the Azure VM to be created by using the
Interface [ TargetVMName ] parameter.
Availability Optional To use availability zones, specify the availability zone value for
Zone [ TargetAvailabilityZone ] parameter.
Availability Optional To use availability set, specify the availability set ID for
Set [ TargetAvailabilitySet ] parameter.
Parameter Type Description
Tags Optional For updating tags, use the following parameters [ UpdateTag ] or
[ UpdateVMTag ], [ UpdateDiskTag ], [ UpdateNicTag ], and type of update tag
operation [ UpdateTagOperation ] or [ UpdateVMTagOperation ],
[ UpdateDiskTagOperation ], [ UpdateNicTagOperation ]. The update tag
operation takes the following values – Merge, Delete, and Replace.
Use [ UpdateTag ] to update all tags across virtual machines, disks, and
NICs.
Use [ UpdateVMTag ] for updating virtual machine tags.
Use [ UpdateDiskTag ] for updating disk tags.
Use [ UpdateNicTag ] for updating NIC tags.
Use [ UpdateTagOperation ] to update the operation for all tags across
virtual machines, disks, and NICs.
Use [ UpdateVMTagOperation ] for updating virtual machine tags.
Use [ UpdateDiskTagOperation ] for updating disk tags.
Use [ UpdateNicTagOperation ] for updating NIC tags.
The replace option replaces the entire set of existing tags with a new set.
The merge option allows adding tags with new names and updating the
values of tags with existing names.
The delete option allows selectively deleting tags based on given names
or name/value pairs.
Azure PowerShell
# List replicating VMs and filter the result for selecting a replicating VM.
This cmdlet will not return all properties of the replicating VM.
$ReplicatingServer = Get-AzMigrateServerReplication -ProjectName
$MigrateProject.Name -ResourceGroupName $ResourceGroup.ResourceGroupName -
MachineName MyTestVM
Azure PowerShell
In the following example, we'll update the NIC configuration by making the first NIC as
primary and assigning a static IP to it. we'll discard the second NIC for migration, update
the target VM name & size, and customizing NIC names.
Azure PowerShell
$NicMapping += $NicMapping1
$NicMapping += $NicMapping2
Azure PowerShell
Azure PowerShell
Azure PowerShell
Azure PowerShell
Running a test migration checks that migration will work as expected. Test
migration doesn't impact the on-premises machine, which remains operational,
and continues replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production VNet in your Azure subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
Select the Azure Virtual Network to be used for testing by specifying the ID of the virtual
network using the [ TestNetworkID ] parameter.
Azure PowerShell
Azure PowerShell
Azure PowerShell
After testing is complete, clean-up the test migration using the Start-
AzMigrateTestMigrationCleanup cmdlet. The cmdlet returns a job that can be tracked
for monitoring the status of the operation.
Azure PowerShell
Azure PowerShell
If you don't want to turn-off the source server, then don't use [ TurnOffSourceServer ]
parameter.
Azure PowerShell
# Start migration for a replicating server and turn off source server as
part of migration
$MigrateJob = Start-AzMigrateServerMigration -InputObject $ReplicatingServer
-TurnOffSourceServer
Azure PowerShell
Azure PowerShell
7. Update any internal documentation to show the new location and IP address of
the Azure VMs.
This article shows you how to migrate on-premises Hyper-V VMs to Azure with the
Migration and modernization tool.
This tutorial is the third in a series that demonstrates how to assess and migrate
machines to Azure.
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you begin this tutorial, you should:
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Discover.
2. In Discover machines > Are your machines virtualized?, select Yes, with Hyper-V.
3. In Target region, select the Azure region to which you want to migrate the
machines.
5. Click Create resources. This creates an Azure Site Recovery vault in the
background.
If you've already set up migration with the Migration and modernization tool,
this option won't appear since resources were set up previously.
You can't change the target region for this project after clicking this button.
All subsequent migrations are to this region.
6. In Prepare Hyper-V host servers, download the Hyper-V Replication provider, and
the registration key file.
The registration key is needed to register the Hyper-V host with the
Migration and modernization tool.
The key is valid for five days after you generate it.
7. Copy the provider setup file and registration key file to each Hyper-V host (or
cluster node) running VMs you want to replicate.
Install and register the provider
Copy the provider setup file and registration key file to each Hyper-V host (or cluster
node) running VMs you want to replicate. To install and register the provider, follow the
steps below using either the UI or commands:
Using UI
1. Select the file icon in the taskbar to open the folder where the installer file and
registration key are downloaded.
2. Select AzureSiteRecoveryProvider.exe file.
After installing the provider on hosts, go to the Azure portal and in Discover machines,
select Finalize registration.
It can take up to 15 minutes after finalizing registration until discovered VMs appear in
the Migration and modernization tile. As VMs are discovered, the Discovered servers
count rises.
Replicate Hyper-V VMs
With discovery completed, you can begin the replication of Hyper-V VMs to Azure.
7 Note
You can replicate up to 10 machines together. If you need to replicate more, then
replicate them simultaneously in batches of 10.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicate.
2. In Replicate > Source settings > Are your machines virtualized?, select Yes, with
Hyper-V. Then click Next: Virtual machines.
If you've run an assessment for the VMs, you can apply VM sizing and disk
type (premium/standard) recommendations from the assessment results. To
do this, in Import migration settings from an Azure Migrate assessment?,
select the Yes option.
If you didn't run an assessment, or you don't want to use the assessment
settings, select the No option.
If you selected to use the assessment, select the VM group, and assessment
name.
4. In Virtual machines, search for VMs as needed, and check each VM you want to
migrate. Then, select Next: Target settings.
5. In Target settings, select the target region to which you'll migrate, the
subscription, and the resource group in which the Azure VMs will reside after
migration.
7. Virtual Network, select the Azure VNet/subnet to which the Azure VMs will be
joined after migration.
Select No if you don't want to apply Azure Hybrid Benefit. Then, select Next.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating. Then select Next.
10. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
11. In Disks, specify the VM disks that need to be replicated to Azure. Then select
Next.
12. In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
13. In Review and start replication, review the settings, and select Replicate to start
the initial replication for the servers.
7 Note
You can update replication settings any time before replication starts, in Manage >
Replicating machines. Settings can't be changed after replication starts.
Cache storage account: The Azure Site Recovery provider software installed on
Hyper-V hosts uploads replication data for the VMs configured for replication to a
storage account (known as the cache storage account, or log storage account) in
your subscription. The Azure Migrate service then copies the uploaded replication
data from the storage account to the replica-managed disks corresponding to the
VM. The cache storage account needs to be specified while configuring replication
for a VM and The Azure Migrate portal automatically creates one for the Azure
Migrate project when replication is configured for the first time in the project.
You can monitor replication status by clicking on Replicating servers in Migration and
modernization.
Running a test migration checks that migration will work as expected, without
impacting the on-premises machines, which remain operational, and continue
replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production Azure VNet in your Azure
subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
3. In Test Migration, select the Azure virtual network in which the Azure VM will be
located after the migration. We recommend you use a non-production virtual
network.
4. The Test migration job starts. Monitor the job in the portal notifications.
5. After the migration finishes, view the migrated Azure VM in Virtual Machines in
the Azure portal. The machine name has a suffix -Test.
6. After the test is done, right-click the Azure VM in Replications, and select Clean up
test migration.
7 Note
You can now register your servers running SQL server with SQL VM RP to take
advantage of automated patching, automated backup and simplified license
management using SQL IaaS Agent Extension.
Select Manage > Replications > Machine containing SQL server >
Compute and Network and select yes to register with SQL VM RP.
Select Azure Hybrid benefit for SQL Server if you have SQL Server
instances that are covered with active Software Assurance or SQL Server
subscriptions and you want to apply the benefit to the machines you're
migrating.hs.
Migrate VMs
After you've verified that the test migration works as expected, you can migrate the on-
premises machines.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicating servers.
2. In Replicating machines, right-click the VM > Migrate.
3. In Migrate > Shut down virtual machines and perform a planned migration with
no data loss, select Yes > OK.
By default Azure Migrate shuts down the on-premises VM, and runs an on-
demand replication to synchronize any VM changes that occurred since the
last replication occurred. This ensures no data loss.
If you don't want to shut down the VM, select No.
4. A migration job starts for the VM. Track the job in Azure notifications.
5. After the job finishes, you can view and manage the VM from the Virtual Machines
page.
2. Verify and troubleshoot any Windows activation issues on the Azure VM.
3. Perform any post-migration app tweaks, such as updating host names, database
connection strings, and web server configurations.
4. Perform final application and migration acceptance testing on the migrated
application now running in Azure.
5. Cut over traffic to the migrated Azure VM instance.
6. Remove the on-premises VMs from your local VM inventory.
7. Remove the on-premises VMs from local backups.
8. Update any internal documentation to show the new location and IP address of
the Azure VMs.
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Migrate machines as physical servers to
Azure
Article • 02/09/2023 • 15 minutes to read
This article shows you how to migrate machines as physical servers to Azure, using the
Migration and modernization tool. Migrating machines by treating them as physical
servers is useful in a number of scenarios:
This tutorial is the third in a series that demonstrates how to assess and migrate physical
servers to Azure. In this tutorial, you learn how to:
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths. For detailed instructions, review the
How-tos for Azure Migrate.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you begin this tutorial, you should:
Prepare Azure
Prepare Azure for migration with the Migration and modernization tool.
Task Details
Create an Azure Migrate Your Azure account needs Contributor or Owner permissions to
project create a new project.
Verify permissions for your Your Azure account needs permissions to create a VM, and write
Azure account to an Azure managed disk.
If you just created a free Azure account, you're the owner of your
subscription.
If you're not the subscription owner, work with the owner to assign the role.
) Important
Virtual Networks (VNets) are a regional service, so make sure you create your VNet
in the desired target Azure Region. For example: if you are planning on replicating
and migrating Virtual Machines from your on-premises environment to the East US
Azure Region, then your target VNet must be created in the East US Region. To
connect VNets in different regions refer to the Virtual network peering guide.
Set up an Azure virtual network (VNet). When you replicate to Azure, Azure VMs are
created and joined to the Azure VNet that you specify when you set up migration.
7 Note
When migrating physical machines, the Migration and modernization tool uses the
same replication architecture as agent-based disaster recovery in the Azure Site
Recovery service, and some components share the same code base. Some content
might link to Site Recovery documentation.
You prepare a machine to host the replication appliance. Review the machine
requirements.
The replication appliance uses MySQL. Review the options for installing MySQL on
the appliance.
Review the Azure URLs required for the replication appliance to access public and
government clouds.
Review port access requirements for the replication appliance.
7 Note
The replication appliance shouldn't be installed on a source machine that you want
to replicate or on the Azure Migrate discovery and assessment appliance you may
have installed before.
3. In Target region, select the Azure region to which you want to migrate the
machines.
5. Click Create resources. This creates an Azure Site Recovery vault in the
background.
If you've already set up migration with Migration and modernization, the
target option can't be configured, since resources were set up previously.
You can't change the target region for this project after clicking this button.
All subsequent migrations are to this region.
7 Note
If you selected private endpoint as the connectivity method for the Azure
Migrate project when it was created, the Recovery Services vault will also be
configured for private endpoint connectivity. Ensure that the private
endpoints are reachable from the replication appliance. Learn more
8. Copy the appliance setup file and key file to the Windows Server 2016 machine
you created for the appliance.
10. After the appliance has restarted after setup, in Discover machines, select the new
appliance in Select Configuration Server, and click Finalize registration. Finalize
registration performs a couple of final tasks to prepare the replication appliance.
Mobility service agent needs to be installed on the servers to get them discovered using
replication appliance. Discovered machines appear in Azure Migrate: Server Migration.
As VMs are discovered, the Discovered servers count rises.
7 Note
7 Note
In the /Platform parameter, you specify VMware if you migrate VMware VMs, or
physical machines.
Install on Windows
1. Extract the contents of installer file to a local folder (for example C:\Temp) on the
machine, as follows:
Install on Linux
1. Extract the contents of the installer tarball to a local folder (for example
/tmp/MobSvcInstaller) on the machine, as follows:
mkdir /tmp/MobSvcInstaller
tar -C /tmp/MobSvcInstaller -xvf <Installer tarball>
cd /tmp/MobSvcInstaller
/usr/local/ASR/Vx/bin/UnifiedAgentConfigurator.sh -i <replication
appliance IP address> -P <Passphrase File Path>
Replicate machines
Now, select machines for migration.
7 Note
You can replicate up to 10 machines together. If you need to replicate more, then
replicate them simultaneously in batches of 10.
1. In the Azure Migrate project > Servers, Migration and modernization, click
Replicate.
2. In Replicate, > Source settings > Are your machines virtualized?, select Not
virtualized/Other.
3. In On-premises appliance, select the name of the Azure Migrate appliance that
you set up.
5. In Guest credentials, please select the dummy account created previously during
the replication installer setup to install the Mobility service manually (push install is
not supported). Then click Next: Virtual machines.
8. In Target settings, select the subscription, and target region to which you'll
migrate, and specify the resource group in which the Azure VMs will reside after
migration.
9. In Virtual Network, select the Azure VNet/subnet to which the Azure VMs will be
joined after migration.
10. In Cache storage account, keep the default option to use the cache storage
account that is automatically created for the project. Use the drop down if you'd
like to specify a different storage account to use as the cache storage account for
replication.
7 Note
7 Note
To replicate VMs with CMK, you'll need to create a disk encryption set under the
target Resource Group. A disk encryption set object maps Managed Disks to a Key
Vault that contains the CMK to use for SSE.
Select No if you don't want to apply Azure Hybrid Benefit. Then click Next.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating. Then click Next.
14. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
15. In Disks, specify whether the VM disks should be replicated to Azure, and select
the disk type (standard SSD/HDD or premium managed disks) in Azure. Then click
Next.
16. In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
17. In Review and start replication, review the settings, and click Replicate to start the
initial replication for the servers.
7 Note
You can update replication settings any time before replication starts, Manage >
Replicating machines. Settings can't be changed after replication starts.
modernization.
Running a test migration checks that migration will work as expected, without
impacting the on-premises machines, which remain operational, and continue
replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production VNet in your Azure subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
1. In Migration goals > Servers > Migration and modernization, click Test migrated
servers.
2. Right-click the VM to test, and click Test migrate.
3. In Test Migration, select the Azure VNet in which the Azure VM will be located
after the migration. We recommend you use a non-production VNet.
4. The Test migration job starts. Monitor the job in the portal notifications.
5. After the migration finishes, view the migrated Azure VM in Virtual Machines in
the Azure portal. The machine name has a suffix -Test.
6. After the test is done, right-click the Azure VM in Replicating machines, and click
Clean up test migration.
7 Note
You can now register your servers running SQL server with SQL VM RP to take
advantage of automated patching, automated backup and simplified license
management using SQL IaaS Agent Extension.
Select Manage > Replicating servers > Machine containing SQL server
> Compute and Network and select yes to register with SQL VM RP.
Select Azure Hybrid benefit for SQL Server if you have SQL Server
instances that are covered with active Software Assurance or SQL Server
subscriptions and you want to apply the benefit to the machines you're
migrating.hs.
Migrate VMs
After you've verified that the test migration works as expected, you can migrate the on-
premises machines.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, click Replicating servers.
2. In Replicating machines, right-click the VM > Migrate.
3. In Migrate > Shut down virtual machines and perform a planned migration with
no data loss, select No > OK.
7 Note
For minimal data loss, the recommendation is to bring the application down
manually as part of the migration window (don't let the applications accept
any connections) and then initiate the migration. The server needs to be kept
running, so remaining changes can be synchronized before the migration is
completed.
4. A migration job starts for the VM. Track the job in Azure notifications.
5. After the job finishes, you can view and manage the VM from the Virtual Machines
page.
2. Verify and troubleshoot any Windows activation issues on the Azure VM.
3. Perform any post-migration app tweaks, such as updating host names, database
connection strings, and web server configurations.
4. Perform final application and migration acceptance testing on the migrated
application now running in Azure.
5. Cut over traffic to the migrated Azure VM instance.
6. Remove the on-premises VMs from your local VM inventory.
7. Remove the on-premises VMs from local backups.
8. Update any internal documentation to show the new location and IP address of
the Azure VMs.
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Discover, assess, and migrate Amazon
Web Services (AWS) VMs to Azure
Article • 01/30/2023 • 20 minutes to read
This tutorial shows you how to discover, assess, and migrate Amazon Web Services
(AWS) virtual machines (VMs) to Azure VMs, using Azure Migrate: Server Assessment
and Migration and modernization tools.
7 Note
If you don't have an Azure subscription, create a free account before you begin.
1. Follow the tutorial to set up Azure and prepare your AWS VMs for an assessment.
Note that:
Azure Migrate uses password authentication when discovering AWS
instances. AWS instances don't support password authentication by default.
Before you can discover instance, you need to enable password
authentication.
For Windows machines, allow WinRM port 5985 (HTTP). This allows remote
WMI calls.
For Linux machines:
a. Sign into each Linux machine.
b. Open the sshd_config file : vi /etc/ssh/sshd_config
c. In the file, locate the PasswordAuthentication line, and change the
value to yes.
d. Save the file and close it. Restart the ssh service.
If you're using a root user to discover your Linux VMs, ensure root login is
allowed on the VMs.
a. Sign into each Linux machine
b. Open the sshd_config file : vi /etc/ssh/sshd_config
c. In the file, locate the PermitRootLogin line, and change the value to yes.
d. Save the file and close it. Restart the ssh service.
2. Then, follow this tutorial to set up an Azure Migrate project and appliance to
discover and assess your AWS VMs.
Prerequisites
Ensure that the AWS VMs you want to migrate are running a supported OS version.
AWS VMs are treated like physical machines for the purpose of the migration.
Review the supported operating systems and kernel versions for the physical server
migration workflow. You can use standard commands like hostnamectl or uname -a
to check the OS and kernel versions for your Linux VMs. We recommend you
perform a test migration (test failover) to validate if the VM works as expected
before proceeding with the actual migration.
Make sure your AWS VMs comply with the supported configurations for migration
to Azure.
Verify that the AWS VMs that you replicate to Azure comply with Azure VM
requirements.
There are some changes needed on the VMs before you migrate them to Azure.
For some operating systems, Azure Migrate makes these changes automatically.
It's important to make these changes before you begin migration. If you
migrate the VM before you make the change, the VM might not boot up in
Azure. Review Windows and Linux changes you need to make.
Task Details
Create an Azure Migrate Your Azure account needs Contributor or Owner permissions to
project create a new project.
Verify permissions for your Your Azure account needs permissions to create a VM, and write
Azure account to an Azure managed disk.
If you just created a free Azure account, you're the owner of your
subscription.
If you're not the subscription owner, work with the owner to assign the role.
Set up a separate EC2 VM to host the replication appliance. This instance must be
running Windows Server 2012 R2 or Windows Server 2016. Review the hardware,
software, and networking requirements for the appliance.
The source AWS VMs to be migrated should have a network line of sight to the
replication appliance. Configure necessary security group rules to enable this. It's
recommended that the replication appliance is deployed in the same VPC as the
source VMs to be migrated. If the replication appliance needs to be in a different
VPC, the VPCs need to be connected through VPC peering.
The source AWS VMs communicate with the replication appliance on ports HTTPS
443 (control channel orchestration) and TCP 9443 (data transport) inbound for
replication management and replication data transfer. The replication appliance in
turn orchestrates and sends replication data to Azure over port HTTPS 443
outbound. To configure these rules, edit the security group inbound/outbound
rules with the appropriate ports and source IP information.
The replication appliance uses MySQL. Review the options for installing MySQL on
the appliance.
Review the Azure URLs required for the replication appliance to access public and
government clouds.
3. In Target region, select the Azure region to which you want to migrate the
machines.
5. Click Create resources. This creates an Azure Site Recovery vault in the
background.
If you've already set up migration with the Migration and modernization tool,
the target option can't be configured, since resources were set up previously.
You can't change the target region for this project after clicking this button.
To migrate your VMs to a different region, you'll need to create a
new/different Azure Migrate project.
7 Note
If you selected private endpoint as the connectivity method for the Azure
Migrate project when it was created, the Recovery Services vault will also be
configured for private endpoint connectivity. Ensure that the private
endpoints are reachable from the replication appliance. Learn more
8. Copy the appliance setup file and key file to the Windows Server 2016 or Windows
Server 2012 AWS VM you created for the replication appliance.
9. Run the replication appliance setup file, as described in the next procedure.
a. Under Before You Begin, select Install the configuration server and process
server, and then select Next.
b. In Third-Party Software License, select I accept the third-party license
agreement, and then select Next.
c. In Registration, select Browse, and then go to where you put the vault
registration key file. Select Next.
d. In Internet Settings, select Connect to Azure Site Recovery without a proxy
server, and then select Next.
e. The Prerequisites Check page runs checks for several items. When it's finished,
select Next.
f. In MySQL Configuration, provide a password for the MySQL DB, and then select
Next.
g. In Environment Details, select No. You don't need to protect your VMs. Then,
select Next.
h. In Install Location, select Next to accept the default.
i. In Network Selection, select Next to accept the default.
j. In Summary, select Install.
k. Installation Progress shows you information about the installation process.
When it's finished, select Finish. A window displays a message about a reboot.
Select OK.
l. Next, a window displays a message about the configuration server connection
passphrase. Copy the passphrase to your clipboard and save the passphrase in a
temporary text file on the source VMs. You’ll need this passphrase later, during
the mobility service installation process.
10. After the installation completes, the Appliance configuration wizard will be
launched automatically (You can also launch the wizard manually by using the
cspsconfigtool shortcut that is created on the desktop of the appliance). In this
tutorial, we'll be manually installing the Mobility Service on source VMs to be
replicated, so create a dummy account in this step and proceed. You can provide
the following details for creating the dummy account - "guest" as the friendly
name, "username" as the username, and "password" as the password for the
account. You'll be using this dummy account in the Enable Replication stage.
11. After the appliance has restarted after setup, in Discover machines, select the new
appliance in Select Configuration Server, and click Finalize registration. Finalize
registration performs a couple of final tasks to prepare the replication appliance.
Install the Mobility service
A Mobility service agent must be installed on the source AWS VMs to be migrated. The
agent installers are available on the replication appliance. You find the right installer, and
install the agent on each machine you want to migrate. Do as follows:
If you forgot to save the passphrase, you can view the passphrase on the
replication appliance with this step. From the command line, run
C:\ProgramData\ASR\home\svsystems\bin\genpassphrase.exe -v to view
the current passphrase.
Now, copy this passphrase to your clipboard and save it in a temporary text
file on the source VMs.
mkdir /tmp/MobSvcInstaller
tar -C /tmp/MobSvcInstaller -xvf <Installer tarball>
cd /tmp/MobSvcInstaller
sudo ./install -r MS -q
/usr/local/ASR/Vx/bin/UnifiedAgentConfigurator.sh -i <replication
appliance IP address> -P <Passphrase File Path>
7 Note
Through the portal, you can add up to 10 VMs for replication at once. To replicate
more VMs simultaneously, you can add them in batches of 10.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicate.
2. In Replicate, > Source settings > Are your machines virtualized?, select Not
virtualized/Other.
3. In On-premises appliance, select the name of the Azure Migrate appliance that
you set up.
5. In Guest credentials, please select the dummy account created previously during
the replication installer setup to install the Mobility service manually (push install is
not supported). Then click Next: Virtual machines.
8. In Target settings, select the subscription, and target region to which you'll
migrate, and specify the resource group in which the Azure VMs will reside after
migration.
9. In Virtual Network, select the Azure VNet/subnet to which the Azure VMs will be
joined after migration.
10. In Cache storage account, keep the default option to use the cache storage
account that is automatically created for the project. Use the dropdown if you'd
like to specify a different storage account to use as the cache storage account for
replication.
7 Note
7 Note
To replicate VMs with CMK, you'll need to create a disk encryption set under the
target Resource Group. A disk encryption set object maps Managed Disks to a Key
Vault that contains the CMK to use for SSE.
Select No if you don't want to apply Azure Hybrid Benefit. Then click Next.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating. Then click Next.
14. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
15. In Disks, specify whether the VM disks should be replicated to Azure, and select
the disk type (standard SSD/HDD or premium managed disks) in Azure. Then click
Next.
16. In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
17. In Review and start replication, review the settings, and click Replicate to start the
initial replication for the servers.
7 Note
You can update replication settings any time before replication starts, Manage >
Replicating machines. Settings can't be changed after replication starts.
You can monitor replication status by clicking on Replicating servers in Migration and
modernization.
Run a test migration
When delta replication begins, you can run a test migration for the VMs, before running
a full migration to Azure. The test migration is highly recommended and provides an
opportunity to discover any potential issues and fix them before you proceed with the
actual migration. It's advised that you do this at least once for each VM before you
migrate it.
Running a test migration checks that migration will work as expected, without
impacting the AWS VMs, which remain operational, and continue replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production VNet in your Azure subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
1. In Migration goals > Servers, databases and web apps > Migration and
modernization, select Test migrated servers.
2. Right-click the VM to test, and click Test migrate.
3. In Test Migration, select the Azure VNet in which the Azure VM will be located
after the migration. We recommend you use a non-production VNet.
4. The Test migration job starts. Monitor the job in the portal notifications.
5. After the migration finishes, view the migrated Azure VM in Virtual Machines in
the Azure portal. The machine name has a suffix -Test.
6. After the test is done, right-click the Azure VM in Replicating machines, and click
Clean up test migration.
7 Note
You can now register your servers running SQL server with SQL VM RP to take
advantage of automated patching, automated backup and simplified license
management using SQL IaaS Agent Extension.
Select Manage > Replicating servers > Machine containing SQL server
> Compute and Network and select yes to register with SQL VM RP.
Select Azure Hybrid benefit for SQL Server if you have SQL Server
instances that are covered with active Software Assurance or SQL Server
subscriptions and you want to apply the benefit to the machines you're
migrating.hs.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicating servers.
2. In Replicating machines, right-click the VM > Migrate.
3. In Migrate > Shut down virtual machines and perform a planned migration with
no data loss, select Yes > OK.
7 Note
4. A migration job starts for the VM. You can view the job status by clicking the
notification bell icon on the top right of the portal page or by going to the jobs
page of the Migration and modernization tool (Click Overview on the tool tile >
Select Jobs from the left menu).
5. After the job finishes, you can view and manage the VM from the Virtual Machines
page.
2. Verify and troubleshoot any Windows activation issues on the Azure VM.
3. Perform any post-migration app tweaks, such as updating host names, database
connection strings, and web server configurations.
4. Perform final application and migration acceptance testing on the migrated
application now running in Azure.
5. Cut over traffic to the migrated Azure VM instance.
6. Update any internal documentation to show the new location and IP address of
the Azure VMs.
Troubleshooting / Tips
Question: I cannot see my AWS VM in the discovered list of servers for migration
Answer: Check if your replication appliance meets the requirements. Make sure Mobility
Agent is installed on the source VM to be migrated and is registered the Configuration
Server. Check the network setting and firewall rules to enable a network path between
the replication appliance and source AWS VMs.
Question: I am unable to import VMs for migration from my previously created Server
Assessment results
Answer: Currently, we don't support the import of assessment for this workflow. As a
workaround, you can export the assessment and then manually select the VM
recommendation during the Enable Replication step.
Question: I am getting the error “Failed to fetch BIOS GUID” while trying to discover my
AWS VMs
Answer: Always use root login for authentication and not any pseudo user. Also review
supported operating systems for AWS VMs.
Question: I am unable to Discover AWS Instances using Azure Migrate due to HTTP
status code of 504 from the remote Windows management service
Answer: Make sure to review the Azure migrate appliance requirements and URL access
needs. Make sure no proxy settings are blocking the appliance registration.
Question: Do I have to make any changes before I migrate my AWS VMs to Azure
Answer: You may have to make these changes before migrating your EC2 VMs to Azure:
If you're using cloud-init for your VM provisioning, you may want to disable cloud-
init on the VM before replicating it to Azure. The provisioning steps performed
by cloud-init on the VM maybe AWS specific and won't be valid after the migration
to Azure.
If the VM is a PV VM (para-virtualized) and not HVM VM, you may not be able to
run it as-is on Azure because para-virtualized VMs use a custom boot sequence in
AWS. You may be able to get over this challenge by uninstalling PV drivers before
you perform a migration to Azure.
We always recommend you run a test migration before the final migration.
Question: Can I migrate AWS VMs running Amazon Linux Operating system
Answer: VMs running Amazon Linux can't be migrated as-is as Amazon Linux OS is only
supported on AWS. To migrate workloads running on Amazon Linux, you can spin up a
CentOS/RHEL VM in Azure and migrate the workload running on the AWS Linux
machine using a relevant workload migration approach. For example, depending on the
workload, there may be workload-specific tools to aid the migration – such as for
databases or deployment tools in case of web servers.
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Additional resources
Documentation
Common questions about the Migration and modernization tool - Azure Migrate
Get answers to common questions about using Migration and modernization to migrate machines.
Migrate AWS VMs to Azure with Azure Migrate - Azure Site Recovery
This article describes options for migrating AWS instances to Azure, and recommends Azure Migrate.
Discover physical servers with Azure Migrate Discovery and assessment - Azure
Migrate
Learn how to discover on-premises physical servers with Azure Migrate Discovery and assessment.
Discover servers running in a VMware environment with Azure Migrate Discovery and
assessment - Azure Migrate
Learn how to discover on-premises servers, applications, and dependencies in a VMware
environment by using the Azure Migrate Discovery and assessment tool.
Assess physical servers for migration to Azure with Azure Migrate - Azure Migrate
Describes how to assess on-premises physical servers for migration to Azure using Azure Migrate.
Show 5 more
Training
Learning path
Migrate application workloads and data to Azure - Training
Migrate application workloads and data to Azure
Discover, assess, and migrate Google
Cloud Platform (GCP) VMs to Azure
Article • 01/30/2023 • 19 minutes to read
This tutorial shows you how to discover, assess, and migrate Google Cloud Platform
(GCP) virtual machines (VMs) to Azure VMs, using Azure Migrate: Server Assessment and
Migration and modernization tools.
If you don't have an Azure subscription, create a free account before you begin.
1. Follow the tutorial to set up Azure and prepare your GCP VMs for an assessment.
Note that:
2. Then, follow this tutorial to set up an Azure Migrate project and appliance to
discover and assess your GCP VMs.
Prerequisites
Ensure that the GCP VMs you want to migrate are running a supported OS version.
GCP VMs are treated like physical machines for the purpose of the migration.
Review the supported operating systems and kernel versions for the physical server
migration workflow. You can use standard commands like hostnamectl or uname -a
to check the OS and kernel versions for your Linux VMs. We recommend you
perform a test migration to validate if the VM works as expected before
proceeding with the actual migration.
Make sure your GCP VMs comply with the supported configurations for migration
to Azure.
Verify that the GCP VMs that you replicate to Azure comply with Azure VM
requirements.
There are some changes needed on the VMs before you migrate them to Azure.
For some operating systems, Azure Migrate makes these changes automatically.
It's important to make these changes before you begin migration. If you
migrate the VM before you make the change, the VM might not boot up in
Azure. Review Windows and Linux changes you need to make.
Create an Azure Migrate Your Azure account needs Contributor or Owner permissions to
project create a new project.
Verify permissions for your Your Azure account needs permissions to create a VM, and write
Azure account to an Azure managed disk.
If you just created a free Azure account, you're the owner of your
subscription.
If you're not the subscription owner, work with the owner to assign the role.
Set up a separate GCP VM to host the replication appliance. This instance must be
running Windows Server 2012 R2 or Windows Server 2016. Review the hardware,
software, and networking requirements for the appliance.
The source GCP VMs to be migrated should have a network line of sight to the
replication appliance. Configure necessary Firewall rules to enable this. It is
recommended that the replication appliance is deployed in the same VPC network
as the source VMs to be migrated. If the replication appliance needs to be in a
different VPC, the VPCs need to be connected through VPC peering.
The source GCP VMs communicate with the replication appliance on ports HTTPS
443 (control channel orchestration) and TCP 9443 (data transport) inbound for
replication management and replication data transfer. The replication appliance in
turn orchestrates and sends replication data to Azure over port HTTPS 443
outbound. To configure these rules, edit the security group inbound/outbound
rules with the appropriate ports and source IP information.
The replication appliance uses MySQL. Review the options for installing MySQL on
the appliance.
Review the Azure URLs required for the replication appliance to access public and
government clouds.
3. In Target region, select the Azure region to which you want to migrate the
machines.
5. Click Create resources. This creates an Azure Site Recovery vault in the
background.
If you've already set up migration with the Migration and modernization tool,
the target option can't be configured, since resources were set up previously.
You can't change the target region for this project after clicking this button.
To migrate your VMs to a different region, you'll need to create a
new/different Azure Migrate project.
7 Note
If you selected private endpoint as the connectivity method for the Azure
Migrate project when it was created, the Recovery Services vault will also be
configured for private endpoint connectivity. Ensure that the private
endpoints are reachable from the replication appliance: Learn more
8. Copy the appliance setup file and key file to the Windows Server 2016 or Windows
Server 2012 GCP VM you created for the replication appliance.
9. Run the replication appliance setup file, as described in the next procedure.
9.1. Under Before You Begin, select Install the configuration server and process
server, and then select Next.
9.2 In Third-Party Software License, select I accept the third-party license
agreement, and then select Next.
9.3 In Registration, select Browse, and then go to where you put the vault
registration key file. Select Next.
9.4 In Internet Settings, select Connect to Azure Site Recovery without a proxy
server, and then select Next.
9.5 The Prerequisites Check page runs checks for several items. When it's finished,
select Next.
9.6 In MySQL Configuration, provide a password for the MySQL DB, and then
select Next.
9.7 In Environment Details, select No. You don't need to protect your VMs. Then,
select Next.
9.8 In Install Location, select Next to accept the default.
9.9 In Network Selection, select Next to accept the default.
9.10 In Summary, select Install.
9.11 Installation Progress shows you information about the installation process.
When it's finished, select Finish. A window displays a message about a reboot.
Select OK.
9.12 Next, a window displays a message about the configuration server connection
passphrase. Copy the passphrase to your clipboard and save the passphrase in a
temporary text file on the source VMs. You’ll need this passphrase later, during the
mobility service installation process.
10. After the installation completes, the Appliance configuration wizard will be
launched automatically (You can also launch the wizard manually by using the
cspsconfigtool shortcut that is created on the desktop of the appliance). In this
tutorial, we'll be manually installing the Mobility Service on source VMs to be
replicated, so create a dummy account in this step and proceed. You can provide
the following details for creating the dummy account - "guest" as the friendly
name, "username" as the username, and "password" as the password for the
account. You will be using this dummy account in the Enable Replication stage.
If you forgot to save the passphrase, you can view the passphrase on the
replication appliance with this step. From the command line, run
C:\ProgramData\ASR\home\svsystems\bin\genpassphrase.exe -v to view
the current passphrase.
Now, copy this passphrase to your clipboard and save it in a temporary text
file on the source VMs.
mkdir /tmp/MobSvcInstaller
tar -C /tmp/MobSvcInstaller -xvf <Installer tarball>
cd /tmp/MobSvcInstaller
sudo ./install -r MS -q
/usr/local/ASR/Vx/bin/UnifiedAgentConfigurator.sh -i <replication
appliance IP address> -P <Passphrase File Path>
7 Note
Through the portal, you can add up to 10 VMs for replication at once. To replicate
more VMs simultaneously, you can add them in batches of 10.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, select Replicate.
2. In Replicate, > Source settings > Are your machines virtualized?, select Not
virtualized/Other.
3. In On-premises appliance, select the name of the Azure Migrate appliance that
you set up.
5. In Guest credentials, please select the dummy account created previously during
the replication installer setup to install the Mobility service manually (push install is
not supported). Then click Next: Virtual machines.
8. In Target settings, select the subscription, and target region to which you'll
migrate, and specify the resource group in which the Azure VMs will reside after
migration.
9. In Virtual Network, select the Azure VNet/subnet to which the Azure VMs will be
joined after migration.
10. In Cache storage account, keep the default option to use the cache storage
account that is automatically created for the project. Use the dropdown if you'd
like to specify a different storage account to use as the cache storage account for
replication.
7 Note
7 Note
To replicate VMs with CMK, you'll need to create a disk encryption set under the
target Resource Group. A disk encryption set object maps Managed Disks to a Key
Vault that contains the CMK to use for SSE.
Select No if you don't want to apply Azure Hybrid Benefit. Then click Next.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating. Then click Next.
14. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
15. In Disks, specify whether the VM disks should be replicated to Azure, and select
the disk type (standard SSD/HDD or premium managed disks) in Azure. Then click
Next.
16. In Tags, choose to add tags to your Virtual machines, Disks, and NICs.
17. In Review and start replication, review the settings, and click Replicate to start the
initial replication for the servers.
7 Note
You can update replication settings any time before replication starts, Manage >
Replicating machines. Settings can't be changed after replication starts.
You can monitor replication status by clicking on Replicating servers in Migration and
modernization.
Run a test migration
When delta replication begins, you can run a test migration for the VMs, before running
a full migration to Azure. The test migration is highly recommended and provides an
opportunity to discover any potential issues and fix them before you proceed with the
actual migration. It is advised that you do this at least once for each VM before you
migrate it.
Running a test migration checks that migration will work as expected, without
impacting the GCP VMs, which remain operational, and continue replicating.
Test migration simulates the migration by creating an Azure VM using replicated
data (usually migrating to a non-production VNet in your Azure subscription).
You can use the replicated test Azure VM to validate the migration, perform app
testing, and address any issues before full migration.
1. In Migration goals > Servers, databases and web apps > Migration and
modernization, select Test migrated servers.
2. Right-click the VM to test, and click Test migrate.
3. In Test Migration, select the Azure VNet in which the Azure VM will be located
after the migration. We recommend you use a non-production VNet.
4. The Test migration job starts. Monitor the job in the portal notifications.
5. After the migration finishes, view the migrated Azure VM in Virtual Machines in
the Azure portal. The machine name has a suffix -Test.
6. After the test is done, right-click the Azure VM in Replicating machines, and click
Clean up test migration.
7 Note
You can now register your servers running SQL server with SQL VM RP to take
advantage of automated patching, automated backup and simplified license
management using SQL IaaS Agent Extension.
Select Manage > Replicating servers > Machine containing SQL server
> Compute and Network and select yes to register with SQL VM RP.
Select Azure Hybrid benefit for SQL Server if you have SQL Server
instances that are covered with active Software Assurance or SQL Server
subscriptions and you want to apply the benefit to the machines you're
migrating.hs.
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization, click Replicating servers.
2. In Replicating machines, right-click the VM > Migrate.
3. In Migrate > Shut down virtual machines and perform a planned migration with
no data loss, select Yes > OK.
7 Note
4. A migration job starts for the VM. You can view the job status by clicking the
notification bell icon on the top right of the portal page or by going to the jobs
page of the Migration and modernization tool (Click Overview on the tool tile >
Select Jobs from the left menu).
5. After the job finishes, you can view and manage the VM from the Virtual Machines
page.
2. Verify and troubleshoot any Windows activation issues on the Azure VM.
3. Perform any post-migration app tweaks, such as updating host names, database
connection strings, and web server configurations.
4. Perform final application and migration acceptance testing on the migrated
application now running in Azure.
5. Cut over traffic to the migrated Azure VM instance.
6. Update any internal documentation to show the new location and IP address of
the Azure VMs.
Troubleshooting / Tips
Question: I cannot see my GCP VM in the discovered list of servers for migration.
Answer: Check if your replication appliance meets the requirements. Make sure Mobility
Agent is installed on the source VM to be migrated and is registered the Configuration
Server. Check the firewall rules to enable a network path between the replication
appliance and source GCP VMs.
Question: I am unable to import VMs for migration from my previously created Server
Assessment results. Answer: Currently, we do not support the import of assessment for
this workflow. As a workaround, you can export the assessment and then manually
select the VM recommendation during the Enable Replication step.
Question: I am getting the error “Failed to fetch BIOS GUID” while trying to discover my
GCP VMs. Answer: Use root login for authentication and not any pseudo user. If you are
not able to use a root user, ensure the required capabilities are set on the user, as per
the instructions provided in the support matrix. Also review supported operating
systems for GCP VMs.
Question: I am unable to Discover GCP Instances using Azure Migrate due to HTTP
status code of 504 from the remote Windows management service.
Answer: Make sure to review the Azure migrate appliance requirements and URL access
needs. Make sure no proxy settings are blocking the appliance registration.
Question: Do I have to make any changes before I migrate my GCP VMs to Azure?
Answer: You may have to make these changes before migrating your GCP VMs to Azure:
If you are using cloud-init for your VM provisioning, you may want
to disable cloud-init on the VM before replicating it to Azure. The provisioning
steps performed by cloud-init on the VM maybe GCP specific and won't be valid
after the migration to Azure.
Review the prerequisites section to determine whether there are any changes
necessary for the operating system before you migrate them to Azure.
We always recommend you run a test migration before the final migration.
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Additional resources
Documentation
Discover, assess, and migrate Amazon Web Services (AWS) EC2 VMs to Azure - Azure
Migrate
This article describes how to migrate AWS VMs to Azure with Azure Migrate.
Create an Azure VM assessment with Azure Migrate Discovery and assessment tool -
Azure Migrate
Describes how to create an Azure VM assessment with the Azure Migrate Discovery and assessment
tool
Assess on-premises servers using an imported CSV file with Azure Migrate Server
Assessment - Azure Migrate
Describes how to discover on-premises servers for migration to Azure using an imported CSV file in
Azure Migrate Server Assessment
Common questions about the Migration and modernization tool - Azure Migrate
Get answers to common questions about using Migration and modernization to migrate machines.
Migrate AWS VMs to Azure with Azure Migrate - Azure Site Recovery
This article describes options for migrating AWS instances to Azure, and recommends Azure Migrate.
Show 5 more
Training
Learning path
Migrate application workloads and data to Azure - Training
Migrate application workloads and data to Azure
ASP.NET app containerization and
migration to Azure Kubernetes Service
Article • 04/24/2023
In this article, you'll learn how to containerize ASP.NET applications and migrate them to
Azure Kubernetes Service (AKS) using the Azure Migrate: App Containerization tool.
The containerization process doesn’t require access to your codebase and provides an
easy way to containerize existing applications. The tool works by using the running state
of the applications on a server to determine the application components and helps you
package them in a container image. The containerized application can then be deployed
on Azure Kubernetes Service (AKS).
Discover your application: The tool remotely connects to the application servers
running your ASP.NET application and discovers the application components. The
tool creates a Dockerfile that can be used to create a container image for the
application.
Build the container image: You can inspect and further customize the Dockerfile as
per your application requirements and use that to build your application container
image. The application container image is pushed to an Azure Container Registry
you specify.
Deploy to Azure Kubernetes Service: The tool then generates the Kubernetes
resource definition YAML files needed to deploy the containerized application to
your Azure Kubernetes Service cluster. You can customize the YAML files and use
them to deploy the application on AKS.
7 Note
The Azure Migrate: App Containerization tool helps you discover specific
application types (ASP.NET and Java web apps on Apache Tomcat) and their
components on an application server. To discover servers and the inventory of
apps, roles, and features running on on-premises machines, use Azure Migrate:
Discovery and assessment capability. Learn more
While all applications won't benefit from a straight shift to containers without significant
rearchitecting, some of the benefits of moving existing apps to containers without
rewriting include:
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths.
Prerequisites
Before you begin this tutorial, you should:
Requirement Details
Identify a A Windows machine to install and run the Azure Migrate: App Containerization
machine to tool. The Windows machine could be a server (Windows Server 2016 or later) or
install the client (Windows 10) operating system, meaning that the tool can run on your
tool desktop as well.
The Windows machine running the tool should have network connectivity to the
servers/virtual machines hosting the ASP.NET applications to be containerized.
Ensure that 6-GB space is available on the Windows machine running the Azure
Migrate: App Containerization tool for storing application artifacts.
The Windows machine should have internet access, directly or via a proxy.
Install the Microsoft Web Deploy tool on the machine running the App
Containerization helper tool and application server if not already installed. You can
download the tool from here .
Application Enable PowerShell remoting on the application servers: Sign in to the application
servers server and follow these instructions to turn on PowerShell remoting.
If the application server is running Windows Server 2008 R2, ensure that
PowerShell 5.1 is installed on the application server. Follow the instruction here to
download and install PowerShell 5.1 on the application server.
Install the Microsoft Web Deploy tool on the machine running the App
Containerization helper tool and application server if not already installed. You can
download the tool from here .
Once your subscription is set up, you need an Azure user account with:
If you just created a free Azure account, you're the owner of your subscription. If you're
not the subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select
Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create an
Azure Migrate project.
4. Select Add > Add role assignment to open the Add role assignment page.
5. Assign the following role. For detailed steps, see Assigning Azure roles using the
Azure portal.
Setting Value
Role Owner
7. In Azure portal, navigate to Azure Active Directory > Users > User Settings.
8. In User settings, verify that Azure AD users can register applications (set to Yes by
default).
9. In case the 'App registrations' settings is set to 'No', request the tenant/global
admin to assign the required permission. Alternately, the tenant/global admin can
assign the Application Developer role to an account to allow the registration of
Azure Active Directory App. Learn more.
PowerShell
.\AppContainerizationInstaller.ps1
Alternately, you can open the app from the desktop by selecting the app shortcut.
2. If you see a warning stating that says your connection isn’t private, select
Advanced and choose to proceed to the website. This warning appears as the web
interface uses a self-signed TLS/SSL certificate.
3. In the Sign in screen, use the local administrator account on the machine to sign
in.
4. Select ASP.NET web apps as the type of application you want to containerize.
Connectivity: The tool checks that the Windows machine has internet access.
If the machine uses a proxy:
Select Set up proxy to specify the proxy address (in the form IP address or
FQDN) and listening port.
Specify credentials if the proxy needs authentication.
Only HTTP proxy is supported.
If you've added proxy details or disabled the proxy and/or authentication,
select Save to trigger connectivity check again.
Install updates: The tool will automatically check for latest updates and install
them. You can also manually install the latest version of the tool from here .
Install Microsoft Web Deploy tool: The tool will check that the Microsoft
Web Deploy tool is installed on the Windows machine running the Azure
Migrate: App Containerization tool.
Enable PowerShell remoting: The tool will inform you to ensure that
PowerShell remoting is enabled on the application servers running the
ASP.NET applications to be containerized.
Sign in to Azure
1. Select Sign in to sign in to your Azure account.
2. You'll need a device code to authenticate with Azure. Selecting on Sign in will open
a modal with the device code.
3. Select Copy code & sign in to copy the device code and open an Azure sign in
prompt in a new browser tab. If it doesn't appear, make sure you've disabled the
pop-up blocker in the browser.
4. On the new tab, paste the device code and complete the sign in using your Azure
account credentials. You can close the browser tab after sign in is complete and
return to the App Containerization tool screen.
1. Specify the IP address/FQDN and the credentials of the server running the
ASP.NET application that should be used to remotely connect to the server for
application discovery.
2. Select Validate to verify that the application server is reachable from the machine
running the tool and that the credentials are valid. Upon successful validation, the
status column will show the status as Mapped.
3. Select Continue to start application discovery on the selected application servers.
4. Upon successful completion of application discovery, you can select the list of
applications to containerize.
6. Specify container name: Specify a name for the target container for each selected
application. The container name should be specified as <name:tag> where the tag
is used for container image. For example, you can specify the target container
name as appname:v1.
1. Select Edit under App Folders to review the detected application folders. The
detected application folders have been identified as mandatory artifacts needed by
the application and will be copied into the container image.
3. To add multiple folders to the same volume, provide comma ( , ) separated values.
4. Select Persistent Volume as the storage option if you want the folders to be stored
outside the container on a Persistent Volume.
5. Select Save after reviewing the application folders.
) Important
If you're using AKS 1.23+, edit the scripts as shown below before building the
docker image, to ensure a seamless migration.
PowerShell
to
PowerShell
1. Select Azure Container Registry: Use the dropdown to select an Azure Container
Registry that will be used to build and store the container images for the apps. You
can use an existing Azure Container Registry or choose to create a new one using
the Create new registry option.
2. Review the Dockerfile: The Dockerfile needed to build the container images for
each selected application is generated at the beginning of the build step. Select
Review to review the Dockerfile. You can also add any necessary customizations to
the Dockerfile in the review step and save the changes before starting the build
process.
3. Trigger build process: Select the applications to build images for and select Build.
Selecting build will start the container image build for each application. The tool
keeps monitoring the build status continuously and will let you proceed to the
next step upon successful completion of the build.
4. Track build status: You can also monitor progress of the build step by selecting the
Build in Progress link under the status column. The link takes a couple of minutes
to be active after you've triggered the build process.
1. Select the Azure Kubernetes Service Cluster: Specify the AKS cluster that the
application should be deployed to.
Azure
If you don’t have an AKS cluster or would like to create a new AKS cluster to
deploy the application to, you can choose to create on from the tool by
selecting Create new AKS cluster.
The AKS cluster created using the tool will be created with a Windows
node pool. The cluster will be configured to allow it to pull images from
the Azure Container Registry that was created earlier (if create new registry
option was chosen).
Select Continue after selecting the AKS cluster.
If you've selected App Service application settings for managing secrets, then
select Continue.
If you'd like to use an Azure Key Vault for managing your application secrets,
then specify the Azure Key Vault that you'd want to use.
If you don’t have an Azure Key Vault or would like to create a new Key
Vault, you can choose to create on from the tool by selecting Create new
Azure Key Vault.
The tool will automatically assign the necessary permissions for managing
secrets through the Key Vault.
3. Specify Azure file share: If you had added more folders and selected the Persistent
Volume option, then specify the Azure file share that should be used by Azure
Migrate: App Containerization tool during the deployment process. The tool will
create new directories in this Azure file share to copy over the application folders
that are configured for Persistent Volume storage. Once the application
deployment is complete, the tool will clean up the Azure file share by deleting the
directories it had created.
If you don't have an Azure file share or would like to create a new Azure file
share, you can choose to create on from the tool by selecting Create new
Storage Account and file share.
Prefix string: Specify a prefix string to use in the name for all resources that
are created for the containerized application in the AKS cluster.
SSL certificate: If your application requires an https site binding, specify the
PFX file that contains the certificate to be used for the binding. The PFX file
shouldn't be password protected and the original site shouldn't have multiple
bindings.
Replica Sets: Specify the number of application instances (pods) that should
run inside the containers.
Load balancer type: Select External if the containerized application should be
reachable from public networks.
Application Configuration: For any application configurations that were
parameterized, provide the values to use for the current deployment.
Storage: For any application folders that were configured for Persistent
Volume storage, specify whether the volume should be shared across
application instances or should be initialized individually with each instance in
the container. By default, all application folders on Persistent Volumes are
configured as shared.
Select Apply to save the deployment configuration.
Select Continue to deploy the application.
5. Deploy the application: Once the deployment configuration for the application is
saved, the tool will generate the Kubernetes deployment YAML for the application.
Select Review to review and customize the Kubernetes deployment YAML for
the applications.
Once the application is deployed, you can select the Deployment status
column to track the resources that were deployed for the application.
A single folder is created for each application server. You can view and download all
intermediate artifacts used in the containerization process by navigating to this folder.
The folder, corresponding to the application server, will be cleaned up at the start of
each run of the tool for a particular server.
Troubleshoot issues
To troubleshoot any issues with the tool, you can look at the log files on the Windows
machine running the App Containerization tool. Tool log files are located at
C:\ProgramData\Microsoft Azure Migrate App Containerization\Logs folder.
Next steps
Containerizing ASP.NET web apps and deploying them on Windows containers on
App Service. Learn more.
Containerizing Java web apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on AKS. Learn more.
Containerizing Java web apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on App Service. Learn more.
Java web app containerization and
migration to Azure Kubernetes Service
Article • 01/05/2023 • 15 minutes to read
In this article, you'll learn how to containerize Java web applications (running on Apache
Tomcat) and migrate them to Azure Kubernetes Service (AKS) using the Azure
Migrate: App Containerization tool. The containerization process doesn’t require access
to your codebase and provides an easy way to containerize existing applications. The
tool works by using the running state of the applications on a server to determine the
application components and helps you package them in a container image. The
containerized application can then be deployed on Azure Kubernetes Service (AKS).
Containerizing Java Web Apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on AKS.
Containerizing Java Web Apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on App Service. Learn more
Containerizing ASP.NET apps and deploying them on Windows containers on AKS.
Learn more
Containerizing ASP.NET apps and deploying them on Windows containers on App
Service. Learn more
Discover your application: The tool remotely connects to the application servers
running your Java web application (running on Apache Tomcat) and discovers the
application components. The tool creates a Dockerfile that can be used to create a
container image for the application.
Build the container image: You can inspect and further customize the Dockerfile as
per your application requirements and use that to build your application container
image. The application container image is pushed to an Azure Container Registry
you specify.
Deploy to Azure Kubernetes Service: The tool then generates the Kubernetes
resource definition YAML files needed to deploy the containerized application to
your Azure Kubernetes Service cluster. You can customize the YAML files and use
them to deploy the application on AKS.
7 Note
The Azure Migrate: App Containerization tool helps you discover specific
application types (ASP.NET and Java web apps on Apache Tomcat) and their
components on an application server. To discover servers and the inventory of
apps, roles, and features running on on-premises machines, use Azure Migrate:
Discovery and assessment capability. Learn more
While all applications won't benefit from a straight shift to containers without significant
rearchitecting, some of the benefits of moving existing apps to containers without
rewriting include:
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths.
Prerequisites
Before you begin this tutorial, you should:
Requirement Details
Identify a A Windows machine to install and run the Azure Migrate: App Containerization
machine to tool. The Windows machine could be a server (Windows Server 2016 or later) or
install the client (Windows 10) operating system, meaning that the tool can run on your
tool desktop as well.
The Windows machine running the tool should have network connectivity to the
servers/virtual machines hosting the Java web applications to be containerized.
Ensure that 6-GB space is available on the Windows machine running the Azure
Migrate: App Containerization tool for storing application artifacts.
The Windows machine should have internet access, directly or via a proxy.
Application - Enable Secure Shell (SSH) connection on port 22 on the server(s) running the
servers Java application(s) to be containerized.
Once your subscription is set up, you'll need an Azure user account with:
If you just created a free Azure account, you're the owner of your subscription. If you're
not the subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select
Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create an
Azure Migrate project.
4. Select Add > Add role assignment to open the Add role assignment page.
5. Assign the following role. For detailed steps, see Assign Azure roles using the
Azure portal.
Setting Value
Role Owner
7. In Azure portal, navigate to Azure Active Directory > Users > User Settings.
8. In User settings, verify that Azure AD users can register applications (set to Yes by
default).
9. In case the 'App registrations' settings is set to 'No', request the tenant/global
admin to assign the required permission. Alternately, the tenant/global admin can
assign the Application Developer role to an account to allow the registration of
Azure Active Directory App. Learn more.
PowerShell
.\AppContainerizationInstaller.ps1
Alternately, you can open the app from the desktop by selecting the app shortcut.
2. If you see a warning stating that says your connection isn’t private, click Advanced
and choose to proceed to the website. This warning appears as the web interface
uses a self-signed TLS/SSL certificate.
3. At the sign-in screen, use the local administrator account on the machine to sign-
in.
4. Select Java web apps on Tomcat as the type of application you want to
containerize.
5. To specify target Azure service, select Containers on Azure Kubernetes Service.
Connectivity: The tool checks that the Windows machine has internet access.
If the machine uses a proxy:
Click on Set up proxy to specify the proxy address (in the form IP address
or FQDN) and listening port.
Specify credentials if the proxy needs authentication.
Only HTTP proxy is supported.
If you've added proxy details or disabled the proxy and/or authentication,
click on Save to trigger connectivity check again.
Install updates: The tool will automatically check for latest updates and install
them. You can also manually install the latest version of the tool from here .
Enable Secure Shell (SSH): The tool will inform you to ensure that Secure
Shell (SSH) is enabled on the application servers running the Java web
applications to be containerized.
Sign in to Azure
Click Sign in to log in to your Azure account.
1. You'll need a device code to authenticate with Azure. Clicking on sign in will open a
modal with the device code.
2. Click on Copy code & sign in to copy the device code and open an Azure sign in
prompt in a new browser tab. If it doesn't appear, make sure you've disabled the
pop-up blocker in the browser.
3. On the new tab, paste the device code and complete sign in using your Azure
account credentials. You can close the browser tab after sign in is complete and
return to the App Containerization tool's web interface.
1. Specify the IP address/FQDN and the credentials of the server running the Java
web application that should be used to remotely connect to the server for
application discovery.
2. Click Validate to verify that the application server is reachable from the machine
running the tool and that the credentials are valid. Upon successful validation, the
status column will show the status as Mapped.
3. Click Continue to start application discovery on the selected application servers.
4. Upon successful completion of application discovery, you can select the list of
applications to containerize.
6. Specify container name: Specify a name for the target container for each selected
application. The container name should be specified as <name:tag> where the tag
is used for container image. For example, you can specify the target container
name as appname:v1.
1. Click Edit under App Folders to review the detected application folders. The
detected application folders have been identified as mandatory artifacts needed by
the application and will be copied into the container image.
3. To add multiple folders to the same volume, provide comma ( , ) separated values.
4. Select Persistent Volume as the storage option if you want the folders to be stored
outside the container on a Persistent Volume.
5. Click Save after reviewing the application folders.
2. Review the Dockerfile: The Dockerfile needed to build the container images for
each selected application are generated at the beginning of the build step. Click
Review to review the Dockerfile. You can also add any necessary customizations to
the Dockerfile in the review step and save the changes before starting the build
process.
3. Configure Application Insights: You can enable monitoring for your Java apps
running on App Service without instrumenting your code. The tool will install the
Java standalone agent as part of the container image. Once configured during
deployment, the Java agent will automatically collect a multitude of requests,
dependencies, logs, and metrics for your application that can be used for
monitoring with Application Insights. This option is enabled by default for all Java
applications.
4. Trigger build process: Select the applications to build images for and click Build.
Clicking build will start the container image build for each application. The tool
keeps monitoring the build status continuously and will let you proceed to the
next step upon successful completion of the build.
5. Track build status: You can also monitor progress of the build step by clicking the
Build in Progress link under the status column. The link takes a couple of minutes
to be active after you've triggered the build process.
1. Select the Azure Kubernetes Service Cluster: Specify the AKS cluster that the
application should be deployed to.
If you don’t have an AKS cluster or would like to create a new AKS cluster to
deploy the application to, you can choose to create on from the tool by
clicking Create new AKS cluster.
The AKS cluster created using the tool will be created with a Linux node
pool. The cluster will be configured to allow it to pull images from the
Azure Container Registry that was created earlier (if create new registry
option was chosen).
Click Continue after selecting the AKS cluster.
2. Specify secret store and monitoring workspace: If you had opted to parameterize
application configurations, then specify the secret store to be used for the
application. You can choose Azure Key Vault or Kubernetes Secrets for managing
your application secrets.
3. Specify Azure file share: If you had added more folders and selected the Persistent
Volume option, then specify the Azure file share that should be used by Azure
Migrate: App Containerization tool during the deployment process. The tool will
create new directories in this Azure file share to copy over the application folders
that are configured for Persistent Volume storage. Once the application
deployment is complete, the tool will clean up the Azure file share by deleting the
directories it had created.
If you don't have an Azure file share or would like to create a new Azure file
share, you can choose to create on from the tool by clicking Create new
Storage Account and file share.
Prefix string: Specify a prefix string to use in the name for all resources that
are created for the containerized application in the AKS cluster.
Replica Sets: Specify the number of application instances (pods) that should
run inside the containers.
Load balancer type: Select External if the containerized application should be
reachable from public networks.
Application Configuration: For any application configurations that were
parameterized, provide the values to use for the current deployment.
Storage: For any application folders that were configured for Persistent
Volume storage, specify whether the volume should be shared across
application instances or should be initialized individually with each instance in
the container. By default, all application folders on Persistent Volumes are
configured as shared.
Click Apply to save the deployment configuration.
Click Continue to deploy the application.
5. Deploy the application: Once the deployment configuration for the application is
saved, the tool will generate the Kubernetes deployment YAML for the application.
Click Review to review and customize the Kubernetes deployment YAML for
the applications.
Once the application is deployed, you can click the Deployment status column
to track the resources that were deployed for the application.
A single folder is created for each application server. You can view and download all
intermediate artifacts used in the containerization process by navigating to this folder.
The folder, corresponding to the application server, will be cleaned up at the start of
each run of the tool for a particular server.
Troubleshoot issues
To troubleshoot any issues with the tool, you can look at the log files on the Windows
machine running the App Containerization tool. Tool log files are located at
C:\ProgramData\Microsoft Azure Migrate App Containerization\Logs folder.
Next steps
Containerizing Java web apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on App Service. Learn more
Containerizing ASP.NET web apps and deploying them on Windows containers on
AKS. Learn more
Containerizing ASP.NET web apps and deploying them on Windows containers on
Azure App Service. Learn more
What are solutions for running Oracle WebLogic Server on the Azure Kubernetes
Service? Learn more
Open Liberty and WebSphere Liberty on AKS. Learn more
Additional resources
Documentation
Show 5 more
ASP.NET app containerization and
migration to Azure App Service
Article • 11/15/2022 • 13 minutes to read
In this article, you'll learn how to containerize ASP.NET applications and migrate them to
Azure App Service by using the Azure Migrate App Containerization tool. The
containerization process doesn't require access to your codebase and provides an easy
way to containerize existing applications. The tool works by using the running state of
the applications on a server to determine the application components. It then helps you
package them in a container image. You can then deploy the containerized application
on Azure App Service.
7 Note
The Azure Migrate App Containerization tool helps you discover specific
application types (ASP.NET and Java web apps on Apache Tomcat) and their
components on an application server. To discover servers and the inventory of
apps, roles, and features running on on-premises computers, use the Azure
Migrate Discovery and assessment tool.
Not all applications will benefit from a straight shift to containers without significant
rearchitecting. But some of the benefits of moving existing apps to containers without
rewriting include:
7 Note
Tutorials provide the simplest deployment path for a scenario so that you can
quickly set up a proof of concept. Tutorials use default options when possible and
don't show all settings and paths.
Prerequisites
Before you start this tutorial, you should:
Requirement Details
Identify a You need a Windows machine on which to install and run the Azure Migrate App
machine on Containerization tool. The Windows machine could run a server (Windows Server
which to 2016 or later) or client (Windows 10) operating system. (The tool can run on your
install the desktop.)
tool
The Windows machine running the tool should have network connectivity to the
servers or virtual machines hosting the ASP.NET applications that you'll
containerize.
Ensure that 6 GB is available on the Windows machine running the Azure Migrate
App Containerization tool. This space is for storing application artifacts.
The Windows machine should have internet access, directly or via a proxy.
If the Microsoft Web Deployment tool isn't already installed on the machine
running the App Containerization tool and the application server, install it. You
can download the tool .
Application Enable PowerShell remoting on the application servers: sign in to the application
servers server and follow these instructions to turn on PowerShell remoting.
If the application server is running Window Server 2008 R2, ensure that
PowerShell 5.1 is installed on the application server. Follow the instructions here
to download and install PowerShell 5.1 on the application server.
If the Microsoft Web Deployment tool isn't already installed on the machine
running the App Containerization tool and the application server, install it. You
can download the tool .
After your subscription is set up, you'll need an Azure user account with:
If you just created a free Azure account, you're the owner of your subscription. If you're
not the subscription owner, work with the owner to assign the permissions as follows:
2. On the Subscriptions page, select the subscription in which you want to create an
Azure Migrate project.
4. On the Check access tab, search for the relevant user account.
Your Azure account also needs permissions to register Azure Active Directory apps.
7. In the Azure portal, go to Azure Active Directory > Users > User Settings.
8. In User settings, verify that Azure AD users can register applications. (This option is
set to Yes by default.)
9. If the App registrations option is set to No, ask the tenant/global admin to assign
the required permission. Alternatively, the tenant/global admin can assign the
Application developer role to an account to allow the registration of Azure Active
Directory apps. For more information, see Assign roles to users.
PowerShell
.\AppContainerizationInstaller.ps1
Alternatively, you can open the app from your desktop by using the app shortcut.
2. If you see a warning that says your connection isn't private, select Advanced and
continue to the website. This warning appears because the web interface uses a
self-signed TLS/SSL certificate.
3. On the sign-in screen, use the machine's local administrator account to sign in.
4. Select ASP.NET web apps as the type of application you want to containerize.
5. In the Target Azure service list, select Containers on Azure App Service:
Connectivity. The tool checks whether the Windows machine has internet
access. If the machine uses a proxy:
a. Select Set up proxy to specify the proxy address (in the form IP address or
FQDN) and listening port.
Install updates. The tool automatically checks for the latest updates and
installs them. You can also manually install the latest version of the tool .
Install Microsoft Web Deploy tool. The tool checks whether the Microsoft
Web Deployment tool is installed on the Windows machine that's running the
Azure Migrate App Containerization tool.
Sign in to Azure
1. Select Sign in to sign in to your Azure account.
You need a device code to authenticate with Azure. Selecting Sign in should open
a window that contains the device code. If the window doesn't appear, make sure
you've disabled the pop-up blocker in the browser.
2. Select Copy code and Sign in to copy the device code and open an Azure sign-in
prompt in a new browser tab:
3. On the new tab, paste in the device code and complete sign-in by using your
Azure account credentials. After you're signed in, you can close the browser tab
and return to the App Containerization tool's web interface.
1. Specify the Server IP address / FQDN and the credentials of the server that's
running the ASP.NET application that should be used to remotely connect to the
server for application discovery.
2. Select Validate to verify that the application server is reachable from the machine
running the tool and that the credentials are valid. Upon successful validation, the
Status column will show the status as Mapped:
4. When application discovery is finished, select the applications that you want to
containerize:
5. Specify a name for the target container for each selected application. Specify the
container name as <name:tag>, where tag is used for the container image. For
example, you can specify the target container name as appname:v1.
2. Select the parameters that you want to parameterize, and then select Apply:
1. Select Edit under Application folders to review the detected application folders.
These folders have been identified as mandatory artifacts needed by the
application. They'll be copied into the container image.
2. Select Add folder and specify the folder paths that you want to add.
3. To add multiple folders to the same volume, separate the values with commas.
4. Select Azure file share as the storage option if you want the folders to be stored
outside the container on persistent storage.
7 Note
Only Azure container registries with the admin user account enabled are
displayed. The admin user account is currently required for deploying an
image from an Azure container registry to Azure App Service. For more
information, see Authenticate with an Azure container registry.
2. The Dockerfiles needed to build the container images for each selected application
are generated at the beginning of the build step. Select Review to review the
Dockerfile. You can also add any necessary customizations to the Dockerfile in the
review step and save the changes before you start the build process.
3. Select the applications that you want to build images for, and then select Build.
Selecting Build will start the container image build for each application. The tool
monitors the build status and will let you continue to the next step when the build
finishes.
4. You can monitor the progress of the build by selecting Build in Progress under the
status column. The link will become active a couple minutes after you trigger the
build process.
1. Select the Azure App Service plan that the application should use.
If you don't have an App Service plan or want to create a new App Service plan to
use, you can create one by selecting Create new App Service plan.
4. If you added more folders and selected the Azure file share option for persistent
storage, specify the Azure file share to be used by the App Containerization tool
during deployment. The tool will copy over the application folders that you
configured for Azure Files and mount them on the application container during
deployment.
If you don't have an Azure file share or want to create a new Azure file share, you
can create one by selecting Create new Storage Account and file share.
5. You now need to specify the deployment configuration for the application. Select
Configure to customize the deployment for the application. In the configure step,
you can provide these customizations:
Name. Specify a unique app name for the application. This name will be used
to generate the application URL. It will also be used as a prefix for other
resources created as part of the deployment.
Application configuration. For any application configurations that are
parameterized, provide the values to use for the current deployment.
Storage configuration. Review the information for any application folders
that are configured for persistent storage.
6. After you save the deployment configuration for the application, the tool will
generate the Kubernetes deployment YAML for the application.
After the application is deployed, you can select the Deployment status
column to track the resources that were deployed for the application.
Troubleshoot problems
To troubleshoot problems with the App Containerization tool, you can look at the log
files on the Windows machine that's running the tool. Log files for the tool are located
at C:\ProgramData\Microsoft Azure Migrate App Containerization\Logs.
Next steps
Containerizing ASP.NET web apps and deploying them on Windows containers on
AKS
Containerizing Java web apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on AKS
Containerizing Java web apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on App Service
Java web app containerization and
migration to Azure App Service
Article • 11/15/2022 • 13 minutes to read
In this article, you'll learn how to containerize Java web applications (running on Apache
Tomcat) and migrate them to Azure App Service using the Azure Migrate: App
Containerization tool. The containerization process doesn’t require access to your
codebase and provides an easy way to containerize existing applications. The tool works
by using the running state of the applications on a server to determine the application
components and helps you package them in a container image. The containerized
application can then be deployed on Azure App Service.
Containerizing Java Web Apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on App Service.
Containerizing Java Web Apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on AKS. Learn more.
Containerizing ASP.NET apps and deploying them on Windows containers on AKS.
Learn more.
Containerizing ASP.NET apps and deploying them on Windows containers on App
Service. Learn more.
Discover your application: The tool remotely connects to the application servers
running your Java web application (running on Apache Tomcat) and discovers the
application components. The tool creates a Dockerfile that can be used to create a
container image for the application.
Build the container image: You can inspect and further customize the Dockerfile as
per your application requirements and use that to build your application container
image. The application container image is pushed to an Azure Container Registry
you specify.
Deploy to Azure App Service: The tool then generates the deployment files
needed to deploy the containerized application to Azure App Service.
7 Note
The Azure Migrate: App Containerization tool helps you discover specific
application types (ASP.NET and Java web apps on Apache Tomcat) and their
components on an application server. To discover servers and the inventory of
apps, roles, and features running on on-premises machines, use Azure Migrate:
Discovery and assessment capability. Learn more.
While all applications won't benefit from a straight shift to containers without significant
rearchitecting, some of the benefits of moving existing apps to containers without
rewriting include:
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible, and
don't show all possible settings and paths.
Prerequisites
Before you begin this tutorial, you should:
Requirement Details
Requirement Details
Identify a A Windows machine to install and run the Azure Migrate: App Containerization
machine to tool. The Windows machine could be a server (Windows Server 2016 or later) or
install the client (Windows 10) operating system, meaning that the tool can run on your
tool desktop as well.
The Windows machine running the tool should have network connectivity to the
servers/virtual machines hosting the Java web applications to be containerized.
Ensure that 6-GB space is available on the Windows machine running the Azure
Migrate: App Containerization tool for storing application artifacts.
The Windows machine should have internet access, directly or via a proxy.
Application Enable Secure Shell (SSH) connection on port 22 on the server(s) running the Java
servers application(s) to be containerized.
Once your subscription is set up, you'll need an Azure user account with:
If you just created a free Azure account, you're the owner of your subscription. If you're
not the subscription owner, work with the owner to assign the permissions as follows:
1. In the Azure portal, search for "subscriptions", and under Services, select
Subscriptions.
2. In the Subscriptions page, select the subscription in which you want to create an
Azure Migrate project.
6. In Add role assignment, select the Owner role, and select the account
(azmigrateuser in our example). Click Save.
Your Azure account also needs permissions to register Azure Active Directory apps. 8.
In the Azure portal, navigate to Azure Active Directory > Users > User Settings. 9. In
User settings, verify if Azure AD users can register applications (set to Yes by default).
10. In case the 'App registrations' setting is set to 'No', request the tenant/global
admin to assign the required permission. Alternately, the tenant/global admin can
assign the Application Developer role to an account to allow the registration of
Azure Active Directory App. Learn more.
Download and install Azure Migrate: App
Containerization tool
1. Download the Azure Migrate: App Containerization installer on a Windows
machine.
PowerShell
.\AppContainerizationInstaller.ps1
Alternately, you can open the app from the desktop by selecting the app shortcut.
2. If you see a warning stating that your connection isn’t private, click Advanced and
choose to proceed to the website. This warning appears as the web interface uses
a self-signed TLS/SSL certificate.
3. At the sign-in screen, use the local administrator account on the machine to sign
in.
4. Select Java web apps on Tomcat as the type of application you want to
containerize.
Connectivity: The tool checks that the Windows machine has internet access.
If the machine uses a proxy:
Click Set up proxy to specify the proxy address (in the form IP address or
FQDN) and listening port.
Specify credentials if the proxy needs authentication.
Only HTTP proxy is supported.
If you've added proxy details or disabled the proxy and/or authentication,
click Save to trigger connectivity check again.
Install updates: The tool will automatically check for latest updates and install
them. You can also manually install the latest version of the tool from here .
Enable Secure Shell (SSH): The tool will inform you to ensure that Secure
Shell (SSH) is enabled on the application servers running the Java web
applications to be containerized.
Sign in to Azure
Click Sign in to log in to your Azure account.
1. You'll need a device code to authenticate with Azure. Clicking Sign in will open a
modal with the device code.
2. Click Copy code & sign in to copy the device code and open an Azure sign-in
prompt in a new browser tab. If it doesn't appear, make sure you've disabled the
pop-up blocker in the browser.
3. On the new tab, paste the device code and complete sign in using your Azure
account credentials. You can close the browser tab after sign in is complete and
return to the App Containerization tool's web interface.
4. Select the Azure tenant that you want to use.
1. Specify the IP address/FQDN and the credentials of the server running the Java
web application that should be used to remotely connect to the server for
application discovery.
2. Click Validate to verify that the application server is reachable from the machine
running the tool and that the credentials are valid. Upon successful validation, the
status column will show the status as Mapped.
4. Upon successful completion of application discovery, you can select the list of
applications to containerize.
5. Use the checkbox to select the applications to containerize.
6. Specify container name: Specify a name for the target container for each selected
application. The container name should be specified as <name:tag> where the tag
is used for container image. For example, you can specify the target container
name as appname:v1.
1. Click Edit under App Folders to review the detected application folders. The
detected application folders have been identified as mandatory artifacts needed by
the application and will be copied into the container image.
3. To add multiple folders to the same volume, provide comma ( , ) separated values.
4. Select Azure file share as the storage option if you want the folders to be stored
outside the container on persistent storage.
Only Azure container registries with admin user enabled are displayed. The admin
account is currently required for deploying an image from an Azure container
registry to Azure App Service. Learn more.
2. Review the Dockerfile: The Dockerfile needed to build the container images for
each selected application are generated at the beginning of the build step. Click
Review to review the Dockerfile. You can also add any necessary customizations to
the Dockerfile in the review step and save the changes before starting the build
process.
3. Configure Application Insights: You can enable monitoring for your Java apps
running on App Service without instrumenting your code. The tool will install the
Java standalone agent as part of the container image. Once configured during
deployment, the Java agent will automatically collect a multitude of requests,
dependencies, logs, and metrics for your application that can be used for
monitoring with Application Insights. This option is enabled by default for all Java
applications.
4. Trigger build process: Select the applications to build images for and click Build.
Clicking Build will start the container image build for each application. The tool
keeps monitoring the build status continuously and will let you proceed to the
next step upon successful completion of the build.
5. Track build status: You can also monitor progress of the build step by clicking the
Build in Progress link under the Build status column. The link takes a couple of
minutes to be active after you've triggered the build process.
6. Once the build is completed, click Continue to specify the deployment settings.
1. Select the Azure App Service plan: Specify the Azure App Service plan that the
application should use.
If you don’t have an App Service plan or would like to create a new App
Service plan to use, you can choose to create one from the tool by clicking
Create new App Service plan.
Click Continue after selecting the App Service plan.
2. Specify secret store and monitoring workspace: If you had opted to parameterize
application configurations, then specify the secret store to be used for the
application. You can choose Azure Key Vault or App Service application settings for
managing your application secrets. Learn more.
If you've selected App Service application settings for managing secrets, then
click Continue.
If you'd like to use an Azure Key Vault for managing your application secrets,
then specify the Azure Key Vault that you'd want to use.
If you don’t have an Azure Key Vault or would like to create a new Key
Vault, you can choose to create one from the tool by clicking Create new.
The tool will automatically assign the necessary permissions for managing
secrets through the Key Vault.
Monitoring workspace: If you'd selected to enabled monitoring with
Application Insights, then specify the Application Insights resource that you'd
want to use. This option won't be visible if you had disabled monitoring
integration.
If you don’t have an Application Insights resource or would like to create a
new resource, you can choose to create on from the tool by clicking
Create new.
3. Specify Azure file share: If you had added more directories/folders and selected
the Azure file share option for persistent storage, then specify the Azure file share
to be used by Azure Migrate: App Containerization tool during the deployment
process. The tool will copy over the application directories/folders that are
configured for Azure Files and mount them on the application container during
deployment.
If you don't have an Azure file share or would like to create a new Azure file
share, you can choose to create on from the tool by clicking Create new
Storage Account and file share.
Name: Specify a unique app name for the application. This name will be used
to generate the application URL and used as a prefix for other resources
being created as part of this deployment.
Application configuration: For any application configurations that were
parameterized, provide the values to use for the current deployment.
Storage configuration: Review the information for any application
directories/folders that were configured for persistent storage.
5. Deploy the application: Once the deployment configuration for the application is
saved, the tool will generate the Kubernetes deployment YAML for the application.
Once the application is deployed, you can click the Deployment status column
to track the resources that were deployed for the application.
Troubleshoot issues
To troubleshoot any issues with the tool, you can look at the log files on the Windows
machine running the App Containerization tool. Tool log files are available in the
C:\ProgramData\Microsoft Azure Migrate App Containerization\Logs folder.
Next steps
Containerizing Java web apps on Apache Tomcat (on Linux servers) and deploying
them on Linux containers on AKS. Learn more
Containerizing ASP.NET web apps and deploying them on Windows containers on
AKS. Learn more
Containerizing ASP.NET web apps and deploying them on Windows containers on
Azure App Service. Learn more
Modernize ASP.NET web apps to Azure
App Service code
Article • 03/31/2023 • 3 minutes to read
This article shows you how to migrate ASP.NET web apps at-scale to Azure App
Service using Azure Migrate.
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible and
don't show all possible settings and paths.
" Migrate ASP.NET web apps at-scale to Azure App Service using integrated flow in
Azure Migrate.
" Change migration plans for web apps.
" Change App Service plan for web apps.
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
Before you begin this tutorial, you should:
1. Complete the first tutorial to discover web apps running in your VMware
environment.
2. Complete the second tutorial to assess web apps to determine their readiness
status for migration to Azure App Service . It's necessary to assess web apps in
order to migrate them using the integrated flow.
3. Go to the existing project or create a new project.
You can select up to five App Service Plans as part of a single migration.
Currently, we don't support selecting existing App Service Plans during the
migration flow.
You can migrate web apps up to a maximum size of 2 GB, including content stored
in the mapped virtual directory.
Currently, we don't support migrating UNC directory content.
You need Windows PowerShell 4.0 installed on servers hosting the IIS web servers
from which you plan to migrate ASP.NET web apps to Azure App Services.
Currently, the migration flow doesn't support VNet integrated scenarios.
1. In the Azure Migrate project > Servers, databases and web apps > Migration
tools > Migration and modernization, select Replicate.
2. In Specify intent, > What do you want to migrate?, select ASP.NET web apps.
3. In Where do you want to migrate to?, select Azure App Service native.
5. In Select assessment, select the assessment you want to use to migrate web apps
and then select the Continue button. Specify the Azure App Service details where
the apps will be hosted.
6. In Basics, under Project details, select the Subscription, Resource Group, and
Region where the web apps will be hosted, from the drop-down. Under Storage,
select the Storage account for an intermediate storage location during the
migration process. Select Next: Web Apps >.
7. In the Web Apps section, review the web apps you'd like to migrate.
7 Note
Apps with the Ready status are tagged for migration by default. Apps tagged
as Ready with conditions can be migrated by selecting Yes in Will migrate?.
b. In Edit apps, under Will migrate?, select Yes, and select the App Service Plan
and Pricing tier of where the apps will be hosted. Next, select the Ok button.
7 Note
8. In the App Service Plans section, verify the App Service Plan details.
7 Note
Depending on your web app requirements, you can edit the number of apps
in an App Service plan or update the pricing tier. Follow these steps to update
these details:
a. Select the Edit button.
b. In Edit plan, select the Target name and Pricing tier, then select Ok.
9. Once the App Service Plans are verified, select Next: Review + create.
10. Azure Migrate will now validate the migration settings. Validation may take a few
minutes to run. Once complete, review the details and select Migrate.
7 Note
Once the migration is initiated, you can track the status using the Azure Resource
Manager Deployment Experience as shown below:
Post-migration steps
Once you have successfully completed migration, you may explore the following steps
based on web app specific requirement(s):
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Review best practices for deploying to Azure App service.
Modernize ASP.NET web apps to Azure
Kubernetes Service (preview)
Article • 03/31/2023 • 6 minutes to read
This article shows you how to migrate ASP.NET web apps at-scale to Azure Kubernetes
Service using Azure Migrate. Currently, this flow only supports ASP.NET web apps
running on VMware. For other environments, follow these steps.
7 Note
Tutorials show you the simplest deployment path for a scenario so that you can
quickly set up a proof-of-concept. Tutorials use default options where possible and
don't show all possible settings and paths.
" Choose and prepare ASP.NET web apps at-scale for migration to Azure Kubernetes
Service using the integrated flow in Azure Migrate.
" Configure target settings such as the number of application instances to run and
replicate your applications.
" Run test migrations to ensure your applications spin up correctly.
" Run a full migration of your applications to AKS.
Prerequisites
Before you begin this tutorial, you should address the following:
If you don't have an Azure subscription, create a free account before you begin.
Complete the first tutorial to discover web apps running in your VMware
environment.
Go to the existing project or create a new project.
Limitations
You can migrate ASP.NET applications using Microsoft .NET framework 3.5 or later.
You can migrate application servers running Windows Server 2008 R2 or later
(application servers should be running PowerShell version 5.1).
Applications should be running on Internet Information Services (IIS) 7.5 or later.
Enable replication
Once the web apps are assessed, you can migrate them using the integrated migration
flow in Azure Migrate. The first step in this process is to configure and begin replication
of your web apps.
Specify intent
1. Navigate to your Azure Migrate project > Servers, databases and web apps >
Migration tools > Migration and modernization, select Replicate.
2. In the Specify intent tab, > What do you want to migrate?, select ASP.NET web
apps from the drop-down.
3. In Where do you want to migrate to?, select Azure Kubernetes Service (AKS).
6. Select Continue.
Choose from discovered apps
In Replicate > Web apps, a paged list of discovered ASP.NET apps discovered on your
environment is shown.
2. The Modernization status column indicates the readiness of the application to run
on AKS. This can take one of the following values - Ready, Error(s), Replication in
Progress.
3. Select the application and select the App configuration(s) link to open the
Application configurations tab. This provides the list of attributes detected from
the discovered config files. Enter the required attribute values and select Save.
These configurations will either be stored directly on the target cluster as secrets
or can be mounted using Azure Key Vault. This can be configured in the advanced
settings.
4. Select the application and select the App directories link to open the Application
directories tab. Provide the path to folders/files that need to be copied for the
application to run and select Save. Based on the option selected from the drop-
down, these artifacts are either be copied directly into the container image or
mounted as a persistent volume on the cluster via Azure file share. If persistent
volume is chosen, the target can be configured in the advanced settings.
5. Select Next.
Configure target settings
In Replicate > Target settings, settings are provided to configure the target where the
applications will be migrated to.
1. Choose the subscription, resource group, and container registry resource to which
the app container images should be pushed to.
2. Choose the subscription, resource group, and AKS cluster resource on which the
app should be deployed.
3. Select Next.
7 Note
4. Select the Target resource. All the pre-migration steps can be configured here.
5. After replication is completed, the Replication status will be Completed and the
overall Status will be Image build pending.
3. In the Overview tab, select Build container image to build and push the container
image to the provided container registry.
4. After the image is built, the overall Status will change to Ready to Migrate.
Run a test migration
With the container image ready, run a test migration to ensure your application spins up
correctly on AKS.
1. In the Overview tab, select Test migration, then select Yes to confirm.
2. Once the test migration completes, verify that the workloads are running on the
AKS cluster. If the external load balancer option was chosen during the replication
process, your application should be exposed to the Internet via a service of type
loadbalancer with an assigned public IP address.
3. After verifying that the application is working, clean up the test migration by
selecting Clean up test migration.
1. Navigate to Azure Migrate: Server Migration hub > Modernization (Preview) >
Jobs.
3. Select the failed task link to see possible failure causes and recommendations.
3. The application has now successfully been migrated. If you wish for the appliance
to discover it again and make it available for migration, select Complete
migration.
Next steps
After successfully migrating your applications to AKS, you may explore the following
articles to optimize your apps for cloud:
In this step-by-step guide, you'll learn how to create a pipeline that continuously builds
and deploys your containerized apps for Day 2 operations with Azure DevOps. Every
time you change your code in a repository that contains a Dockerfile, the images are
pushed to your Azure Container Registry, and the manifests are then deployed to either
Azure Kubernetes Service or Azure App Service.
Azure DevOps enables you to host, build, plan and test your code with complimentary
workflows. Using Azure Pipelines as one of these workflows allows you to deploy your
application with CI/CD that works with any platform and cloud. A pipeline is defined as a
YAML file in the root directory of your repository.
Prerequisites
Before you begin this tutorial, you should:
Containerize and deploy your ASP.NET or Java web app using Azure Migrate App
Containerization.
A GitHub account, where you can create a repository. If you don't have one, you
can create one for free .
An Azure DevOps organization. If you don't have one, you can create one for free.
(An Azure DevOps organization is different from your GitHub organization. You can
give your DevOps organization and your GitHub organization the same name if
you want alignment between them.)
If your team already has one, then make sure you're an administrator of the Azure
DevOps project that you want to use.
An ability to run pipelines on Microsoft-hosted agents. You can either purchase a
parallel job or you can request a free tier. To request a free tier, follow the
instructions in this article. Please note that it may take us 2-3 business days to
grant the free tier.
Navigate to JavaTomcatWebApp\Artifacts.
Navigate to the directory Catalina\localhost. If you do not find this directory,
then try navigating to the directory corresponding to Tomcat engine name
and host name.
Locate the application folder within this directory.
Navigate to IISAspNetWebApp.
Locate the application folder within this directory.
For Java apps, select the following folders and files in the application folder
on the machine running the App Containerization tool.
MandatoryArtifacts folder
manifests folder
OptionalArtifacts folder
Dockerfile
Entryscript.sh file
azure-pipelines.yml file
For ASP.NET apps, select the following folders and files in the application
folder on the machine running the App Containerization tool.
manifests folder
Build folder
azure-pipelines.yml file
Within your selected organization, create a project. If you don't have any projects in your
organization, you see a Create a project to get started screen. Otherwise, select the
Create Project button in the upper-right corner of the dashboard.
1. In the bottom left corner, select Project settings > Service connections.
2. Select new service connection, select the Docker Registry > Azure Container
Registry option for type of service connection that you need, and select Next.
3. Choose an authentication method, and select Next.
4. Enter the parameters for the service connection. The list of parameters differs for
each type of service connection. For more information, see the list of service
connection types and associated parameters.
5. Select Save to create the connection.
6. Validate the connection, once it's created and parameters are entered. The
validation link uses a REST call to the external service with the information that you
entered, and indicates whether the call succeeded.
7. Repeat the same steps for creating a service connection to your Azure Subscription
by selecting new service connection > Azure Resource Manager.
8. Note the resource ID for both the service connections.
Your pipeline is all setup to build and deploy your containerized for Day 2 operations.
You can customize your pipeline to meet your organizational needs.
Azure Migrate support matrix
Article • 01/31/2023 • 6 minutes to read
You can use the Azure Migrate service to assess and migrate servers to the Microsoft
Azure cloud. This article summarizes general support settings and limitations for Azure
Migrate scenarios and deployments.
Deployment Details
Discovery You can discover server metadata, and dynamic performance data.
Software You can discover apps, roles, and features running on VMware VMs. Currently this
inventory feature is limited to discovery only. Assessment is currently at the server level. We
don't yet offer app, role, or feature-based assessments.
Assessment Assess on-premises workloads and data running on VMware VMs, Hyper-V VMs,
and physical servers. Assess using Azure Migrate: Discovery and assessment,
Microsoft Data Migration Assistant (DMA), as well as other tools and ISV offerings.
Migration Migrate workloads and data running on physical servers, VMware VMs, Hyper-V
VMs, physical servers, and cloud-based VMS to Azure. Migrate using the Migration
and modernization tool and Azure Database Migration Service (DMS), and well as
other tools and ISV offerings.
7 Note
Currently, ISV tools can't send data to Azure Migrate in Azure Government. You can
use integrated Microsoft tools, or use partner tools independently.
Supported tools
Specific tool support is summarized in the table.
Azure Migrate: Assess VMware VMs, Hyper-V VMs, and Not available (N/A)
Discovery and physical servers.
assessment
Tool Assess Migrate
Corent Assess VMware VMs, Hyper-V VMs, Migrate VMware VMs, Hyper-V
Technology physical server sand other cloud VMs, physical servers, public cloud
workloads. workloads.
Project
Support Details
A project can include both VMware VMs and Hyper-V VMs, up to the assessment limits.
Azure permissions
For Azure Migrate to work with Azure you need these permissions before you start
assessing and migrating servers.
Create a Your Azure account needs permissions to create a project. Set up for
project VMware,
Hyper-V, or
physical
servers.
Task Permissions Details
Register Azure Migrate uses a lightweight Azure Migrate appliance to discover Set up for
the Azure and assess servers with Azure Migrate: Discovery and assessment, and VMware,
Migrate to run agentless migration of VMware VMs with the Migration and Hyper-V, or
appliance modernization tool. This appliance discovers servers, and sends physical
metadata and performance data to Azure Migrate. servers.
Create a To migrate VMware VMs with agentless Migration and modernization, Set up
key vault Azure Migrate creates a Key Vault to manage access keys to the permissions.
for replication storage account in your subscription. To create the vault,
VMware you set permissions (Owner, or Contributor and User Access
agentless Administrator) on the resource group where the project resides.
migration
Supported geographies
Public cloud
You can create a project in many geographies in the public cloud.
Although you can only create projects in these geographies, you can assess or
migrate servers for other target locations.
The project geography is only used to store the discovered metadata.
When you create a project, you select a geography. The project and related
resources are created in one of the regions in the geography. The region is
allocated by the Azure Migrate service. Azure Migrate does not move or store
customer data outside of the region allocated.
7 Note
For Switzerland geography, Switzerland West is only available for REST API users
and need an approved subscription.
Azure Government
Target United Target regions: US Gov Arizona, US Gov Virginia, US Gov Texas
assessment States
Target United Target regions: US DoD Central, US DoD East, US Gov Arizona, US Gov
replication States Iowa, US Gov Texas, US Gov Virginia
Current version: Using this version you can create new projects, discover on-
premises assesses, and orchestrate assessments and migrations. Learn more.
Previous version: For customer using the previous version of Azure Migrate (only
assessment of on-premises VMware VMs was supported), you should now use the
current version. In the previous version, you can't create new projects or perform
new discoveries.
Next steps
Assess VMware VMs for migration.
Assess Hyper-V VMs for migration.
Additional resources
Documentation
Assess VMware servers for migration to Azure VMs in Azure Migrate - Azure Migrate
Learn how to assess VMware servers for migration to Azure VMs with Azure Migrate.
Discover physical servers with Azure Migrate Discovery and assessment - Azure
Migrate
Learn how to discover on-premises physical servers with Azure Migrate Discovery and assessment.
Show 5 more
Training
This security baseline applies guidance from the Microsoft cloud security benchmark
version 1.0 to Azure Migrate. The Microsoft cloud security benchmark provides
recommendations on how you can secure your cloud solutions on Azure. The content is
grouped by the security controls defined by the Microsoft cloud security benchmark and
the related guidance applicable to Azure Migrate.
You can monitor this security baseline and its recommendations using Microsoft
Defender for Cloud. Azure Policy definitions will be listed in the Regulatory Compliance
section of the Microsoft Defender for Cloud dashboard.
When a feature has relevant Azure Policy Definitions, they are listed in this baseline to
help you measure compliance to the Microsoft cloud security benchmark controls and
recommendations. Some recommendations may require a paid Microsoft Defender plan
to enable certain security scenarios.
7 Note
Features not applicable to Azure Migrate have been excluded. To see how Azure
Migrate completely maps to the Microsoft cloud security benchmark, see the full
Azure Migrate security baseline mapping file .
Security profile
The security profile summarizes high-impact behaviors of Azure Migrate, which may
result in increased security considerations.
Features
Description: Service native IP filtering capability for filtering network traffic (not to be
confused with NSG or Azure Firewall). Learn more.
Feature notes: The customer is able to configure Azure Migrate to require Private Link.
Configuration Guidance: Deploy private endpoints for all Azure resources that support
the Private Link feature, to establish a private access point for the resources.
Azure Migrate Private Link support allows customers to securely discover, assess, and
migrate servers over a private network while offering protection against data exfiltration
risks and enabling greater migration velocity.
You can connect privately and securely to Azure Migrate over an Azure ExpressRoute
private peering or a site-to-site (S2S) VPN connection by using Private Link.
Description: Service supports disabling public network access either through using
service-level IP ACL filtering rule (not NSG or Azure Firewall) or using a 'Disable Public
Network Access' toggle switch. Learn more.
Feature notes: The customer may configure Azure Migrate with Private Link, thereby
disabling public endpoint access.
Configuration Guidance: Disable public network access using by toggling the switch for
public network access.
You can configure the connectivity method for your Azure Migrate project and choose
to enable or disable public network access to the Migrate project.
Identity management
For more information, see the Microsoft cloud security benchmark: Identity management.
Features
Description: Service supports using Azure AD authentication for data plane access.
Learn more.
Feature notes: Azure Migrate leverages managed identities and service principals in
Azure AD for certain data plane operations. Azure Migrate also supports Azure AD for
user access of the control plane through the Azure Portal.
Features
Managed Identities
Description: Data plane actions support authentication using managed identities. Learn
more.
Feature notes: Azure Migrate uses managed identity to securely access migrated data
that is kept in a storage account. This is currently used in a scenario where private
endpoint is configured.
Service Principals
Description: Data plane supports authentication using service principals. Learn more.
Feature notes: The discovery and assessment services within Azure Migrate do not use
service principals, however the migration service does use service principals in a public
endpoint scenario to connect to the customer’s key vault using Hyper-V recovery
manager app.
Features
Feature notes: The Azure Migrate appliance leverages Key Vault to manage connection
strings for the service bus, and access keys for the storage accounts are used for
replication.
Data protection
For more information, see the Microsoft cloud security benchmark: Data protection.
Features
Description: Service supports data in-transit encryption for data plane. Learn more.
While this is optional for traffic on private networks, this is critical for traffic on external
and public networks. For HTTP traffic, ensure that any clients (including the Azure
Migrate appliance and other machines on which you’ve installed Azure Migrate
software) connecting to your Azure resources can negotiate TLS v1.2 or greater. For
remote management, use SSH (for Linux) or RDP/TLS (for Windows) instead of an
unencrypted protocol. Obsoleted SSL, TLS, and SSH versions and protocols, and weak
ciphers should be disabled.
Configuration Guidance: No additional configurations are required as this is enabled on
a default deployment.
Features
Description: Data at-rest encryption using platform keys is supported, any customer
content at rest is encrypted with these Microsoft managed keys. Learn more.
Feature notes: All data persisted in Azure Migrate is encrypted at rest with Microsoft-
managed keys.
The Server Migration tool in Azure Migrate replicates data from the disks of servers
being migrated to storage accounts and managed disks in your Azure subscription. Data
handling is transient until it is written to storage accounts or managed disks in the
subscription and is not persisted in Azure Migrate. Replicated data on the storage
account and managed disks is encrypted at rest with Microsoft-managed keys. For
highly sensitive data, you have options to implement additional encryption at rest with
customer-managed keys on the storage account and managed disks.
Features
Configuration Guidance: Enable and implement data at rest encryption for your
replicated data using customer-managed keys.
To replicate VMs with CMK, you'll need to create a disk encryption set under the target
Resource Group. A disk encryption set object maps Managed Disks to a Key Vault that
contains the CMK to use for SSE.
Features
Description: The service supports Azure Key Vault integration for any customer keys,
secrets, or certificates. Learn more.
Feature notes: The Azure Migrate appliance leverages Key Vault to manage connection
strings for the service bus, and access keys for the storage accounts are used for
replication.
Asset management
For more information, see the Microsoft cloud security benchmark: Asset management.
Description: Service configurations can be monitored and enforced via Azure Policy.
Learn more.
Feature notes: Azure Migrate may leverage Azure Policy, however it must be configured
by the customer to be enforced.
Configuration Guidance: Use Microsoft Defender for Cloud to configure Azure Policy to
audit and enforce configurations of your Azure resources. Use Azure Monitor to create
alerts when there is a configuration deviation detected on the resources. Use Azure
Policy [deny] and [deploy if not exists] effects to enforce secure configuration across
Azure resources.
Features
Description: Service produces resource logs that can provide enhanced service-specific
metrics and logging. The customer can configure these resource logs and send them to
their own data sink like a storage account or log analytics workspace. Learn more.
This article summarizes prerequisites and support requirements for using the Azure
Migrate: Discovery and assessment tool to discover and assess servers in a VMware
environment for migration to Azure.
To assess servers, first, create an Azure Migrate project. The Azure Migrate: Discovery
and assessment tool is automatically added to the project. Then, deploy the Azure
Migrate appliance. The appliance continuously discovers on-premises servers and sends
configuration and performance metadata to Azure. When discovery is completed, gather
the discovered servers into groups and run assessments per group.
As you plan your migration of VMware servers to Azure, review the migration support
matrix.
Limitations
Requirement Details
Project limits You can create multiple Azure Migrate projects in an Azure subscription.
Discovery The Azure Migrate appliance can discover up to 10,000 servers running across
multiple vCenter Servers.
The appliance supports adding multiple vCenter Servers. You can add up to 10
vCenter Servers per appliance.
VMware requirements
VMware Details
VMware Details
vCenter Servers that you want to discover and assess must be managed by vCenter Server
Server version 7.0, 6.7, 6.5, 6.0, or 5.5.
Discovering servers by providing ESXi host details in the appliance currently isn't
supported.
IPv6 addresses aren't supported for vCenter Server (for discovery and assessment
of servers) and ESXi hosts (for replication of servers).
Permissions The Azure Migrate: Discovery and assessment tool requires a vCenter Server read-
only account.
If you want to use the tool for software inventory, agentless dependency analysis,
web apps and SQL discovery, the account must have privileges for guest operations
on VMware VMs.
Server requirements
VMware Details
Operating systems All Windows and Linux operating systems can be assessed for migration.
Storage Disks attached to SCSI, IDE, and SATA-based controllers are supported.
Azure Inbound connections on TCP port 3389 to allow remote desktop connections to the
Migrate appliance.
Appliance
Inbound connections on port 44368 to remotely access the appliance management
app by using the URL https://<appliance-ip-or-name>:44368 .
vCenter Inbound connections on TCP port 443 to allow the appliance to collect configuration
Server and performance metadata for assessments.
The appliance connects to vCenter on port 443 by default. If vCenter Server listens on
a different port, you can modify the port when you set up discovery.
ESXi For discovery of software inventory or agentless dependency analysis, the appliance
hosts connects to ESXi hosts on TCP port 443 to discover software inventory and
dependencies on the servers.
Support Details
Supported You can perform software inventory on up to 10,000 servers running across
servers vCenter Server(s) added to each Azure Migrate appliance.
Operating Servers running all Windows and Linux versions are supported.
systems
Server For software inventory, VMware Tools must be installed and running on your
requirements servers. The VMware Tools version must be version 10.2.1 or later.
WMI must be enabled and available on Windows servers to gather the details of
the roles and features installed on the servers.
Support Details
vCenter To interact with the servers for software inventory, the vCenter Server read-only
Server account that's used for assessment must have privileges for guest operations on
account VMware VMs.
Server access You can add multiple domain and non-domain (Windows/Linux) credentials in the
appliance configuration manager for software inventory.
You must have a guest user account for Windows servers and a standard user
account (non- sudo access) for all Linux servers.
Port access The Azure Migrate appliance must be able to connect to TCP port 443 on ESXi
hosts running servers on which you want to perform software inventory. The
server running vCenter Server returns an ESXi host connection to download the
file that contains the details of the software inventory.
Discovery Software inventory is performed from vCenter Server by using VMware Tools
installed on the servers.
The appliance gathers the information about the software inventory from the
server running vCenter Server through vSphere APIs.
After the appliance is connected, it gathers configuration and performance data for SQL
Server instances and databases. The appliance updates the SQL Server configuration
data once every 24 hours and captures the Performance data every 30 seconds.
Support Details
Support Details
Supported Supported only for servers running SQL Server in your VMware, Microsoft
servers Hyper-V, and Physical/Bare metal environments as well as IaaS Servers of other
public clouds such as AWS, GCP, etc.
You can discover up to 750 SQL Server instances or 15,000 SQL databases,
whichever is less, from a single appliance. It is recommended that you ensure
that an appliance is scoped to discover less than 600 servers running SQL to
avoid scaling issues.
Authentication Both Windows and SQL Server authentication are supported. You can provide
mechanism credentials of both authentication types in the appliance configuration
manager.
SQL Server To discover SQL Server instances and databases, the Windows or SQL Server
access account must be a member of the sysadmin server role or have these
permissions for each SQL Server instance.
SQL Server Enterprise, Standard, Developer, and Express editions are supported.
editions
7 Note
By default, Azure Migrate uses the most secure way of connecting to SQL instances
i.e. Azure Migrate encrypts communication between the Azure Migrate appliance
and the source SQL Server instances by setting the TrustServerCertificate property
to true . Additionally, the transport layer uses SSL to encrypt the channel and
bypass the certificate chain to validate trust. Hence, the appliance server must be
set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server
connection properties on the appliance.Learn more to understand what to choose.
Windows Authentication
SQL
-- Create user in every database other than tempdb and model and provide
minimal read-only permissions.
use master;
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY CREATE USER [MYDOMAIN\MYACCOUNT] FOR LOGIN [MYDOMAIN\MYACCOUNT]
END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT SELECT ON sys.sql_expression_dependencies TO
[MYDOMAIN\MYACCOUNT] END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT VIEW DATABASE STATE TO [MYDOMAIN\MYACCOUNT] END TRY BEGIN
CATCH PRINT ERROR_MESSAGE() END CATCH'
GO
-- Clean up
--use master;
-- EXECUTE sp_MSforeachdb 'USE [?]; BEGIN TRY DROP USER [MYDOMAIN\MYACCOUNT]
END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH;'
-- BEGIN TRY DROP LOGIN [MYDOMAIN\MYACCOUNT] END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH;
--GO
SQL
-- Create user in every database other than tempdb and model and provide
minimal read-only permissions.
use master;
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY CREATE USER [evaluator] FOR LOGIN [evaluator]END TRY BEGIN CATCH
PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT SELECT ON sys.sql_expression_dependencies TO [evaluator]END
TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT VIEW DATABASE STATE TO [evaluator]END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH'
GO
-- Clean up
--use master;
-- EXECUTE sp_MSforeachdb 'USE [?]; BEGIN TRY DROP USER [evaluator] END TRY
BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH;'
-- BEGIN TRY DROP LOGIN [evaluator] END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH;
--GO
7 Note
Support Details
Supported You can enable agentless dependency analysis on up to 1000 servers (across
servers multiple vCenter Servers), discovered per appliance.
Linux servers Red Hat Enterprise Linux 5.1, 5.3, 5.11, 6.x, 7.x, 8.x
Cent OS 5.1, 5.9, 5.11, 6.x, 7.x, 8.x
Ubuntu 12.04, 14.04, 16.04, 18.04, 20.04
OracleLinux 6.1, 6.7, 6.8, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8, 8.1, 8.3, 8.5
SUSE Linux 10, 11 SP4, 12 SP1, 12 SP2, 12 SP3, 12 SP4, 15 SP2, 15 SP3
Debian 7, 8, 9, 10, 11
Support Details
Server VMware Tools (10.2.1 and later) must be installed and running on servers you
requirements want to analyze.
vCenter The read-only account used by Azure Migrate for assessment must have
Server privileges for guest operations on VMware VMs.
account
Linux server Sudo user account with permissions to execute ls and netstat commands. If
access you're providing a sudo user account, ensure that you have enabled NOPASSWD
for the account to run the required commands without prompting for a password
every time a sudo command is invoked.
Alternatively, you can create a user account that has the CAP_DAC_READ_SEARCH
and CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files, set using the
following commands:
sudo setcap CAP_DAC_READ_SEARCH,CAP_SYS_PTRACE=ep /bin/ls
sudo setcap CAP_DAC_READ_SEARCH,CAP_SYS_PTRACE=ep /bin/netstat
Port access The Azure Migrate appliance must be able to connect to TCP port 443 on ESXi
hosts running the servers that have dependencies you want to discover. The
server running vCenter Server returns an ESXi host connection to download the
file containing the dependency data.
The appliance gathers the information from the server by using vSphere APIs.
No agent is installed on the server, and the appliance doesn’t connect directly to
servers.
Before You should have a project in place, with the Azure Migrate: Discovery and
deployment assessment tool added to the project.
Log Analytics Azure Migrate uses the Service Map solution in Azure Monitor logs for
dependency visualization.
You associate a new or existing Log Analytics workspace with a project. You can't
modify the workspace for a project after the workspace is added.
The workspace must be located in the East US, Southeast Asia, or West Europe
regions. Workspaces in other regions can't be associated with a project.
In Log Analytics, the workspace that's associated with Azure Migrate is tagged
with the project key and project name.
Required On each server that you want to analyze, install the following agents:
agents - Microsoft Monitoring Agent (MMA)
- Dependency agent
If on-premises servers aren't connected to the internet, download and install the
Log Analytics gateway on them.
Learn more about installing the Dependency agent and the MMA.
Log Analytics The workspace must be in the same subscription as the project.
workspace
Azure Migrate supports workspaces that are located in the East US, Southeast
Asia, and West Europe regions.
The workspace for a project can't be modified after the workspace is added.
Requirement Details
Cost The Service Map solution doesn't incur any charges for the first 180 days (from
the day you associate the Log Analytics workspace with the project).
Using any solution other than Service Map in the associated Log Analytics
workspace incurs standard charges for Log Analytics.
When the project is deleted, the workspace isn't automatically deleted. After
deleting the project, Service Map usage isn't free, and each node will be charged
per the paid tier of Log Analytics workspace.
If you have projects that you created before Azure Migrate general availability
(February 28, 2018), you might have incurred additional Service Map charges. To
ensure that you're charged only after 180 days, we recommend that you create a
new project. Workspaces that were created before GA are still chargeable.
Management When you register agents to the workspace, use the ID and key provided by the
project.
You can use the Log Analytics workspace outside Azure Migrate.
If you delete the associated project, the workspace isn't deleted automatically.
Delete it manually.
Don't delete the workspace created by Azure Migrate, unless you delete the
project. If you do, the dependency visualization functionality doesn't work as
expected.
Internet If servers aren't connected to the internet, install the Log Analytics gateway on
connectivity the servers.
Next steps
Review assessment best practices.
Learn how to prepare for a VMware assessment.
Support matrix for Hyper-V assessment
Article • 05/15/2023
This article summarizes prerequisites and support requirements when you discover and
assess on-premises servers running in a Hyper-V environment for migration to Azure,
using the Azure Migrate: Discovery and assessment tool. If you want to migrate servers
running on Hyper-V to Azure, review the migration support matrix.
To set up discovery and assessment of servers running on Hyper-V, you create a project,
and add the Azure Migrate: Discovery and assessment tool to the project. After the tool
is added, you deploy the Azure Migrate appliance. The appliance continuously discovers
on-premises servers and sends server metadata and performance data to Azure. After
discovery is complete, you gather discovered servers into groups, and run an
assessment for a group.
Limitations
Support Details
Assessment You can discover and assess up to 35,000 servers in a single project.
limits
Project You can create multiple projects in an Azure subscription. In addition to servers on
limits Hyper-V, a project can include servers on VMware and physical servers, up to the
assessment limits for each.
Discovery The Azure Migrate appliance can discover up to 5000 servers running on Hyper-V.
Hyper-V If you use Hyper-V Replica (or you have multiple servers with the same server
Replica identifiers), and you discover both the original and replicated servers using Azure
Migrate, the assessment generated by Azure Migrate might not be accurate.
Server requirements
Support Details
Integration Hyper-V Integration Services must be running on servers that you assess, in order
Services to capture operating system information.
Storage Local Disk, DAS, JBOD, Storage Spaces, CSV, SMB. These Hyper-V Host storages on
which VHD/VHDX are stored are supported.
IDE and SCSI virtual controllers are supported
Device Connection
Appliance Inbound connections on TCP port 3389 to allow remote desktop connections to
the appliance.
Hyper-V Inbound connection on WinRM port 5985 (HTTP) to pull metadata and
host/cluster performance data for servers on Hyper-V, using a Common Information Model
(CIM) session.
Servers For Windows server, need access on port 5985 (HTTP) and for Linux servers, need
access on port 22 (TCP) to perform software inventory and agentless dependency
analysis
Support Details
Supported You can perform software inventory on up to 5,000 servers running across Hyper-
servers V host(s)/cluster(s) added to each Azure Migrate appliance.
Operating All Windows and Linux versions with Hyper-V integration services enabled.
systems
Support Details
Server Windows servers must have PowerShell remoting enabled and PowerShell version
requirements 2.0 or later installed.
WMI must be enabled and available on Windows servers to gather the details of
the roles and features installed on the servers.
Linux servers must have SSH connectivity enabled and ensure that the following
commands can be executed on the Linux servers to pull the application data: list,
tail, awk, grep, locate, head, sed, ps, print, sort, uniq. Based on OS type and the
type of package manager being used, here are some additional commands:
rpm/snap/dpkg, yum/apt-cache, mssql-server.
Server access You can add multiple domain and non-domain (Windows/Linux) credentials in the
appliance configuration manager for software inventory.
You must have a guest user account for Windows servers and a standard user
account (non- sudo access) for all Linux servers.
Port access For Windows server, need access on port 5985 (HTTP) and for Linux servers, need
access on port 22(TCP).
Discovery Software inventory is performed by directly connecting to the servers using the
server credentials added on the appliance.
The appliance gathers the information about the software inventory from
Windows servers using PowerShell remoting and from Linux servers using SSH
connection.
After the appliance is connected, it gathers configuration and performance data for SQL
Server instances and databases. SQL Server configuration data is updated once every 24
hours. Performance data is captured every 30 seconds.
Support Details
Supported Supported only for servers running SQL Server in your VMware, Microsoft
servers Hyper-V, and Physical/Bare metal environments as well as IaaS Servers of other
public clouds such as AWS, GCP, etc.
You can discover up to 750 SQL Server instances or 15,000 SQL databases,
whichever is less, from a single appliance. It is recommended that you ensure
that an appliance is scoped to discover less than 600 servers running SQL to
avoid scaling issues.
Authentication Both Windows and SQL Server authentication are supported. You can provide
mechanism credentials of both authentication types in the appliance configuration
manager.
SQL Server To discover SQL Server instances and databases, the Windows or SQL Server
access account must be a member of the sysadmin server role or have these
permissions for each SQL Server instance.
SQL Server Enterprise, Standard, Developer, and Express editions are supported.
editions
7 Note
By default, Azure Migrate uses the most secure way of connecting to SQL instances
i.e. Azure Migrate encrypts communication between the Azure Migrate appliance
and the source SQL Server instances by setting the TrustServerCertificate property
to true . Additionally, the transport layer uses SSL to encrypt the channel and
bypass the certificate chain to validate trust. Hence, the appliance server must be
set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server
connection properties on the appliance.Learn more to understand what to choose.
Windows Authentication
SQL
-- Create user in every database other than tempdb and model and provide
minimal read-only permissions.
use master;
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY CREATE USER [MYDOMAIN\MYACCOUNT] FOR LOGIN [MYDOMAIN\MYACCOUNT]
END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT SELECT ON sys.sql_expression_dependencies TO
[MYDOMAIN\MYACCOUNT] END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT VIEW DATABASE STATE TO [MYDOMAIN\MYACCOUNT] END TRY BEGIN
CATCH PRINT ERROR_MESSAGE() END CATCH'
GO
-- Clean up
--use master;
-- EXECUTE sp_MSforeachdb 'USE [?]; BEGIN TRY DROP USER [MYDOMAIN\MYACCOUNT]
END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH;'
-- BEGIN TRY DROP LOGIN [MYDOMAIN\MYACCOUNT] END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH;
--GO
SQL
-- Create user in every database other than tempdb and model and provide
minimal read-only permissions.
use master;
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY CREATE USER [evaluator] FOR LOGIN [evaluator]END TRY BEGIN CATCH
PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT SELECT ON sys.sql_expression_dependencies TO [evaluator]END
TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT VIEW DATABASE STATE TO [evaluator]END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH'
GO
-- Clean up
--use master;
-- EXECUTE sp_MSforeachdb 'USE [?]; BEGIN TRY DROP USER [evaluator] END TRY
BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH;'
-- BEGIN TRY DROP LOGIN [evaluator] END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH;
--GO
7 Note
Support Details
Supported You can enable agentless dependency analysis on up to 1000 servers (across
servers multiple Hyper-V hosts/clusters), discovered per appliance.
Operating All Windows and Linux versions with Hyper-V integration services enabled.
systems
Server Windows servers must have PowerShell remoting enabled and PowerShell version
requirements 2.0 or later installed.
Linux servers must have SSH connectivity enabled and ensure that the following
commands can be executed on the Linux servers: touch, chmod, cat, ps, grep,
echo, sha256sum, awk, netstat, ls, sudo, dpkg, rpm, sed, getcap, which, date.
Linux server Sudo user account with permissions to execute ls and netstat commands. If
access you're providing a sudo user account, ensure that you have enabled NOPASSWD
for the account to run the required commands without prompting for a password
every time sudo command is invoked.
Alternatively, you can create a user account that has the CAP_DAC_READ_SEARCH
and CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files, set using the
following commands:
sudo setcap CAP_DAC_READ_SEARCH,CAP_SYS_PTRACE=ep /bin/ls
sudo setcap CAP_DAC_READ_SEARCH,CAP_SYS_PTRACE=ep /bin/netstat
Port access For Windows server, need access on port 5985 (HTTP) and for Linux servers, need
access on port 22(TCP).
The appliance gathers the dependency information from Windows servers using
PowerShell remoting and from Linux servers using SSH connection.
Requirement Details
Before You should have a project in place, with the Azure Migrate: Discovery and
deployment assessment tool added to the project.
Log Analytics Azure Migrate uses the Service Map solution in Azure Monitor logs for
dependency visualization.
You associate a new or existing Log Analytics workspace with a project. The
workspace for a project can't be modified after it's added.
The workspace must reside in the East US, Southeast Asia, or West Europe
regions. Workspaces in other regions can't be associated with a project.
In Log Analytics, the workspace associated with Azure Migrate is tagged with the
Migration Project key, and the project name.
Required On each server you want to analyze, install the following agents:
agents
The Microsoft Monitoring agent (MMA).
The Dependency agent.
Log Analytics The workspace must be in the same subscription as the project.
workspace
Azure Migrate supports workspaces residing in the East US, Southeast Asia, and
West Europe regions.
Costs The Service Map solution doesn't incur any charges for the first 180 days (from
the day that you associate the Log Analytics workspace with the project)/
Using any solution other than Service Map in the associated Log Analytics
workspace will incur standard charges for Log Analytics.
When the project is deleted, the workspace isn't deleted along with it. After
deleting the project, Service Map usage isn't free, and each node will be charged
as per the paid tier of Log Analytics workspace/
If you have projects that you created before Azure Migrate general availability
(GA- 28 February 2018), you might have incurred additional Service Map charges.
To ensure payment after 180 days only, we recommend that you create a new
project, since existing workspaces before GA are still chargeable.
Management When you register agents to the workspace, you use the ID and key provided by
the project.
You can use the Log Analytics workspace outside Azure Migrate.
If you delete the associated project, the workspace isn't deleted automatically.
Delete it manually.
Don't delete the workspace created by Azure Migrate, unless you delete the
project. If you do, the dependency visualization functionality won't work as
expected.
Internet If servers aren't connected to the internet, you need to install the Log Analytics
connectivity gateway on them.
Next steps
Prepare for assessment of servers running on Hyper-V.
Support matrix for physical server
discovery and assessment
Article • 05/15/2023
This article summarizes prerequisites and support requirements when you assess
physical servers for migration to Azure, using the Azure Migrate: Discovery and
assessment tool. If you want to migrate physical servers to Azure, review the migration
support matrix.
To assess physical servers, you create a project, and add the Azure Migrate: Discovery
and assessment tool to the project. After adding the tool, you deploy the Azure Migrate
appliance. The appliance continuously discovers on-premises servers, and sends servers
metadata and performance data to Azure. After discovery is complete, you gather
discovered servers into groups, and run an assessment for a group.
Limitations
Support Details
Assessment You can discover and assess up to 35,000 physical servers in a single project.
limits
Project You can create multiple projects in an Azure subscription. In addition to physical
limits servers, a project can include servers on VMware and on Hyper-V, up to the
assessment limits for each.
Discovery The Azure Migrate appliance can discover up to 1000 physical servers.
Type of servers: Bare metal servers, virtualized servers running on-premises or other
clouds like AWS, GCP, Xen etc.
7 Note
Currently, Azure Migrate does not support the discovery of para-virtualized servers.
Operating system: All Windows and Linux operating systems can be assessed for
migration.
Option 1
Create an account that has administrator privileges on the servers. Use this account
to pull configuration and performance data through CIM connection and perform
software inventory (discovery of installed applications) and enable agentless
dependency analysis using PowerShell remoting.
7 Note
Option 2
Add the user account to these groups: Remote Management Users, Performance
Monitor Users, and Performance Log Users.
If Remote management Users group isn't present, then add user account to the
group: WinRMRemoteWMIUsers_.
The account needs these permissions for appliance to create a CIM connection
with the server and pull the required configuration and performance metadata
from the WMI classes listed here.
In some cases, adding the account to these groups may not return the required
data from WMI classes as the account might be filtered by UAC. To overcome the
UAC filtering, user account needs to have necessary permissions on CIMV2
Namespace and sub-namespaces on the target server. You can follow the steps
here to enable the required permissions.
7 Note
For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on the
servers.
7 Note
To discover SQL Server databases on Windows Servers, both Windows and SQL
Server authentication are supported. You can provide credentials of both
authentication types in the appliance configuration manager. Azure Migrate
requires a Windows user account that is a member of the sysadmin server role.
Option 1
You need a sudo user account on the servers that you want to discover. Use this
account to pull configuration and performance metadata, perform software
inventory (discovery of installed applications) and enable agentless dependency
analysis using SSH connectivity.
You need to enable sudo access on /usr/bin/bash to execute the commands listed
here. In addition to these commands, the user account also needs to have
permissions to execute ls and netstat commands to perform agentless dependency
analysis.
Make sure that you have enabled NOPASSWD for the account to run the required
commands without prompting for a password every time sudo command is
invoked.
Azure Migrate supports the following Linux OS distributions for discovery using an
account with sudo access:
Red Hat Enterprise Linux 5.1, 5.3, 5.11, 6.x, 7.x, 8.x
Oracle Linux 6.1, 6.7, 6.8, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8, 8.1, 8.3, 8.5
SUSE Linux 10, 11 SP4, 12 SP1, 12 SP2, 12 SP3, 12 SP4, 15 SP2, 15 SP3
Debian 7, 8, 9, 10, 11
7 Note
Option 2
If you can't provide root account or user account with sudo access, then you can
set 'isSudo' registry key to value '0' in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance registry on
appliance server and provide a non-root account with the required capabilities
using the following commands:
Command Purpose
setcap To collect
"cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_setuid, disk
cap_setpcap,cap_net_bind_service,cap_net_admin,cap_sys_chroot,cap_sys_admin, performance
cap_sys_resource,cap_audit_control,cap_setfcap=+eip" /sbin/lvm data
Command Purpose
To perform agentless dependency analysis on the server, ensure that you also set
the required permissions on /bin/netstat and /bin/ls files by using the following
commands:
sudo setcap CAP_DAC_READ_SEARCH,CAP_SYS_PTRACE=ep /bin/ls
Port access
The following table summarizes port requirements for assessment.
Device Connection
Appliance Inbound connections on TCP port 3389, to allow remote desktop connections to the
appliance.
Physical Windows: Inbound connection on WinRM port 5985 (HTTP) to pull configuration and
servers performance metadata from Windows servers.
Support Details
Supported You can perform software inventory on up to 1,000 servers discovered from each
servers Azure Migrate appliance.
Operating Servers running all Windows and Linux versions that meet the server
systems requirements and have the required access permissions are supported.
Server Windows servers must have PowerShell remoting enabled and PowerShell version
requirements 2.0 or later installed.
WMI must be enabled and available on Windows servers to gather the details of
the roles and features installed on the servers.
Linux servers must have SSH connectivity enabled and ensure that the following
commands can be executed on the Linux servers to pull the application data: list,
tail, awk, grep, locate, head, sed, ps, print, sort, uniq. Based on the OS type and
the type of package manager used, here are some additional commands:
rpm/snap/dpkg, yum/apt-cache, mssql-server.
Linux server A standard user account (non- sudo access) for all Linux servers
access
Port access For Windows server, need access on port 5985 (HTTP) and for Linux servers, need
access on port 22(TCP).
Support Details
Discovery Software inventory is performed by directly connecting to the servers using the
server credentials added on the appliance.
The appliance gathers the information about the software inventory from
Windows servers using PowerShell remoting and from Linux servers using SSH
connection.
After the appliance is connected, it gathers configuration and performance data for SQL
Server instances and databases. The appliance updates the SQL Server configuration
data once every 24 hours and captures the Performance data every 30 seconds.
Support Details
Supported supported only for servers running SQL Server in your VMware, Microsoft
servers Hyper-V, and Physical/Bare metal environments as well as IaaS Servers of other
public clouds such as AWS, GCP, etc.
You can discover up to 750 SQL Server instances or 15,000 SQL databases,
whichever is less, from a single appliance. It is recommended that you ensure
that an appliance is scoped to discover less than 600 servers running SQL to
avoid scaling issues.
Authentication Both Windows and SQL Server authentication are supported. You can provide
mechanism credentials of both authentication types in the appliance configuration
manager.
Support Details
SQL Server To discover SQL Server instances and databases, the Windows or SQL Server
access account must be a member of the sysadmin server role or have these
permissions for each SQL Server instance.
SQL Server Enterprise, Standard, Developer, and Express editions are supported.
editions
7 Note
By default, Azure Migrate uses the most secure way of connecting to SQL instances
i.e. Azure Migrate encrypts communication between the Azure Migrate appliance
and the source SQL Server instances by setting the TrustServerCertificate property
to true . Additionally, the transport layer uses SSL to encrypt the channel and
bypass the certificate chain to validate trust. Hence, the appliance server must be
set up to trust the certificate's root authority.
However, you can modify the connection settings, by selecting Edit SQL Server
connection properties on the appliance.Learn more to understand what to choose.
Windows Authentication
SQL
-- Create a login to run the assessment
use master;
-- If a SID needs to be specified, add here
DECLARE @SID NVARCHAR(MAX) = N'';
CREATE LOGIN [MYDOMAIN\MYACCOUNT] FROM WINDOWS;
SELECT @SID = N'0x'+CONVERT(NVARCHAR, sid, 2) FROM sys.syslogins where
name = 'MYDOMAIN\MYACCOUNT'
IF (ISNULL(@SID,'') != '')
PRINT N'Created login [MYDOMAIN\MYACCOUNT] with SID = ' + @SID
ELSE
PRINT N'Login creation failed'
GO
-- Create user in every database other than tempdb and model and provide
minimal read-only permissions.
use master;
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY CREATE USER [MYDOMAIN\MYACCOUNT] FOR LOGIN [MYDOMAIN\MYACCOUNT]
END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT SELECT ON sys.sql_expression_dependencies TO
[MYDOMAIN\MYACCOUNT] END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT VIEW DATABASE STATE TO [MYDOMAIN\MYACCOUNT] END TRY BEGIN
CATCH PRINT ERROR_MESSAGE() END CATCH'
GO
-- Clean up
--use master;
-- EXECUTE sp_MSforeachdb 'USE [?]; BEGIN TRY DROP USER [MYDOMAIN\MYACCOUNT]
END TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH;'
-- BEGIN TRY DROP LOGIN [MYDOMAIN\MYACCOUNT] END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH;
--GO
SQL
-- Create user in every database other than tempdb and model and provide
minimal read-only permissions.
use master;
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY CREATE USER [evaluator] FOR LOGIN [evaluator]END TRY BEGIN CATCH
PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT SELECT ON sys.sql_expression_dependencies TO [evaluator]END
TRY BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH'
EXECUTE sp_MSforeachdb 'USE [?]; IF (''?'' NOT IN (''tempdb'',''model''))
BEGIN TRY GRANT VIEW DATABASE STATE TO [evaluator]END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH'
GO
-- Clean up
--use master;
-- EXECUTE sp_MSforeachdb 'USE [?]; BEGIN TRY DROP USER [evaluator] END TRY
BEGIN CATCH PRINT ERROR_MESSAGE() END CATCH;'
-- BEGIN TRY DROP LOGIN [evaluator] END TRY BEGIN CATCH PRINT
ERROR_MESSAGE() END CATCH;
--GO
7 Note
Data is always encrypted at rest and during transit.
Support Details
Supported You can enable agentless dependency analysis on up to 1000 servers, discovered
servers per appliance.
Operating Servers running all Windows and Linux versions that meet the server
systems requirements and have the required access permissions are supported.
Server Windows servers must have PowerShell remoting enabled and PowerShell version
requirements 2.0 or later installed.
Linux servers must have SSH connectivity enabled and ensure that the following
commands can be executed on the Linux servers: touch, chmod, cat, ps, grep,
echo, sha256sum, awk, netstat, ls, sudo, dpkg, rpm, sed, getcap, which, date
Linux server Sudo user account with permissions to execute ls and netstat commands. If
access you're providing a sudo user account, ensure that you have enabled NOPASSWD
for the account to run the required commands without prompting for a password
every time sudo command is invoked.
Alternatively, you can create a user account that has the CAP_DAC_READ_SEARCH
and CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files, set using the
following commands:
Port access For Windows server, need access on port 5985 (HTTP) and for Linux servers, need
access on port 22(TCP).
Support Details
The appliance gathers the dependency information from Windows servers using
PowerShell remoting and from Linux servers using SSH connection.
Requirement Details
Before You should have a project in place, with the Azure Migrate: Discovery and
deployment assessment tool added to the project.
Log Analytics Azure Migrate uses the Service Map solution in Azure Monitor logs for
dependency visualization.
You associate a new or existing Log Analytics workspace with a project. The
workspace for a project can't be modified after it's added.
The workspace must reside in the East US, Southeast Asia, or West Europe
regions. Workspaces in other regions can't be associated with a project.
In Log Analytics, the workspace associated with Azure Migrate is tagged with the
Migration Project key, and the project name.
Required On each server you want to analyze, install the following agents:
agents
The Microsoft Monitoring agent (MMA).
The Dependency agent.
Costs The Service Map solution doesn't incur any charges for the first 180 days (from
the day that you associate the Log Analytics workspace with the project).
Using any solution other than Service Map in the associated Log Analytics
workspace incurs standard charges for Log Analytics.
When the project is deleted, the workspace isn't deleted along with it. After
deleting the project, Service Map usage isn't free, and each node will be charged
as per the paid tier of Log Analytics workspace/
If you have projects that you created before Azure Migrate general availability
(GA - 28 February 2018), you might have incurred additional Service Map charges.
To ensure payment after 180 days only, we recommend that you create a new
project since existing workspaces before GA are still chargeable.
Management When you register agents to the workspace, you use the ID and key provided by
the project.
You can use the Log Analytics workspace outside Azure Migrate.
If you delete the associated project, the workspace isn't deleted automatically.
Delete it manually.
Don't delete the workspace created by Azure Migrate, unless you delete the
project. If you do, the dependency visualization functionality won't work as
expected.
Internet If servers aren't connected to the internet, you need to install the Log Analytics
connectivity gateway on them.
Next steps
Prepare for physical Discovery and assessment.
Azure Migrate appliance
Article • 12/12/2022 • 18 minutes to read
This article summarizes the prerequisites and support requirements for the Azure
Migrate appliance.
Deployment scenarios
The Azure Migrate appliance is used in the following scenarios.
The appliance can be deployed using a template for servers running in VMware or
Hyper-V environment (OVA template for VMware or VHD for Hyper-V).
If you don't want to use a template, you can deploy the appliance for VMware or
Hyper-V environment using a PowerShell installer script.
In Azure Government, you should deploy the appliance using a PowerShell installer
script. Refer to the steps of deployment here.
For physical or virtualized servers on-premises or any other cloud, you always
deploy the appliance using a PowerShell installer script.Refer to the steps of
deployment here.
Download links are available in the tables below.
7 Note
Don't install any other components, such as the Microsoft Monitoring Agent
(MMA) or Replication appliance, on the same server hosting the Azure Migrate
appliance. If you install the MMA agent, you can face problems like "Multiple
custom attributes of the same type found". It's recommended to have a dedicated
server to deploy the appliance.
Appliance services
The appliance has the following services:
7 Note
The last 3 services are available in the appliance used for discovery and assessment
of servers running in your VMware VMs, Hyper-V VMs, bare-metal servers, and
servers running on other public clouds like AWS, GCP etc.
Appliance - VMware
The following table summarizes the Azure Migrate appliance requirements for VMware.
Requirement VMware
Permissions To access the appliance configuration manager locally or remotely, you need to
have a local or domain user account with administrative privileges on the
appliance server.
Discovery An appliance can discover up to 10,000 severs running across multiple vCenter
limits Servers.
A single appliance can connect to up to 10 vCenter Servers.
Supported Deploy as new server running on vCenter Server using OVA template.
deployment
Deploy on an existing server running Windows Server 2016 using PowerShell
installer script.
OVA Verify the OVA template downloaded from project by checking the hash values.
verification
PowerShell Refer to this article on how to deploy an appliance using the PowerShell installer
script script.
Hardware The appliance should run on server with Windows Server 2016, 32-GB RAM, 8
and network vCPUs, around 80 GB of disk storage, and an external virtual switch.
requirements The appliance requires internet access, either directly or through a proxy.
If you deploy the appliance using OVA template, you need enough resources on
the vCenter Server to create a server that meets the hardware requirements.
If you run the appliance on an existing server, make sure that it is running
Windows Server 2016, and meets hardware requirements.
(Currently the deployment of appliance is only supported on Windows Server
2016.)
VMware If you deploy the appliance as a server on vCenter Server, it must be deployed on
requirements a vCenter Server running 5.5, 6.0, 6.5, 6.7 or 7.0 and an ESXi host running version
5.5 or later.
VDDK To use the appliance for agentless migration of servers, the VMware vSphere
(agentless VDDK must be installed on the appliance server.
migration)
Appliance - Hyper-V
Requirement Hyper-V
Permissions To access the appliance configuration manager locally or remotely, you need to
have a local or domain user account with administrative privileges on the
appliance server.
VHD Zip file that includes a VHD. Download from project or from here .
template
Download size is 8.91 GB.
VHD Verify the VHD template downloaded from project by checking the hash values.
verification
PowerShell Refer to this article on how to deploy an appliance using the PowerShell installer
script script.
Requirement Hyper-V
Hardware The appliance should run on server with Windows Server 2016, 16-GB RAM, 8
and network vCPUs, around 80 GB of disk storage, and an external virtual switch.
requirements The appliance needs a static or dynamic IP address, and requires internet access,
either directly or through a proxy.
If you run the appliance as a server running on a Hyper-V host, you need enough
resources on the host to create a server that meets the hardware requirements.
If you run the appliance on an existing server, make sure that it is running
Windows Server 2016, and meets hardware requirements.
(Currently the deployment of appliance is only supported on Windows Server 2016.)
Hyper-V If you deploy the appliance with the VHD template, the appliance provided by
requirements Azure Migrate is Hyper-V VM version 5.0.
Appliance - Physical
Requirement Physical
Permissions To access the appliance configuration manager locally or remotely, you need to
have a local or domain user account with administrative privileges on the
appliance server.
Supported Deploy on an existing server running Windows Server 2016 using PowerShell
deployment installer script.
Requirement Physical
PowerShell Download the script (AzureMigrateInstaller.ps1) in a zip file from the project or
script from here . Learn more.
Script Verify the PowerShell installer script downloaded from project by checking the
verification hash values.
Hardware and The appliance should run on server with Windows Server 2016, 16-GB RAM, 8
network vCPUs, around 80 GB of disk storage.
requirements The appliance needs a static or dynamic IP address, and requires internet
access, either directly or through a proxy.
If you run the appliance on an existing server, make sure that it is running
Windows Server 2016, and meets hardware requirements.
(Currently the deployment of appliance is only supported on Windows Server
2016.)
URL access
The Azure Migrate appliance needs connectivity to the internet.
When you deploy the appliance, Azure Migrate does a connectivity check to the
required URLs.
You need to allow access to all URLs in the list. If you're doing assessment only,
you can skip the URLs that are marked as required for VMware agentless
migration.
If you're using a URL-based proxy to connect to the internet, make sure that the
proxy resolves any CNAME records received while looking up the URLs.
URL Details
URL Details
URL Details
aka.ms/* (optional) Allow access to these links; used to download and install
the latest updates for appliance services.
*.blob.core.windows.net (optional) This is optional and is not required if the storage account
has a private endpoint attached.
URL Details
aka.ms/* (optional) Allow access to these links; used to download and install
the latest updates for appliance services.
URL Details
Gather The appliance collects the The appliance The appliance collects
configuration metadata of servers collects the metadata from Windows
and running on vCenter metadata of servers servers using Common
performance Server(s) using vSphere running on Hyper-V Information Model (CIM)
metadata APIs by connecting on port hosts using a session with servers on
443 (default port) or any Common port 5985 and from Linux
other port each vCenter Information Model servers using SSH
Server listens on. (CIM) session with connectivity on port 22.
hosts on port 5985.
Process VMware appliance Hyper-V appliance Physical appliance
Send The appliance sends the The appliance sends The appliance sends the
discovery collected data to Azure the collected data to collected data to Azure
data Migrate: Discovery and Azure Migrate: Migrate: Discovery and
assessment and Migration Discovery and assessment over SSL port
and modernization over assessment over SSL 443.
SSL port 443. port 443.
The appliance can connect
The appliance can connect The appliance can to Azure over the internet
to Azure over the internet connect to Azure or via ExpressRoute private
or via ExpressRoute private over the internet or peering or Microsoft
peering or Microsoft via ExpressRoute peering circuits.
peering circuits. private peering or
Microsoft peering
circuits.
Assess and You can create assessments You can create You can create assessments
migrate from the metadata assessments from from the metadata
collected by the appliance the metadata collected by the appliance
using Azure Migrate: collected by the using Azure Migrate:
Discovery and assessment appliance using Discovery and assessment
tool. Azure Migrate: tool.
Discovery and
In addition, you can also assessment tool.
start migrating servers
running in your VMware
environment using the
Migration and
modernization tool to
orchestrate agentless
server replication.
Appliance upgrades
The appliance is upgraded as the Azure Migrate services running on the appliance are
updated. This happens automatically, because auto-update is enabled on the appliance
by default. You can change this default setting, to update the appliance services
manually.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance.
3. To turn off auto-update, create a registry key AutoUpdate key with DWORD value
of 0.
Turn on auto-update
You can turn on auto-update using either of these methods:
2. In the latest updates check, click on View appliance services and click on the link
to turn on auto-update.
Check the appliance services version
You can check the appliance services version using either of these methods:
1. On the appliance, click Start > Control Panel > Programs and Features
3. Find the latest service version in the file, and the download link for it. For example:
17321ad9b7ed/MicrosoftAzureApplianceConfigurationManager.msi", "Version":
4. Download the latest version of an outdated service, using the download link in the
file.
For example:
6. Check that the command output matches the hash value entry for the service in
the file (for example, the MD5 hash value above).
7. Now, run the MSI to install the service. It's a silent install, and the installation
window closes after it's done.
8. After installation is complete, check the version of the service in Control panel >
Programs and Features. The service version should now be upgraded to the latest
shown in the json file.
Next steps
Learn how to set up the appliance for VMware.
Learn how to set up the appliance for Hyper-V.
Learn how to set up the appliance for physical servers.
Metadata discovered by Azure Migrate
appliance
Article • 02/28/2023 • 11 minutes to read
This article provides details of the metadata discovered by Azure Migrate appliance.
The Azure Migrate appliance is a lightweight appliance that the Azure Migrate: Discovery
and assessment tool uses to discover servers running in your environment and send server
configuration and performance metadata to Azure.
Metadata discovered by the Azure Migrate appliance helps you to assess server readiness
for migration to Azure, right-size servers and plans costs. Microsoft doesn't use this data in
any license compliance audit.
Here's the full list of server metadata that the appliance collects and sends to Azure:
DATA COUNTER
Server details
Server ID vm.Config.InstanceUuid
Name container.GetType().Name
Performance metadata
Here's the performance data that an appliance collects for a server running on VMware and
sends to Azure:
NIC read throughput (MB per net.received.average Calculation for server size
second)
Here's the full list of server metadata that the appliance collects and sends to Azure.
Server details
Performance data
Here's the server performance data that the appliance collects and sends to Azure.
Hyper-V Virtual Storage Read Bytes/Second Calculation for disk size, storage cost,
Device server size
Hyper-V Virtual Storage Write Bytes/Second Calculation for disk size, storage cost,
Device server size
CPU utilization is the sum of all usage, for all virtual processors attached to a server.
Memory utilization is (Current Pressure * Guest Visible Physical Memory) / 100.
Disk and network utilization values are collected from the listed Hyper-V performance
counters.
Data Commands
Memory allocated cat /proc/meminfo | grep MemTotal | awk '{printf "%.0f", $2/1024}'
BIOS serial number lshw | grep "serial:" | head -n1 | awk '{print $2}'
/usr/sbin/dmidecode -t 1 | grep 'Serial' | awk '{ $1="" ; $2=""; print}'
/etc/os-release
/usr/lib/os-release
/etc/enterprise-release
/etc/redhat-release
/etc/oracle-release
/etc/SuSE-release
/etc/lsb-release
/etc/debian_version
OS architecture uname -m
Disk count fdisk -l | egrep 'Disk.*bytes' | awk '{print $2}' | cut -f1 -d ':'
Disk size fdisk -l | egrep 'Disk.*bytes' | egrep $disk: | awk '{print $5}'
NIC IP address ip addr show $nic | grep inet | awk '{print $2}' | cut -f1 -d "/"
NIC MAC address ip addr show $nic | grep ether | awk '{print $2}'
Data Commands
Disk count fdisk -l | egrep 'Disk.*bytes' | awk '{print $2}' | cut -f1 -d ':'
Data Commands
Architecture uname
Install ID sys.dm_server_registry
7 Note
Currently this feature is only available for servers running in your VMware environment.
Here's the web apps configuration data that the appliance collects from each Windows
server discovered in your VMware environment.
Entity Data
Entity Data
Data Commands
Process ID netstat
Data Commands
Process ID netstat
Process name ps
Process arguments ps
Next steps
Learn how to set up the appliance for VMware.
Learn how to set up the appliance for Hyper-V.
Learn how to set up the appliance for physical servers.
Additional resources
Documentation
Set the scope for discovery of servers on VMware with Azure Migrate - Azure Migrate
Describes how to set the discovery scope for servers hosted on VMware assessment and migration with
Azure Migrate.
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and assessment
Show 4 more
Dependency analysis
Article • 03/10/2023 • 3 minutes to read
This article describes dependency analysis in Azure Migrate: Discovery and assessment.
You can gather servers into groups for assessment, more accurately, with greater
confidence.
You can identify servers that must be migrated together. This is especially useful if
you're not sure which servers are part of an app deployment that you want to
migrate to Azure.
You can identify whether servers are in use, and which servers can be
decommissioned instead of migrated.
Analyzing dependencies helps ensure that nothing is left behind, and thus avoids
surprise outages after migration.
Review common questions about dependency analysis.
Analysis types
There are two options for deploying dependency analysis
Agentless Generally available for VMware VMs, Hyper-V VMs, Supported Supported
bare-metal servers, and servers running on other public
clouds like AWS, GCP etc.
Agent- Uses the Service Map solution in Azure Monitor, to Supported Not
based enable dependency visualization and analysis. supported.
analysis
You need to install agents on each on-premises server
that you want to analyze.
Agentless analysis
Agentless dependency analysis works by capturing TCP connection data from servers for
which it's enabled. No agents are installed on servers. Connections with the same source
server and process, and destination server, process, and port are grouped logically into a
dependency. You can visualize captured dependency data in a map view, or export it as
a CSV. No agents are installed on servers you want to analyze.
Dependency data
After discovery of dependency data begins, polling begins:
The Azure Migrate appliance polls TCP connection data from servers every five
minutes to gather data.
The gathered data is processed on the Azure Migrate appliance, to deduce identity
information, and is sent to Azure Migrate every six hours.
Agent-based analysis
For agent-based analysis, Azure Migrate: Discovery and assessment uses the Service
Map solution in Azure Monitor. You install the Microsoft Monitoring Agent/Log
Analytics agent and the Dependency agent, on each server you want to analyze.
Dependency data
Agent-based analysis provides this data:
Agent No agents needed on Agents required on each on-premises server that you
servers you want to want to analyze.
analyze.
Log Not required. Azure Migrate uses the Service Map solution in Azure
Analytics Monitor logs for dependency analysis.
Process Captures TCP Service Map agents installed on a server gather data
connection data. After about TCP processes, and inbound/outbound
discovery, it gathers connections for each process.
data at intervals of five
minutes.
Data Source server name, Source server name, process, application name.
process, application
name. Destination server name, process, application name, and
port.
Destination server
name, process, Number of connections, latency, and data transfer
application name, and information are gathered and available for Log Analytics
port. queries.
Data export Last 30 days data can Data can be queried with Log Analytics.
be downloaded in a
CSV format.
Next steps
Set up agent-based dependency visualization.
Try out agentless dependency visualization for servers on VMware.
Review common questions about dependency visualization.
Additional resources
Documentation
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Show 5 more
Business case (preview) overview
Article • 04/25/2023
This article provides an overview of assessments in the Azure Migrate: Discovery and
assessment tool. The tool can assess on-premises servers in VMware virtual and Hyper-V
environment, and physical servers for migration to Azure.
Helps remove guess work in your cost planning process and adds data insights
driven calculations.
It can be generated in just a few clicks after you have performed discovery using
the Azure Migrate appliance.
The feature is automatically enabled for existing Azure Migrate projects.
This capability can only be used to create Business cases in public cloud regions. For
Azure Government, you can use the existing assessment capability.
Azure You can get the most cost efficient For SQL Servers, sizing and cost comes
recommended and compatible target from the Recommended report with
to minimize recommendation in Azure across optimization strategy - minimize cost
cost Azure IaaS and Azure PaaS targets. from Azure SQL assessment.
Migrate to all You can get a quick lift and shift For SQL Servers, sizing and cost comes
IaaS recommendation to Azure IaaS. from the Instance to SQL Server on Azure
(Infrastructure VM report.
as a Service)
For general servers and servers hosting
web apps, sizing and cost comes from
Azure VM assessment.
Modernize to You can get a PaaS preferred For SQL Servers, sizing and cost comes
PaaS recommendation that means, the from the Recommended report with
(Platform as a logic identifies workloads best fit optimization strategy - Modernize to PaaS
Service) for PaaS targets. from Azure SQL assessment.
General servers are recommended For web apps, sizing and cost comes from
with a quick lift and shift Azure App Service assessment. For
recommendation to Azure IaaS. general servers, sizing and cost comes
from Azure VM assessment.
Although the Business case picks Azure recommendations from certain assessments,
you won't be able to access the assessments directly. To deep dive into sizing, readiness,
and Azure cost estimates, you can create respective assessments for the servers or
workloads.
Use more You need to set up an Azure Migrate appliance for Azure recommended
accurate VMware or Hyper-V or Physical/Bare-metal or other to minimize cost,
data clouds. The appliance discovers servers, SQL Server Migrate to all IaaS
insights instance and databases, and ASP.NET webapps and (Infrastructure as a
collected sends metadata and performance (resource utilization) Service), Modernize to
via Azure data to Azure Migrate. Learn more. PaaS (Platform as a
Migrate Service)
appliance
Build a You need to provide the server inventory in a .CSV file Migrate to all IaaS
quick and import in Azure Migrate to get a quick business case (Infrastructure as a
business based on the provided inputs. You don't need to set up Service)
case using the Azure Migrate appliance to discover servers for this
the servers option.
imported
via a .csv
file
1. Set up Azure and your on-premises environment to work with Azure Migrate.
2. For your first Business case, create an Azure project and add the Discovery and
assessment tool to it.
3. Deploy a lightweight Azure Migrate appliance. The appliance continuously
discovers on-premises servers and sends server metadata and performance data to
Azure Migrate. Deploy the appliance as a VM. You don't need to install anything on
servers that you want to assess.
After the appliance begins server discovery, you can start building your Business case.
Follow our tutorials for VMware or Hyper-V or Physical/Bare-metal or other clouds to try
out these steps.
We recommend that you wait at least a day after starting discovery before you build a
Business case so that enough performance/resource utilization data points are collected.
Also, review the notifications/resolve issues blades on Azure Migrate hub to identify any
discovery related issues prior to Business case computation. It ensures that the IT estate
in your datacenter is represented more accurately and the Business case
recommendations are more valuable.
What data does the appliance collect?
If you're using the Azure Migrate appliance, learn about the metadata and performance
data that's collected for:
VMware.
Hyper-V
Physical
2. The appliance combines the sample points to create a single data point every 10
minutes for VMware and Hyper-V servers, and every 5 minutes for physical servers.
To create the data point, the appliance selects the peak values from all samples. It
then sends the data point to Azure.
3. The assessment service stores all the 10-minute data points for the last month.
4. When you create a Business case, multiple assessments are triggered in the
background.
5. The assessments identify the appropriate data point to use for rightsizing.
Identification is based on the percentile values for performance history and
percentile utilization.
For example, if the performance history is one week and the percentile
utilization is the 95th percentile, the assessment sorts the 10-minute sample
points for the last week. It sorts them in ascending order and picks the 95th
percentile value for rightsizing.
The 95th percentile value makes sure you ignore any outliers, which might be
included if you picked the 99th percentile.
6. This value is multiplied by the comfort factor to get the effective performance
utilization data for these metrics that the appliance collects.
Ideal for cloud: These servers are best fit for migrating to Azure and comprises of
active and idle servers:
Active servers: These servers delivered business value by being on and had their
CPU and memory utilization above 5% and network utilization above 2%.
Idle servers: These servers were on but didn't deliver business value by having
their CPU and memory utilization below 5% and network utilization below 2%.
Decommission: These servers were expected to deliver business value, but didn't
and can be decommissioned on-premises and recommended to not migrate to
Azure:
Zombie: The CPU, memory and network utilization were 0% with no
performance data collection issues.
These servers were on but don't have adequate metrics available:
Unknown: Many servers can land in this section if the discovery is still ongoing
or has some unaddressed discovery issues.
Overview: This report is an executive summary of the Business case and covers:
Potential savings (TCO).
Estimated year on year cashflow savings based on the estimated migration
completed that year.
Savings from unique Azure benefits like Azure Hybrid Benefit.
Discovery insights covering the scope of the Business case.
On-premises vs Azure: This report covers the breakdown of the total cost of
ownership by cost categories and insights on savings.
Azure IaaS: This report covers the Azure and on-premises footprint of the servers
and workloads recommended for migrating to Azure IaaS.
Azure PaaS: This report covers the Azure and on-premises footprint of the
workloads recommended for migrating to Azure PaaS.
What's in a business case?
Here's what's included in a business case:
On-premises cost
Cost components for running on-premises servers. For TCO calculations, an annual cost
is computed for the following heads:
Software - License cost Calculated per two core pack license pricing of 2019
SQL Server Enterprise or Standard.
licensing
Software - License cost Calculated per two core pack license pricing of
Windows Windows Server.
Server
licensing
Facilities Facilities & DC Facilities – Facilities cost hasn't been added by default in the
Infrastructure Lease and on-premises cost calculations. Any
Power lease/colocation/power cost specified here will be
included as part of the Business case.
Azure cost
Compute Compute (IaaS) Azure VM, SQL Server Compute cost (with AHUB) from Azure
on Azure VM VM assessment, Compute cost (with
AHUB) from Azure SQL assessment
Cost Category Component Logic
heads
Compute Azure SQL MI or Azure Compute cost (with AHUB) from Azure
(PaaS) SQL DB SQL assessment.
Compute(PaaS) Azure App Service Plan cost from Azure App Service.
Storage (PaaS) Azure SQL MI or Azure Storage cost from Azure SQL assessment.
SQL DB - Managed
disks
Facilities Facilities & DC Facilities - Lease Facilities cost isn't applicable for Azure
Infrastructure and Power cost.
Capital
Asset
Expense
(CAPEX) (A)
License (virtualization cost + Depreciable life = VMware licenses are not retained;
Amortization Windows Server + 5 years Windows, SQL and Hyper-V
SQL Server + Linux management software licenses are
OS)/(Depreciable retained based on AHUB option in
life) Azure).
Operating
Asset
Expense
(OPEX) (B)
You can override the above values in the assumptions section of the Business case.
Glossary
Term Details
Business A Business case provides justification for a go/no go for a project. It evaluates the
case benefit, cost and risk of alternative options and provides a rationale for the
preferred solution.
Total cost TCO (Total cost of ownership) is a financial estimate to help companies calculate
of precisely, the economic impact during the whole life cycle of IT projects.
ownership
(TCO)
Return on A project’s expected return in percentage terms. ROI is calculated by dividing net
Investment benefits (benefits less costs) by costs.
(ROI)
Cash flow It explains how much cash went out and in the door for a business.
statement
Net cash It's the difference between the money coming in and the money coming out of your
flow (NCF) business for a specific period.
Net The present or current value of (discounted) future net cash flows given an interest
Present rate (the discount rate). A positive project NPV normally indicates that the
Value investment should be made unless other projects have higher NPVs.
(NPV)
Payback The breakeven point for an investment. It's the point in time at which net benefits
period (benefits minus costs) equal initial investment or cost.
Capital Up front investments in assets that are capitalized and put into the balance sheet.
Expense
(CAPEX)
This article provides an overview of assessments in the Azure Migrate: Discovery and
assessment tool. The tool can assess on-premises servers in VMware virtual and Hyper-V
environment, and physical servers for migration to Azure.
What's an assessment?
An assessment with the Discovery and assessment tool measures the readiness and
estimates the effect of migrating on-premises servers to Azure.
7 Note
In Azure Government, review the supported target assessment locations. Note that
VM size recommendations in assessments will use the VM series specifically for
Government Cloud regions. Learn more about VM types.
Types of assessments
There are three types of assessments you can create using Azure Migrate: Discovery and
assessment.
Assessment Details
Type
Azure VM Assessments to migrate your on-premises servers to Azure virtual machines. You
can assess your on-premises servers in VMware and Hyper-V environment, and
physical servers for migration to Azure VMs using this assessment type.
Azure SQL Assessments to migrate your on-premises SQL servers from your VMware
environment to Azure SQL Database or Azure SQL Managed Instance.
Azure App Assessments to migrate on-premises web apps from your VMware environment to
Service Azure App Service.
Azure Assessments to migrate your on-premises servers to Azure VMware Solution (AVS).
VMware You can assess your on-premises VMware VMs for migration to Azure VMware
Solution Solution (AVS) using this assessment type. Learn more
(AVS)
7 Note
If the number of Azure VM or AVS assessments are incorrect on the Discovery and
assessment tool, click on the total number of assessments to navigate to all the
assessments and recalculate the Azure VM or AVS assessments. The Discovery and
assessment tool will then show the correct count for that assessment type.
Assessments you create with Azure Migrate are a point-in-time snapshot of data. An
Azure VM assessment provides two sizing criteria options:
Performance- Assessments that The VM size recommendation is based on CPU and RAM-
based make utilization data.
recommendations
based on collected The disk-type recommendation is based on the
performance data input/output operations per second (IOPS) and throughput
of the on-premises disks. Disk types are Azure Standard
HDD, Azure Standard SSD, Azure Premium disks, and Azure
Ultra disks.
As-is on- Assessments that The VM size recommendation is based on the on-premises
premises don't use server size.
performance data
to make The recommended disk type is based on the selected
recommendations storage type for the assessment.
After the appliance begins server discovery, you can gather servers you want to assess
into a group and run an assessment for the group with assessment type Azure VM.
Follow our tutorials for VMware, Hyper-V, or physical servers to try out these steps.
2. The appliance combines the sample points to create a single data point every 10
minutes for VMware and Hyper-V servers, and every 5 minutes for physical servers.
To create the data point, the appliance selects the peak values from all samples. It
then sends the data point to Azure.
3. The assessment stores all the 10-minute data points for the last month.
4. When you create an assessment, the assessment identifies the appropriate data
point to use for rightsizing. Identification is based on the percentile values for
performance history and percentile utilization.
For example, if the performance history is one week and the percentile
utilization is the 95th percentile, the assessment sorts the 10-minute sample
points for the last week. It sorts them in ascending order and picks the 95th
percentile value for rightsizing.
The 95th percentile value makes sure you ignore any outliers, which might be
included if you picked the 99th percentile.
If you want to pick the peak usage for the period and don't want to miss any
outliers, select the 99th percentile for percentile utilization.
5. This value is multiplied by the comfort factor to get the effective performance
utilization data for these metrics that the appliance collects:
CPU utilization
RAM utilization
Disk IOPS (read and write)
Disk throughput (read and write)
Network throughput (in and out)
1. Calculate Azure readiness: Assess whether servers are suitable for migration to
Azure.
2. Calculate sizing recommendations: Estimate compute, storage, and network
sizing.
3. Calculate monthly costs: Calculate the estimated monthly compute and storage
costs for running the servers in Azure after migration.
Calculations are in the preceding order. A server moves to a later stage only if it passes
the previous one. For example, if a server fails the Azure readiness stage, it's marked as
unsuitable for Azure. Sizing and cost calculations aren't done for that server.
Setting Details
Target The location to which you want to migrate. The assessment currently supports
location these target Azure regions:
Target storage Specifies the type of target storage disk as automatic, Premium-managed,
disk Standard HDD-managed, Standard SSD-managed, or Ultra disk.
(performance-
based sizing) Automatic: The disk recommendation is based on the performance data of the
disks, meaning the IOPS and throughput.
Savings Specify the savings option that you want the assessment to consider to help
options optimize your Azure compute cost.
(compute)
Azure reservations (1 year or 3 year reserved) are a good option for the most
consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional flexibility
and automated cost optimization. Ideally post migration, you could use Azure
reservation and savings plan at the same time (reservation will be consumed
first), but in the Azure Migrate assessments, you can only see cost estimates of 1
savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as you go
rate or based on actual usage.
Performance Used with performance-based sizing. Performance history specifies the duration
history used when performance data is evaluated.
VM series The Azure VM series that you want to consider for rightsizing. For example, if
you don't have a production environment that needs A-series VMs in Azure, you
can exclude A-series from the list of series.
Comfort The buffer used during assessment. It's applied to the CPU, RAM, disk, and
factor network data for VMs. It accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
Offer The Azure offer in which you're enrolled. The assessment estimates the cost
for that offer.
Discount (%) Any subscription-specific discounts you receive on top of the Azure offer. The
default setting is 0%.
VM uptime The duration in days per month and hours per day for Azure VMs that won't run
continuously. Cost estimates are based on that duration.
The default values are 31 days per month and 24 hours per day.
Azure Hybrid Specifies whether you have software assurance and are eligible for Azure Hybrid
Benefit Benefit . If the setting has the default value "Yes," Azure prices for operating
systems other than Windows are considered for Windows VMs.
Leave the settings for reserved instances, discount (%) and VM uptime
properties with their default settings.
Review the best practices for creating an assessment with Azure Migrate.
Calculate readiness
Not all servers are suitable to run in Azure. An Azure VM Assessment assesses all on-
premises servers and assigns them a readiness category.
Ready for Azure: The server can be migrated as-is to Azure without any changes. It
will start in Azure with full Azure support.
Conditionally ready for Azure: The server might start in Azure but might not have
full Azure support. For example, Azure doesn't support a server that's running an
old version of Windows Server. You must be careful before you migrate these
servers to Azure. To fix any readiness problems, follow the remediation guidance
the assessment suggests.
Not ready for Azure: The server won't start in Azure. For example, if an on-
premises server's disk stores more than 64 TB, Azure can't host the server. Follow
the remediation guidance to fix the problem before migration.
Readiness unknown: Azure Migrate can't determine the readiness of the server
because of insufficient metadata.
To calculate readiness, the assessment reviews the server properties and operating
system settings summarized in the following tables.
Server properties
For an Azure VM Assessment, the assessment reviews the following properties of an on-
premises VM to determine whether it can run on Azure VMs.
Boot type Azure supports UEFI boot type for OS Not ready if the boot type is UEFI
mentioned here and Operating System running on
the VM is: Windows Server
2003/Windows Server 2003
R2/Windows Server 2008/Windows
Server 2008 R2
Cores Each server must have no more than 128 Ready if the number of cores is
cores, which is the maximum number an within the limit
Azure VM supports.
RAM Each server must have no more than 3,892 Ready if the amount of RAM is
GB of RAM, which is the maximum size an within the limit
Azure M-series Standard_M128m 2 VM
supports. Learn more.
Storage The allocated size of a disk must be no Ready if the disk size and number
disk more than 64 TB. are within the limits
Networking A server must have no more than 32 Ready if the number of NICs is
network interfaces (NICs) attached to it. within the limit
7 Note
To handle guest analysis for VMware VMs, the assessment uses the operating
system specified for the VM in vCenter Server. However, vCenter Server doesn't
provide the kernel version for Linux VM operating systems. To discover the version,
you need to set up application discovery. Then, the appliance discovers version
information using the guest credentials you specify when you set up app-discovery.
The assessment uses the following logic to identify Azure readiness based on the
operating system:
Windows Server These operating systems have passed their end- Conditionally ready for
2003 and of-support dates and need a Custom Support Azure. Consider
Windows Server Agreement (CSA) for support in Azure. upgrading the OS
2003 R2 before migrating to
Azure.
Windows 2000, These operating systems have passed their end- Conditionally ready for
Windows 98, of-support dates. The server might start in Azure, Azure. We recommend
Windows 95, but Azure provides no OS support. that you upgrade the
Windows NT, OS before migrating to
Windows 3.1, and Azure.
MS-DOS
Windows 7, Azure provides support with a Visual Studio Conditionally ready for
Windows 8, and subscription only. Azure.
Windows 10
Windows 10 Pro Azure provides support with Multitenant Hosting Conditionally ready for
Rights. Azure.
Windows Vista These operating systems have passed their end- Conditionally ready for
and Windows XP of-support dates. The server might start in Azure, Azure. We recommend
Professional but Azure provides no OS support. that you upgrade the
OS before migrating to
Azure.
Operating system Details Azure readiness status
Linux See the Linux operating systems that Azure Ready for Azure if the
endorses. Other Linux operating systems might version is endorsed.
start in Azure. But we recommend that you
upgrade the OS to an endorsed version before Conditionally ready if
you migrate to Azure. the version isn't
endorsed.
Other operating Azure doesn't endorse these operating systems. Conditionally ready for
systems like The server might start in Azure, but Azure Azure. We recommend
Oracle Solaris, provides no OS support. that you install a
Apple macOS, and supported OS before
FreeBSD migrating to Azure.
OS specified as Azure Migrate can't identify the OS in this case. Unknown readiness.
Other in vCenter Ensure that Azure
Server supports the OS running
inside the VM.
32-bit operating The server might start in Azure, but Azure might Conditionally ready for
systems not provide full support. Azure. Consider
upgrading to a 64-bit
OS before migrating to
Azure.
Calculating sizing
After the server is marked as ready for Azure, the assessment makes sizing
recommendations in the Azure VM assessment. These recommendations identify the
Azure VM and disk SKU. Sizing calculations depend on whether you're using as-is on-
premises sizing or performance-based sizing.
Compute sizing: The assessment allocates an Azure VM SKU based on the size
allocated on-premises.
Storage and disk sizing: The assessment looks at the storage type specified in
assessment properties and recommends the appropriate disk type. Possible
storage types are Standard HDD, Standard SSD, Premium, and Ultra disk. The
default storage type is Premium.
Network sizing: The assessment considers the network adapter on the on-
premises server.
7 Note
If you import servers by using a CSV file, the performance values you specify (CPU
utilization, Memory utilization, Disk IOPS and throughput) are used if you choose
performance-based sizing. You will not be able to provide performance history and
percentile information.
For storage sizing in an Azure VM assessment, Azure Migrate tries to map each disk that
is attached to the server to an Azure disk. Sizing works as follows:
1. Assessment adds the read and write IOPS of a disk to get the total IOPS required.
Similarly, it adds the read and write throughput values to get the total throughput
of each disk. In the case of import-based assessments, you have the option to
provide the total IOPS, total throughput and total no. of disks in the imported file
without specifying individual disk settings. If you do this, individual disk sizing is
skipped and the supplied data is used directly to compute sizing, and select an
appropriate VM SKU.
2. If you've specified the storage type as automatic, the selected type is based on the
effective IOPS and throughput values. The Assessment determines whether to map
the disk to a Standard HDD, Standard SSD, Premium disk, or Ultra disk in Azure. If
the storage type is set to one of those disk types, the assessment tries to find a
disk SKU within the storage type selected.
If assessment can't find a disk with the required IOPS and throughput, it
marks the server as unsuitable for Azure.
If assessment finds a set of suitable disks, it selects the disks that support the
location specified in the assessment settings.
If there are multiple eligible disks, assessment selects the disk with the lowest
cost.
If performance data for any disk is unavailable, the configuration disk size is
used to find a Standard SSD disk in Azure.
For Ultra disks, there is a range of IOPS and throughput that is allowed for a particular
disk size, and thus the logic used in sizing is different from Standard and Premium disks:
One disk (Disk 1) is found that can satisfy the disk size requirement
One disk (Disk 2) is found that can satisfy total IOPS requirement
IOPS to be provisioned = (source disk throughput) *1024/256
One disk (Disk 3) is found that can satisfy total throughput requirement
2. Out of the three disks, one with the max disk size is found and is rounded up to
the next available Ultra disk offering. This is the provisioned Ultra disk size.
3. Provisioned IOPS is calculated using the following logic:
If source throughput discovered is in the allowable range for the Ultra disk
size, provisioned IOPS is equal to source disk IOPS
Else, provisioned IOPS is calculated using IOPS to be provisioned = (source
disk throughput) *1024/256
Azure Migrate looks at the effective utilized cores (including processor benchmark)
and RAM to find a suitable Azure VM size.
If no suitable size is found, the server is marked as unsuitable for Azure.
If a suitable size is found, Azure Migrate applies the storage and networking
calculations. It then applies location and pricing-tier settings for the final VM size
recommendation.
If there are multiple eligible Azure VM sizes, the one with the lowest cost is
recommended.
If any of these utilization numbers isn't available, the size recommendations might be
unreliable.
7 Note
Confidence ratings aren't assigned for servers assessed using an imported CSV file.
Ratings also aren't applicable for as-is on-premises assessment.
Ratings
This table shows the assessment confidence ratings, which depend on the percentage of
available data points:
0-20% 1 star
21-40% 2 stars
41-60% 3 stars
61-80% 4 stars
81-100% 5 stars
You didn't profile your environment for the duration for which you're creating the
assessment. For example, if you create the assessment with performance duration
set to one day, you must wait at least a day after you start discovery for all the data
points to get collected.
Assessment is not able to collect the performance data for some or all the servers
in the assessment period. For a high confidence rating, ensure that:
Servers are powered on for the duration of the assessment
Outbound connections on ports 443 are allowed
For Hyper-V servers, dynamic memory is enabled
Some servers were created during the time for which the assessment was
calculated. For example, assume you created an assessment for the performance
history of the last month, but some servers were created only a week ago. In this
case, the performance data for the new servers will not be available for the entire
duration and the confidence rating would be low.
7 Note
If the confidence rating of any assessment is less than five stars, we recommend
that you wait at least a day for the appliance to profile the environment and then
recalculate the assessment. Otherwise, performance-based sizing might be
unreliable. In that case, we recommend that you switch the assessment to on-
premises sizing.
Compute cost
Azure Migrate uses the recommended Azure VM size and the Azure Billing API to
calculate the monthly cost for the server.
Operating system
Software assurance
Reserved instances
VM uptime
Location
Currency settings
The assessment aggregates the cost across all servers to calculate the total monthly
compute cost.
Storage cost
The monthly storage cost for a server is calculated by aggregating the monthly cost of
all disks that are attached to the server.
Ultra disk
The cost for Ultra disk is calculated based on the provisioned size, provisioned IOPS and
provisioned throughput. Learn more
Cost of disk size is calculated by multiplying provisioned disk size by hourly price
of disk capacity
Cost of provisioned IOPS is calculated by multiplying provisioned IOPS by hourly
provisioned IOPS price
Cost of provisioned throughput is calculated by multiplying provisioned
throughput by hourly provisioned throughput price
The Ultra disk VM reservation fee is not added in the total cost. Learn More
Assessment calculates the total monthly storage costs by aggregating the storage costs
of all servers. Currently, the calculation doesn't consider offers specified in the
assessment settings.
Next steps
Review best practices for creating assessments.
Learn about running assessments for servers running in VMware and Hyper-V
environment, and physical servers.
Learn about assessing servers imported with a CSV file.
Learn about setting up dependency visualization.
Assessment Overview (migrate to Azure
SQL)
Article • 03/14/2023 • 22 minutes to read
This article provides an overview of assessments for migrating on-premises SQL Server
instances from a VMware, Microsoft Hyper-V, and Physical environment to SQL Server
on Azure VM or Azure SQL Database or Azure SQL Managed Instance using the Azure
Migrate: Discovery and assessment tool.
What's an assessment?
An assessment with the Discovery and assessment tool is a point in time snapshot of
data and measures the readiness and estimates the effect of migrating on-premises
servers to Azure.
Types of assessments
There are three types of assessments that you can create using the Azure Migrate:
Discovery and assessment tool.
Assessment Details
Type
You can assess your on-premises servers in VMware and Hyper-V environment, and
physical servers for migration to Azure VMs using this assessment type.
Azure SQL Assessments to migrate your on-premises SQL servers from your VMware,
Microsoft Hyper-V, and Physical environments to SQL Server on Azure VM, or
Azure SQL Database, or Azure SQL Managed Instance.
Azure App Assessments to migrate your on-premises ASP.NET web apps, running on IIS web
Service servers, from your VMware environment to Azure App Service.
Azure Assessments to migrate your on-premises servers to Azure VMware Solution (AVS).
VMware
Solution You can assess your on-premises VMware VMs for migration to Azure VMware
(AVS) Solution (AVS) using this assessment type. Learn more.
7 Note
If the number of Azure VM or AVS assessments are incorrect on the Discovery and
assessment tool, click on the total number of assessments to navigate to all the
assessments and recalculate the Azure VM or AVS assessments. The Discovery and
assessment tool then shows the correct count for that assessment type.
1. Set up Azure and your on-premises environment to work with Azure Migrate.
2. For your first assessment, create an Azure Migrate project and add the Azure
Migrate: Discovery and assessment tool to it.
3. Deploy a lightweight Azure Migrate appliance. The appliance continuously
discovers on-premises servers and sends configuration and performance data to
Azure Migrate. Deploy the appliance as a VM or a physical server. You don't need
to install anything on servers that you want to assess.
After the appliance begins discovery, you can gather servers you want to assess into a
group and run an assessment for the group with assessment type Azure SQL.
Follow our tutorial for assessing SQL Server instances to try out these steps.
How does the appliance calculate performance
data for SQL instances and databases?
The appliance collects performance data for compute settings with these steps:
1. The appliance collects a real-time sample point. For SQL servers, it collects a
sample point every 30 seconds.
2. The appliance aggregates the sample data points collected every 30 seconds over
10 minutes. To create the data point, the appliance selects the peak values from all
samples. It sends the max, mean and variance for each counter to Azure.
3. Azure Migrate stores all the 10-minute data points for the last month.
4. When you create an assessment, Azure Migrate identifies the appropriate data
point to use for rightsizing. Identification is based on the percentile values for
performance history and percentile utilization.
For example, if the performance history is one week and the percentile
utilization is the 95th percentile, the assessment sorts the 10-minute sample
points for the last week. It sorts them in ascending order and picks the 95th
percentile value for rightsizing.
The 95th percentile value makes sure you ignore any outliers, which might be
included if you picked the 99th percentile.
If you want to pick the peak usage for the period and don't want to miss any
outliers, select the 99th percentile for percentile utilization.
5. This value is multiplied by the comfort factor to get the effective performance
utilization data for these metrics that the appliance collects:
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is Pay-as-
pricing program you-go by default, which gives you retail Azure prices.
settings
You can avail additional discount by applying reserved capacity
and Azure Hybrid Benefit on top of Pay-as-you-go offer.
You can apply Azure Hybrid Benefit on top of Pay-as-you-go
offer and Dev/Test environment. The assessment doesn't support
applying Reserved Capacity on top of Pay-as-you-go offer and
Dev/Test environment.
If the offer is set to Pay-as-you-go and Reserved capacity is set to
No reserved instances, the monthly cost estimates are calculated
by multiplying the number of hours chosen in the VM uptime
field with the hourly price of the recommended SKU.
Target and Savings Specify the reserved capacity savings option that you want the
pricing options - Azure assessment to consider to help optimize your Azure compute
settings SQL MI and DB cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good option
for the most consistently running resources.
When you select 'None', the Azure compute cost is based on the
Pay as you go rate or based on actual usage.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good option
(IaaS) for the most consistently running resources.
When you select 'None', the Azure compute cost is based on the
Pay as you go rate or based on actual usage.
Target and Discount (%) Any subscription-specific discounts you receive on top of the
pricing Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost estimates for
settings SQL Server on Azure VM where you're aware that Azure VMs
might not run continuously.
Cost estimates for servers where recommended target is SQL
Server on Azure VM are based on the duration specified. Default
is 31 days per month/24 hours per day.
Target and Azure Hybrid Specify whether you already have a Windows Server and/or SQL
pricing Benefit Server license. Azure Hybrid Benefit is a licensing benefit that
settings helps you to significantly reduce the costs of running your
workloads in the cloud. It works by letting you use your on-
premises Software Assurance-enabled Windows Server and SQL
Server licenses on Azure. For example, if you have a SQL Server
license and they're covered with active Software Assurance of
SQL Server Subscriptions, you can apply for the Azure Hybrid
Benefit when you bring licenses to Azure.
Section Setting Details
Assessment Sizing criteria Set to Performance-based by default, which means Azure Migrate
criteria collects performance metrics pertaining to SQL instances and the
databases managed by it to recommend an optimal-sized SQL
Server on Azure VM and/or Azure SQL Database and/or Azure
SQL Managed Instance configuration.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment. This
criteria accounts for issues like seasonal usage, short performance
history, and likely increases in future usage.
Assessment Optimization Specify the preference for the recommended assessment report.
criteria preference Selecting Minimize cost would result in the Recommended
assessment report recommending those deployment types that
have least migration issues and are most cost effective, whereas
selecting Modernize to PaaS would result in Recommended
assessment report recommending PaaS(Azure SQL MI or DB)
deployment types over IaaS Azure(VMs), wherever the SQL
Server instance is ready for migration to PaaS irrespective of cost.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure SQL
Instance Managed Instance:
sizing
Select Recommended if you want Azure Migrate to recommend
the best suited service tier for your servers. This can be General
purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL Server
on Azure on Azure VM sizing. Based on the configuration and performance
VM sizing requirements of your SQL Server or SQL Server instance, the
assessment recommends a VM size from the selected list of VM
series.
You can edit settings as needed. For example, if you don't want
to include D-series VM, you can exclude D-series from this list.
As Azure SQL assessments intend to give the best performance
for your SQL workloads, the VM series list only has VMs that are
optimized for running your SQL Server on Azure Virtual
Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based on the
VM sizing chosen environment type, on-premises disk size, IOPS and
throughput.
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure SQL
sizing Database:
Calculate readiness
7 Note
The assessment only includes databases that are in online status. In case the
database is in any other status, the assessment ignores the readiness, sizing and
cost calculation for such databases. In case you wish to assess such databases,
change the status of the database and recalculate the assessment in some time.
1. The Azure SQL assessment considers the SQL Server instance features that are
currently used by the source SQL Server workloads (SQL Agent jobs, linked servers,
etc.) and the user databases schemas (tables, views, triggers, stored procedures
etc.) to identify compatibility issues.
2. If there are no compatibility issues found, the instance is marked as Ready for the
target deployment type (SQL Server on Azure VM or Azure SQL Database or Azure
SQL Managed Instance)
3. If there are non-critical compatibility issues, such as deprecated or unsupported
features that don't block the migration to a specific target deployment type, the
instance is marked as Ready (hyperlinked) with warning details and recommended
remediation guidance. This includes the situation where the source data has an
Always On Availability Group configuration and the required replicas exceed those
available with the specific target deployment type.
4. If there are any compatibility issues that may block the migration to a specific
target deployment type, the instance is marked as Ready with conditions with
issue details and recommended remediation guidance.
In the Recommended deployment, Instances to Azure SQL MI, and Instances
to SQL Server on Azure VM readiness reports, if there's even one database in
a SQL instance, which isn't ready for a particular target deployment type, the
instance is marked as Ready with conditions for that deployment type.
5. Not ready: The assessment couldn't find a SQL Server on Azure VM/Azure SQL
MI/Azure SQL DB configuration meeting the desired configuration and
performance characteristics. Review the recommendation to make the
instance/server ready for the desired target deployment type.
6. If the discovery is still in progress or there are any discovery issues for a SQL
instance or database, the instance is marked as Unknown as the assessment
couldn't compute the readiness for that SQL instance.
7 Note
7 Note
In the recommended deployment strategy, if the source SQL Server is good fit for
all three deployment targets- SQL Server on Azure VM, Azure SQL Managed
Instance and Azure SQL Database, the assessment recommends a specific option
that optimizes your cost and fits within the size and performance boundaries.
Calculate sizing
1. During the discovery process, Azure Migrate collects SQL instance configuration
and performance that includes:
If the source is a SQL Server Always On Failover Cluster Instance (FCI), the assessment
report covers the approach for migrating to a two-node SQL Server Failover Cluster
Instance. This preserves the high availability and disaster recovery intents while adhering
to the best practices. Learn more.
Storage sizing
For storage sizing, the assessment maps each of the instance disk to an Azure disk.
Sizing works as follows:
Assessment adds the read and write IOPS of a disk to get the total IOPS required.
Similarly, it adds the read and write throughput values to get the total throughput
of each disk. The disk size needed for each of the disks is the size of SQL Data and
SQL Log drives.
The assessment recommends creating a storage disk pool for all SQL Log and SQL
Data drives. For temp drives, the assessment recommends storing the files in the
local drive.
If the assessment can't find a disk for the required size, IOPS and throughput, it
marks the instance as unsuitable for migrating to SQL Server on Azure VM
If the assessment finds a set of suitable disks, it selects the disks that support the
location specified in the assessment settings.
If the source is a SQL Server Always On Failover Cluster Instance, shared disk
configuration is selected.
If the environment type is Production, the assessment tries to find Premium disks
to map each of the disks, else it tries to find a suitable disk, which could either be
Premium or Standard SSD disk.
If there are multiple eligible disks, assessment selects the disk with the lowest
cost.
Compute sizing
After it calculates storage requirements, the assessment considers CPU and RAM
requirements of the instance to find a suitable VM size in Azure.
The assessment looks at the effective utilized cores and RAM to find a suitable
Azure VM size. Effective utilized RAM or memory for an instance is calculated by
aggregating the buffer cache (buffer pool size in MB) for all the databases running
in an instance.
If no suitable size is found, the server is marked as unsuitable for Azure.
If a suitable size is found, Azure Migrate applies the storage calculations. It then
applies location and pricing-tier settings for the final VM size recommendation.
If there are multiple eligible Azure VM sizes, the one with the lowest cost is
recommended.
If the source is a SQL Server Always On Failover Cluster Instance, the compute size
is used again for a second Azure VM to meet the need for two nodes.
7 Note
As Azure SQL assessments are intended to give the best performance for your SQL
workloads, the VM series list only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
Confidence ratings
Each Azure SQL assessment is associated with a confidence rating. The rating ranges
from one (lowest) to five (highest) stars. The confidence rating helps you estimate the
reliability of the size recommendations Azure Migrate provides.
If any of these utilization numbers isn't available, the size recommendations might be
unreliable. This table shows the assessment confidence ratings, which depend on the
percentage of available data points:
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
You didn't profile your environment for the duration for which you're creating the
assessment. For example, if you create the assessment with performance duration
set to one day, you must wait at least a day after you start discovery for all the data
points to get collected.
The Assessment isn't able to collect the performance data for some or all the
servers in the assessment period. For a high confidence rating, ensure that:
Servers are powered on for the duration of the assessment.
Outbound connections on ports 443 are allowed.
If Azure Migrate connection status of the SQL agent in Azure Migrate is
Connected, check the last heartbeat.
Azure Migrate connection status for all SQL instances is Connected in the
discovered SQL instance section.
7 Note
Recommendation details
Once the readiness and sizing calculation is complete, the optimization preference is
applied to arrive at a recommended target and configuration. The Recommendation
Details provide a detailed explanation of the readiness and sizing calculations behind
the recommendation.
Migration guidance
This section provides guidance to configure the target resource and steps to migrate.
The steps are specific to the source and the target deployment combinations. This
guidance is specifically useful for users who intend to migrate Always On Failover Cluster
Instances (FCI) and Availability Groups (AG).
Compute cost
To calculate the compute cost for an Azure SQL configuration, the assessment
considers the following properties:
Azure Hybrid Benefit for SQL and Windows licenses
Environment type
Reserved capacity
Azure target location
Currency
Offer/Licensing program
Discount (%)
Storage cost
The storage cost estimates only include data files and not log files.
For calculating storage cost for an Azure SQL configuration, the assessment
considers following properties:
Azure target location
Currency
Offer/Licensing program
Discount (%)
Backup storage cost isn't included in the assessment.
Azure SQL Database
A minimum of 5 GB storage cost is added in the cost estimate and additional
storage cost is added for storage in 1 GB increments. Learn More .
Azure SQL Managed Instance
There's no storage cost added for the first 32 GB/instance/month storage and
additional storage cost is added for storage in 32 GB increments. Learn More .
Next steps
Review best practices for creating assessments.
Learn how to run an Azure SQL assessment.
Assessment overview (migrate to Azure
App Service)
Article • 03/03/2023 • 6 minutes to read
What's an assessment?
An assessment with the Discovery and assessment tool is a point in time snapshot of
data and measures the readiness and provides cost details to host on-premises servers,
databases, and web apps to Azure.
Types of assessments
There are four types of assessments you can create using the Azure Migrate: Discovery
and assessment tool.
Assessment Details
Type
You can assess your on-premises servers in VMware and Hyper-V environment,
and physical servers for migration to Azure VMs using this assessment type.
Azure SQL Assessments to migrate your on-premises SQL servers from your VMware
environment to Azure SQL Database or Azure SQL Managed Instance.
Azure App Assessments to migrate your on-premises ASP.NET web apps running on IIS web
Service servers to Azure App Service.
Configuration- Assessments that make The Azure App Service assessment takes only
based recommendations based configuration data in to consideration for
on collected assessment calculation. Performance data for web
configuration data apps isn't collected.
1. Set up Azure and your on-premises environment to work with Azure Migrate.
2. For your first assessment, create an Azure Migrate project. Azure Migrate:
Discovery and assessment tool gets added to the project by default.
3. Deploy a lightweight Azure Migrate appliance. The appliance continuously
discovers on-premises servers and sends configuration and performance data to
Azure Migrate. Deploy the appliance as a VM or a physical server. You don't need
to install anything on servers that you want to assess.
After the appliance begins discovery, you can gather servers (hosting web apps) you
want to assess into a group and run an assessment for the group with assessment type
Azure App Service.
Follow our tutorial for assessing ASP.NET web apps to try out these steps.
Setting Details
Setting Details
Target The Azure region to which you want to migrate. Azure App Service configuration
location and cost recommendations are based on the location that you specify.
Isolation Select yes if you want your web apps to run in a private and dedicated
required environment in an Azure datacenter using Dv2-series VMs with faster processors,
SSD storage, and double the memory to core ratio compared to Standard plans.
Savings Specify the savings option that you want the assessment to consider to help
options optimize your Azure compute cost.
(compute)
Azure reservations (1 year or 3 year reserved) are a good option for the most
consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide additional flexibility and
automated cost optimization. Ideally post migration, you could use Azure
reservation and savings plan at the same time (reservation is consumed first), but
in the Azure Migrate assessments, you can only see cost estimates of 1 savings
option at a time.
When you select 'None', the Azure compute cost is based on the Pay as you go
rate or based on actual usage.
Offer The Azure offer in which you're enrolled. The assessment estimates the cost for
that offer.
Discount Any subscription-specific discounts you receive on top of the Azure offer. The
(%) default setting is 0%.
Leave the settings for reserved instances, discount (%) and VM uptime properties
with their default settings.
Review the best practices for creating an assessment with Azure Migrate.
Calculate readiness
Azure App Service readiness
Azure App Service readiness for web apps is based on feature compatibility checks
between on-premises configuration of web apps and Azure App Service:
1. The Azure App Service assessment considers the web apps configuration data to
identify compatibility issues.
2. If there are no compatibility issues found, the readiness is marked as Ready for the
target deployment type.
3. If there are non-critical compatibility issues, such as degraded or unsupported
features that don't block the migration to a specific target deployment type, the
readiness is marked as Ready with conditions (hyperlinked) with warning details
and recommended remediation guidance.
4. If there are any compatibility issues that may block the migration to a specific
target deployment type, the readiness is marked as Not ready with issue details
and recommended remediation guidance.
5. If the discovery is still in progress or there are any discovery issues for a web app,
the readiness is marked as Unknown as the assessment couldn't compute the
readiness for that web app.
Calculate sizing
7 Note
Currently, Azure Migrate only recommends I1, P1v2, and P1v3 SKUs. There are
more SKUs available in Azure App service. Learn more .
Yes Yes I1
Yes No I1
No Yes P1v3
No No P1v2
I1 8
P1v2 8
P1v3 16
7 Note
Your App Service plan can be scaled up and down at any time. Learn more.
Next steps
Review best practices for creating assessments.
Learn how to run an Azure App Service assessment.
Assessment overview (migrate to Azure
VMware Solution)
Article • 11/21/2022 • 20 minutes to read
Azure Migrate provides a central hub to track discovery, assessment, and migration of
your on-premises apps and workloads. It also tracks your private and public cloud
instances to Azure. The hub offers Azure Migrate tools for assessment and migration, as
well as third-party independent software vendor (ISV) offerings.
Discovery and assessment tool in Azure Migrate assesses on-premises servers for
migration to Azure virtual machines and Azure VMware Solution. This article provides
information about how Azure VMware Solution assessments are calculated.
7 Note
Azure VMware Solution assessment can be created for VMware vSphere VMs only.
Types of assessments
Assessments you create with Azure Migrate are a point-in-time snapshot of data. There
are two types of assessments you can create using Azure Migrate:
Assessment Details
Type
Azure VM Assessments to migrate your on-premises servers to Azure virtual machines. You
can assess your on-premises servers in VMware vSphere and Hyper-V environment,
and physical servers for migration to Azure VMs using this assessment type.
Azure SQL Assessments to migrate your on-premises SQL servers from your VMware
environment to Azure SQL Database or Azure SQL Managed Instance.
Azure App Assessments to migrate your on-premises ASP.NET web apps, running on IIS web
Service servers, from your VMware vSphere environment to Azure App Service.
7 Note
If the number of Azure VM or Azure VMware Solution assessments are incorrect on
the Discovery and assessment tool, click on the total number of assessments to
navigate to all the assessments and recalculate the Azure VM or Azure VMware
Solution assessments. The Discovery and assessment tool will then show the correct
count for that assessment type.
Performance- Assessments based on Recommended Node size: Based on CPU and memory
based collected performance utilization data along with node type, storage type,
data of on-premises and FTT setting that you select for the assessment.
VMs.
1. Set up Azure and your on-premises environment to work with Azure Migrate.
2. For your first assessment, create an Azure project and add the Discovery and
assessment tool to it.
3. Deploy a lightweight Azure Migrate appliance. The appliance continuously
discovers on-premises vSphere servers and sends server metadata and
performance data to Azure Migrate. Deploy the appliance as a VM. You don't need
to install anything on servers that you want to assess.
After the appliance begins server discovery, you can gather servers you want to assess
into a group and run an assessment for the group with assessment type Azure VMware
Solution (AVS).
Create your first Azure VMware Solution assessment by following the steps here.
2. The appliance combines the sample points to create a single data point every 10
minutes. To create the data point, the appliance selects the peak values from all
samples. It then sends the data point to Azure.
3. Azure Migrate stores all the 10-minute data points for the last month.
4. When you create an assessment, the assessment identifies the appropriate data
point to use for rightsizing. Identification is based on the percentile values for
performance history and percentile utilization.
For example, if the performance history is one week and the percentile
utilization is the 95th percentile, the assessment sorts the 10-minute sample
points for the last week. It sorts them in ascending order and picks the 95th
percentile value for rightsizing.
The 95th percentile value makes sure you ignore any outliers, which might be
included if you picked the 99th percentile.
If you want to pick the peak usage for the period and don't want to miss any
outliers, select the 99th percentile for percentile utilization.
5. This value is multiplied by the comfort factor to get the effective performance
utilization data for these metrics that the appliance collects:
CPU utilization
RAM utilization
The following performance data is collected but not used in sizing recommendations for
Azure VMware Solution assessments:
The disk IOPS and throughput data for every disk attached to the VM.
The network I/O to handle performance-based sizing for each network adapter
attached to a VM.
Property Details
Target location Specifies the Azure VMware Solution private cloud location to which you
want to migrate.
Storage type Specifies the storage engine to be used in Azure VMware Solution. Azure
VMware Solution currently only supports vSAN as a default storage type but
more storage options will be coming as per roadmap.
Reserved This property helps you specify Reserved Instances in Azure VMware Solution
Instances (RIs) if purchased and the term of the Reserved Instance. Your cost estimates will
take the option chosen into account.Learn more
Node type Specifies the Azure VMware Solution Node type used to be used in Azure.
The default node type is AV36. More node types might be available in future.
Azure Migrate will recommend a required number of nodes for the VMs to be
migrated to Azure VMware Solution.
FTT Setting, Specifies the valid combination of Failures to Tolerate and Raid combinations.
RAID Level The selected FTT option combined with RAID level and the on-premises
vSphere VM disk requirement will determine the total vSAN storage required
in Azure VMware Solution. Total available storage after calculations also
includes a) space reserved for management objects such as vCenter Server
and b) 25% storage slack required for vSAN operations.
Sizing criterion Sets the criteria to be used to determine memory, cpu and storage
requirements for Azure VMware Solution nodes. You can opt for performance-
based sizing or as on-premises without considering the performance history.
To simply lift and shift, choose as on-premises. To obtain usage based sizing,
choose performance based.
Performance Sets the duration to consider in evaluating the performance data of servers.
history This property is applicable only when the sizing criteria is performance-based.
Property Details
Percentile Specifies the percentile value of the performance sample set to be considered
utilization for right-sizing. This property is applicable only when the sizing is
performance-based.
Comfort factor Azure Migrate considers a buffer (comfort factor) during assessment. This
buffer is applied on top of server utilization data for VMs (CPU, memory and
disk). The comfort factor accounts for issues such as seasonal usage, short
performance history, and likely increases in future usage. For example, a 10-
core VM with 20% utilization normally results in a 2-core VM. However, with a
comfort factor of 2.0x, the result is a 4-core VM instead.
Offer Displays the Azure offer you're enrolled in. Azure Migrate estimates the
cost accordingly.
Discount (%) Lists any subscription-specific discount you receive on top of the Azure offer.
The default setting is 0%.
Azure Hybrid Specifies whether you have software assurance and are eligible for Azure
Benefit Hybrid Benefit . Although it has no impact on Azure VMware Solution
pricing due to the node-based price, customers can still apply the on-
premises OS or SQL licenses (Microsoft based) in Azure VMware Solution
using Azure Hybrid Benefits. Other software OS vendors will have to provide
their own licensing terms, such as RHEL for example.
vCPU Specifies the ratio of number of virtual cores tied to one physical core in the
Oversubscription Azure VMware Solution node. The default value in the calculations is 4 vCPU:1
physical core in Azure VMware Solution. API users can set this value as an
integer. Note that vCPU Oversubscription > 4:1 may impact workloads
depending on their CPU usage. When sizing, we always assume 100%
utilization of the cores chosen.
Deduplication Specifies the anticipated deduplication and compression factor for your
and compression workloads. Actual value can be obtained from on-premises vSAN or storage
factor configurations. These vary by workload. A value of 3 would mean 3x so for
300GB disk only 100GB storage would be used. A value of 1 would mean no
deduplication or compression. You can only add values from 1 to 10 up to
one decimal place.
Ready for AVS: The server can be migrated as-is to Azure VMware Solution
without any changes. It will start in Azure VMware Solution with full support.
Ready with conditions: There might be some compatibility issues example internet
protocol or deprecated OS in VMware vSphere and need to be remediated before
migrating to Azure VMware Solution. To fix any readiness problems, follow the
remediation guidance the assessment suggests.
Not ready for AVS: The VM will not start in Azure VMware Solution. For example, if
the on-premises VMware vSphere VM has an external device attached, such as a
cd-rom, the VMware vMotion operation will fail (if using VMware vMotion).
Readiness unknown: Azure Migrate couldn't determine the readiness of the server
because of insufficient metadata collected from the on-premises environment.
The assessment reviews the server properties to determine the Azure readiness of the
on-premises vSphere server.
Server properties
The assessment reviews the following property of the on-premises vSphere VM to
determine whether it can run on Azure VMware Solution.
Internet Azure VMware Solution currently does not support end to end Unsupported
Protocol IPv6 internet addressing. Contact your local MSFT Azure VMware IPv6
Solution GBB team for guidance on remediation guidance if your
server is detected with IPv6.
Unsupported
OS
Sizing
After a vSphere server is marked as ready for Azure VMware Solution, Azure VMware
Solution Assessment makes node sizing recommendations, which involve identifying the
appropriate on-premises vSphere VM requirements and finding the total number of
Azure VMware Solution nodes required. These recommendations vary, depending on
the assessment properties specified.
7 Note
If your import serves by using a CSV file, the performance values you specify (CPU
utilization, Memory utilization, Storage in use, Disk IOPS, and throughput) are used
if you choose performance-based sizing. You will not be able to provide
performance history and percentile information.
If you don't want to consider the performance data for VM sizing and want to take
the on-premises vSphere servers as-is to Azure VMware Solution, you can set the
sizing criteria to as on-premises. Then, the assessment will size the VMs based on
the on-premises vSphere configuration without considering the utilization data.
Performance-based sizing
For performance-based sizing, Azure Migrate appliance profiles the on-premises
vSphere environment to collect performance data for CPU, memory and disk. Thus,
performance based sizing for Azure VMware Solution will take into consideration the
allocated disk space and using the chosen percentile utilization of memory and CPU. For
example if a VM has 4 vCPU allocated but only using 25% then Azure VMware Solution
will size for 1 vCPU for that VM.
1. For VMware vSphere VMs, the Azure Migrate appliance collects a real-time sample
point at every 20-second interval.
2. The appliance rolls up the sample points collected every 10 minutes and sends the
maximum value for the last 10 minutes to Azure Migrate.
3. Azure Migrate stores all the 10-minute sample points for the last one month. Then,
depending on the assessment properties specified for Performance history and
Percentile utilization, it identifies the appropriate data point to use for right-sizing.
For example, if the performance history is set to 1 day and the percentile utilization
is the 95th percentile, Azure Migrate uses the 10-minute sample points for the last
one day, sorts them in ascending order, and picks the 95th percentile value for
right-sizing.
4. This value is multiplied by the comfort factor to get the effective performance
utilization data for each metric (CPU utilization and memory utilization) that the
appliance collects.
After the effective utilization value is determined, the storage, network, and compute
sizing is handled as follows.
Storage sizing: Azure Migrate uses the total on-premises VM disk space as a calculation
parameter to determine Azure VMware Solution vSAN storage requirements in addition
to the customer-selected FTT setting. FTT - Failures to tolerate as well as requiring a
minimum number of nodes per FTT option will determine the total vSAN storage
required combined with the VM disk requirement. If your import serves by using a CSV
file, storage utilization is taken into consideration when you create a performance based
assessment. If you create an as-on-premises assessment, the logic only looks at
allocated storage per VM.
Network sizing: Azure VMware Solution assessments currently do not take any network
settings into consideration for node sizing. While migrating to Azure VMware Solution,
minimums and maximums as per VMware NSX- T Data Center standards are used.
Compute sizing: After it calculates storage requirements (FTT Sizing Parameters), Azure
VMware Solution assessment considers CPU and memory requirements to determine
the number of nodes required for Azure VMware Solution based on the node type.
Based on the sizing criteria, Azure VMware Solution assessment looks at either the
performance-based VM data or the on-premises vSphere VM configuration. The
comfort factor setting allows for specifying growth factor of the cluster. Currently
by default, hyperthreading is enabled and thus a 36 core nodes will have 72
vCores. 4 vCores per physical is used to determine CPU thresholds per cluster
using the VMware standard of not exceeding 80% utilization to allow for
maintenance or failures to be handled without compromising cluster availability.
There is currently no override available to change the oversubscription values and
we may have this in future versions.
As on-premises sizing
If you use as on-premises sizing, Azure VMware Solution assessment doesn't consider
the performance history of the VMs and disks. Instead, it allocates Azure VMware
Solution nodes based on the size allocated on-premises. The default storage type is
vSAN in Azure VMware Solution.
Memory utilization also already accounts for management overhead from vCenter
Server, NSX-T Manager and other smaller resources.
1. Size required for VMs (either allocated as is or performance based used space)
2. Apply growth factor if any
3. Add management overhead and apply FTT ratio
4. Apply deduplication and compression factor
5. Apply required 25% slack for vSAN
6. Result available storage for VMs out of total storage including management
overhead.
The available storage on a 3 node cluster will be based on the default storage policy,
which is Raid-1 and uses thick provisioning. When calculating for erasure coding or
Raid-5 for example, a minimum of 4 nodes is required. Note that in Azure VMware
Solution, the storage policy for customer workload can be changed by the administrator
or Run Command(Currently in Preview). [Learn more] (./azure-vmware/configure-
storage-policy.md)
Limiting factor
The limiting factor shown in assessments could be CPU or memory or storage resources
based on the utilization on nodes. It is the resource, which is limiting or determining the
number of hosts/nodes required to accommodate the resources. For example, in an
assessment if it was found that after migrating 8 VMware VMs to Azure VMware
Solution, 50% of CPU resources will be utilized, 14% of memory is utilized and 18% of
storage will be utilized on the 3 Av36 nodes and thus CPU is the limiting factor.
Confidence ratings
Each performance-based assessment in Azure Migrate is associated with a confidence
rating that ranges from one (lowest) to five stars (highest).
The confidence rating of an assessment helps you estimate the reliability of the
size recommendations provided by Azure Migrate.
If any of these utilization numbers are unavailable in vCenter Server, the size
recommendation might not be reliable.
Depending on the percentage of data points available, the confidence rating for the
assessment goes as follows.
0-20% 1 star
21-40% 2 stars
41-60% 3 stars
61-80% 4 stars
81-100% 5 stars
You didn't profile your environment for the duration for which you're creating the
assessment. For example, if you create the assessment with performance duration
set to one day, you must wait at least a day after you start discovery for all the data
points to get collected.
Assessment is not able to collect the performance data for some or all the VMs in
the assessment period. For a high confidence rating, please ensure that:
VMs are powered on for the duration of the assessment
Outbound connections on ports 443 are allowed
For Hyper-V VMs, dynamic memory is enabled
Some VMs were created during the time for which the assessment was calculated.
For example, assume you created an assessment for the performance history of the
last month, but some VMs were created only a week ago. In this case, the
performance data for the new VMs will not be available for the entire duration and
the confidence rating would be low.
7 Note
If the confidence rating of any assessment is less than five stars, we recommend
that you wait at least a day for the appliance to profile the environment, and then
recalculate the assessment. If you don't, performance-based sizing might not be
reliable. In that case, we recommend that you switch the assessment to on-
premises sizing.
The calculation takes the number of nodes required, node type and location into
account.
It aggregates the cost across all nodes to calculate the total monthly cost.
Costs are displayed in the currency specified in the assessment settings.
As the pricing for Azure VMware Solution is per node, the total cost does not have
compute cost and storage cost distribution. Learn More
Migration Tool Guidance
In the Azure readiness report for Azure VMware Solution assessment, you can see the
following suggested tools:
VMware HCX or Enterprise: For VMware vSphere servers, VMware Hybrid Cloud
Extension (HCX) solution is the suggested migration tool to migrate your on-
premises vSphere workload to your Azure VMware Solution private cloud. Learn
More.
Unknown: For servers imported via a CSV file, the default migration tool is
unknown. Though for VMware vSphere servers, it is recommended to use the
VMware Hybrid Cloud Extension (HCX) solution.
Next steps
Create an assessment for Azure VMware Solution VMs.
Best practices for creating assessments
Article • 11/21/2022 • 9 minutes to read
Azure Migrate provides a hub of tools that help you to discover, assess, and migrate
apps, infrastructure, and workloads to Microsoft Azure. The hub includes Azure Migrate
tools, and third-party independent software vendor (ISV) offerings.
This article summarizes the best practices when creating assessments using the Azure
Migrate Discovery and assessment tool.
Assessments you create with Azure Migrate: Discovery and assessment tool are a point-
in-time snapshot of data. There are four types of assessments you can create using
Azure Migrate: Discovery and assessment:
Assessment Details
Type
You can assess your on-premises servers in VMware and Hyper-V environment,
and physical servers for migration to Azure using this assessment type. Learn
more
Azure SQL Assessments to migrate your on-premises SQL servers from your VMware
environment to Azure SQL Database or Azure SQL Managed Instance. Learn
More
Azure App Assessments to migrate your on-premises ASP.NET web apps running on IIS web
Service server, from your VMware environment to Azure App Service. Learn More
7 Note
If the number of Azure VM or AVS assessments are incorrect on the Discovery and
assessment tool, click on the total number of assessments to navigate to all the
assessments and recalculate the Azure VM or AVS assessments. The Discovery and
assessment tool will then show the correct count for that assessment type.
Sizing criteria
Sizing criteria options in Azure Migrate assessments:
Example
As an example, if you have an on-premises VM with four cores at 20% utilization, and
memory of 8 GB with 10% utilization, the Azure VM assessment will be as follows:
Performance-based assessment:
Identifies effective cores and memory based on core (4 x 0.20 = 0.8), and
memory (8 GB x 0.10 = 0.8) utilization.
Applies the comfort factor specified in assessment properties (let's say 1.3x) to
get the values to be used for sizing.
Recommends the nearest VM size in Azure that can support ~1.04 cores (0.8 x
1.3) and ~1.04 GB (0.8 x 1.3) memory.
Create as-is assessments: You can create as-is assessments immediately once your
servers show up in the Azure Migrate portal. You cannot create an Azure SQL
assessment with sizing criteria "As on-premises". Azure App Service assessment by
default is "As on-premises".
Create performance-based assessment: After setting up discovery, we
recommend that you wait at least a day before running a performance-based
assessment:
Collecting performance data takes time. Waiting at least a day ensures that
there are enough performance data points before you run the assessment.
When you're running performance-based assessments, make sure you profile
your environment for the assessment duration. For example, if you create an
assessment with a performance duration set to one week, you need to wait for
at least a week after you start discovery, for all the data points to be collected. If
you don't, the assessment won't get a five-star rating.
Recalculate assessments: Since assessments are point-in-time snapshots, they
aren't automatically updated with the latest data. To update an assessment with
the latest data, you need to recalculate it.
Follow these best practices for assessments of servers imported into Azure Migrate via
.CSV file:
Create as-is assessments: You can create as-is assessments immediately once your
servers show up in the Azure Migrate portal.
Create performance-based assessment: This helps to get a better cost estimate,
especially if you have overprovisioned server capacity on-premises. However, the
accuracy of the performance-based assessment depends on the performance data
specified by you for the servers.
Recalculate assessments: Since assessments are point-in-time snapshots, they
aren't automatically updated with the latest data. To update an assessment with
the latest imported data, you need to recalculate it.
FTT Sizing Parameters for AVS assessments
The storage engine used in AVS is vSAN. vSAN storage policies define storage
requirements for your virtual machines. These policies guarantee the required level of
service for your VMs because they determine how storage is allocated to the VM. These
are the available FTT-Raid Combinations:
Azure SQL assessments need the performance data of the SQL instances and
databases being assessed, which include:
The CPU and memory utilization data
The read/write IOPS/throughput data of data and Log files
The latency of IO operations
Depending on the percentage of data points available for the selected duration, the
confidence rating for an assessment is provided as summarized in the following table.
Data point availability Confidence rating
0%-20% 1 Star
21%-40% 2 Star
41%-60% 3 Star
61%-80% 4 Star
81%-100% 5 Star
Out-of-sync assessments
If you add or remove servers from a group after you create an assessment, the
assessment you created will be marked out-of-sync. Run the assessment again
(Recalculate) to reflect the group changes.
Outdated assessments
If there are changes to on-premises web apps that are in a group that's been assessed,
the assessment is marked outdated. An assessment can be marked as “Outdated”
because of one or more reasons below:
You did not profile your environment for the duration for which you are creating
the assessment. For example, if you are creating an assessment with performance
duration set to one week, you need to wait for at least a week after you start the
discovery for all the data points to get collected. If you cannot wait for the
duration, please change the performance duration to a smaller period and
'Recalculate' the assessment.
Assessment is not able to collect the performance data for some or all the servers
in the assessment period. For a high confidence rating, please ensure that:
Servers are powered on during the assessment
Outbound connections on ports 443 are allowed
For Hyper-V Servers dynamic memory is enabled
The connection status of agents in Azure Migrate are 'Connected' and check the
last heartbeat
For Azure SQL assessments, Azure Migrate connection status for all SQL
instances is "Connected" in the discovered SQL instance blade
For Azure VM and AVS assessments, few servers were created after discovery had
started. For example, if you are creating an assessment for the performance history
of last one month, but few servers were created in the environment only a week
ago. In this case, the performance data for the new servers will not be available for
the entire duration and the confidence rating would be low.
For Azure SQL assessments, few SQL instances or databases were created after
discovery had started. For example, if you are creating an assessment for the
performance history of last one month, but few SQL instances or databases were
created in the environment only a week ago. In this case, the performance data for
the new servers will not be available for the entire duration and the confidence
rating would be low.
VMware HCX or Enterprise: For VMware servers, VMware Hybrid Cloud Extension
(HCX) solution is the suggested migration tool to migrate your on-premises
workload to your Azure VMware Solution (AVS) private cloud. Learn More.
Unknown: For servers imported via a CSV file, the default migration tool is
unknown. Though, for servers in VMware environment, its is recommended to use
the VMware Hybrid Cloud Extension (HCX) solution.
Next steps
Learn how assessments are calculated.
Learn how to customize an assessment.
Build migration plan with Azure Migrate
Article • 05/05/2023
Follow this article to build your migration plan to Azure with Azure Migrate.
Identifying your motivation helps you to pin down your strategic migration goals. The
next step is to identify and plan a migration path that's tailored for your workloads. The
Azure Migrate: Discovery and Assessment tool helps you to assess on-premises
workloads, and provides guidance and tools to help you migrate.
Workloads in use
Azure Migrate uses a lightweight Azure Migrate appliance to perform agentless
discovery of on-premises VMware VMs, Hyper-V VMs, other virtualized servers, and
physical servers. Continuous discovery collects server configuration information, and
performance metadata, and application data. Here's what the appliance collects from
on-premises servers:
Performance data, including CPU and memory utilization, disk IOPS, and
throughput.
After collecting data, you can export the application inventory list to find apps, and SQL
Server instances running on your servers. You can use the Azure Migrate: Database
Assessment tool to understand SQL Server readiness.
Along with data discovered with the Discovery and assessment tool, you can use your
Configuration Management Database (CMDB) data to build a view of your server and
database estate, and to understand how your servers are distributed across business
units, application owners, geographies, etc. This helps decide which workloads to
prioritize for migration.
Readiness/suitability analysis
You can export the assessment report, and filter on these categories to understand
Azure readiness:
Ready for Azure: Servers can be migrated as-is to Azure, without any changes.
Conditionally ready for Azure: Servers can be migrated to Azure, but need minor
changes, in accordance with the remediation guidance provided in the assessment.
Not ready for Azure: Servers can't be migrated to Azure as-is. Issues must be fixed
in accordance with remediation guidance, before migration.
Readiness unknown: Azure Migrate can't determine server readiness, because of
insufficient metadata.
Using database assessments, you can assess the readiness of your SQL Server data
estate for migration to Azure SQL Database, or Azure SQL Managed Instances. The
assessment shows migration readiness status percentage for each of your SQL server
instances. In addition, for each instance you can see the recommended target in Azure,
potential migration blockers, a count of breaking changes, readiness for Azure SQL DB
or Azure SQL VM, and a compatibility level. You can dig deeper to understand the
impact of migration blockers, and recommendations for fixing them.
Sizing Recommendations
After a server is marked as ready for Azure, Discovery and assessment makes sizing
recommendations that identify the Azure VM SKU and disk type for your servers. You
can get sizing recommendations based on performance history (to optimize resources
as you migrate), or based on on-premises server settings, without performance history.
In a database assessment, you can see recommendations for the database SKU, pricing
tier, and compute level.
Visualize data
You can view Discovery and assessment reports (with Azure readiness information, and
monthly cost distribution) in the portal. You can also export assessment, and enrich your
migration plan with additional visualizations. You can create multiple assessments, with
different combinations of properties, and choose the set of properties that work best for
your business.
Evaluate gaps/blockers
As you figure out the apps and workloads you want to migrate, identify downtime
constraints for them, and look for any operational dependencies between your apps and
the underlying infrastructure. This analysis helps you to plan migrations that meet your
recovery time objective (RTO), and ensure minimal to zero data loss. Before you migrate,
we recommend that you review and mitigate any compatibility issues, or unsupported
features that may block server/SQL database migration. The Azure Migrate Discovery
and assessment report, and Azure Migrate Database Assessment, can help with this.
Prioritize workloads
After you've collected information about your inventory, you can identify which apps
and workloads to migrate first. Develop an “apply and learn” approach to migrate apps
in a systematic and controllable way, so that you can iron out any flaws before starting a
full-scale migration.
To prioritize migration order, you can use strategic factors such as complexity, time-to-
migrate, business urgency, production/non-
production considerations, compliance, security requirements, application knowledge, etc.
A few recommendations:
Prioritize quick wins: Use the assessment reports to identify low-hanging fruit,
including servers and databases that are fully ready, and require minimal effort to
migrate to Azure. The table summarizes a few ways to do this.
State Action
Azure Export the assessment report, and filter all servers with state Ready for Azure.
ready VMs This might be the first group of servers that you lift and shift to Azure, using
the Migration and modernization tool.
End-of- Export the assessment report, and filter all servers running Windows
support Server 2008 R2/Windows Server 2008. These operating systems are at the end
operating of support, and only Azure provides a free three years of security updates
systems when you migrate them to Azure. If you combine Azure Hybrid Benefit, and
use RIs, the savings could be higher.
SQL Server Use the database assessment recommendations to migrate databases that
migration are ready for Azure SQL Database, using the Azure Migrate: Database
Migration tool. Migrate the databases ready for Azure SQL VM using the
Migration and modernization tool.
End-of- Export your application inventory, and filter for any software/extensions that
support might be reaching end-of-support. Prioritize these applications for migration.
software
Under- Export the assessment report, and filter for servers with low CPU utilization
provisioned (%) and memory utilization (%). Migrate to a right-sized Azure VM, and save
servers on costs for underutilized resources.
State Action
Over- Export the assessment report and filter for servers with high CPU utilization
provisioned (%) and memory utilization (%). Solve capacity constraints, prevent
servers overstrained servers from breaking, and increase performance by migrating
these servers to Azure. In Azure, use autoscaling capabilities to meet
demand.
Start small, then go big: Start by moving apps and workloads that present minimal
risk and complexity, to build confidence in your migration strategy. Analyze Azure
Migrate assessment recommendations together with your CMDB repository, to
find and migrate dev/test workloads that might be candidates for pilot migrations.
Feedback and learnings from pilot migrations can be helpful as you begin
migrating production workloads.
Comply: Azure maintains the largest compliance portfolio in the industry, in terms
of breadth and depth of offerings. Use compliance requirements to prioritize
migrations, so that apps and workloads comply with your national/regional and
industry-specific standards and laws. This is especially true for organizations that
deal with business-critical process, hold sensitive information, or are in heavily
regulated industries. In these types of organizations, standards and regulations
abound, and might change often, being difficult to keep up with.
Create an effective cloud migration plan that includes detailed information about the
apps you want to migrate, app/database availability, downtime constraints, and
migration milestones. The plan considers how long the data copy takes, and include a
realistic buffer for post-migration testing, and cut-over activities.
Build a migration roadmap, and declare a maintenance window to migrate your apps
and databases with minimal to zero downtime, and limit the potential operational and
business impact during migration.
Migrate
We recommend that you run a test migration in Azure Migrate, before starting a full-
scale migration. A test migration helps you to estimate the time involved, and tweak
your migration plan. It provides an opportunity to discover any potential issues, and fix
them before the full migration.
When you're ready for migration, use the Migration and modernization tool, and the
Azure Data Migration Service (DMS), for a seamless and integrated migration
experience, with end-to-end tracking.
With the Migration and modernization tool, you can migrate on-premises VMs and
servers, or VMs located in other private or public cloud (including AWS, GCP) with
around zero downtime.
Azure DMS provides a fully managed service that's designed to enable seamless
migrations from multiple database sources to Azure Data platforms, with minimal
downtime.
Next steps
Investigate the cloud migration journey in the Azure Cloud Adoption Framework.
Get a quick overview of Azure Migrate, and watch a getting started video .
Learn more about assessing VMs for migration to Azure VMs.
Support matrix for VMware vSphere
migration
Article • 02/28/2023 • 10 minutes to read
This article summarizes support settings and limitations for migrating VMware vSphere
VMs with Migration and modernization . If you're looking for information about
assessing VMware vSphere VMs for migration to Azure, review the assessment support
matrix.
Migration options
You can migrate VMware vSphere VMs in a couple of ways:
Review this article to figure out which method you want to use.
Agentless migration
This section summarizes requirements for agentless VMware vSphere VM migration to
Azure.
VMware Details
vCenter Agentless migration uses the Migrate Appliance. The appliance needs these
Server permissions in vCenter Server:
permissions
- Datastore.Browse (Datastore -> Browse datastore): Allow browsing of VM log
files to troubleshoot snapshot creation and deletion.
VM requirements (agentless)
The table summarizes agentless migration requirements for VMware vSphere VMs.
Support Details
Support Details
Supported operating You can migrate Windows and Linux operating systems supported by
systems Azure.
Windows VMs in You might need to make some changes on VMs before migration.
Azure
Linux VMs in Azure Some VMs might require changes so that they can run in Azure.
For Linux, Azure Migrate makes the changes automatically for these
operating systems:
- Red Hat Enterprise Linux 8.x, 7.x, 6.x
- Cent OS 8.x, 7.x, 6.x
- SUSE Linux Enterprise Server 15 SP0, 15 SP1, 12, 11 SP4, 11 SP3
- Ubuntu 20.04, 19.04, 19.10, 14.04LTS, 16.04LTS, 18.04LTS
- Debian 10, 9, 8, 7
- Oracle Linux 8, 7.7-CI, 7.7, 6
For other operating systems, you make the required changes manually.
The SELinux Enforced setting is currently not fully supported. It causes
Dynamic IP setup and Microsoft Azure Linux Guest agent
(waagent/WALinuxAgent) installation to fail. You can still migrate and
use the VM.
Boot requirements If /boot is on a dedicated partition, it should reside on the OS disk, and
not be spread across multiple disks.
If /boot is part of the root (/) partition, then the '/' partition should be
on the OS disk, and not span other disks.
Disk size Up to 2-TB OS disk for gen 1 VM and gen 2 VMs; 32 TB for data disks.
RDM/passthrough If VMs have RDM or passthrough disks, these disks won't be replicated
disks to Azure.
iSCSI targets VMs with iSCSI targets aren't supported for agentless migration.
Target disk VMs can be migrated only to managed disks (standard HDD, standard
SSD, premium SSD) in Azure.
Simultaneous Up to 300 simultaneously replicating VMs per vCenter Server with one
replication appliance. Up to 500 simultaneously replicating VMs per vCenter Server
when an additional scale-out appliance is deployed.
7 Note
Ensure that the following special characters are not passed in any credentials as
they are not supported for SSO passwords:
7 Note
In addition to the Internet connectivity, for Linux VMs, ensure that the following
packages are installed for successful installation of Microsoft Azure Linux agent
(waagent):
Python 2.6+
OpenSSL 1.0+
OpenSSH 5.3+
Filesystem utilities: sfdisk, fdisk, mkfs, parted
Password tools: chpasswd, sudo
Text processing tools: sed, grep
Network tools: ip-route
Tip
Using the Azure portal you'll be able to select up to 10 VMs at a time to configure
replication. To replicate more VMs you can use the portal and add the VMs to be
replicated in multiple batches of 10 VMs, or use the Azure Migrate PowerShell
interface to configure replication. Ensure that you don't configure simultaneous
replication on more than the maximum supported number of VMs for simultaneous
replications.
Device Connection
Appliance Outbound connections on port 443 to upload replicated data to Azure, and to
communicate with Azure Migrate services orchestrating replication and migration.
vCenter Inbound connections on port 443 to allow the appliance to orchestrate replication -
Server create snapshots, copy data, release snapshots.
vSphere Inbound on TCP port 902 for the appliance to replicate data from snapshots.
ESXi host Outbound port 902 from ESXi host.
Agent-based migration
This section summarizes requirements for agent-based migration.
VMware Details
vSphere
requirements
Replication: Create a role (Azure Site Recovery) with the required permissions,
and then assign the role to a VMware vSphere user or group
Data Center object –> Propagate to Child Object, role=Azure Site Recovery
Datastore -> Allocate space, browse datastore, low-level file operations, remove
file, update virtual machine files
Resource -> Assign VM to resource pool, migrate powered off VM, migrate
powered on VM
Virtual machine -> Interact -> answer question, device connection, configure
CD media, configure floppy media, power off, power on, VMware tools install
Virtual machine -> Provisioning -> Allow virtual machine download, allow
virtual machine files upload
Note:
User assigned at datacenter level, and has access to all the objects in the
datacenter.
To restrict access, assign the No access role with the Propagate to child object,
to the child objects (vSphere hosts, datastores, VMs, and networks).
VM requirements (agent-based)
The table summarizes VMware vSphere VM support for VMware vSphere VMs you want
to migrate using agent-based migration.
Support Details
Machine Azure Migrate supports migration of any workload (say Active Directory, SQL
workload server, etc.) running on a supported machine.
Operating For the latest information, review the operating system support for Site
systems Recovery. Azure Migrate provides identical VM operating system support.
Linux file For the latest information, review the Linux file system support for Site
system/guest Recovery. Azure Migrate has identical Linux file system support.
storage
Network/Storage For the latest information, review the network and storage prerequisites for
Site Recovery. Azure Migrate provides identical network/storage
requirements.
Azure For the latest information, review the Azure network, storage, and compute
requirements requirements for Site Recovery. Azure Migrate has identical requirements for
VMware migration.
Mobility service The Mobility service agent must be installed on each VM you want to
migrate.
UEFI boot Supported. UEFI-based VMs will be migrated to Azure generation 2 VMs.
Target disk VMs can only be migrated to managed disks (standard HDD, standard SSD,
premium SSD) in Azure.
Disk size up to 2-TB OS disk for gen 1 VM; up to 4-TB OS disk for gen 2 VM; 32 TB for
data disks.
Independent Supported.
disks
Passthrough Supported.
disks
Device Connection
VMs The Mobility service running on VMs communicates with the on-premises
replication appliance (configuration server) on port HTTPS 443 inbound, for
replication management.
VMs send replication data to the process server (running on the configuration server
machine) on port HTTPS 9443 inbound. This port can be modified.
Replication The replication appliance orchestrates replication with Azure over port HTTPS 443
appliance outbound.
Process The process server receives replication data, optimizes, and encrypts it, and sends it
server to Azure storage over port 443 outbound.
By default the process server runs on the replication appliance.
Azure VM requirements
All on-premises VMs replicated to Azure (with agentless or agent-based migration) must
meet the Azure VM requirements summarized in this table.
Component Requirements
Guest 64-bit.
operating
system
architecture
Operating 1
system disk
count
The machine name must start and end with a letter or number.
Component Requirements
Make sure that TCP and UDP rules are added for the Public profile, and that RDP
is allowed in Windows Firewall > Allowed Apps for all profiles.
For site-to-site VPN access, enable RDP and allow RDP in Windows Firewall >
Allowed apps and features for Domain and Private networks.
In addition, check that the operating system's SAN policy is set to OnlineAll.
Learn more.
After failover, on the Azure VM, allow incoming connections to the SSH port for
the network security group rules on the failed over VM, and for the Azure subnet
to which it's connected.
Next steps
Select a VMware vSphere migration option.
Support matrix for Hyper-V migration
Article • 12/12/2022 • 6 minutes to read
This article summarizes support settings and limitations for migrating Hyper-V VMs with
Migration and modernization . If you're looking for information about assessing Hyper-
V VMs for migration to Azure, review the assessment support matrix.
Migration limitations
You can select up to 10 VMs at once for replication. If you want to migrate more
machines, replicate in groups of 10.
Host Windows Server 2022, Windows Server 2019, Windows Server 2016, or Windows
operating Server 2012 R2 with latest updates. Note that Server core installation of these
system operating systems is also supported.
Port access Outbound connections on HTTPS port 443 to send VM replication data.
Hyper-V VMs
Support Details
Operating system All Windows and Linux operating systems that are supported by Azure.
Windows Server For VMs running Windows Server 2003, you need to install Hyper-V
2003 Integration Services before migration.
Support Details
Linux VMs in Some VMs might require changes so that they can run in Azure.
Azure
For Linux, Azure Migrate makes the changes automatically for these
operating systems:
- Red Hat Enterprise Linux 8.x, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.0, 6.x
- Cent OS 8.x, 7.7, 7.6, 7.5, 7.4, 6.x
- SUSE Linux Enterprise Server 15 SP0, 15 SP1, 12, 11 SP4, 11 SP3
- Ubuntu 20.04, 19.04, 19.10, 18.04LTS, 16.04LTS, 14.04LTS
- Debian 10, 9, 8, 7
- Oracle Linux 8, 7.7-CI, 7.7, 6
For other operating systems, you make the required changes manually.
Required changes Some VMs might require changes so that they can run in Azure. Make
for Azure adjustments manually before migration. The relevant articles contain
instructions about how to do this.
Linux boot If /boot is on a dedicated partition, it should reside on the OS disk, and not
be spread across multiple disks.
If /boot is part of the root (/) partition, then the '/' partition should be on the
OS disk, and not span other disks.
UEFI boot Supported. UEFI-based VMs will be migrated to Azure generation 2 VMs.
Disk size Up to 2 TB OS disk for gen 1 VM; up to 4 TB OS disk for gen 2 VM; 32 TB for
data disks.
For existing Azure Migrate projects, you may need to upgrade the
replication provider on the Hyper-V host to the latest version to replicate
large disks up to 32 TB.
Shared disk VMs using shared disks aren't supported for migration.
Target disk You can migrate to Azure VMs with managed disks only.
Support Details
Azure Site You can't replicate using Migration and modernization if the VM is enabled
Recovery for replication with Azure Site Recovery.
URL Details
URL Details
7 Note
If your Migrate project has private endpoint connectivity, the replication provider
software on the Hyper-V hosts will need access to these URLs for private link
support.
General Supported GPv2 storage accounts may incur higher transaction costs than V1
purpose V2 storage accounts.
storage
accounts
(Hot and
Cool tier)
Region Same Storage account should be in the same region as the virtual machine
region as being protected.
virtual
machine
Setting Support Details
Subscription Can be The Storage account need not be in the same subscription as the
different source virtual machine(s).
from
source
virtual
machines
Azure Supported If you are using firewall enabled replication storage account or target
Storage storage account, ensure you Allow trusted Microsoft services. Also,
firewalls for ensure that you allow access to at least one subnet of source VNet.
virtual You should allow access from All networks for public endpoint
networks connectivity.
Soft delete Not Soft delete is not supported because once it is enabled on replication
supported storage account, it increases cost. Azure Migrate performs very
frequent creates/deletes of log files while replicating causing costs to
increase.
Private Supported Follow the guidance to set up Azure Migrate with private endpoints.
endpoint
Azure VM requirements
All on-premises VMs replicated to Azure must meet the Azure VM requirements
summarized in this table.
Next steps
Migrate Hyper-V VMs for migration.
Support matrix for migration of physical
servers, AWS VMs, and GCP VMs
Article • 02/28/2023 • 4 minutes to read
This article summarizes support settings and limitations for migrating physical servers,
AWS VMs, and GCP VMs to Azure with Migration and modernization . If you're looking
for information about assessing physical servers for migration to Azure, review the
assessment support matrix.
Migration limitations
You can select up to 10 machines at once for replication. If you want to migrate more
machines, then replicate in groups of 10.
Support Details
Machine Azure Migrate supports migration of any workload (say Active Directory, SQL
workload server, etc.) running on a supported machine.
Operating For the latest information, review the operating system support for Site
systems Recovery. Azure Migrate provides identical operating system support.
Support Details
Linux file For the latest information, review the Linux file system support for Site
system/guest Recovery. Azure Migrate provides identical Linux file system support.
storage
Network/Storage For the latest information, review the network and storage prerequisites for
Site Recovery. Azure Migrate provides identical network/storage
requirements.
Azure For the latest information, review the Azure network, storage, and compute
requirements requirements for Site Recovery. Azure Migrate has identical requirements for
physical server migration.
Mobility service Install the Mobility service agent on each machine you want to migrate.
UEFI boot Supported. UEFI-based machines will be migrated to Azure generation 2 VMs.
Target disk Machines can be migrated only to managed disks (standard HDD, standard
SSD, premium SSD) in Azure.
Disk size up to 2-TB OS disk for gen 1 VM; up to 4-TB OS disk for gen 2 VM; 32 TB for
data disks.
Independent Supported.
disks
Passthrough Supported.
disks
iSCSI targets Machines with iSCSI targets aren't supported for agentless migration.
Azure VM requirements
All on-premises VMs replicated to Azure must meet the Azure VM requirements
summarized in this table. When Site Recovery runs a prerequisites check for replication,
the check fails if some of the requirements aren't met.
Additional resources
Documentation
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and
assessment
Show 5 more
Training
Learning path
Migrate application workloads and data to Azure - Learn
Migrate application workloads and data to Azure
Replication appliance
Article • 02/27/2023 • 7 minutes to read
This article describes the replication appliance used by the Migration and modernization
tool when migrating VMware VMs, physical machines, and private/public cloud VMs to
Azure, using agent-based migration.
Overview
The replication appliance is deployed when you set up agent-based migration of
VMware VMs or physical servers. It's deployed as a single on-premises machine, either
as a VMware VM or a physical server. It runs:
Appliance deployment
Used for Details
VMware VM You download OVA template from the Azure Migrate hub, and import to vCenter
agent-based Server to create the appliance VM.
migration
Physical If you don't have a VMware infrastructure, or if you can't create a VMware VM
machine using an OVA template, you download a software installer from the Azure
agent-based Migrate hub, and run it to set up the appliance machine.
migration
7 Note
If you're deploying in Azure Government, use the installation file to deploy the
replication appliance.
Appliance requirements
When you set up the replication appliance using the OVA template provided in the
Azure Migrate hub, the appliance runs Windows Server 2016 and complies with the
support requirements. If you set up the replication appliance manually on a physical
server, then make sure that it complies with the requirements.
Component Requirement
VMware
VM
appliance
PowerCLI PowerCLI version 6.0 should be installed if the replication appliance is running
on a VMware VM.
Hardware
settings
CPU cores 8
RAM 16 GB
Number of Two: The OS disk and the process server cache disk.
disks
Software
settings
License The appliance comes with a Windows Server 2016 evaluation license, which is valid
for 180 days.
If the evaluation period is close to expiry, we recommend that you download and
deploy a new appliance, or that you activate the operating system license of the
appliance VM.
Component Requirement
.NET .NET Framework 4.6 or later should be installed on the machine (with strong
Framework cryptography enabled.
Network
settings
IP address Static
type
IP address Make sure that configuration server and process server have a static IPv4 address,
and don't have NAT configured.
MySQL installation
MySQL must be installed on the replication appliance machine. It can be installed using
one of these methods.
Method Details
Download and Download the MySQL application & place it in the folder C:\Temp\ASRSetup,
install manually then install manually.
When you set up the appliance, MySQL shows as already installed.
Without online Place the MySQL installer application in the folder C:\Temp\ASRSetup. When
download you install the appliance and select download and install MySQL, setup uses
the installer you added.
Download and When you install the appliance and are prompted for MySQL, select Download
install in Azure and install.
Migrate
URL access
The replication appliance needs access to these URLs in the Azure public cloud.
URL Details
URL Details
7 Note
If your Migrate project has private endpoint connectivity, you will need access to
the following URLs over and above private link access:
URL Details
Port access
Device Connection
VMs The Mobility service running on VMs communicates with the on-premises
replication appliance (configuration server) on port HTTPS 443 inbound, for
replication management.
VMs send replication data to the process server (running on the configuration server
machine) on port HTTPS 9443 inbound. This port can be modified.
Replication The replication appliance orchestrates replication with Azure over port HTTPS 443
appliance outbound.
Process The process server receives replication data, optimizes, and encrypts it, and sends it
server to Azure storage over port 443 outbound.
By default the process server runs on the replication appliance.
Replication process
1. When you enable replication for a VM, initial replication to Azure storage begins,
using the specified replication policy.
2. Traffic replicates to Azure storage public endpoints over the internet. Replicating
traffic over a site-to-site virtual private network (VPN) from an on-premises site to
Azure isn't supported.
3. After initial replication finishes, delta replication begins. Tracked changes for a
machine are logged.
4. Communication happens as follows:
VMs communicate with the replication appliance on port HTTPS 443 inbound,
for replication management.
The replication appliance orchestrates replication with Azure over port HTTPS
443 outbound.
VMs send replication data to the process server (running on the replication
appliance) on port HTTPS 9443 inbound. This port can be modified.
The process server receives replication data, optimizes, and encrypts it, and
sends it to Azure storage over port 443 outbound.
5. The replication data logs first land in a cache storage account in Azure. These logs
are processed and the data is stored in an Azure managed disk.
Appliance upgrades
The appliance is upgraded manually from the Azure Migrate hub. We recommend that
you always run the latest version.
1. In Azure Migrate > Servers > Azure Migrate: Server Assessment, Infrastructure
servers, select Configuration servers.
2. In Configuration servers, a link appears in Agent Version when a new version of
the replication appliance is available.
3. Download the installer to the replication appliance machine, and install the
upgrade. The installer detects the version current running on the appliance.
Next steps
Learn how to set up the replication appliance for agent-based VMware VM
migration.
Learn how to set up the replication appliance for physical servers.
Additional resources
Documentation
Prepare machines for agentless migration with Azure Migrate - Azure Migrate
Learn how to prepare on-premises machines for agentless migration with Azure Migrate.
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and
assessment
Migrate VMware vSphere VMs with agent-based the Migration and modernization
tool - Azure Migrate
Learn how to run an agent-based migration of VMware vSphere VMs with Azure Migrate.
Show 5 more
Azure Migrate agentless migration of
VMware virtual machines
Article • 02/27/2023 • 13 minutes to read
This article describes the replication concepts when migrating VMware VMs using the
Migration and modernization tool's agentless migration method.
Replication process
The agentless replication option works by using VMware snapshots and VMware
changed block tracking (CBT) technology to replicate data from virtual machine disks.
The following block diagram shows you various steps involved when you migrate your
virtual machines using the Migration and modernization tool.
When replication is configured for a virtual machine, it first goes through an initial
replication phase. During initial replication, a VM snapshot is taken, and a full copy of
data from the snapshot disks is replicated to managed disks in your target subscription.
After initial replication for the VM is complete, the replication process transitions to an
incremental replication (delta replication) phase. In the incremental replication phase,
data changes that have occurred since the beginning of the last completed replication
cycle are replicated and written to the replica managed disks, thus keeping replication in
sync with changes happening on the VM.
VMware changed block tracking (CBT) technology is used to keep track of changes
between replication cycles. At the start of the replication cycle, a VM snapshot is taken
and changed block tracking is used to get the changes between the current snapshot
and the last successfully replicated snapshot. Only the data that has changed since the
previous completed replication cycle is replicated to keep replication for the VM in sync.
At the end of each replication cycle, the snapshot is released, and snapshot
consolidation is performed for the virtual machine.
When you perform the migrate operation on a replicating virtual machine, there's an
on-demand delta replication cycle that replicates the remaining changes since the last
replication cycle. After the on-demand cycle completes, the replica managed disks
corresponding to the virtual machine are used to create the virtual machine in Azure.
Right before triggering migrate/failover, you must shut down the on-premises virtual
machine. Shutting down the virtual machine ensures zero data loss during migration.
Once the migration is successful and the VM boots up in Azure, ensure that you stop
the replication of the VM. Stopping the replication will delete the intermediate disks
(seed disks) that were created during data replication, and you'll also avoid incurring
extra charges associated with the storage transactions on these disks.
Replication cycles
Replication cycles refer to the periodic process of transferring data from on-premises
environment to Azure managed disks. A full replication cycle consists of the following
steps:
DRA agent
Gateway agent
Azure components: The following table summarizes various Azure Artifacts that are
created while using the agentless method of VMware VM migration.
Service Bus Target region Azure Migrate Used for communication between cloud service
project's and Azure Migrate appliance
subscription
Log storage Target region Azure Migrate Used to store replication data, which is read by
account project's the service and applied on customer's
subscription managed disk
Gateway Target region Azure Migrate Used to store machine states during replication
storage project's
account subscription
Key vault Target region Azure Migrate Manages connection strings for service bus and
project's access keys for the log storage account
subscription
Network Target region Target The NICs attached to the VMs created in Azure
interface subscription
cards
Permissions required
When you start replication for the first time, the logged-in user must be assigned the
following roles:
For the subsequent replications, the logged-in user must be assigned the following
roles:
Owner or Contributor on the Azure Migrate project's Resource Group and the
target Resource Group
In addition to the roles described above, the logged-in user would need the following
permission at a subscription level -
Microsoft.Resources/subscriptions/resourceGroups/read
Data integrity
There are two stages in every replication cycle that ensures data integrity between the
on-premises disk (source disk) and the replica disk in Azure (target disk).
1. First, we validate if every sector that has changed in the source disk is replicated to
the target disk. Validation is performed using bitmaps. Source disk is divided into
sectors of 512 bytes. Every sector in the source disk is mapped to a bit in the
bitmap. When data replication starts, bitmap is created for all the changed blocks
(in delta cycle) in the source disk that needs to be replicated. Similarly, when the
data is transferred to the target Azure disk, a bitmap is created. Once the data
transfer completes successfully, the cloud service compares the two bitmaps to
ensure no changed block is missed. In case there's any mismatch between the
bitmaps, the cycle is considered failed. As every cycle is resynchronization, the
mismatch will be fixed in the next cycle.
2. Next we ensure that the data that's transferred to the Azure disks is the same as
the data that was replicated from the source disks. Every changed block that is
uploaded is compressed and encrypted before it's written as a blob in the log
storage account. We compute the checksum of this block before compression. This
checksum is stored as metadata along with the compressed data. Upon
decompression, the checksum for the data is calculated and compared with the
checksum computed in the source environment. If there's a mismatch, the data
isn't written to the Azure disks, and the cycle is considered failed. As every cycle is
resynchronization, the mismatch will be fixed in the next cycle.
Security
The Azure Migrate appliance compresses data and encrypts before uploading. Data is
transmitted over a secure communication channel over https and uses TLS 1.2 or later.
Additionally, Azure Storage automatically encrypts your data when it is persisted it to
the cloud (encryption-at-rest).
Replication status
When a VM undergoes replication (data copy), there are a few possible states:
Initial replication queued: The VM is queued for replication (or migration) as there
may be other VMs that are consuming the on-premises resources (during
replication or migration). Once the resources are free, this VM will be processed.
Initial replication in progress: The VM is being scheduled for initial replication.
Initial replication: The VM is undergoing initial replication. When the VM is
undergoing initial replication, you can't proceed with test migration and migration.
You can only stop replication at this stage.
Initial replication (x%): The initial replication is active and has progressed by x%.
Delta sync: The VM may be undergoing a delta replication cycle that replicates the
remaining data churn since the last replication cycle.
Pause in progress: The VM is undergoing an active delta replication cycle and will
be paused in some time.
Paused: The replication cycles have been paused. The replication cycles can be
resumed by performing a resume replication operation.
Resume queued: The VM is queued for resuming replication as there are other
VMs that are currently consuming the on-premises resources.
Resume in progress (x%): The replication cycle is being resumed for the VM and
has progressed by x%.
Stop replication in progress: Replication cleanup is in progress. When you stop
replication, the intermediate managed disks (seed disks) created during replication
will be deleted. Learn more.
Complete migration in progress: Migration cleanup is in progress. When you
complete migration, the intermediate managed disks (seed disks) created during
replication will be deleted. Learn more.
– : When the VM has successfully migrated and/or when you have stopped
replication, the status changes to “-“. Once you stop replication / complete
migration and the operation finishes successfully, the VM will be removed from the
list of replicating machines. You can find the VM in the virtual machines tab in the
replicate wizard.
Other states
Initial replication failed: The initial data couldn't be copied for the VM. Follow the
remediation guidance to resolve.
Repair pending: There was an issue in the replication cycle. You can select the link
to understand possible causes and actions to remediate (as applicable). If you had
opted for Automatically repair replication by selecting Yes when you triggered
replication of VM, the tool will try to repair it for you. Else, select the VM, and
select Repair Replication. If you didn't opt for Automatically repair replication or
if the above step didn't work for you, then stop replication for the virtual machine,
reset the changed block tracking on the virtual machine, and then reconfigure the
replication.
Repair replication queued: The VM is queued for replication repair as there are
other VMs that are consuming the on-premises resources. Once the resources are
free, the VM will be processed for repair replication.
Resync (x%): The VM is undergoing a data resynchronization. This can happen if
there was some issue / mismatch during data replication.
Stop replication/complete migration failed: Select the link to understand the
possible causes for failure and actions to remediate (as applicable).
7 Note
Some VMs are put in queued state to ensure minimal impact on the source
environment due to storage IOPS consumption. These VMs are processed based on
the scheduling logic as described in the next section.
Other states
Completed with info: The migration/test migration job completed with
information. You can select the link to check the last migration job for possible
causes and actions to remediate (as applicable).
Failed: The migration/test migration job failed. You can select the link to check the
last migration job for possible causes and actions to remediate.
Scheduling logic
Initial replication is scheduled when replication is configured for a VM. It's followed by
incremental replications (delta replications).
First delta replication cycle is scheduled immediately after the initial replication
cycle completes
Next delta replication cycles are scheduled according to the following logic: max
[(Previous delta replication cycle time/2), 1 hour]
That is, next delta replication will be scheduled no sooner than one hour. For example, if
a VM takes four hours for a delta replication cycle, the next delta replication cycle is
scheduled in two hours, and not in the next hour.
7 Note
The scheduling logic is different after the initial replication completes. The first
delta cycle is scheduled immediately after the initial replication completes and
subsequent cycles follow the scheduling logic described above.
That is, whenever a migrate operation is triggered, the on-demand replication cycle for
the VM is scheduled and other ongoing replications take back seat if they're competing
for resources.
Constraints:
We use the following constraints to ensure that we don't exceed the IOPS limits on the
SANs.
You can deploy the scale-out appliance anytime after configuring the primary appliance,
but isn't required until there are 300 VMs replicating concurrently. When there are 300
VMs replicating concurrently, you must deploy the scale-out appliance to proceed.
The VM for which the replication is stopped, can be replicated by enabling replication
again. If the VM was migrated, you can resume replication and migration again.
As a best practice, you should always complete the migration after the VM has migrated
successfully to Azure to ensure that you don't incur extra charges for storage
transactions on the intermediate managed disks (seed disks). In some cases, you'll
notice that stop replication takes time. It's because whenever you stop replication, the
ongoing replication cycle is completed (only when the VM is in delta sync) before
deleting the artifacts.
Impact of churn
We try to minimize the amount of data transfer in each replication cycle by allowing the
data to fold as much as possible before we schedule the next cycle. Because agentless
replication folds in data, the churn pattern is more important than the churn rate. When
a file is written again and again, the rate doesn't have much impact. However, a pattern
in which every other sector is written causes high churn in the next cycle.
Management of replication
Throttling
You can increase or decrease the replication bandwidth using the NetQosPolicy. The
AppNamePrefix to use in the NetQosPolicy is "GatewayWindowsService.exe".
You could create a policy on the Azure Migrate appliance to throttle replication traffic
from the appliance by creating a policy such as this one:
7 Note
This is applicable to all the replicating VMs from the Azure Migrate appliance
simultaneously.
You can also increase and decrease replication bandwidth based on a schedule using the
sample script.
Blackout window
Azure Migrate provides a configuration-based mechanism through which customers can
specify the time interval during which they don't want any replications to proceed. This
time interval is called the blackout window. The need for a blackout window can arise in
multiple scenarios such as when the source environment is resource constrained or
when customers want replication to go through only during non-business hours, etc.
7 Note
The existing replication cycles at the start of the blackout window will
complete before the replication pauses.
For any migration initiated during the blackout window, the final replication
will not run, causing the migration to fail.
A blackout window can be specified for the appliance by creating/updating the file
GatewayDataWorker.json in C:\ProgramData\Microsoft Azure\Config. A typical file
would be of the form:
{
The first value in the above example indicates a blackout window starting every Monday
at 7:00 AM local time (time on the appliance) and lasting 7 hours.
In the scale-out scenario, the primary appliance and the scale-out appliance honor the
blackout windows independently. As a best practice, we recommend keeping the
windows consistent across appliances.
Next steps
Migrate VMware VMs with agentless migration.
Prepare for VMware agentless migration
Article • 05/01/2023
This article provides an overview of the changes performed when you migrate VMware
VMs to Azure via the agentless migration method using the Migration and
modernization tool.
Before you migrate your on-premises VM to Azure, you may require a few changes to
make the VM ready for Azure. These changes are important to ensure that the migrated
VM can boot successfully in Azure and connectivity to the Azure VM can be
established-. Azure Migrate automatically handles these configuration changes for the
following operating system versions for both Linux and Windows. This process is called
Hydration.
You can also use this article to manually prepare the VMs for migration to Azure for
operating systems versions not listed above. At a high level, these changes include:
Hydration process
You have to make some changes to the VMs configuration before the migration to
ensure that the migrated VMs function properly on Azure. Azure Migrate handles these
configuration changes via the hydration process. The hydration process is only
performed for the versions of Azure supported operating systems given above. Before
you migrate, you may need to perform the required changes manually for other
operating system versions that aren't listed above. If the VM is migrated without the
required changes, the VM may not boot, or you may not have connectivity to the
migrated VM. The following diagram shows you that Azure Migrate performs the
hydration process.
When a user triggers Test Migrate or Migrate, Azure Migrate performs the hydration
process to prepare the on-premises VM for migration to Azure. To set up the hydration
process, Azure Migrate creates a temporary Azure VM and attaches the disks of the
source VM to perform changes to make the source VM ready for Azure. The temporary
Azure VM is an intermediate VM created during the migration process before the final
migrated VM is created. The temporary VM will be created with a similar OS type
(Windows/Linux) using one of the marketplace OS images. If the on-premises VM is
running Windows, the operating system disk of the on-premises VM will be attached as
a data disk to the temporary VM for performing changes. If it's a Linux server, all the
disks attached to the on-premises VM will be attached as data disks to the temporary
Azure VM.
Azure Migrate will create the network interface, a new virtual network, subnet, and a
network security group (NSG) to host the temporary VM. These resources are created in
the customer's subscription. If there are conflicting policies that prevent the creation of
the network artifacts, Azure Migrate will attempt to create the temporary Azure VM in
the virtual network and subnet provided as part of the replication target settings
options.
After the virtual machine is created, Azure Migrate will invoke the Custom Script
Extension on the temporary VM using the Azure Virtual Machine REST API. The Custom
Script Extension utility will execute a preparation script containing the required
configuration for Azure readiness on the on-premises VM disks attached to the
temporary Azure VM. The preparation script is downloaded from an Azure Migrate
owned storage account. The network security group rules of the virtual network will be
configured to permit the temporary Azure VM to access the Azure Migrate storage
account for invoking the script.
Changes performed during the hydration
process
The preparation script executes the following changes based on the OS type of the
source VM to be migrated. You can also use this section as a guide to manually prepare
the VMs for migration for operating systems versions not supported for hydration.
If the files aren't found, the partition is unmounted, and the search continues
for the correct partition.
If the files aren't present on any of the partitions, it could indicate that an
incorrect OS disk was selected, or the OS disk is corrupted. Azure Migrate will
fail the migration process with an appropriate error.
7 Note
This step isn't relevant if you’re manually preparing the servers for migration.
After the source OS volume files are detected, the preparation script will load the
SYSTEM registry hive into the registry editor of the temporary Azure VM and
perform the following changes to ensure VM boot up and connectivity. You need
to configure these settings manually if the OS version isn't supported for
hydration.
Ensure if the required drivers are installed and are set to load at boot start.
These Windows drivers allow the server to communicate with the hardware and
other connected devices.
IntelIde.sys
Atapi
Storfit
Storvsc
VMbus
This ensures that the Windows volumes in the Azure VM use the same drive
letter assignments as the on-premises VM. By default, Azure VMs are assigned
drive D: to use as temporary storage. This drive assignment causes all other
attached storage drive assignments to increment by one letter. To prevent this
automatic assignment, and to ensure that Azure assigns the next free drive
letter to its temporary volume, set the storage area network (SAN) policy to
Online All.
The preparation script will also set the DHCP service start type as Automatic. This
will enable the migrated VM to obtain an IP address and establish connectivity
post-migration. Make sure the DHCP service is configured, and the status is
running.
To edit the DHCP startup settings manually, run the following example in Windows
PowerShell:
PowerShell
Get-Service -Name Dhcp
Where-Object StartType -ne Automatic
Set-Service -StartupType Automatic
7 Note
Azure Migrate will attempt to install the Microsoft Azure Virtual Machine Agent
(VM Agent), a secure, lightweight process that manages virtual machine (VM)
interaction with the Azure Fabric Controller. The VM Agent has a primary role in
enabling and executing Azure virtual machine extensions that enable post-
deployment configuration of VM, such as installing and configuring software.
Azure Migrate automatically installs the Windows VM agent on Windows Server
2008 R2 and higher versions.
To check if the Azure VM Agent was successfully installed, open Task Manager,
select the Details tab, and look for the process name
WindowsAzureGuestAgent.exe. The presence of this process indicates that the VM
agent is installed. You can also use PowerShell to detect the VM agent.
After the aforementioned changes are performed, the system partition will be
unloaded. The VM is now ready for migration. Learn more about the changes for
Windows servers.
2. Discover OS Version
Once the root partition is discovered, the script will use the following files to
determine the Linux Operating System distribution and version.
RHEL/CentOS: etc/redhat-release
OL: etc/oracle-release
SLES: etc/SuSE-release
Ubuntu: etc/lsb-release
Debian: etc/debian_version
The next step is to inspect the kernel image and rebuild the Linux init image so,
that it contains the necessary Hyper-V drivers (hv_vmbus, hv_storvsc, hv_netvsc)
on the initial ramdisk. Rebuilding the init image ensures that the VM will boot in
Azure.
Azure runs on the Hyper-V hypervisor. So, Linux requires certain kernel modules to
run in Azure. To prepare your Linux image, you need to rebuild the initrd so that at
least the hv_vmbus and hv_storvsc kernel modules are available on the initial
ramdisk. The mechanism for rebuilding the initrd or initramfs image may vary
depending on the distribution. Consult your distribution's documentation or
support for the proper procedure. Here's one example for rebuilding the initrd by
using the mkinitrd utility:
b. For each module, inspect if the Hyper-V drivers are already included.
c. If any of these drivers are missing, add the required drivers and regenerate the
image for the corresponding kernel version.
7 Note
This step may not apply to Ubuntu and Debian VMs as the Hyper-V drivers
are built-in by default. Learn more about the changes.
Bash
cd /boot
sudo cp initrd-`uname -r`.img initrd-`uname -r`.img.bak
Rebuild the initrd with the hv_vmbus and hv_storvsc kernel modules:
Bash
Most new versions of Linux distributions have this included by default. If not
included, install manually for all versions except those called out, using the
aforementioned steps.
The script will then make changes to enable Azure Serial Console logging. Enabling
console logging helps with troubleshooting issues on the Azure VM. Learn more
about Azure Serial Console for Linux Azure Serial Console for Linux - Virtual
Machines | Microsoft Docs.
Modify the kernel boot line in GRUB or GRUB2 to include the following
parameters, so that all console messages are sent to the first serial port. These
messages can assist Azure support with debugging any issues.
config
config
Based on the OS Version, the script will perform the required network changes for
connectivity to the migrated VM. The changes include:
a. Move (or remove) the udev rules to avoid generating static rules for the
Ethernet interface. These rules cause problems when you clone a virtual
machine in Azure.
Bash
b. Remove Network Manager if necessary. Network Manager can interfere with the
Azure Linux agent for a few OS versions. It's recommended to make these
changes for servers running RedHat and Ubuntu distributions.
Bash
d. Backup existing NIC settings and create eth0 NIC configuration file with DHCP
settings. To do this, the script will create or edit the /etc/sysconfig/network-
scripts/ifcfg-eth0 file, and add the following text:
config
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
NM_CONTROLLED=yes
config
NETWORKING=yes
HOSTNAME=localhost.localdomain
6. Fstab validation
Azure Migrate will validate the entries of the fstab file and replace fstab entries
with persistent volume identifiers, UUIDs wherever needed. This ensures the
drive/partition name remains constant no matter the system it's attached to.
Azure Migrate will attempt to install the Microsoft Azure Linux Agent (waagent), a
secure, lightweight process that manages Linux & FreeBSD provisioning, and VM
interaction with the Azure Fabric Controller. Learn more about the functionality
enabled for Linux and FreeBSD IaaS deployments via the Linux agent.
Review the list of required packages to install Linux VM agent. Azure Migrate
installs the Linux VM agent automatically for RHEL 8.x/7.x/6.x, CentOS 8.x/7.x/6.x,
Ubuntu 14.04/16.04/18.04/19.04/19.10/20.04, SUSE 15 SP0/15 SP1/12, Debian
9/8/7, and Oracle 7 when using the agentless method of VMware migration. Follow
these instructions to install the Linux Agent manually for other OS versions.
You can use the command to verify the service status of the Azure Linux Agent to
make sure it's running. The service name might be walinuxagent or waagent. Once
the hydration changes are done, the script will unmount all the partitions mounted,
deactivate volume groups, and then flush the devices.
Bash
After this, the modified OS disk and the data disks that contain the replicated data are
cloned. A new virtual machine is created in the target region, virtual network, and
subnet, and the cloned disks are attached to the virtual machine. This marks the
completion of the migration process.
Learn more
Prepare on-premises machines for migration to Azure.
How does Hyper-V replication work?
Article • 12/12/2022 • 3 minutes to read
This article provides an overview of the architecture and processes used when you
migrate Hyper-V VMs with the Migration and modernization tool.
Azure Migrate provides a central hub to track discovery, assessment, and migration of
your on-premises apps and workloads, and private/public cloud VMs, to Azure. The hub
provides Azure Migrate tools for assessment and migration, as well as third-party
independent software vendor (ISV) offerings.
Agentless migration
The Migration and modernization tool provides agentless replication for on-premises
Hyper-V VMs, using a migration workflow that's optimized for Hyper-V. You install a
software agent only on Hyper-V hosts or cluster nodes. Nothing needs to be installed
on Hyper-V VMs.
Architectural components
Component Deployment
Replication The Microsoft Azure Site Recovery provider is installed on Hyper-V hosts, and
provider registered with the Migration and modernization tool.
The provider orchestrates replication for Hyper-V VMs.
Recovery The Microsoft Azure Recovery Service agent handles data replication. It works with
Services the provider to replicate data from Hyper-V VMs to Azure.
agent The replicated data is uploaded to a storage account in your Azure subscription.
The Migration and modernization tool the processes the replicated data, and
applies it to replica disks in the subscription. The replica disks are used to create
the Azure VMs when you migrate.
Components are installed by a single setup file, downloaded from the Migration
and modernization tool in the portal.
The provider and appliance use outbound HTTPS port 443 connections to
communicate with the Migration and modernization tool.
Communications from the provider and agent are secure and encrypted.
Replication process
1. When you enable replication for a Hyper-V VM, initial replication begins.
2. A Hyper-V VM snapshot is taken.
3. VHDs on the VM are replicated one-by-one, until they're all copied to Azure. Initial
replication time depends on the VM size, and network bandwidth.
4. Disk changes that occur during initial replication are tracked using Hyper-V
Replica, and stored in log files (hrl files).
5. After initial replication finishes, the VM snapshot is deleted, and delta replication
begins.
6. Incremental disk changes are tracked in hrl files. Replication logs are periodically
uploaded to an Azure storage account by the Recovery Services agent.
Next steps
Try out Hyper-V migration using the Migration and modernization tool.
Agent-based migration architecture
Article • 12/12/2022 • 5 minutes to read
This article provides an overview of the architecture and processes used for agent-based
replication of VMware VMs with the Migration and modernization tool.
Using the Migration and modernization tool, you can replicate VMware VMs with a
couple of options:
Learn more about selecting and comparing migration methods for VMware VMs.
Agent-based migration
Agent-based migration is used to migrate on-premises VMware VMs and physical
servers to Azure. It can also be used to migrate other on-premises virtualized servers, as
well as private and public cloud VMs, including AWS instances, and GCP VMs. Agent-
based migration in Azure Migrate uses some backend functionality from the Azure Site
Recovery service.
Architectural components
The diagram illustrates the components involved in agent-based migration.
Mobility The Mobility service is an agent installed on each Installation files for different
service server you want to replicate and migrate. It sends versions of the Mobility
replication data from the server to the process service are located on the
server. replication appliance. You
download and install the
agent you need, in accordance
with the operating system and
version of the server you want
to replicate.
Push installation: The Mobility service is installed by the process server when you
enable protection for a server.
Install manually: You can install the Mobility service manually on each server
through UI or command prompt.
The Mobility service communicates with the replication appliance and replicated servers.
If you have antivirus software running on the replication appliance, process servers, or
servers being replicated, the following folders should be excluded from scanning:
Replication process
1. When you enable replication for a server, initial replication to Azure begins.
2. During initial replication, the Mobility service reads data from the server disks, and
sends it to the process server.
3. This data is used to seed a copy of the disk in your Azure subscription.
4. After initial replication finishes, replication of delta changes to Azure begins.
Replication is block-level, and near-continuous.
5. The Mobility service intercepts writes to disk memory, by integrating with the
storage subsystem of the operating system. This method avoids disk I/O
operations on the replicating server, for incremental replication.
6. Tracked changes for a server are sent to the process server on inbound port HTTPS
9443. This port can be modified. The process server compresses and encrypts it,
and sends it to Azure.
Ports
Device Connection
Replicating The Mobility service running on VMs communicates with the on-premises
servers replication appliance on port HTTPS 443 inbound, for replication management.
Servers send replication data to the process server on port HTTPS 9443 inbound.
This port can be modified.
Replication The replication appliance orchestrates replication with Azure over port HTTPS 443
appliance outbound.
Process The process server receives replication data, optimizes and encrypts it, and sends it
server to Azure storage over port 443 outbound.
If the daily change rate (churn rate) is over 2 TB, deploy an additional process
server.
If you're replicating more than 200 servers, deploy an additional replication
appliance.
1. On the process server, open the Azure Backup MMC snap-in. There's a
shortcut on the desktop or in the folder C:\Program Files\Microsoft Azure
Recovery Services Agent\bin.
2. In the snap-in, select Change Properties.
3. In Throttling, select Enable internet bandwidth usage throttling for backup
operations. Set the limits for work and non-work hours. Valid ranges are from
512 Kbps to 1,023 Mbps.
Next steps
Try out agent-based migration for VMware or physical servers.
Additional resources
Documentation
Prepare machines for agentless migration with Azure Migrate - Azure Migrate
Learn how to prepare on-premises machines for agentless migration with Azure Migrate.
Migrate VMware vSphere VMs with agent-based Azure Migrate Server Migration -
Azure Migrate
Learn how to run an agent-based migration of VMware vSphere VMs with Azure Migrate.
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and
assessment
Show 5 more
Support matrix for web apps migration
Article • 03/31/2023 • 2 minutes to read
This article summarizes support settings and limitations for agentless migration of web
apps to Azure App Service Azure Migrate: Migration and modernization . If you're
looking for information about assessing web apps for migration to Azure App Service,
review the assessment support matrix.
Migration options
You can perform agentless migration of ASP.NET web apps at-scale to Azure App
Service using Azure Migrate. However, agent based migration is not supported.
Limitations
Currently, At-Scale Discovery, Assessment and Migration is supported for ASP.NET
web apps deployed to on-premises IIS servers hosted on VMware Environment.
You can select up to five App Service Plans as part of single migration.
Currently, we do not support selecting existing App service plans during the
migration flow.
You can migrate web apps up to max 2 GB in size including content stored in
mapped virtual directory.
Currently, we do not support migrating UNC directory content.
You need Windows PowerShell 4.0 installed on VMs hosting the IIS web servers
from which you plan to migrate ASP.NET web apps to Azure App Services.
Currently, the migration flow does not support VNet integrated scenarios.
Support Details
Supported Currently supported only for windows servers running IIS in your VMware
servers environment.
IIS access Web apps discovery requires a local admin user account.
Next steps
Learn how to perform at-scale agentless migration of ASP.NET web apps to Azure
App Service.
Once you have successfully completed migration, you may explore the following
steps based on web app specific requirement(s):
Map existing custom DNS name.
Secure a custom DNS with a TLS/SSL binding.
Securely connect to Azure resources.
Deployment best practices.
Security recommendations.
Networking features.
Monitor App Service with Azure Monitor.
Configure Azure AD authentication.
Review best practices for deploying to Azure App service.
Create and manage projects
Article • 04/19/2023
Classic Azure Migrate is retiring in Feb 2024. After Feb 2024, the classic version of Azure
Migrate will no longer be supported and the inventory metadata in the classic project
will be deleted. If you're using classic projects, delete those projects and follow the steps
to create a new project. You can't upgrade classic projects or components to Azure
Migrate. View FAQ before you start the creation process.
A project is used to store discovery, assessment, and migration metadata collected from
the environment you're assessing or migrating. In a project, you can track discovered
assets, create assessments, and orchestrate migrations to Azure.
Verify permissions
Ensure you have the correct permissions to create a project using the following steps:
1. In the Azure portal, open the relevant subscription, and select Access control
(IAM).
2. In Check access, find the relevant account, and select it and view permissions. You
should have Contributor or Owner permissions.
5. In Create project, select the Azure subscription and resource group. Create a
resource group if you don't have one.
6. In Project Details, specify the project name and the geography in which you want
to create the project.
The geography is only used to store the metadata gathered from on-
premises servers. You can assess or migrate servers for any target region
regardless of the selected geography.
Review supported geographies for public and government clouds.
7 Note
HTTP
PUT
/subscriptions/<subid>/resourceGroups/<rg>/providers/Microsoft.Migrate/Migra
teProjects/<mymigrateprojectname>?api-version=2018-09-01-preview "{location:
'centralus', properties: {}}"
1. In the Azure public portal or Azure Government , search for Azure Migrate.
2. On the Azure Migrate dashboard, select Servers, databases and web apps >
Create project on the top left.
3. To create a new project, select Click here.
Find a project
Find a project as follows:
2. In the Azure Migrate dashboard, select Servers, databases and web apps >
Current project in the upper-right corner.
2. In the Azure Migrate dashboard, if you've created a project in the previous version,
a banner referencing older projects appears. Select the banner.
Delete a project
To delete a project, follow these steps:
1. Open the Azure resource group in which the project was created.
2. In the resource group page, select Show hidden types.
3. Select the project that you want to delete and its associated resources.
Note that:
When you delete, both the project and the metadata about discovered servers are
deleted.
If you're using the older version of Azure Migrate, open the Azure resource group
in which the project was created. Select the project you want to delete (the
resource type is Migration project).
If you're using dependency analysis with an Azure Log Analytics workspace:
If you've attached a Log Analytics workspace to the Server Assessment tool, the
workspace isn't automatically deleted. The same Log Analytics workspace can
be used for multiple scenarios.
If you want to delete the Log Analytics workspace, do that manually.
Project deletion is irreversible. Deleted objects can't be recovered.
If you haven't deleted the project, you can find the link to the workspace in
Essentials > Server Assessment.
If you've already deleted the project, select Resource Groups in the left pane
of the Azure portal and find the workspace.
Next steps
Add assessment or migration tools to projects.
Support requirements and
considerations for Private endpoint
connectivity
Article • 12/14/2022 • 2 minutes to read
The article series describes how to use Azure Migrate to discover, assess, and migrate
servers over a private network by using Azure Private Link. You can use the Azure
Migrate: Discovery and assessment and Migration and modernization tools to connect
privately and securely to Azure Migrate over an Azure ExpressRoute private peering or a
site-to-site (S2S) VPN connection by using Private Link.
Before you get started, review the required permissions and the supported scenarios
and tools.
Support requirements
Review the following required permissions and the supported scenarios and tools.
Supported geographies
The functionality is now in GA in supported public cloud and government cloud
geographies.
Required permissions
You must have Contributor + User Access Administrator or Owner permissions on the
subscription.
Software Discover apps, roles, and features running on VMware VMs. Azure
inventory Migrate:
Discovery and
assessment
To enable public network access for the Azure Migrate project, sign in to the Azure
portal, go to the Azure Migrate Properties page in the portal, and select No > Save.
Other considerations
Considerations Details
Pricing For pricing information, see Azure Page Blobs pricing and Private Link
pricing .
Virtual The ExpressRoute/VPN gateway endpoint should reside in the selected virtual
network network or a virtual network connected to it. You might need about 15 IP
requirements addresses in the virtual network.
PowerShell PowerShell isn't supported. We recommend using the Azure portal or REST APIs
support for leveraging Azure Migrate Private Link support.
Next steps
Discover and assess servers for migration using Private Link
Migrate servers to Azure using Private Link
Troubleshoot common issues with private endpoint connectivity
Discover and assess servers for
migration using Private Link
Article • 03/16/2023 • 8 minutes to read
This article describes how to create an Azure Migrate project, set up the Azure Migrate
appliance, and use it to discover and assess servers for migration using Azure Private
Link. You can use the Azure Migrate: Discovery and assessment tool to connect privately
and securely to Azure Migrate over an Azure ExpressRoute private peering or a site-to-
site (S2S) VPN connection by using Private Link.
7 Note
You can't change the connectivity method to private endpoint connectivity for
existing Azure Migrate projects.
In the Advanced configuration section, provide the following details to create a private
endpoint for your Azure Migrate project.
2. In Disable public endpoint access, keep the default setting No. Some migration
tools might not be able to upload usage data to the Azure Migrate project if public
network access is disabled. Learn more about other integrated tools.
3. In Virtual network subscription, select the subscription for the private endpoint
virtual network.
4. In Virtual network, select the virtual network for the private endpoint. The Azure
Migrate appliance and other software components that need to connect to the
Azure Migrate project must be on this network or a connected virtual network.
7 Note
If you've already created a project, you can use that project to register more
appliances to discover and assess more servers. Learn how to manage projects.
2. In Generate Azure Migrate project key, provide a name for the Azure Migrate
appliance.
) Important
Don't close the Discover machines page during the creation of resources.
At this step, Azure Migrate creates a key vault, a storage account, a Recovery
Services vault (only for agentless VMware migrations), and a few internal
resources. Azure Migrate attaches a private endpoint to each resource. The
private endpoints are created in the virtual network selected during the
project creation.
After the private endpoints are created, the DNS CNAME resource records for
the Azure Migrate resources are updated to an alias in a subdomain with the
prefix privatelink. By default, Azure Migrate also creates a private DNS zone
corresponding to the privatelink subdomain for each resource type and
inserts DNS A records for the associated private endpoints. This action
enables the Azure Migrate appliance and other software components that
reside in the source network to reach the Azure Migrate resource endpoints
on private IP addresses.
Azure Migrate also enables a managed identity for the migrate project and
the Recovery Services vault and grants permissions to the managed identity
to securely access the storage account.
4. After the key is successfully generated, copy the key details to configure and
register the appliance.
7 Note
If you have deployed an appliance using a template (OVA for servers on a VMware
environment and VHD for a Hyper-V environment), you can use the same appliance
and register it with an Azure Migrate project with private endpoint connectivity.
1. Download the zipped file that contains the installer script from the portal.
2. Copy the zipped file on the server that will host the appliance.
3. After you download the zipped file, verify the file security.
4. Run the installer script to deploy the appliance.
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
7 Note
The same script can be used to set up an appliance with private endpoint
connectivity for any of the chosen scenarios, such as VMware, Hyper-V, physical or
other to deploy an appliance with the desired configuration.
Make sure the server meets the hardware requirements for the chosen scenario, such as
VMware, Hyper-V, physical or other, and can connect to the required URLs.
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover and assess servers running in your VMware environment to
an Azure Migrate project with private endpoint connectivity on Azure public
cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
Set up prerequisites
1. Read the third-party information, and accept the license terms.
1. Connectivity: The appliance checks that the server has internet access. If the server
uses a proxy:
Select Setup proxy to specify the proxy address (in the form
http://ProxyIPAddress or http://ProxyFQDN , where FQDN refers to a fully
qualified domain name) and listening port.
2. Time sync: Check that the time on the appliance is in sync with internet time for
discovery to work properly.
3. Install updates and register appliance: To run auto-update and register the
appliance, follow these steps:
7 Note
b. The appliance will verify the key and start the auto-update service, which
updates all the services on the appliance to their latest versions. When the auto-
update has run, you can select View appliance services to see the status and
versions of the services running on the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure
Login, select Copy code & Login to copy the device code (you must have a
device code to authenticate with Azure) and open an Azure Login prompt in a
new browser tab. Make sure you've disabled the pop-up blocker in the browser
to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your
Azure username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the
browser tab of the appliance configuration manager to display the device
code and Copy code & Login button.
e. After you successfully log in, return to the browser tab that displays the
appliance configuration manager. If the Azure user account that you used to log
in has the required permissions for the Azure resources that were created
during key generation, appliance registration starts.
After the appliance is successfully registered, to see the registration details,
select View details.
4. Install VDDK: (Needed only for VMware appliance.) The appliance checks that the
VMware vSphere Virtual Disk Development Kit (VDDK) is installed. If it isn't
installed, download VDDK 6.7 from VMware. Extract the downloaded zipped
contents to the specified location on the appliance, as provided in the installation
instructions.
You can rerun prerequisites at any time during appliance configuration to check whether
the appliance meets all the prerequisites.
7 Note
If you get DNS resolution issues during appliance registration or at the time of
starting discovery, ensure that Azure Migrate resources created during the
Generate key step in the portal are reachable from the on-premises server that
hosts the Azure Migrate appliance. Learn more about how to verify network
connectivity.
You can also assess your on-premises machines with the Azure Migrate: Discovery and
assessment tool by using an imported CSV file.
Next steps
Migrate servers to Azure using Private Link.
Additional resources
Documentation
Show 5 more
Training
Module
Prepare on-premises workloads for migration to Azure - Training
Prepare on-premises workloads for migration to Azure
Migrate servers to Azure using Private
Link
Article • 12/14/2022 • 24 minutes to read
This article describes how to use Azure Migrate to migrate servers over a private
network by using Azure Private Link. You can use the Migration and modernization tool
to connect privately and securely to Azure Migrate over an Azure ExpressRoute private
peering or a site-to-site (S2S) VPN connection by using Private Link.
This article shows how to migrate on-premises VMware VMs to Azure, using the
Migration and modernization tool, with agentless migration.
Replicate VMs
After setting up the appliance and completing discovery, you can begin replicating
VMware VMs to Azure.
The following diagram illustrates the agentless replication workflow with private
endpoints by using the Migration and modernization tool.
Enable replication as follows:
1. In the Azure Migrate project > Servers, databases and web apps > Migration and
modernization > Migration tools, select Replicate.
2. In Replicate > Basics > Are your machines virtualized?, select Yes, with VMware
vSphere.
3. In On-premises appliance, select the name of the Azure Migrate appliance. Select
OK.
4. In Virtual machines, select the machines you want to replicate. To apply VM sizing
and disk type from an assessment, in Import migration settings from an Azure
Migrate assessment?,
5. In Virtual machines, select VMs you want to migrate. Then click Next.
6. In Target settings, select the target region in which the Azure VMs will reside after
migration.
7. In Replication storage account, use the dropdown list to select a storage account
to replicate over a private link.
7 Note
Only the storage accounts in the selected target region and Azure Migrate
project subscription are listed.
8. Next, create a private endpoint for the storage account to enable replications
over a private link. Ensure that the Azure Migrate appliance has network
connectivity to the storage account on its private endpoint. Learn how to verify
network connectivity.
7 Note
You can manually update the DNS records by editing the DNS hosts file on
the Azure Migrate appliance with the private link FQDNs and private IP
address of the storage account.
9. Select the Subscription and Resource group in which the Azure VMs reside after
migration.
10. In Virtual network, select the Azure VNet/subnet for the migrated Azure VMs.
7 Note
To replicate VMs with CMK, you'll need to create a disk encryption set under
the target Resource Group. A disk encryption set object maps Managed Disks
to a Key Vault that contains the CMK to use for SSE.
Select Yes if you have Windows Server machines that are covered with active
Software Assurance or Windows Server subscriptions, and you want to apply
the benefit to the machines you're migrating and click Next.
14. In Compute, review the VM name, size, OS disk type, and availability configuration
(if selected in the previous step). VMs must conform with Azure requirements.
OS disk: Specify the OS (boot) disk for the VM. The OS disk is the disk that
has the operating system bootloader and installer.
7 Note
If you want to select a different availability option for a set of virtual machines,
go to step 1 and repeat the steps by selecting different availability options
after starting replication for one set of virtual machines.
15. In Disks, specify whether the VM disks should be replicated to Azure, and select
the disk type (standard SSD/HDD or premium-managed disks) in Azure. Then click
Next.
16. In Tags, add tags to your migrated virtual machines, disks, and NICs.
17. In Review and start replication, review the settings, and click Replicate to start the
initial replication for the servers. Next, follow the instructions to perform
migrations.
Azure Migrate does not create any additional resources for replications using Azure
Private Link (Service Bus, Key Vault, and storage accounts are not created). Azure
Migrate will make use of the selected storage account for uploading replication data,
state data, and orchestration messages.
7 Note
Create the private endpoint for the storage account in the same virtual network as the
Azure Migrate project private endpoint or another virtual network connected to this
network.
Select Yes and integrate with a private DNS zone. The private DNS zone helps in routing
the connections from the virtual network to the storage account over a private link.
Selecting Yes automatically links the DNS zone to the virtual network. It also adds the
DNS records for the resolution of new IPs and FQDNs that are created. Learn more
about private DNS zones.
If the user who created the private endpoint is also the storage account owner, the
private endpoint creation will be auto approved. Otherwise, the owner of the storage
account must approve the private endpoint for use. To approve or reject a requested
private endpoint connection, on the storage account page under Networking, go to
Private endpoint connections.
Review the status of the private endpoint connection state before you continue.
Ensure that the on-premises appliance has network connectivity to the storage account
via its private endpoint. To validate the private link connection, perform a DNS
resolution of the storage account endpoint (private link resource FQDN) from the on-
premises server hosting the Migrate appliance and ensure that it resolves to a private IP
address. Learn how to verify network connectivity.
Next steps
Migrate VMs
Complete the migration process.
Review the post-migration best practices.
Additional resources
Documentation
Set up an Azure Migrate scale-out appliance for agentless VMware migration - Azure
Migrate
Learn how to set up an Azure Migrate scale-out appliance to migrate Hyper-V VMs.
Prepare machines for agentless migration with Azure Migrate - Azure Migrate
Learn how to prepare on-premises machines for agentless migration with Azure Migrate.
Set up source settings for VMware disaster recovery to Azure with Azure Site
Recovery - Azure Site Recovery
This article describes how to set up your on-premises environment to replicate VMware VMs to
Azure with Azure Site Recovery.
Show 5 more
Troubleshoot network connectivity
Article • 12/14/2022 • 16 minutes to read
This article helps you troubleshoot network connectivity issues using Azure Migrate with
private endpoints.
2. The properties page contains the list of private endpoints and private link FQDNs
that were automatically created by Azure Migrate.
To validate the private link connection, perform a DNS resolution of the Azure Migrate
resource endpoints (private link resource FQDNs) from the on-premises server hosting
the Migrate appliance and ensure that it resolves to a private IP address.
1. The private endpoint details and private link resource FQDNs' information is
available in the Discovery and Assessment and Migration and modernization
properties pages. Select Download DNS settings to view the list. Note, only the
private endpoints that were automatically created by Azure Migrate are listed
below.
2. If you have created a private endpoint for the storage account(s) for replicating
over a private network, you can obtain the private link FQDN and IP address as
illustrated below.
Go to the Storage account > Networking > Private endpoint connections and
select the private endpoint created.
Go to Settings > DNS configuration to obtain the storage account FQDN and
private IP address.
An illustrative example for DNS resolution of the storage account private link FQDN.
Migrate.
You can verify the DNS resolution for other Azure Migrate artifacts using a similar
approach.
Recommended: Manually update your source environment DNS records by editing the
DNS hosts file on your on-premises appliance with the private link resource FQDNs and
their associated private IP addresses.
If you use a custom DNS, review your custom DNS settings, and validate that the
DNS configuration is correct. For guidance, see private endpoint overview: DNS
configuration.
If you use Azure-provided DNS servers, refer to the below section for further
troubleshooting.
Tip
For testing, you can manually update your source environment DNS records by
editing the DNS hosts file on your on-premises appliance with the private link
resource FQDNs and their associated private IP addresses.
Azure Migrate automatically creates the private DNS zone (except for the
cache/replication storage account selected by the user). You can locate the linked
private DNS zone by navigating to the private endpoint page and selecting DNS
configurations. Here, you should see the private DNS zone under the private DNS
integration section.
If the DNS zone is not present (as shown below), create a new Private DNS Zone
resource.
Navigate to the private DNS zone resource in the Azure portal and select the virtual
network links from the left menu. You should see the virtual networks linked.
This will show a list of links, each with the name of a virtual network in your subscription.
The virtual network that contains the Private Endpoint resource must be listed here. Else,
follow this article to link the private DNS zone to a virtual network.
Once the private DNS zone is linked to the virtual network, DNS requests originating
from the virtual network will look for DNS records in the private DNS zone. This is
required for correct address resolution to the virtual network where the private endpoint
was created.
An illustrative example for the storage account DNS A record in the private DNS zone:
An illustrative example for the Recovery Services vault microservices DNS A records in
the private DNS zone:
7 Note
When you remove or modify an A record, the machine may still resolve to the old
IP address because the TTL (Time To Live) value might not have expired yet.
Firewall settings, either the Azure Firewall connected to the Virtual network or a
custom firewall solution deploying in the appliance machine.
Network peering, which may impact which DNS servers are used and how traffic is
routed.
Custom gateway (NAT) solutions may impact how traffic is routed, including traffic
from DNS queries.
For more information, review the troubleshooting guide for Private Endpoint
connectivity problems.
Possible causes:
This issue can occur if the Azure account being used to register the appliance doesn’t
have the required permissions or the Azure Migrate appliance cannot access the Key
Vault.
Remediation:
1. Make sure the Azure user account used to register the appliance has at least
Contributor permissions on the subscription.
2. Ensure that the user trying to register the appliance has access to the Key Vault
and has an access policy assigned in the Key Vault>Access Policy section. Learn
more
Steps to troubleshoot connectivity issues to the Key Vault: If you have enabled the
appliance for private endpoint connectivity, use the following steps to troubleshoot
network connectivity issues:
Ensure that the appliance is either hosted in the same virtual network or is
connected to the target Azure virtual network (where the Key Vault private
endpoint has been created) over a private link. The Key Vault private endpoint will
be created in the virtual network selected during the project creation experience.
You can verify the virtual network details in the Azure Migrate > Properties page.
Ensure that the appliance has network connectivity to the Key Vault over a private
link. To validate the private link connectivity, perform a DNS resolution of the Key
Vault resource endpoint from the on-premises server hosting the appliance and
ensure that it resolves to a private IP address.
Open the command line and run the following nslookup command to verify
network connectivity to the Key Vault URL mentioned in the DNS settings file.
Console
nslookup <your-key-vault-name>.vault.azure.net
If you run the ns lookup command to resolve the IP address of a key vault over a
public endpoint, you will see a result that looks like this:
Console
If you run the ns lookup command to resolve the IP address of a key vault over a
private endpoint, you will see a result that looks like this:
Console
Non-authoritative answer:
Name:
Address: 10.12.4.20 (private IP address)
Aliases: <your-key-vault-name>.vault.azure.net
<your-key-vault-name>.privatelink.vaultcore.azure.net
1. Manually update the source environment DNS records by editing the DNS hosts
file on the on-premises appliance with the DNS mappings and the associated
private IP addresses. This option is recommended for testing.
2. If you use a custom DNS server, review your custom DNS settings, and validate
that the DNS configuration is correct. For guidance, see private endpoint overview:
DNS configuration.
3. Proxy server considerations: If the appliance uses a proxy server for outbound
connectivity, you may need to validate your network settings and configurations to
ensure the private link URLs are reachable and can be routed as expected.
If the proxy server is for internet connectivity, you may need to add traffic
forwarders or rules to bypass the proxy server for the private link FQDNs.
Learn more on how to add proxy bypass rules.
Alternatively, if the proxy server is for all outbound traffic, make sure the
proxy server can resolve the private link FQDNs to their respective private IP
addresses. For a quick workaround, you can manually update the DNS
records on the proxy server with the DNS mappings and the associated
private IP addresses, as shown above. This option is recommended for
testing.
4. If the issue still persists, refer to this section for further troubleshooting.
Possible causes:
This issue can occur if the appliance is unable to reach the service endpoint(s)
mentioned in the error message.
Remediation:
Ensure that the appliance has connectivity either directly or via proxy and can resolve
the service endpoint provided in the error message.
If you have enabled the appliance for private endpoint connectivity, ensure that the
appliance is connected to the Azure virtual network over a private link and can resolve
the service endpoint(s) provided in the error message.
If you have enabled the appliance for private endpoint connectivity, use the following
steps to troubleshoot network connectivity issues:
Ensure that the appliance is either hosted in the same virtual network or is
connected to the target Azure virtual network (where the private endpoints have
been created) over a private link. Private endpoints for the Azure Migrate services
are created in the virtual network selected during the project creation experience.
You can verify the virtual network details in the Azure Migrate > Properties page.
Ensure that the appliance has network connectivity to the service endpoint URLs
and other URLs, mentioned in the error message, over a private link connection. To
validate private link connectivity, perform a DNS resolution of the URLs from the
on-premises server hosting the appliance and ensure that it resolves to private IP
addresses.
In addition to the URLs above, the appliance needs access to the following URLs over
Internet, directly or via proxy.
aka.ms/* (optional) Allow access to also know as links; used to download and
install the latest updates for appliance services
Open the command line and run the following nslookup command to verify
privatelink connectivity to the URLs listed in the DNS settings file. Repeat this step
for all URLs in the DNS settings file.
Console
nslookup 04b8c9c73f3d477e966c8d00f352889c-
agent.cus.disc.privatelink.prod.migration.windowsazure.com
If the request can reach the discovery service endpoint over a private endpoint,
you will see a result that looks like this:
Console
nslookup 04b8c9c73f3d477e966c8d00f352889c-
agent.cus.disc.privatelink.prod.migration.windowsazure.com
Non-authoritative answer:
Name:
Address: 10.12.4.23 (private IP address)
Aliases: 04b8c9c73f3d477e966c8d00f352889c-
agent.cus.disc.privatelink.prod.migration.windowsazure.com
prod.cus.discoverysrv.windowsazure.com
The nslookup command should resolve to a private IP address as mentioned
above. The private IP address should match the one listed in the DNS settings file.
1. Manually update the source environment DNS records by editing the DNS hosts
file on the on-premises appliance with the DNS mappings and the associated
private IP addresses. This option is recommended for testing.
2. If you use a custom DNS server, review your custom DNS settings, and validate
that the DNS configuration is correct. For guidance, see private endpoint overview:
DNS configuration.
3. Proxy server considerations: If the appliance uses a proxy server for outbound
connectivity, you may need to validate your network settings and configurations to
ensure the private link URLs are reachable and can be routed as expected.
If the proxy server is for internet connectivity, you may need to add traffic
forwarders or rules to bypass the proxy server for the private link FQDNs.
Learn more on how to add proxy bypass rules.
Alternatively, if the proxy server is for all outbound traffic, make sure the
proxy server can resolve the private link FQDNs to their respective private IP
addresses. For a quick workaround, you can manually update the DNS
records on the proxy server with the DNS mappings and the associated
private IP addresses, as shown above. This option is recommended for
testing.
4. If the issue still persists, refer to this section for further troubleshooting.
Possible causes:
This error may occur if the export/import/download request was not initiated from an
authorized network. This can happen if the import/export/download request was
initiated from a client that is not connected to the Azure Migrate service (Azure virtual
network) over a private network.
Remediation
Option 1 (recommended):
To resolve this error, retry the import/export/download operation from a client residing
in a virtual network that is connected to Azure over a private link. You can open the
Azure portal in your on-premises network or your appliance VM and retry the operation.
Option 2:
1. Locate the storage account: The storage account name is available on the Azure
Migrate: Discovery and Assessment properties page. The storage account name
will have the suffix usa.
2. Navigate to the storage account and edit the storage account networking
properties to allow access from all/other networks.
3. Alternatively, you can limit the access to selected networks and add the public IP
address of the client from where you're trying to access the Azure portal.
Using private endpoints for replication requires the Azure
Migrate appliance services to be running on the
following versions
Possible causes:
This issue can occur if the services running on the appliance are not running on their
latest version. The DRA agent orchestrates server replication, and coordinates
communication between replicated servers and Azure. The gateway agent sends
replicated data to Azure.
7 Note
Remediation:
1. Validate that the services running on the appliance are updated to the latest
versions.
To do so, launch the appliance configuration manager from your appliance server
and select View appliance services from the Setup prerequisites panel. The
appliance and its components are automatically updated. If not, follow the
instructions to update the appliance services manually.
Remediation:
To validate the private link connection, perform a DNS resolution of the Azure Migrate
service endpoints (private link resource FQDNs) from the on-premises server hosting the
Migrate appliance and ensure that they resolve to private IP addresses.
The private endpoint details and private link resource FQDN information are available in
the Discovery and Assessment and Migration and modernization properties pages.
Select Download DNS settings on both the properties pages to view the full list.
Additional resources
Documentation
Prepare machines for agentless migration with Azure Migrate - Azure Migrate
Learn how to prepare on-premises machines for agentless migration with Azure Migrate.
Show 5 more
Prepare to work with an ISV tool or
Movere
Article • 11/21/2022 • 2 minutes to read
If you've added an ISV tool or Movere to an Azure Migrate project, there are a few steps
to follow before you link the tool and send data to Azure Migrate.
Permission to register an Azure Active Directory (Azure AD) app with your Azure
tenant
Permission to allocate a role to the Azure AD app at the subscription level
URL Details
*.microsoftonline.com Create Azure Active Directory (AD) apps for the appliance to
*.microsoftonline-p.com communicate with Azure Migrate.
management.azure.com Make Azure Resource Manager calls to the Azure Migrate Project.
*.servicebus.windows.net Communication between the appliance and EventHub for sending the
messages.
Next steps
Follow the instructions from your ISV or Movere to send data to Azure Migrate.
Additional resources
Documentation
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Show 5 more
Training
Module
Set up Azure Migrate for server migration - Training
Learn how to check your prerequisite configurations in Azure and in your VMware vSphere
environment and then perform the initial steps in Azure Migrate to choose your assessment and
migration tools.
Certification
Microsoft Certified: Azure Data Fundamentals - Certifications
Azure Data Fundamentals validates foundational knowledge of core data concepts and how they are
implemented using Microsoft Azure data services.
Set up an appliance for servers in a
VMware environment
Article • 04/17/2023
This article describes how to set up the Azure Migrate appliance for assessment by using
the Azure Migrate: Discovery and assessment tool.
The Azure Migrate appliance is a lightweight appliance that the Azure Migrate:
Discovery and assessment tool uses to discover servers running in vCenter Server and to
send server configuration and performance metadata to Azure.
After you create the appliance, check if the appliance can connect to Azure Migrate:
Discovery and assessment, register the appliance with the project, and configure the
appliance to start discovery.
7 Note
1. In Migration goals > Servers, databases and web apps > Azure Migrate:
Discovery and assessment > Discover.
2. In Discover servers, select Are your servers virtualized? > Yes, with VMware
vSphere hypervisor.
3. In 1:Generate project key, provide a name for the Azure Migrate appliance that
you'll set up to discover servers in your VMware environment. The name should be
alphanumeric and 14 characters or fewer.
4. To start creating the required Azure resources, select Generate key. Don't close the
Discover pane while the resources are being created.
5. After the Azure resources are successfully created, a project key is generated.
6. Copy the key. You'll use the key to complete registration of the appliance when
you configure the appliance.
Verify security
Before you deploy the OVA file, verify that the file is secure:
1. On the server on which you downloaded the file, open a Command Prompt
window by using the Run as administrator option.
2. Run the following command to generate the hash for the OVA file:
Bash
For example:
Bash
C:\>CertUtil -HashFile
C:\Users\Administrator\Desktop\MicrosoftAzureMigration.ova SHA256
3. Verify the latest hash value by comparing the outcome of above command to the
value documented here.
Import the downloaded file, and create a server in the VMware environment:
1. In the vSphere Client console, select File > Deploy OVF Template.
2. In the Deploy OVF Template Wizard, select Source, and enter the location of the
OVA file.
3. In Name, enter a name for the server. In Location, select the inventory object in
which the server will be hosted.
4. In Host/Cluster, select the host or cluster on which the server will run.
5. In Storage, select the storage destination for the server.
6. In Disk Format, select the disk type and size.
7. In Network Mapping, select the network the server will connect to. The network
requires internet connectivity to send metadata to Azure Migrate.
8. Review and confirm the settings, and select Finish.
7 Note
2. Select or enter the language, time zone, and password for the appliance.
3. Open a browser on any server that can connect to the appliance server. Navigate
to the URL of the appliance configuration manager: https://appliance name or IP
address: 44368 .
Or, you can open the configuration manager from the appliance server desktop by
selecting the shortcut for the configuration manager.
1. Connectivity: The appliance checks that the server has internet access. If the server
uses a proxy:
Select Setup proxy to specify the proxy address (in the form
http://ProxyIPAddress or http://ProxyFQDN , where FQDN refers to a fully
qualified domain name) and listening port.
Enter the credentials if the proxy needs authentication.
If you have added proxy details or disabled the proxy or authentication,
select Save to trigger connectivity and check connectivity again.
7 Note
2. Time sync: Check that the time on the appliance is in sync with internet time for
discovery to work properly.
3. Install updates and register appliance: To run auto-update and register the
appliance, follow these steps:
7 Note
a. For the appliance to run auto-update, paste the project key that you copied
from the portal. If you don't have the key, go to Azure Migrate: Discovery and
assessment > Overview > Manage existing appliances. Select the appliance
name you provided when you generated the project key, and copy the key
that's shown.
b. The appliance will verify the key and start the auto-update service, which
updates all the services on the appliance to their latest versions. When the auto-
update has run, you can select View appliance services to see the status and
versions of the services running on the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure
Login, select Copy code & Login to copy the device code (you must have a
device code to authenticate with Azure) and open an Azure sign-in prompt in a
new browser tab. Make sure you've disabled the pop-up blocker in the browser
to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your
Azure username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the
browser tab of the appliance configuration manager to display the device
code and Copy code & Login button.
e. After you successfully sign in, return to the browser tab that displays the
appliance configuration manager. If the Azure user account that you used to
sign in has the required permissions for the Azure resources that were created
during key generation, appliance registration starts.
After the appliance is successfully registered, select View details to see the
registration details.
4. Install the VDDK: The appliance checks that VMware vSphere Virtual Disk
Development Kit (VDDK) is installed. If the VDDK isn't installed, download VDDK
6.7 or 7.0 from VMware. Extract the downloaded zip file contents to the specified
location on the appliance, the default path is C:\Program Files\VMware\VMware
Virtual Disk Development Kit as indicated in the Installation instructions.
The Migration and modernization tool uses the VDDK to replicate servers during
migration to Azure.
You can rerun prerequisites at any time during appliance configuration to check whether
the appliance meets all the prerequisites.
Start continuous discovery
Complete the setup steps in the appliance configuration manager to prepare for and
start discovery.
2. In Step 2: Provide vCenter Server details, select Add discovery source to add the
IP address or FQDN of a vCenter Server. You can leave the port as the default (443)
or specify a custom port on which vCenter Server listens. Select the friendly name
for credentials you would like to map to the vCenter Server and select Save.
Select on Add more to save the previous details and add more vCenter Server
details. You can add up to 10 vCenter Servers per appliance.
3. The appliance attempts to validate the connection to the vCenter Server(s) added
by using the credentials mapped to each vCenter Server. It displays the validation
status with the vCenter Server(s) IP address or FQDN in the sources table.
4. You can revalidate the connectivity to vCenter Server(s) anytime before starting
discovery.
Provide server credentials
In Step 3: Provide server credentials to perform software inventory, agentless
dependency analysis, discovery of SQL Server instances and databases and discovery
of ASP.NET web apps in your VMware environment., you can provide multiple server
credentials. If you don't want to use any of these appliance features, you can skip this
step and proceed with vCenter Server discovery. You can change this option at any time.
If you want to use these features, provide server credentials by completing the following
steps. The appliance attempts to automatically map the credentials to the servers to
perform the discovery features.
A friendly name.
A username.
A password. Select Save.
If you choose to use domain credentials, you also must enter the FQDN for the
domain. The FQDN is required to validate the authenticity of the credentials with
the Active Directory instance in that domain.
4. Review the required permissions on the account for Step 3: Provide server
credentials to perform software inventory, agentless dependency analysis,
discovery of SQL Server instances and databases and discovery of ASP.NET web
apps.
5. To add multiple credentials at once, select Add more to save credentials, and add
more credentials. When you select Save or Add more, the appliance validates the
domain credentials with the domain's Active Directory instance for authentication.
Validation is made after each addition to avoid account lockouts as the appliance
iterates to map credentials to respective servers.
In the configuration manager, in the credentials table, see the Validation status for
domain credentials. Only domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the issue,
and select Revalidate credentials to reattempt validation of the credentials.
7 Note
Ensure that the following special characters are not passed in any credentials as
they are not supported for SSO passwords:
Start discovery
To start vCenter Server discovery, in Step 3: Provide server credentials to perform
software inventory, agentless dependency analysis, discovery of SQL Server instances
and databases and discovery of ASP.NET web apps in your VMware environment.,
select Start discovery. After the discovery is successfully initiated, you can check the
discovery status by looking at the vCenter Server IP address or FQDN in the sources
table.
Next steps
Review the tutorials for VMware assessment and tutorials for agentless migration.
Set up an appliance for servers on
Hyper-V
Article • 12/12/2022 • 11 minutes to read
Follow this article to set up the Azure Migrate appliance for discovery and assessment of
servers on Hyper-V with the Azure Migrate: Discovery and assessment tool.
After creating the appliance, you check that it can connect to Azure Migrate: Discovery
and assessment, configure it for the first time, and register it with the project.
7 Note
If you have already created a project, you can use the same project to register
additional appliances to discover and assess more no of servers.Learn more
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the VHD
Verify the latest hash value by comparing the outcome of above command to the value
documented here
1. Extract the zipped VHD file to a folder on the Hyper-V host that will host the
appliance. Three folders are extracted.
4. In Locate Folder, specify the folder containing the extracted VHD. Then click Next.
6. In Choose Import Type, click Copy the virtual machine (create a new unique ID).
Then click Next.
9. In Choose Network, specify the virtual switch that the server will use. The switch
needs internet connectivity to send data to Azure.
7 Note
If you set up the appliance using a PowerShell script instead of the downloaded
VHD, the first two steps in this procedure aren't relevant.
1. In Hyper-V Manager > Virtual Machines, right-click the server > Connect.
2. Provide the language, time zone, and password for the appliance.
3. Open a browser on any system that can connect to the appliance, and open the
URL of the appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the appliance desktop by clicking the app
shortcut.
In the configuration manager, select Set up prerequisites, and then complete these
steps:
1. Connectivity: The appliance checks that the server has internet access. If the server
uses a proxy:
Select Setup proxy to specify the proxy address (in the form
http://ProxyIPAddress or http://ProxyFQDN , where FQDN refers to a fully
qualified domain name) and listening port.
2. Time sync: Check that the time on the appliance is in sync with internet time for
discovery to work properly.
3. Install updates and register appliance: To run auto-update and register the
appliance, follow these steps:
7 Note
a. For the appliance to run auto-update, paste the project key that you copied
from the portal. If you don't have the key, go to Azure Migrate: Discovery and
assessment > Overview > Manage existing appliances. Select the appliance
name you provided when you generated the project key, and then copy the key
that's shown.
b. The appliance will verify the key and start the auto-update service, which
updates all the services on the appliance to their latest versions. When the auto-
update has run, you can select View appliance services to see the status and
versions of the services running on the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure
Login, select Copy code & Login to copy the device code (you must have a
device code to authenticate with Azure) and open an Azure Login prompt in a
new browser tab. Make sure you've disabled the pop-up blocker in the browser
to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your
Azure username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the
browser tab of the appliance configuration manager to display the device
code and Copy code & Login button.
e. After you successfully log in, return to the browser tab that displays the
appliance configuration manager. If the Azure user account that you used to log
in has the required permissions for the Azure resources that were created
during key generation, appliance registration starts.
You can rerun prerequisites at any time during appliance configuration to check whether
the appliance meets all the prerequisites.
2. If you want to add multiple credentials at once, click on Add more to save and add
more credentials. Multiple credentials are supported for the discovery of servers on
Hyper-V.
4. You can either Add single item at a time or Add multiple items in one go. There is
also an option to provide Hyper-V host/cluster details through Import CSV.
If you choose Add single item, you need to specify friendly name for
credentials and Hyper-V host/cluster IP address/FQDN and click on Save.
If you choose Add multiple items (selected by default), you can add multiple
records at once by specifying Hyper-V host/cluster IP address/FQDN with the
friendly name for credentials in the text box. Verify** the added records and
click on Save.
If you choose Import CSV, you can download a CSV template file, populate
the file with the Hyper-V host/cluster IP address/FQDN and friendly name for
credentials. You then import the file into the appliance, verify the records in
the file and click on Save.
5. On clicking Save, appliance will try validating the connection to the Hyper-V
hosts/clusters added and show the Validation status in the table against each
host/cluster.
For successfully validated hosts/clusters, you can view more details by
clicking on their IP address/FQDN.
If validation fails for a host, review the error by clicking on Validation failed in
the Status column of the table. Fix the issue, and validate again.
To remove hosts or clusters, click on Delete.
You can't remove a specific host from a cluster. You can only remove the
entire cluster.
You can add a cluster, even if there are issues with specific hosts in the
cluster.
6. You can revalidate the connectivity to hosts/clusters anytime before starting the
discovery.
If you want to use these features, provide server credentials by completing the following
steps. The appliance attempts to automatically map the credentials to the servers to
perform the discovery features.
A friendly name.
A username.
A password. Select Save.
If you choose to use domain credentials, you also must enter the FQDN for the
domain. The FQDN is required to validate the authenticity of the credentials with
the Active Directory instance in that domain.
5. To add multiple credentials at once, select Add more to save credentials, and then
add more credentials. When you select Save or Add more, the appliance validates
the domain credentials with the domain's Active Directory instance for
authentication. Validation is made after each addition to avoid account lockouts as
during discovery, the appliance iterates to map credentials to respective servers.
In the configuration manager, in the credentials table, see the Validation status for
domain credentials. Only domain credentials are validated.
If validation fails, you can select the Failed status to see the validation error. Fix the
issue, and then select Revalidate credentials to reattempt validation of the credentials.
Start discovery
Click on Start discovery, to kick off server discovery from the successfully validated
host(s)/cluster(s). After the discovery has been successfully initiated, you can check the
discovery status against each host/cluster in the table.
Next steps
Try out Hyper-V assessment with Azure Migrate: Discovery and assessment.
Additional resources
Documentation
Assess physical servers for migration to Azure with Azure Migrate - Azure Migrate
Describes how to assess on-premises physical servers for migration to Azure using Azure Migrate.
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and
assessment
Discover physical servers with Azure Migrate Discovery and assessment - Azure
Migrate
Learn how to discover on-premises physical servers with Azure Migrate Discovery and assessment.
Assess Hyper-V VMs for migration to Azure VMs with Azure Migrate - Azure Migrate
Learn how to assess Hyper-V VMs for migration to Azure VMs with Azure Migrate.
Show 5 more
Set up an appliance with a script
Article • 03/16/2023 • 5 minutes to read
Follow this article to deploy an Azure Migrate appliance using a PowerShell script for:
You can deploy the appliance for servers on VMware and on Hyper-V by either using a
script, or using a template (OVA/VHD) that you download from the Azure portal. Using a
script is useful if you're unable to create an appliance using the downloaded template.
Prerequisites
You can use the script to deploy the Azure Migrate appliance on an existing server in
your VMware or Hyper-V environment.
The server that hosts the appliance must meet the following hardware and OS
requirements:
Scenario Requirements
VMware Windows Server 2016, with 32 GB of memory, eight vCPUs, around 80 GB of disk
storage.
Hyper-V Windows Server 2016, with 16 GB of memory, eight vCPUs, around 80 GB of disk
storage.
The server also needs an external virtual switch. It requires a static or dynamic IP
address.
Before you deploy the appliance, review detailed appliance requirements for
VMware and Hyper-V.
If you run the script on a server with Azure Migrate appliance already set up, you
can choose to clean up the existing configuration and set up a fresh appliance of
the desired configuration. When you execute the script, you will get a notification
as shown below:
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
7 Note
The same script can be used to set up VMware appliance for either Azure public or
Azure Government cloud.
Make sure you don't run the script on a server with an existing Azure Migrate
appliance. Running the script on the Azure Migrate appliance will remove the
working configuration and replace it with newly defined configuration.
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover, assess and migrate servers running in your VMware
environment to an Azure Migrate project with default (public endpoint)
connectivity on Azure public cloud.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
Verify access
Make sure that the appliance can connect to Azure URLs for the public cloud.
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
7 Note
The same script can be used to set up Hyper-V appliance for either Azure public or
Azure Government cloud.
7 Note
Make sure you don't run the script on an existing Azure Migrate appliance. Running
the script on the Azure Migrate appliance will remove the working configuration
and replace it with newly defined configuration.
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover and assess servers running in your Hyper-V environment to
an Azure Migrate project with default (public endpoint) connectivity on Azure
public cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
Verify access
Make sure that the appliance can connect to Azure URLs for the public cloud.
Next steps
After deploying the appliance, you need to configure it for the first time, and register it
with project.
This article describes how to set up the Azure Migrate appliance if you're assessing
physical servers with the Azure Migrate: Discovery and assessment tool.
After creating the appliance, you check that it can connect to Azure Migrate: Discovery
and assessment, configure it for the first time, and register it with the project.
7 Note
If you have already created a project, you can use the same project to register
additional appliances to discover and assess more no of servers.Learn more
3. In 1:Generate project key, provide a name for the Azure Migrate appliance that
you will set up for discovery of physical or virtual servers. The name should be
alphanumeric with 14 characters or fewer.
4. Click on Generate key to start the creation of the required Azure resources. Do not
close the Discover servers page during the creation of resources.
5. After the successful creation of the Azure resources, a project key is generated.
6. Copy the key as you will need it to complete the registration of the appliance
during its configuration.
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
7 Note
The same script can be used to set up Physical appliance for either Azure public or
Azure Government cloud.
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover and assess physical servers (or servers running on other
clouds like AWS, GCP, Xen etc.) to an Azure Migrate project with default (public
endpoint) connectivity on Azure public cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
1. Open a browser on any machine that can connect to the appliance, and open the
URL of the appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the desktop by clicking the app shortcut.
1. Connectivity: The appliance checks that the server has internet access. If the server
uses a proxy:
Select Setup proxy to specify the proxy address (in the form
http://ProxyIPAddress or http://ProxyFQDN , where FQDN refers to a fully
qualified domain name) and listening port.
2. Time sync: Check that the time on the appliance is in sync with internet time for
discovery to work properly.
3. Install updates and register appliance: To run auto-update and register the
appliance, follow these steps:
7 Note
b. The appliance will verify the key and start the auto-update service, which
updates all the services on the appliance to their latest versions. When the auto-
update has run, you can select View appliance services to see the status and
versions of the services running on the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure
Login, select Copy code & Login to copy the device code (you must have a
device code to authenticate with Azure) and open an Azure Login prompt in a
new browser tab. Make sure you've disabled the pop-up blocker in the browser
to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your
Azure username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the
browser tab of the appliance configuration manager to display the device
code and Copy code & Login button.
e. After you successfully log in, return to the browser tab that displays the
appliance configuration manager. If the Azure user account that you used to log
in has the required permissions for the Azure resources that were created
during key generation, appliance registration starts.
After the appliance is successfully registered, to see the registration details,
select View details.
You can rerun prerequisites at any time during appliance configuration to check whether
the appliance meets all the prerequisites.
2. For Windows server, select the source type as Windows Server, specify a friendly
name for credentials, add the username and password. Click on Save.
3. If you are using password-based authentication for Linux server, select the source
type as Linux Server (Password-based), specify a friendly name for credentials,
add the username and password. Click on Save.
4. If you are using SSH key-based authentication for Linux server, you can select
source type as Linux Server (SSH key-based), specify a friendly name for
credentials, add the username, browse, and select the SSH private key file. Click on
Save.
7 Note
By default, the credentials will be used to gather data about the installed
applications, roles, and features, and also to collect dependency data from
Windows and Linux servers, unless you disable the slider to not perform these
features (as instructed in the last step).
6. In Step 2:Provide physical or virtual server details, click on Add discovery source
to specify the server IP address/FQDN and the friendly name for credentials to
connect to the server.
7. You can either Add single item at a time or Add multiple items in one go. There is
also an option to provide server details through Import CSV.
If you choose Add single item, you can choose the OS type, specify friendly
name for credentials, add server IP address/FQDN and click on Save.
If you choose Add multiple items, you can add multiple records at once by
specifying server IP address/FQDN with the friendly name for credentials in
the text box. Verify** the added records and click on Save.
If you choose Import CSV (selected by default), you can download a CSV
template file, populate the file with the server IP address/FQDN and friendly
name for credentials. You then import the file into the appliance, verify the
records in the file and click on Save.
8. On clicking Save, appliance will try validating the connection to the servers added
and show the Validation status in the table against each server.
If validation fails for a server, review the error by clicking on Validation failed
in the Status column of the table. Fix the issue, and validate again.
To remove a server, click on Delete.
9. You can revalidate the connectivity to servers anytime before starting the
discovery.
10. Before initiating discovery, you can choose to disable the slider to not perform
software inventory and agentless dependency analysis on the added servers. You
can change this option at any time.
11. To perform discovery of SQL Server instances and databases, you can add
additional credentials (Windows domain/non-domain, SQL authentication
credentials) and the appliance will attempt to automatically map the credentials to
the SQL servers. If you add domain credentials, the appliance will authenticate the
credentials against Active Directory of the domain to prevent any user accounts
from locking out. To check validation of the domain credentials, follow these steps:
In the configuration manager credentials table, see Validation status for domain
credentials. Only the domain credentials are validated.
If validation fails, you can select a Failed status to see the validation error. Fix the
issue, and then select Revalidate credentials to reattempt validation of the
credentials.
Start discovery
Click on Start discovery, to kick off discovery of the successfully validated servers. After
the discovery has been successfully initiated, you can check the discovery status against
each server in the table.
Next steps
Try out assessment of physical servers with Azure Migrate: Discovery and assessment.
Set up an appliance for Azure
Government cloud
Article • 03/16/2023 • 7 minutes to read
Follow this article to deploy an Azure Migrate appliance for Azure Government cloud to
perform:
If you want to set up an appliance in the public cloud, follow this article.
7 Note
The option to deploy an appliance using a template (for servers running in VMware
or Hyper-V environment) isn't supported in Azure Government. You need to use the
installer script only.
Prerequisites
You can use the script to deploy the Azure Migrate appliance on an existing physical or
a virtualized server.
The server that will act as the appliance must be running Windows Server 2016 and
meet other requirements for VMware, Hyper-V, and physical servers.
If you run the script on a server with Azure Migrate appliance already set up, you
can choose to clean up the existing configuration and set up a fresh appliance of
the desired configuration. When you execute the script, you will get a notification
as shown below:
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover, assess and migrate servers running in your VMware
environment to an Azure Migrate project with default (public endpoint)
connectivity on Azure Government cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
Verify access
Make sure that the appliance can connect to Azure URLs for government clouds.
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
4. Run the script named AzureMigrateInstaller.ps1 by running the following
command:
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover and assess servers running in your Hyper-V environment to
an Azure Migrate project with default (public endpoint) connectivity on Azure
Government cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
Verify access
Make sure that the appliance can connect to Azure URLs for government clouds.
Verify security
Check that the zipped file is secure, before you deploy it.
1. On the server to which you downloaded the file, open an administrator command
window.
2. Run the following command to generate the hash for the zipped file:
Latest CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49CDC
version
7 Note
The same script can be used to set up Physical appliance for Azure Government
cloud with either public or private endpoint connectivity.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud and connectivity options to deploy an appliance
with the desired configuration. For instance, the selection shown below sets up an
appliance to discover and assess physical servers (or servers running on other
clouds like AWS, GCP, Xen etc.) to an Azure Migrate project with default (public
endpoint) connectivity on Azure Government cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
Verify access
Make sure that the appliance can connect to Azure URLs for government clouds.
Next steps
After deploying the appliance, you need to configure it for the first time, and register it
with the project.
This article describes how to limit the scope of discovery for servers in VMware vSphere
environment when you are:
Discovering servers with the Azure Migrate appliance when you're using the Azure
Migrate: Discovery and assessment tool.
Discovering servers with the Azure Migrate appliance when you're using the
Migration and modernization tool, for agentless migration of servers from VMware
vSphere environment to Azure.
When you set up the appliance, it connects to vCenter Server and starts discovery.
Before you connect the appliance to vCenter Server, you can limit discovery to vCenter
Server datacenters, clusters, a folder of clusters, hosts, a folder of hosts, or individual
servers. To set the scope, you assign permissions on the account that the appliance uses
to access the vCenter Server.
On the account used by the appliance, assign a role with the required permissions
on the objects you want to scope.
Alternatively, assign a role to the account at the data center level, and propagate
to the child objects. Then give the account a No access role, for every object that
you don't want in scope. We don't recommend this approach since it's
cumbersome, and might expose access controls, because every new child object is
automatically granted access inherited from the parent.
You can't scope inventory discovery at the vCenter Server folder level. If you need to
scope discover to servers in a folder, create a user and grant access individually to each
required server. Host and cluster folders are supported.
Assign a role for assessment
1. On the appliance vCenter Server account you're using for discovery, apply the
Read-only role for all parent objects that host servers you want to discover and
assess (host, cluster, hosts folder, clusters folder, up to datacenter).
The role-based access control setup ensures that the corresponding vCenter user
account has access to only tenant-specific servers.
Next steps
Set up the appliance
Provide server credentials to discover
software inventory, dependencies, web
apps, and SQL Server instances and
databases
Article • 04/13/2023
Follow this article to learn how to add multiple server credentials on the appliance
configuration manager to perform software inventory (discover installed applications),
agentless dependency analysis, and discover web apps, SQL Server instances and
databases.
7 Note
Currently, the discovery of ASP.NET web apps is only available in the appliance
used for discovery and assessment of servers running in a VMware environment.
If you want to use these features, you can provide server credentials by following the
steps below. For servers running on vCenter Server(s) and Hyper-V host(s)/cluster(s), the
appliance will attempt to automatically map the credentials to the servers to perform
the discovery features.
The types of server credentials supported are listed in the table below:
Type of Description
credentials
Domain You can add Domain credentials by selecting the option from the drop-down
credentials in the Add credentials modal.
To provide domain credentials, you need to specify the Domain name which
must be provided in the FQDN format (for example, prod.corp.contoso.com).
You also need to specify a friendly name for credentials, username, and
password. It's recommended to provide the credentials in the UPN format, for
example, user1@contoso.com.
To validate the domain credentials with the domain controller, the appliance
should be able to resolve the domain name. Ensure that you've provided the
correct domain name while adding the credentials else the validation will fail.
The appliance won't attempt to map the domain credentials that have failed
validation. You need to have at least one successfully validated domain
credential or at least one non-domain credential to start the discovery.
SQL Server You can add SQL Server Authentication credentials by selecting the option
Authentication from the drop-down in the Add credentials modal.
credentials
You need to specify a friendly name for credentials, username, and password.
You can add this type of credentials to discover SQL Server instances and
databases running in your VMware environment, if you've configured SQL
Server authentication mode on your SQL Servers.
Learn more about the types of authentication modes supported on SQL
Servers.
Required permissions
The table below lists the permissions required on the server credentials provided on the
appliance to perform the respective features:
Agentless Domain or non- Sudo user account with permissions to execute ls and
dependency domain (local) netstat commands. If you are providing a sudo user
analysis account with account, ensure that you have enabled NOPASSWD for
administrative the account to run the required commands without
permissions prompting for a password every time the sudo command
is invoked.
Next steps
Review the tutorials for discovery of servers running in your VMware environment or
Hyper-V environment or for discovery of physical servers.
Discover installed software inventory,
web apps, and SQL Server instances and
databases
Article • 04/06/2023 • 4 minutes to read
This article describes how to discover installed software inventory, web apps, and SQL
Server instances and databases on servers running in your on-premises environment,
using the Azure Migrate: Discovery and assessment tool.
Performing software inventory helps identify and tailor a migration path to Azure for
your workloads. Software inventory uses the Azure Migrate appliance to perform
discovery, using server credentials. It's completely agentless - no agents are installed on
the servers to collect this data.
Review the requirements based on your environment and the appliance you're
setting up to perform software inventory:
Environment Requirements
After the server discovery is complete, appliance initiates the discovery of installed
applications, roles, and features (software inventory) on the servers. The duration
depends on the number of discovered servers. For 500 servers, it takes approximately
one hour for the discovered inventory to appear in the Azure Migrate portal. After the
initial discovery is complete, software inventory data is collected and sent to Azure once
every 24 hours.Review the data collected by appliance during software inventory.
1. In Azure Migrate - Servers, databases and web apps > Azure Migrate: Discovery
and assessment, select the displayed count to open the Discovered servers page.
7 Note
At this stage you can optionally also enable dependency analysis for the
discovered servers, so that you can visualize dependencies across servers you
want to assess. Learn more about dependency analysis.
2. In Software inventory column, select the displayed count to review the discovered
applications, roles, and features.
The software inventory is exported and downloaded in Excel format. The Software
Inventory sheet displays all the apps discovered across all the servers.
7 Note
Appliance can connect to only those SQL Server instances to which it has
network line of sight, whereas software inventory by itself may not need
network line of sight.
The sign-in used to connect to a source SQL Server instance requires sysadmin role.
Once connected, the appliance gathers configuration and performance data of SQL
Server instances and databases. The SQL Server configuration data is updated once
every 24 hours and the performance data is captured every 30 seconds. Hence, any
change to the properties of the SQL Server instance and databases such as database
status, compatibility level etc. can take up to 24 hours to update on the portal.
7 Note
Currently the discovery of ASP.NET web apps is only available with appliance used
for discovery of servers running in your VMware environment.
Next steps
Create an assessment for discovered servers.
Assess web apps for migration to Azure App Service.
Discover web apps and SQL Server
instances in an existing project
Article • 04/13/2023
This article describes how to discover web apps and SQL Server instances and databases
in an Azure Migrate project that was created before the preview of Azure SQL
assessment feature and/or before the preview of Azure App Service assessment feature.
Discovering web apps and SQL Server instances and databases running on on-premises
machines helps identify and tailor a migration path to Azure. The Azure Migrate
appliance performs this discovery using the Windows OS domain or non-domain
credentials or SQL Server authentication credentials that have access to the SQL Server
instances and databases running on the targeted servers. This discovery process is
agentless that is, nothing is installed on the target servers.
7 Note
Though the procedure described in this article is for VMware, the processes are
similar for Microsoft Hyper-V and Physical environments. Discovery and assessment
for SQL Server instances and databases is available across the Microsoft Hyper-V
and Physical environments.
Enable discovery of web apps and SQL Server
instances and databases
1. In your Azure Migrate project, either
Select Not enabled on any entry in the Server discovery page under SQL
instances or Web apps column
2. To discover web apps and SQL Server instances and databases follow the steps
entailed:
Select Upgrade, to create the required resource.
Validate that the services running on the appliance are updated to the latest
versions. To do so, launch the Appliance configuration manager from your
appliance server and select view appliance services from the Setup
prerequisites panel.
Appliance and its components are automatically updated
In the manage credentials and discovery sources panel of the Appliance
configuration manager, add Domain or SQL Server Authentication credentials
that have Sysadmin access on the SQL Server instance and databases to be
discovered or have these permissions for each SQL Server instance.
Web apps discovery works with both domain and non-domain Windows OS
credentials as long as the account used has local admin privileges on servers.
You can leverage the automatic credential-mapping feature of the appliance,
as highlighted here.
3. Once the desired credentials are added, select Start Discovery, to begin the scan.
7 Note
Allow web apps and SQL discovery to run for sometime before creating
assessments for Azure App Service or Azure SQL. If the discovery of web apps and
SQL Server instances and databases is not allowed to complete, the respective
instances are marked as Unknown in the assessment report.
Next steps
Learn how to create an Azure SQL assessment.
Learn more about Azure SQL assessments.
Learn how to create an Azure App Service assessment.
Learn more about Azure App Service assessments.
Set up dependency visualization
Article • 03/10/2023 • 7 minutes to read
This article describes how to set up agent-based dependency analysis in Azure Migrate:
Discovery and assessment. Dependency analysis helps you to identify and understand
dependencies across servers you want to assess and migrate to Azure.
Associate a workspace
1. After you've discovered servers for assessment, in Servers > Azure Migrate:
Discovery and assessment, click Overview.
You can select an existing workspace from all the workspaces in the project
subscription.
You need Reader access to the workspace to associate it.
7 Note
Learn how to configure the OMS workspace for private endpoint connectivity.
Download and install the VM agents
On each server you want to analyze, install the agents.
7 Note
For servers monitored by System Center Operations Manager 2012 R2 or later, you
don't need to install the MMA agent. Service Map integrates with Operations
Manager. Follow integration guidance.
3. For each server you want to analyze with dependency visualization, in the
Dependencies column, click Requires agent installation.
4. In the Dependencies page, download the MMA and Dependency agent for
Windows or Linux.
5. Under Configure MMA agent, copy the workspace ID and key. You need these
when you install the MMA agent.
Install the MMA
Install the MMA on each Windows or Linux server you want to analyze.
You can install the agent from the command line or using an automated method such as
Configuration Manager or Intigua.
Learn more about using these methods to install the MMA agent.
The MMA agent can also be installed using this script .
Learn more about the Windows operating systems supported by MMA.
Learn more about the list of Linux operating systems support by MMA.
2. To install the Dependency agent on a Linux server, install as root using the
following command:
sh InstallDependencyAgent-Linux64.bin
Learn more about how you can use scripts to install the Dependency agent.
Learn more about the operating systems supported by the Dependency agent.
7 Note
Groups for which you want to visualize dependencies shouldn't contain more than
10 servers. If you have more than 10 servers, split them into smaller groups.
2. In the Dependencies column, click View dependencies for each server you want to
review.
Inbound (clients) and outbound (servers) TCP connections, to and from the
server.
Dependent servers that don't have the dependency agents installed are
grouped by port numbers.
Dependent servers with dependency agents installed are shown as separate
boxes.
Processes running inside the server. Expand each server box to view the
processes.
Server properties (including FQDN, operating system, MAC address). Click on
each server box to view the details.
4. You can look at dependencies for different time durations by clicking on the time
duration in the time range label.
5. After you've identified the dependent servers that you want to group together, use
Ctrl+Click to select multiple servers on the map, and click Group machines.
8. If you want to create an assessment for this group, select the checkbox to create a
new assessment for the group.
After creating the group, we recommend that you install agents on all the servers in the
group, and then visualize dependencies for the entire group.
Sample queries
Here are a few sample queries that you can use to extract dependency data.
You can modify the queries to extract your preferred data points.
Review a complete list of dependency data records.
Review additional sample queries.
The records in the table for connection metrics (VMConnection) don't represent
individual physical network connections.
Multiple physical network connections are grouped into a logical connection.
Learn more about how physical network connection data is aggregated in
VMConnection.
Next steps
Create an assessment for a group.
Additional resources
Documentation
Set the scope for discovery of servers on VMware vSphere with Azure Migrate - Azure
Migrate
Describes how to set the discovery scope for servers hosted on VMware vSphere assessment and
migration with Azure Migrate.
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and
assessment
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Show 5 more
Analyze server dependencies (agentless)
Article • 12/12/2022 • 9 minutes to read
This article describes how to set up agentless dependency analysis using Azure Migrate:
Discovery and assessment tool. Dependency analysis helps you to identify and
understand dependencies across servers for assessment and migration to Azure.
Current limitations
In the dependency analysis view, you currently cannot add or remove a server from
a group.
A dependency map for a group of servers isn't currently available.
In an Azure Migrate project, you can enable dependency data collection
concurrently for 1000 servers per appliance.
You can analyze more than 1000 servers per project either by enabling
dependency analysis concurrently on servers discovered by multiple appliances or
by sequencing in batches of 1000 for servers discovered from one appliance.
Review the requirements based on your environment and the appliance you are
setting up to perform software inventory:
Environment Requirements
Review the Azure URLs that the appliance will need to access in the public and
government clouds.
After the server discovery is complete, appliance initiates the discovery of installed
applications, roles and features (software inventory) on the servers. During software
inventory, the discovered servers are validated to check if they meet the prerequisites
and can be enabled for agentless dependency analysis.
7 Note
You can enable agentless dependency analysis for discovered servers from Azure
Migrate project. Only the servers where the validation succeeds can be selected to
enable agentless dependency analysis.
After servers have been enabled for agentless dependency analysis from portal,
appliance gathers the dependency data every 5 mins from the server and sends an
aggregated data point every 6 hours to Azure. Review the data collected by appliance
during agentless dependency analysis.
You can visualize dependencies around six hours after enabling dependency analysis on
servers. If you want to simultaneously enable multiple servers for dependency analysis,
you can use PowerShell to do so.
Visualize dependencies
1. In Azure Migrate: Discovery and assessment, click Discovered servers.
5. Change the time period for which you want to view the map using the Time
duration dropdown.
6. Expand the Client group to list the servers with a dependency on the selected
server.
7. Expand the Port group to list the servers that have a dependency from the
selected server.
8. To navigate to the map view of any of the dependent servers, click on the server
name > Load server map
9. Expand the selected server to view process-level details for each dependency.
7 Note
Process information for a dependency is not always available. If it's not available,
the dependency is depicted with the process marked as "Unknown process".
Dependency information
Each row in the exported CSV corresponds to a dependency observed in the specified
time slot.
The following table summarizes the fields in the exported CSV. Note that server name,
application and process fields are populated only for servers that have agentless
dependency analysis enabled.
If you want to stop dependency simultaneously on multiple servers, you can use
PowerShell to do so.
Log in to Azure
1. Log into your Azure subscription using the Connect-AzAccount cmdlet.
PowerShell
Connect-AzAccount
PowerShell
Connect-AzAccount -EnvironmentName AzureUSGovernment
PowerShell
PowerShell
Import-Module .\AzMig_Dependencies.psm1
PowerShell
In the file, you can see the server display name, current status of dependency
collection and the ARM ID of all discovered servers.
2. To enable or disable dependencies, create an input CSV file. The file is required to
have a column with header "ARM ID". Any additional headers in the CSV file will be
ignored. You can create the CSV using the file generated in the previous step.
Create a copy of the file retaining the servers you want to enable or disable
dependencies on.
PowerShell
Set-AzMigDependencyMappingAgentless -InputCsvFile
.\FabrikamDemo_VMs_Enable.csv -Enable
In the following example, dependency analysis is being disabled on the list of
servers in the input file FabrikamDemo_VMs_Disable.csv.
PowerShell
Set-AzMigDependencyMappingAgentless -InputCsvFile
.\FabrikamDemo_VMs_Disable.csv -Disable
1. Download the PowerShell module and the Power BI template from Azure
PowerShell Samples repo on GitHub.
PowerShell
Connect-AzAccount
PowerShell
PowerShell
PowerShell
Import-Module .\AzMig_Dependencies.psm1
4. Run the following command. This command downloads the dependencies data in
a CSV and processes it to generate a list of unique dependencies that can be used
for visualization in Power BI. In the example below the project name is
FabrikamDemoProject, and the resource group it belongs to is FabrikamDemoRG.
The dependencies will be downloaded for servers discovered by
FabrikamAppliance. The unique dependencies will be saved in
FabrikamDemo_Dependencies.csv
PowerShell
The Network Connections chart and the Source server name, Destination server
name, Source process name, Destination process name slicers should light up with
the imported data.
7. Visualize the map of network connections filtering by servers and processes. Save
your file.
Next steps
Group servers for assessment.
Additional resources
Documentation
Discover and assess using Azure Private Link - Azure Migrate
Create an Azure Migrate project, set up the Azure Migrate appliance, and use it to discover and
assess servers for migration.
Set up an Azure Migrate scale-out appliance for agentless VMware migration - Azure
Migrate
Learn how to set up an Azure Migrate scale-out appliance to migrate Hyper-V VMs.
Show 5 more
Build a business case (preview)
Article • 04/28/2023
This article describes how to build a Business case for on-premises servers and
workloads in your datacenter with Azure Migrate: Discovery and assessment tool.
Azure Migrate helps you to plan and execute migration and modernization projects to
Azure. Azure Migrate provides a centralized hub to track discovery, assessment, and
migration of on-premises infrastructure, applications, and data to Azure. The hub
provides Azure tools for assessment and migration, and third-party independent
software vendor (ISV) offerings.
Prerequisites
Make sure you've created an Azure Migrate project. You can also reuse an existing
project to use this capability.
Once you've created a project, the Azure Migrate: Discovery and assessment tool is
automatically added to the project.
Before you build the Business case, you need to first discover your IT estate. You
can choose one of the two discovery sources based on your use case:
Use more You need to set up an Azure Migrate appliance for Azure recommended
accurate VMware or Hyper-V or Physical/Bare-metal or other to minimize cost,
data clouds. The appliance discovers servers, SQL Server Migrate to all IaaS
insights instance and databases, and ASP.NET webapps and (Infrastructure as a
collected sends metadata and performance (resource Service), Modernize
via Azure utilization) data to Azure Migrate. Learn more. to PaaS (Platform as a
Migrate Service)
appliance
Discovery Details Migration strategies
Source that can be used to
build a business case
Build a You need to provide the server inventory in a .CSV file Migrate to all IaaS
quick and import in Azure Migrate to get a quick business (Infrastructure as a
business case based on the provided inputs. You don't need to Service)
case using set up the Azure Migrate appliance to discover
the servers for this option.
servers
imported
via a .csv
file
Helps remove guess work in your cost planning process and adds data insights
driven calculations.
It can be generated in just a few clicks after you have performed discovery using
the Azure Migrate appliance.
The feature is automatically enabled for existing Azure Migrate projects.
There are three types of migration strategies that you can choose while building your
Business case:
Azure You can get the most cost efficient For SQL Servers, sizing and cost comes
recommended and compatible target from the Recommended report with
to minimize recommendation in Azure across optimization strategy - minimize cost
cost Azure IaaS and Azure PaaS targets. from Azure SQL assessment.
Migrate to all You can get a quick lift and shift For SQL Servers, sizing and cost comes
IaaS recommendation to Azure IaaS. from the Instance to SQL Server on Azure
(Infrastructure VM report.
as a Service)
For general servers and servers hosting
web apps, sizing and cost comes from
Azure VM assessment.
Modernize to You can get a PaaS preferred For SQL Servers, sizing and cost comes
PaaS recommendation that means, the from the Instance to Azure SQL MI report.
(Platform as a logic identifies workloads best fit for
Service) PaaS targets. For web apps, sizing and cost comes
from Azure App Service assessment.
General servers are recommended
with a quick lift and shift For general servers, sizing and cost
recommendation to Azure IaaS. comes from Azure VM assessment.
7 Note
We recommend that you wait at least a day after starting discovery before you
build a Business case so that enough performance/resource utilization data points
are collected. Also, review the Notifications/Resolve issues blades on the Azure
Migrate hub to identify any discovery related issues prior to Business case
computation. It ensures that the IT estate in your datacenter is represented more
accurately and the Business case recommendations are more valuable.
3. In Business case name, specify a name for the Business case. Make sure the
Business case name is unique within a project, else the previous Business case with
the same name gets recomputed.
4. In Target location, specify the Azure region to which you want to migrate.
Azure SKU size and cost recommendations are based on the location that you
specify.
5. In Discovery source, specify the discovery source on which you wish to create the
business case. The options to build the business case using data discovered via the
appliance or imported via a .csv file is present based on the type of discovered
servers present in your project. The discovery source will be defaulted to the
option chosen by you while building the business case and you won't be able to
update this field later.
6. In Migration strategy, specify the migration strategy for your Business case:
With the default Azure recommended approach to minimize cost, you can get
the most cost-efficient and compatible target recommendation in Azure
across Azure IaaS and Azure PaaS targets.
With Migrate to all IaaS (Infrastructure as a Service), you can get a quick lift
and shift recommendation to Azure IaaS.
With Modernize to PaaS (Platform as a Service), you can get cost effective
recommendations for Azure IaaS and more PaaS preferred targets in Azure
PaaS.
7. In Savings options, specify the savings options combination that you want to be
considered while optimizing your Azure costs and maximize savings. Based on the
availability of the savings option in the chosen region and the targets, the business
case recommends the appropriate savings options to maximize your savings on
Azure.
8. In Discount (%) on Pay as you go, add any subscription-specific discounts you
receive on top of the Azure offer. The default setting is 0%. The discount isn't
applicable on top of reserved instance savings option.
10. Review the chosen inputs, and select Build business case.
11. You're directed to the newly created Business case with a banner that says that
your Business case is computing. The computation might take some time,
depending on the number of servers and workloads in the project. You can come
back to the Business case page after ~30 minutes and select Refresh.
Next steps
Learn more about how to review the Business case reports.
View a business case (preview)
Article • 04/25/2023
This article describes how to review the business case reports for on-premises servers
and workloads in your datacenter with Azure Migrate: Discovery and assessment tool.
Azure Migrate helps you to plan and execute migration and modernization projects to
Azure. Azure Migrate provides a centralized hub to track discovery, assessment, and
migration of on-premises infrastructure, applications, and data to Azure. The hub
provides Azure tools for assessment and migration, as well as third-party Independent
Software Vendor (ISV) offerings.
Prerequisites
Build a business case if you have not built one already.
Overview: This report is an executive summary of the business case and covers:
Potential savings (TCO).
Estimated year on year cashflow savings based on the estimated migration
completed that year.
Savings from unique Azure benefits like Azure Hybrid Benefit.
Discovery insights covering the scope of the business case.
On-premises vs Azure: This report covers the breakdown of the total cost of
ownership by cost categories and insights on savings.
Azure IaaS: This report covers the Azure and on-premises footprint of the servers
and workloads recommended for migrating to Azure IaaS.
Azure PaaS: This report covers the Azure and on-premises footprint of the
workloads recommended for migrating to Azure PaaS.
2. In Business Case, select a business case to open it. As an example (estimations and
costs, for example, only):
Overview report
Potential savings
This card covers your potential total cost of ownership savings based on the chosen
migration strategy. It includes one year savings from compute, storage, network, labor,
and facilities cost (based on assumptions) to help you envision how Azure benefits can
turn into cost savings. You can see the insights of different cost categories in the On-
premises vs Azure report.
Current state cost shows how your net cashflow will be on-premises, given your
infrastructure is growing 5% per year.
The future state cost shows how your net cashflow will be as you migrate some
percentage to Azure per year as in the 'Azure cost' assumptions, while your
infrastructure is growing 5% per year.
Discovery insights
It covers the total severs scoped in the business case computation, virtualization
distribution, utilization insights and distribution of servers based on workloads running
on them.
Utilization insights
It covers which servers are ideal for cloud, servers that can be decommissioned on-
premises, and servers that can't be classified based on resource utilization/performance
data:
Ideal for cloud: These servers are best fit for migrating to Azure and comprises of
active and idle servers:
Active servers: These servers delivered business value by being on and had their
CPU and memory utilization above 5% and network utilization above 2%.
Idle servers: These servers were on but didn't deliver business value by having
their CPU and memory utilization below 5% and network utilization below 2%.
Decommission: These servers were expected to deliver business value, but didn't
and can be decommissioned on-premises and recommended to not migrate to
Azure:
Zombie: The CPU, memory and network utilization were 0% with no
performance data collection issues.
These servers were on but don't have adequate metrics available:
Unknown: Many servers can land in this section if the discovery is still ongoing
or has some unaddressed discovery issues.
This section contains the cost estimate by recommended target (Annual cost and also
includes Compute, Storage, Network, labor components) and savings from Hybrid
benefits.
Azure VM:
Estimated cost by savings options: This card includes compute cost for Azure
VMs. It is recommended that all idle servers are migrated via Pay as you go
Dev/Test and others (Active and unknown) are migrated using 3 year Reserved
Instance or 3 year Azure Savings Plan to maximize savings.
Recommended VM family: This card covers the VM sizes recommended. The
ones marked Unknown are the VMs that have some readiness issues and no
SKUs could be found for them.
Recommended storage type: This card covers the storage cost distribution
across different recommended storage types.
SQL Server on Azure VM: This section assumes instance to SQL Server on Azure
VM migration recommendation, and the number of VMs here are the number of
instances recommended to be migrated as SQL Server on Azure VM:
Estimated cost by savings options: This card includes compute cost for SQL
Server on Azure VMs. It is recommended that all idle servers are migrated via
Pay as you go Dev/Test and others (Active and unknown) are migrated using 3
year Reserved Instance or 3 year Azure Savings Plan to maximize savings.
Recommended VM family: This card covers the VM sizes recommended. The
ones marked Unknown are the VMs that have some readiness issues and no
SKUs could be found for them.
Recommended storage type: This card covers the storage cost distribution
across different recommended storage types.
On-premises tab
This section contains the cost estimate by recommended target (Annual cost and also
includes Compute, Storage, Network, labor components) and savings from Hybrid
benefits.
Azure SQL:
Estimated cost by savings options: This card includes compute cost for Azure
SQL MI. It is recommended that all idle SQL instances are migrated via Pay as
you go Dev/Test and others (Active and unknown) are migrated using 3 year
Reserved Instance to maximize savings.
Distribution by recommended service tier : This card covers the recommended
service tier.
Azure App Service:
Estimated cost by savings options: This card includes Azure App Service Plans
cost. It is recommended that the web apps are migrated using 3 year Reserved
Instance or 3 year Savings Plan to maximize savings.
Distribution by recommended plans : This card covers the recommended App
Service plan.
On-premises tab
Next steps
Learn more about how business cases are calculated.
Add assessment tools
Article • 11/21/2022 • 2 minutes to read
If you want to add an assessment tool and you don't yet have an Azure Migrate
project, follow this article.
If you've added an ISV tool, or Movere, for assessment, follow the steps, to prepare
to work with the tool.
If you created an Azure Migrate project using the Assess and migrate servers
option in the portal, the Azure Migrate Discovery and assessment tool is
automatically added to the project. To add additional assessment tools, in
Windows, Linux and SQL Server, next to Assessment tools, select Add more
tools.
If you created a project using a different option, and don't yet have any
assessment tools, in Windows, Linux and SQL Server > Assessment tools,
select Click here.
2. In Azure Migrate > Add tools, select the tools you want to add. Then select Add
tool.
Select a database assessment tool
1. Add a tool:
If you created an Azure Migrate project using the Assess and migrate
database option in the portal, the Database Assessment tool is automatically
added to the project. To add additional assessment tools, in Databases, next
to Assessment tools, select Add more tools.
If you created a project using a different option, and don't yet have any
database assessment tools, in Databases > Assessment tools, select Click
here.
2. In Azure Migrate > Add tools, select the tools you want to add. Then select Add
tool.
Select a web app assessment tool
If you created an Azure Migrate project using the Explore more > WebApps option in
the portal, the Web App Assessment tool is automatically added to the project.
1. If the Web App Assessment tool isn't in the project, in Web Apps > Assessment
tools, select Click here.
2. In Azure Migrate > Add tools, select the Web app assessment tool. Then select
Add tool.
Next steps
Discover on-premises servers for assessment using Azure Migrate Discovery and
assessment tool for VMware, Hyper-V, or physical servers
Create a group for assessment
Article • 11/21/2022 • 3 minutes to read
This article describes how to create groups of servers for assessment with Azure
Migrate: Discovery and assessment.
Azure Migrate helps you to migrate to Azure. Azure Migrate provides a centralized hub
to track discovery, assessment, and migration of on-premises infrastructure,
applications, and data to Azure. The hub provides Azure tools for assessment and
migration, as well as third-party independent software vendor (ISV) offerings.
Grouping servers
You gather servers into groups to assess whether they're suitable for migration to Azure,
and to get Azure sizing and cost estimations for them. There are a couple of ways to
create groups:
If you know the servers that need be migrated together, you can manually create
the group in Azure Migrate.
If you are not sure about the servers that need to be grouped together, you can
use the dependency visualization functionality in Azure Migrate to create groups.
7 Note
1. In the Azure Migrate project > Overview, click Assess and migrate servers. In
Azure Migrate: Discovery and assessment, click Groups
If you haven't yet added the Azure Migrate: Discovery and assessment tool,
click to add it. Learn more.
If you haven't yet created an Azure Migrate project, learn more.
2. Click the Group icon.
3. In Create group, specify a group name, and in Appliance name, select the Azure
Migrate appliance you're using for server discovery.
4. From the server list, select the servers you want to add to the group > Create.
You can now use this group when you create an Azure VM assessment or an Azure
VMware Solution (AVS) assessment or an Azure SQL assessment or an Azure App Service
assessment.
If you've already set up dependency mapping, and want to refine an existing group, do
the following:
1. In the Servers tab, in Azure Migrate: Discovery and assessment tile, click Groups.
If you've already set up dependency mapping, on the group page, click View
dependencies to open the group dependency map.
3. After clicking View dependencies, the group dependency map shows the
following:
Inbound (clients) and outbound (servers) TCP connections to and from all
servers in the group that have the dependency agents installed.
Dependent servers that don't have the dependency agents installed are
grouped by port numbers.
Dependent servers with dependency agents installed are shown as separate
boxes.
Processes running inside the server. Expand each server box to view the
processes.
Server properties (including FQDN, operating system, MAC address). Click on
each server box to view the details.
4. To view dependencies in a time interval of your choice, modify the time range (an
hour by default) by specifying start and end dates, or the duration.
7 Note
Time range can be up to an hour. If you need a longer range, use Azure
Monitor to query dependent data for a longer period.
5. After you've identified the dependencies you would like to add to or remove from
the group, you can modify the group. Use Ctrl+Click to add or remove servers
from the group.
Next steps
Learn how to set up and use dependency mapping to create high confidence groups.
Create an Azure VM assessment
Article • 01/06/2023 • 7 minutes to read
This article describes how to create an Azure VM assessment for on-premises servers in
your VMware, Hyper-V or physical/other cloud environments with Azure Migrate:
Discovery and assessment.
Azure Migrate helps you to migrate to Azure. Azure Migrate provides a centralized hub
to track discovery, assessment, and migration of on-premises infrastructure,
applications, and data to Azure. The hub provides Azure tools for assessment and
migration, as well as third-party Independent Software Vendor (ISV) offerings.
Run an assessment
Run an assessment as follows:
1. On the Get started page > Servers, databases and web apps, select Discover,
assess and migrate.
2. In Azure Migrate: Discovery and assessment, select Assess and select Azure VM.
3. The Create assessment wizard appears with Azure VM as the Assessment type.
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
5. Select Edit to review the assessment properties.
In Target location, specify the Azure region to which you want to migrate.
Size and cost recommendations are based on the location that you specify.
Once you change the target location from default, you'll be prompted to
specify Reserved Instances and VM series.
In Azure Government, you can target assessments in these regions.
In Storage type,
If you want to use performance-based data in the assessment, select
Automatic for Azure Migrate to recommend a storage type, based on disk
IOPS and throughput.
Alternatively, select the storage type you want to use for VM when you
migrate it.
In Savings options (compute), specify the savings option that you want the
assessment to consider to help optimize your Azure compute cost. - Azure
reservations (1 year or 3 year reserved) are a good option for the most consistently
running resources. - Azure Savings Plan (1 year or 3 year savings plan) provide
additional flexibility and automated cost optimization. Ideally post migration, you
could use Azure reservation and savings plan at the same time (reservation will be
consumed first), but in the Azure Migrate assessments, you can only see cost
estimates of 1 savings option at a time. - When you select 'None', the Azure
compute cost is based on the Pay as you go rate or based on actual usage. - You
need to select pay-as-you-go in offer/licensing program to be able to use
Reserved Instances or Azure Savings Plan. When you select any savings option
other than 'None', the 'Discount (%)' and 'VM uptime' properties are not
applicable.
1. In VM Size:
In Comfort factor, indicate the buffer you want to use during assessment.
This accounts for issues like seasonal usage, short performance history, and
likely increases in future usage. For example, if you use a comfort factor of
two:
Cores 2 4
Memory 8 GB 16 GB
2. In Pricing:
5. In Select servers to assess > Assessment name > specify a name for the
assessment.
6. In Select or create a group > select Create New and specify a group name.
7. Select the appliance, and select the VMs you want to add to the group. Then select
Next.
8. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
9. After the assessment is created, view it in Servers, databases and web apps >
Azure Migrate: Discovery and assessment > Assessments.
10. Select the name of the assessment that you want to view.
Ready: Azure Migrate recommends a VM size and cost estimates for VMs in
the assessment.
Ready with conditions: Shows issues and suggested remediation.
Not ready: Shows issues and suggested remediation.
Readiness unknown: Used when Azure Migrate can't assess readiness, due to
data availability issues.
3. Select an Azure readiness status. You can view server readiness details and drill
down to see server details, including compute, storage, and network settings.
1. Review the monthly compute and storage costs. Costs are aggregated for all
servers in the assessed group.
Cost estimates are based on the size recommendations for a server, and its
disks and properties.
Estimated monthly costs for compute and storage are shown.
The cost estimation is for running the on-premises servers as IaaS VMs. Azure
VM assessment doesn't consider PaaS or SaaS costs.
2. You can review monthly storage cost estimates. This view shows aggregated
storage costs for the assessed group, split over different types of storage disks.
0%-20% 1 Star
21%-40% 2 Star
41%-60% 3 Star
61%-80% 4 Star
81%-100% 5 Star
Next steps
Learn how to use dependency mapping to create high confidence groups.
Learn more about how assessments are calculated.
Create an Azure SQL assessment
Article • 03/14/2023 • 15 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered SQL instances in preparation for migration to Azure
SQL, using the Azure Migrate: Discovery and assessment tool.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Assess and
migrate servers.
2. In Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure SQL.
3. In Assess servers, the assessment type is pre-selected as Azure SQL and the
discovery source is defaulted to Servers discovered from Azure Migrate
appliance.
5. In Assessment settings, set the necessary values or retain the default values:
Section Setting Details
Target and Target location The Azure region to which you want to migrate. Azure SQL
pricing configuration and cost recommendations are based on the
settings location that you specify.
Target and Environment The environment for the SQL deployments to apply pricing
pricing type applicable to Production or Dev/Test.
settings
Target and Offer/Licensing The Azure offer if you're enrolled. Currently, the field is
pricing program Pay-as-you-go by default, which gives you retail Azure
settings prices.
Target and Savings Specify the reserved capacity savings option that you want
pricing options - Azure the assessment to consider to help optimize your Azure
settings SQL MI and DB compute cost.
(PaaS)
Azure reservations (1 year or 3 year reserved) are a good
option for the most consistently running resources.
Target and Savings Specify the savings option that you want the assessment to
pricing options - SQL consider to help optimize your Azure compute cost.
settings Server on
Azure VM Azure reservations (1 year or 3 year reserved) are a good
(IaaS) option for the most consistently running resources.
Target and Discount (%) Any subscription-specific discounts you receive on top of
pricing the Azure offer. The default setting is 0%.
settings
Target and VM uptime Specify the duration (days per month/hour per day) that
pricing servers/VMs run. This is useful for computing cost
settings estimates for SQL Server on Azure VM where you're aware
that Azure VMs might not run continuously.
Cost estimates for servers where recommended target is
SQL Server on Azure VM are based on the duration
specified. Default is 31 days per month/24 hours per day.
Section Setting Details
Target and Azure Hybrid Specify whether you already have a Windows Server
pricing Benefit and/or SQL Server license. Azure Hybrid Benefit is a
settings licensing benefit that helps you to significantly reduce the
costs of running your workloads in the cloud. It works by
letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
For example, if you have a SQL Server license and they're
covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit
when you bring licenses to Azure.
Assessment Performance Indicate the data duration on which you want to base the
criteria history assessment. (Default is one day)
Assessment Percentile Indicate the percentile value you want to use for the
criteria utilization performance sample. (Default is 95th percentile)
Assessment Comfort factor Indicate the buffer you want to use during assessment.
criteria This accounts for issues like seasonal usage, short
performance history, and likely increases in future usage.
For example, consider a comfort factor of 2 for effective
utilization of 2 Cores. In this case, the assessment
considers the effective cores as 4 cores. Similarly, for the
same comfort factor and an effective utilization of 8 GB
memory, the assessment considers effective memory as 16
GB.
Azure SQL Service Tier Choose the most appropriate service tier option to
Managed accommodate your business needs for migration to Azure
Instance SQL Managed Instance:
sizing
Select Recommended if you want Azure Migrate to
recommend the best suited service tier for your servers.
This can be General purpose or Business critical.
SQL Server VM series Specify the Azure VM series you want to consider for SQL
on Azure Server on Azure VM sizing. Based on the configuration and
VM sizing performance requirements of your SQL Server or SQL
Server instance, the assessment recommends a VM size
from the selected list of VM series.
You can edit settings as needed. For example, if you don't
want to include D-series VM, you can exclude D-series
from this list.
As Azure SQL assessments intend to give the best
performance for your SQL workloads, the VM series list
only has VMs that are optimized for running your SQL
Server on Azure Virtual Machines (VMs). Learn more.
SQL Server Storage Type Defaulted to Recommended, which means the assessment
on Azure recommends the best suited Azure Managed Disk based
VM sizing on the chosen environment type, on-premises disk size,
IOPS and throughput.
Section Setting Details
Azure SQL Service Tier Choose the most appropriate service tier option to
Database accommodate your business needs for migration to Azure
sizing SQL Database:
9. In Select or create a group > select Create New and specify a group name.
10. Select the appliance and select the servers you want to add to the group and
select Next.
11. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
12. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment, select the number next to Azure SQL
assessment. If you do not see the number populated, select Refresh to get the
latest updates.
13. Select the assessment name, which you wish to view.
7 Note
Review an assessment
To view an assessment:
1. In Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure SQL assessment.
3. Review the assessment summary. You can also edit the assessment settings or
recalculate the assessment.
Discovered entities
This indicates the number of SQL servers, instances, and databases that were assessed in
this assessment.
7 Note
2. Migrate all instances to Azure SQL MI: In this strategy, you can see the readiness
and cost estimates for migrating all SQL Server instances to Azure SQL Managed
Instance.
3. Migrate all instances to SQL Server on Azure VM: In this strategy, you can see the
readiness and cost estimates for migrating all SQL Server instances to SQL Server
on Azure VM.
4. Migrate all servers to SQL Server on Azure VM: In this strategy, you can see how
you can rehost the servers running SQL Server to SQL Server on Azure VM and
review the readiness and cost estimates. Even when SQL Server credentials are not
available, this report will provide right-sized lift-and-shift, that is, "Server to SQL
Server on Azure VM" recommendations. The readiness and sizing logic is similar to
Azure VM assessment type.
5. Migrate all SQL databases to Azure SQL Database In this strategy, you can see
how you can migrate individual databases to Azure SQL Database and review the
readiness and cost estimates.
Review readiness
You can review readiness reports for different migration strategies:
4. Select the instance name and drill-down to see the number of user databases,
instance details including instance properties, compute (scoped to instance) and
source database storage details.
5. Click the number of user databases to review the list of databases and their details.
6. Click review details in the Migration issues column to review the migration issues
and warnings for a particular target deployment type.
1. Review the monthly total costs. Costs are aggregated for all SQL instances in the
assessed group.
Cost estimates are based on the recommended Azure SQL configuration for
an instance/server/database.
The compute and storage costs are split in the individual cost estimates
reports and at instance/server/database level.
2. You can drill down at an instance level to see Azure SQL configuration and cost
estimates at an instance level.
3. You can also drill down to the database list to review the Azure SQL configuration
and cost estimates per database when an Azure SQL Database configuration is
recommended.
0%-20% 1 star
21%-40% 2 stars
41%-60% 3 stars
61%-80% 4 stars
81%-100% 5 stars
Additional resources
Documentation
Assess SQL Server readiness to migrate to Azure SQL Database - Data Migration
Assistant
Learn how to use Data Migration Assistant to migrate a SQL Server data estate for migration to
Azure SQL Database
Save and load assessments with Data Migration Assistant - SQL Server
Learn how to use Data Migration Assistant to save and load assessments.
Azure SQL assessments in Azure Migrate Discovery and assessment tool - Azure
Migrate
Learn about Azure SQL assessments in Azure Migrate Discovery and assessment tool
DMACMD: Assess SQL Server readiness to migrate to Azure SQL - Data Migration
Assistant
Learn how to use Data Migration Assistant command line tool (DMACMD) to assess a SQL Server
data estate for migration to Azure SQL
Tutorial to assess SQL instances for migration to SQL Server on Azure VM, Azure SQL
Managed Instance and Azure SQL Database - Azure Migrate
Learn how to create assessment for Azure SQL in Azure Migrate
SQL Server to SQL Server on Azure VM (Migration overview) - SQL Server on Azure
VMs
Learn about the different migration strategies when you want to migrate your SQL Server to SQL
Server on Azure VMs.
Show 5 more
Training
Learning path
Plan and implement data platform resources - Training
Plan and implement data platform resources
Certification
Microsoft Certified: Azure Data Fundamentals - Certifications
Azure Data Fundamentals validates foundational knowledge of core data concepts and how they are
implemented using Microsoft Azure data services.
Create an Azure App Service assessment
Article • 03/03/2023 • 6 minutes to read
As part of your migration journey to Azure, you assess your on-premises workloads to
measure cloud readiness, identify risks, and estimate costs and complexity. This article
shows you how to assess discovered ASP.NET web apps for migration to Azure App
Service, using the Azure Migrate: Discovery and assessment tool.
7 Note
Discovery and assessment of ASP.NET web apps is now in preview. If you want to
try out this feature in an existing project, please ensure that you have completed
the prerequisites in this article.
Configuration- Assessment that makes The Azure App Service assessment takes only
based recommendations based configuration data in to consideration for
on collected assessment calculation. Performance data for web
configuration data apps isn't collected.
Run an assessment
Run an assessment as follows:
1. On the Overview page > Servers, databases and web apps, select Discover, assess
and migrate.
2. On Azure Migrate: Discovery and assessment, select Assess and choose the
assessment type as Azure App Service.
3. In Create assessment, you'll see the assessment type pre-selected as Azure App
Service and the discovery source defaulted to Servers discovered from Azure
Migrate appliance.
Property Details
Target The Azure region to which you want to migrate. Azure App Service
location configuration and cost recommendations are based on the location that you
specify.
Isolation Select Yes if you want your web apps to run in a private and dedicated
required environment in an Azure datacenter using Dv2-series VMs. It provides faster
processors, SSD storage, and double the memory to core ratio compared to
Standard plans.
Savings Specify the savings option that you want the assessment to consider to help
options optimize your Azure compute cost.
(compute)
Azure reservations (1 year or 3 year reserved) are a good option for the most
consistently running resources.
Azure Savings Plan (1 year or 3 year savings plan) provide more flexibility
and automated cost optimization. Ideally post migration, you could use
Azure reservation and savings plan at the same time (reservation is first), but
in the Azure Migrate assessments, you can only see cost estimates of 1
savings option at a time.
When you select 'None', the Azure compute cost is based on the Pay as you
go rate or based on actual usage.
Offer The Azure offer in which you're enrolled. The assessment estimates the
cost for that offer.
Property Details
Discount Any subscription-specific discounts you receive on top of the Azure offer.
(%) The default setting is 0%.
Leave the settings for reserved instances, and discount (%) properties with
their default settings.
7. In Select servers to assess > Assessment name > specify a name for the
assessment.
8. In Select or create a group > select Create New and specify a group name.
9. Select the appliance, and select the servers you want to add to the group. Select
Next.
10. In Review + create assessment, review the assessment details, and select Create
Assessment to create the group and run the assessment.
11. After the assessment is created, go to Servers, databases and web apps > Azure
Migrate: Discovery and assessment tile and refresh the tile data by clicking on the
Refresh option on top of the tile. Wait for data to get refreshed.
12. Select the number next to Azure App Service assessment.
Review an assessment
To view an assessment:
1. Servers, databases and web apps > Azure Migrate: Discovery and assessment,
select the number next to Azure App Service assessment.
2. Select the assessment name that you wish to view.
3. Review the assessment summary. You can also edit the assessment properties or
recalculate the assessment.
Review readiness
1. Select Azure App Service readiness.
2. Review Azure App Service readiness column in table, for the assessed web apps:
a. If there are no compatibility issues found, the readiness is marked as Ready for
the target deployment type.
b. If there are non-critical compatibility issues, such as degraded or unsupported
features that do not block the migration to a specific target deployment type,
the readiness is marked as Ready with conditions (hyperlinked) with warning
details and recommended remediation guidance.
c. If there are any compatibility issues that may block the migration to a specific
target deployment type, the readiness is marked as Not ready with issue details
and recommended remediation guidance.
d. If the discovery is still in progress or there are any discovery issues for a web
app, the readiness is marked as Unknown as the assessment couldn't compute
the readiness for that web app.
3. Review the recommended SKU for the web apps that is determined as per the
matrix below:
Yes Yes I1
Yes No I1
No Yes P1v3
No No P1v2
Azure App Service readiness Determine App Service SKU Determine Cost estimates
Azure App Service readiness Determine App Service SKU Determine Cost estimates
Not ready No No
Unknown No No
1. Select the App Service plan hyperlink in table to see the App Service plan details
such as compute resources, and other web apps that are part of the same plan.
I1 8
P1v2 8
P1v3 16
Next steps
Learn more about how Azure App Service assessments are calculated.
Additional resources
Documentation
Azure App Service assessments in Azure Migrate Discovery and assessment tool -
Azure Migrate
Learn about Azure App Service assessments in Azure Migrate Discovery and assessment tool
Tutorial to assess web apps for migration to Azure App Service - Azure Migrate
Learn how to create assessment for Azure App Service in Azure Migrate
Build high availability into your BCDR strategy - Azure Architecture Center
Learn how to build high availability of services into your business continuity and disaster recovery
strategy.
Show 5 more
Training
Module
Migrate an on-premises web application to Azure App Service - Training
Use the Azure App Service Migration Assistant to assess the readiness of a web app to be deployed
on App Service, and perform the migration.
Create an Azure VMware Solution
assessment
Article • 04/18/2023
This article describes how to create an Azure VMware Solution assessment for on-
premises VMs in a VMware vSphere environment with Azure Migrate: Discovery and
assessment.
Azure Migrate helps you to migrate to Azure. Azure Migrate provides a centralized hub
to track discovery, assessment, and migration of on-premises infrastructure,
applications, and data to Azure. The hub provides Azure tools for assessment and
migration, as well as third-party independent software vendor (ISV) offerings.
*Assessment Details
Type
Azure VM Assessments to migrate your on-premises servers to Azure virtual machines. You
can assess your on-premises VMs in VMware vSphere and Hyper-V environment,
and physical servers for migration to Azure VMs using this assessment type.
Azure SQL Assessments to migrate your on-premises SQL servers from your VMware
environment to Azure SQL Database or Azure SQL Managed Instance.
*Assessment Details
Type
Azure App Assessments to migrate your on-premises ASP.NET web apps, running on IIS web
Service servers, from your VMware vSphere environment to Azure App Service.
7 Note
Azure VMware Solution (AVS) assessment can be created for virtual machines in
VMware vSphere environment only.
There are two types of sizing criteria that you can use to create Azure VMware Solution
(AVS) assessments:
3. In Assess servers > Assessment type, select Azure VMware Solution (AVS).
4. In Discovery source:
If you discovered servers using the appliance, select Servers discovered from
Azure Migrate appliance.
If you discovered servers using an imported CSV file, select Imported servers.
In Target location, specify the Azure region to which you want to migrate.
Size and cost recommendations are based on the location that you specify.
The Storage type is defaulted to vSAN. This is the default storage type for an
Azure VMware Solution private cloud.
In Reserved Instances, specify whether you want to use reserve instances for
Azure VMware Solution nodes when you migrate your VMs.
If you select to use a reserved instance, you can't specify 'Discount (%)
Learn more
7. In VM Size:
The Node type is defaulted to AV36. Azure Migrate recommends the number
of nodes needed to migrate the servers to Azure VMware Solution.
In FTT setting, RAID level, select the Failure to Tolerate and RAID
combination. The selected FTT option, combined with the on-premises server
disk requirement, determines the total vSAN storage required in AVS.
In CPU Oversubscription, specify the ratio of virtual cores associated with
one physical core in the AVS node. Oversubscription of greater than 4:1
might cause performance degradation, but can be used for web server type
workloads.
In Memory overcommit factor, specify the ratio of memory over commit on
the cluster. A value of 1 represents 100% memory use, 0.5 for example is 50%,
and 2 would be using 200% of available memory. You can only add values
from 0.5 to 10 up to one decimal place.
In Dedupe and compression factor, specify the anticipated deduplication
and compression factor for your workloads. Actual value can be obtained
from on-premises vSAN or storage config and this may vary by workload. A
value of 3 would mean 3x so for 300GB disk only 100GB storage would be
used. A value of 1 would mean no dedupe or compression. You can only add
values from 1 to 10 up to one decimal place.
8. In Node Size:
In Comfort factor, indicate the buffer you want to use during assessment.
This accounts for issues like seasonal usage, short performance history, and
likely increases in future usage. For example, if you use a comfort factor of
two:
Cores 2 4
Memory 8 GB 16 GB
9. In Pricing:
12. In Select servers to assess > Assessment name > specify a name for the
assessment.
13. In Select or create a group > select Create New and specify a group name.
14. Select the appliance, and select the servers you want to add to the group. Then
click Next.
15. In Review + create assessment, review the assessment details, and click Create
Assessment to create the group and run the assessment.
7 Note
Azure VMware Solution (AVS) readiness: Whether the on-premises VMs are
suitable for migration to Azure VMware Solution (AVS).
Number of Azure VMware Solution nodes: Estimated number of Azure VMware
Solution nodes required to run the servers.
Utilization across AVS nodes: Projected CPU, memory, and storage utilization
across all nodes.
Utilization includes up front factoring in the following cluster management
overheads such as the vCenter Server, NSX Manager (large), NSX Edge, if HCX is
deployed also the HCX Manager and IX appliance consuming ~ 44vCPU (11
CPU), 75GB of RAM and 722GB of storage before compression and
deduplication.
Limiting factor determines the number of hosts/nodes required to
accommodate the resources.
Monthly cost estimation: The estimated monthly costs for all Azure VMware
Solution (AVS) nodes running the on-premises VMs.
You can click on Sizing assumptions to understand the assumptions that went in node
sizing and resource utilization calculations. You can also edit the assessment properties,
or recalculate the assessment.
View an assessment
1. In Windows, Linux and SQL Server > Azure Migrate: Discovery and assessment,
click the number next to ** Azure VMware Solution**.
Ready for AVS: The server can be migrated as-is to Azure (AVS) without any
changes. It will start in AVS with full AVS support.
Ready with conditions: There might be some compatibility issues example
internet protocol or deprecated OS in VMware and need to be remediated
before migrating to Azure VMware Solution. To fix any readiness problems,
follow the remediation guidance the assessment suggests.
Not ready for AVS: The VM will not start in AVS. For example, if the on-
premises VMware VM has an external device attached such as a cd-rom the
VMware vMotion operation will fail (if using VMware vMotion).
Readiness unknown: Azure Migrate couldn't determine the readiness of the
server because of insufficient metadata collected from the on-premises
environment.
4. Click on an AVS readiness status. You can view VM readiness details, and drill
down to see VM details, including compute, storage, and network settings.
1. Review the monthly total costs. Costs are aggregated for all servers in the assessed
group.
Cost estimates are based on the number of AVS nodes required considering
the resource requirements of all the servers in total.
As the pricing for Azure VMware Solution is per node, the total cost does not
have compute cost and storage cost distribution.
The cost estimation is for running the on-premises servers in AVS. AVS
assessment doesn't consider PaaS or SaaS costs.
2. You can review monthly storage cost estimates. This view shows aggregated
storage costs for the assessed group, split over different types of storage disks.
0%-20% 1 Star
21%-40% 2 Star
41%-60% 3 Star
61%-80% 4 Star
81%-100% 5 Star
Next steps
Learn how to use dependency mapping to create high confidence groups.
Learn more about how Azure VMware Solution assessments are calculated.
Assess the readiness of a SQL Server
data estate migrating to Azure SQL
Database using the Data Migration
Assistant
Article • 03/03/2023
Migrating hundreds of SQL Server instances and thousands of databases to Azure SQL
Database or Azure SQL Managed Instance, our Platform as a Service (PaaS) offerings, is a
considerable task. To streamline the process as much as possible, you need to feel
confident about your relative readiness for migration. Identifying low-hanging fruit,
including the servers and databases that are fully ready or that require minimal effort to
prepare for migration, eases and accelerates your efforts.
This article provides step-by-step instructions for leveraging the Data Migration
Assistant to summarize readiness results and surface them on the Azure Migrate hub.
7 Note
If you are assessing the entire SQL Server data estate at scale on VMware, use
Azure Migrate to get Azure SQL deployment recommendations, target sizing, and
monthly estimates.
https://channel9.msdn.com/Shows/Data-Exposed/Data-Migration-Assistant/player?
WT.mc_id=dataexposed-c9-niner&nocookie=true&locale=en-
us&embedUrl=%2Fsql%2Fdma%2Fdma-assess-sql-data-estate-to-sqldb
1. Sign in to the Azure portal, select All services, and then search for Azure Migrate.
6. Under Project Details, specify the project name and the geography in which you
want to create the project.
The geography specified for the project is only used to store the metadata
gathered from on-premises VMs. You can select any target region for the actual
migration.
7 Note
When you create a project, you must add at least one assessment or
migration tool.
8. On the Select assessment tool tab, Azure Migrate: Database Assessment appears
as the assessment tool to add. If you don't currently need an assessment tool,
select the Skip adding an assessment tool for now check box. Select Next.
9. On the Select migration tool tab, Azure Migrate: Database Migration appears as
the migration tool to add. If you don't currently need a migration tool, select the
Skip adding a migration tool for now. Select Next.
10. In Review + add tools, review the settings, and the select Add tools.
After creating the project, you can select additional tools for assessment and
migration of servers and workloads, databases, and web apps.
Create an assessment
1. On the left, select the + icon, and then select the assessment Project type
2. Specify the project name, and then select the source server and target server types.
If you're upgrading your on-premises SQL Server instance to a later version of SQL
Server or to SQL Server hosted on an Azure VM, set the source and target server
type to SQL Server. Set the target server type to Azure SQL Managed Instance for
an Azure SQL Database (PaaS) target readiness assessment.
3. Select Create.
Choose assessment options
1. Select the report type.
2. Select Next.
Add databases to assess
1. Select Add Sources to open the connection fly out menu.
2. Enter the SQL server instance name, choose the authentication type, set the correct
connection properties, and then select Connect.
7 Note
You can remove multiple databases by selecting them while holding the Shift
or Ctrl key, and then clicking Remove Sources. You can also add databases
from multiple SQL Server instances by using the Add Sources button.
7. Select the subscription and Azure Migrate project into which you want to upload
the assessment results, and then select Upload.
You can view the SQL Server readiness summary, make sure that you are on the
right migration project, otherwise, use change option to select a different
migration project.
Each time you update the assessment results to Azure migrate project, Azure
migrate hub consolidate all the results and provide the summary report. You can
execute several Data Migration Assistant assessments in parallel and upload the
results to the single migration project to get the consolidated readiness report.
Assessed database instances: The number of SQL Server instances assessed so far.
Assessed databases: Total number of databases assessed across one or more SQL
Server instances assessed Databases ready for SQL Database: Number of
databases ready to migrate to Azure SQL Database (PaaS). Databases ready for
Azure SQL VM: Number of databases consist one or more migration blockers to
Azure SQL Database (PaaS), but ready to migrate to Azure SQL Server VMs.
3. Select Assessed database instances to get to SQL Server instance level view.
You can find the percentage readiness status of each SQL Server instance
migrating to Azure SQL Database (PaaS).
5. Review the DMA assessment results to get more details around the migration
blockers.
See also
Data Migration Assistant (DMA)
Data Migration Assistant: Configuration settings
Data Migration Assistant: Best Practices
Customize an assessment
Article • 11/21/2022 • 10 minutes to read
This article describes how to customize assessments created by Azure Migrate Discovery
and assessment tool.
Azure Migrate provides a central hub to track discovery, assessment, and migration of
your on-premises apps and workloads, and private/public cloud VMs, to Azure. The hub
provides Azure Migrate tools for assessment and migration, as well as third-party
independent software vendor (ISV) offerings.
You can use the Azure Migrate Discovery and assessment tool to create assessments for
on-premises VMware VMs and Hyper-V VMs, in preparation for migration to Azure. The
Discovery and assessment tool assesses on-premises servers for migration to Azure IaaS
virtual machines and Azure VMware Solution (AVS).
About assessments
Assessments that you create with the Discovery and assessment tool are a point-in-time
snapshot of data. There are two types of assessments that you can create using Azure
Migrate: Discovery and assessment.
Assessment Details
Type
You can assess your on-premises VMware VMs, Hyper-V VMs, and physical
servers for migration to Azure using this assessment type.Learn more.
Azure VMware Assessments to migrate your on-premises servers to Azure VMware Solution
Solution (AVS) (AVS).
You can assess your on-premises VMware VMs for migration to Azure VMware
Solution (AVS) using this assessment type.Learn more.
Storage type You can use this property to specify the type of disks you want to move to, in
Azure.
For as-on-premises sizing, you can specify the target storage type either as
Premium-managed disks, Standard SSD-managed disks or Standard HDD-
managed disks. For performance-based sizing, you can specify the target disk type
either as Automatic, Premium-managed disks, Standard HDD-managed disks, or
Standard SSD-managed disks.
When you specify the storage type as automatic, the disk recommendation is
done based on the performance data of the disks (IOPS and throughput). If you
specify the storage type as premium/standard, the assessment will recommend a
disk SKU within the storage type selected. If you want to achieve a single instance
VM SLA of 99.9%, you may want to specify the storage type as Premium-managed
disks. This ensures that all disks in the assessment are recommended as Premium-
managed disks. Azure
Reserved This property helps you specify if you have Reserved Instances in Azure, cost
Instances estimations in the assessment are then done taking into RI discounts. Reserved
(RI) instances are currently only supported for Pay-As-You-Go offer in Azure Migrate.
Sizing The criterion to be used to right-size VMs for Azure. You can either do
criterion performance-based sizing or size the VMs as on-premises, without considering the
performance history.
Performance The duration to consider for evaluating the performance data of machines. This
history property is only applicable when sizing criterion is performance-based.
Percentile The percentile value of the performance sample set to be considered for right-
utilization sizing. This property is only applicable when sizing is performance-based.
VM series You can specify the VM series that you would like to consider for right-sizing. For
example, if you have a production environment that you do not plan to migrate to
A-series VMs in Azure, you can exclude A-series from the list or series and the
right-sizing is done only in the selected series.
Property Details
Comfort Azure VM assessment considers a buffer (comfort factor) during assessment. This
factor buffer is applied on top of machine utilization data for VMs (CPU, memory, disk,
and network). The comfort factor accounts for issues such as seasonal usage, short
performance history, and likely increases in future usage.
For example, a 10-core VM with 20% utilization normally results in a 2-core VM.
However, with a comfort factor of 2.0x, the result is a 4-core VM instead.
Offer The Azure offer you're enrolled to. Azure Migrate estimates the cost
accordingly.
Discount (%) Any subscription-specific discount you receive on top of the Azure offer.
The default setting is 0%.
VM uptime If your VMs are not going to be running 24x7 in Azure, you can specify the
duration (number of days per month and number of hours per day) for which they
would be running and the cost estimations would be done accordingly.
The default value is 31 days per month and 24 hours per day.
Azure Specify whether you have software assurance and are eligible for Azure Hybrid
Hybrid Benefit . If set to Yes, non-Windows Azure prices are considered for Windows
Benefit VMs. By default, Azure Hybrid Benefit is set to Yes.
Property Details
Target location Specifies the AVS private cloud location to which you want to migrate.
AVS Assessment currently supports these target regions: East US, West
Europe, and West US.
Note that AVS assessments only support vSAN as a default storage type.
Reserved This property helps you specify Reserved Instances in AVS. RIs are currently
Instances (RIs) not supported for AVS nodes.
Property Details
Node type Specifies the AVS Node type used to map the on-premises VMs. Note that
default node type is AV36.
Azure Migrate will recommend a required number of nodes for the VMs to be
migrated to AVS.
FTT Setting, Specifies the applicable Failure to Tolerate (FTT) and Raid combinations. The
RAID Level selected FTT option combined with the on-premises VM disk requirement will
determine the total vSAN storage required in AVS.
Sizing criterion Sets the criteria to be used to right-size VMs for AVS. You can opt for
performance-based sizing or as on-premises without considering the
performance history.
Performance Sets the duration to consider in evaluating the performance data of machines.
history This property is applicable only when the sizing criteria is performance-based.
Percentile Specifies the percentile value of the performance sample set to be considered
utilization for right-sizing. This property is applicable only when the sizing is
performance-based.
Comfort factor Azure Migrate considers a buffer (comfort factor) during assessment. This
buffer is applied on top of machine utilization data for VMs (CPU, memory,
disk, and network). The comfort factor accounts for issues such as seasonal
usage, short performance history, and likely increases in future usage.
Offer Displays the Azure offer you're enrolled in. Azure Migrate estimates the
cost accordingly.
Discount (%) Lists any subscription-specific discount you receive on top of the Azure offer.
The default setting is 0%.
Azure Hybrid Specifies whether you have software assurance and are eligible for Azure
Benefit Hybrid Benefit . Although this has no impact on the Azure VMware
solution's pricing due to the node-based price, customers can still apply their
on-premises OS licenses (Microsoft-based) in AVS using Azure Hybrid
Benefits. Other software OS vendors such as RHEL, for example, will have to
provide their own licensing terms.
Property Details
vCPU Specifies the ratio of number of virtual cores tied to 1 physical core in the AVS
Oversubscription node. The default value in the calculations is 4 vCPU : 1 physical core in AVS.
API users can set this value as an integer. Note that vCPU Oversubscription >
4:1 may begin to cause performance degradation but can be used for web
server type workloads.
Property Details
Target location The Azure region to which you want to migrate. Azure SQL configuration and
cost recommendations are based on the location that you specify.
Target The target deployment type you want to run the assessment on:
deployment
type Select Recommended if you want Azure Migrate to assess the readiness of
your SQL servers for migrating to Azure SQL MI and Azure SQL DB, and
recommend the best suited target deployment option, target tier, Azure SQL
configuration, and monthly estimates.
Select Azure SQL DB if you want to assess your SQL servers for migrating to
Azure SQL Databases only and review the target tier, Azure SQL DB
configuration, and monthly estimates.
Select Azure SQL MI if you want to assess your SQL servers for migrating to
Azure SQL Databases only and review the target tier, Azure SQL MI
configuration, and monthly estimates.
Reserved Specifies reserved capacity so that cost estimations in the assessment take
capacity them into account.
If you select a reserved capacity option, you can't specify “Discount (%)”.
Sizing criteria This property is used to right-size the Azure SQL configuration.
Performance Performance history specifies the duration used when the performance data is
history evaluated.
Percentile Percentile utilization specifies the percentile value of the performance sample
utilization used for rightsizing.
Comfort factor The buffer used during assessment. It accounts for issues like seasonal usage,
short performance history, and likely increases in future usage.
For example, a 10-core instance with 20% utilization normally results in a two-
core instance. With a comfort factor of 2.0, the result is a four-core instance
instead.
Offer/Licensing The Azure offer in which you're enrolled. Currently, you can only choose from
program Pay-as-you-go and Pay-as-you-go Dev/Test. Note that you can avail additional
discount by applying reserved capacity and Azure Hybrid Benefit on top of Pay-
as-you-go offer.
Service tier The most appropriate service tier option to accommodate your business needs
for migration to Azure SQL Database and/or Azure SQL Managed Instance:
General Purpose If you want an Azure SQL configuration designed for budget-
oriented workloads. Learn More
Business Critical If you want an Azure SQL configuration designed for low-
latency workloads with high resiliency to failures and fast failovers. Learn More
Discount (%) Any subscription-specific discounts you receive on top of the Azure offer. The
default setting is 0%.
Azure Hybrid Specifies whether you already have a SQL Server license.
Benefit
If you do and they're covered with active Software Assurance of SQL Server
Subscriptions, you can apply for the Azure Hybrid Benefit when you bring
licenses to Azure.
1. In the Azure Migrate project, select Servers, databases and web apps.
2. In Azure Migrate: Discovery and assessment, select the assessments count.
3. In Assessment, select the relevant assessment > Edit properties.
4. Customize the assessment properties in accordance with the tables above.
5. Select Save to update the assessment.
You can also edit the assessment properties when you're creating an assessment.
Next steps
Learn more about how Azure VM assessments are calculated.
Learn more about how Azure SQL assessments are calculated.
Learn more about how AVS assessments are calculated.
Assess large numbers of servers in
VMware environment for migration to
Azure
Article • 12/12/2022 • 6 minutes to read
This article describes how to assess large numbers (1000-35,000) of on-premises servers
in a VMware environment for migration to Azure, using the Azure Migrate Discovery
and assessment tool.
Azure Migrate provides a hub of tools that help you to discover, assess, and migrate
apps, infrastructure, and workloads to Microsoft Azure. The hub includes Azure Migrate
tools, and third-party independent software vendor (ISV) offerings.
7 Note
Plan Azure Migrate projects: Figure out how to deploy Azure Migrate projects. For
example, if your data centers are in different geographies, or you need to store
discovery, assessment, or migration-related metadata in a different geography, you
might need multiple projects.
Plan appliances: Azure Migrate uses an on-premises Azure Migrate appliance,
deployed as a VMware VM, to continually discover servers. The appliance monitors
environment changes such as adding servers, disks, or network adapters. It also
sends metadata and performance data about them to Azure. You need to figure
out how many appliances you need to deploy.
Plan accounts for discovery: The Azure Migrate appliance uses an account with
access to vCenter Server in order to discover servers for assessment and migration.
If you're discovering more than 10,000 servers, set up multiple accounts as it is
necessary that there is no overlap among servers discovered from any two
appliances in a project.
7 Note
If you are setting up multiple appliances, ensure there is no overlap among the
servers on the vCenter accounts provided. A discovery with such an overlap is an
unsupported scenario. If a server is discovered by more than one appliance, this
results in duplicates in discovery and in issues while enabling replication for the
server using the Azure portal in the Migration and modernization tool.
Planning limits
Use the limits summarized in this table for planning.
Planning Limits
One < 10,000 One Azure Set up an appliance to discover servers from up to
Migrate project. 10 vCenter Servers mapped to one or more vCenter
Server accounts, scoped to discover less than 10,000
One appliance servers.
can discover up
to 10,000 servers You can analyze dependencies on servers across
running on up to vCenter Servers discovered from the same
10 vCenter appliance.
Servers.
Provide one or
more vCenter
Server accounts
for discovery.
Multiple > 10,000 One Azure Set up an appliance to discover VMs from up to 10
Migrate project. vCenter Servers mapped to one or more vCenter
Server accounts, scoped to discover less than 10,000
One appliance servers. You need to deploy additional appliances
can discover up for every 10 vCenter Servers.
to 10,000 servers
running on up to If the number of servers is greater than 10,000, set
10 vCenter up additional appliances with the vCenter Server
Servers. accounts scoped accordingly.
Create a project
In accordance with your planning requirements, do the following:
Next steps
In this article, you:
" Planned to scale Azure Migrate assessments for servers in VMware environment
" Prepared Azure and VMware for assessment
" Created an Azure Migrate project and ran assessments
" Reviewed assessments in preparation for migration.
Now, learn how assessments are calculated, and how to modify assessments.
Additional resources
Documentation
Set up an Azure Migrate scale-out appliance for agentless VMware migration - Azure
Migrate
Learn how to set up an Azure Migrate scale-out appliance to migrate Hyper-V VMs.
Prepare Azure VMware Solution for disaster recovery to Azure Site Recovery - Azure
Site Recovery
Learn how to prepare Azure VMware Solution servers for disaster recovery to Azure using the Azure
Site Recovery service.
Show 5 more
Assess large numbers of servers in
Hyper-V environment for migration to
Azure
Article • 05/04/2022 • 2 minutes to read
This article describes how to assess large numbers of on-premises servers in Hyper-V
environment for migration to Azure, using the Azure Migrate: Discovery and assessment
tool.
Azure Migrate provides a hub of tools that help you to discover, assess, and migrate
apps, infrastructure, and workloads to Microsoft Azure. The hub includes Azure Migrate
tools, and third-party independent software vendor (ISV) offerings.
7 Note
Plan Azure Migrate projects: Figure out how to deploy Azure Migrate projects. For
example, if your data centers are in different geographies, or if you need to store
discovery, assessment, or migration-related metadata in a different geography, you
might need multiple projects.
Plan appliances: Azure Migrate uses an on-premises Azure Migrate appliance,
deployed as a Hyper-V VM, to continually discover servers for assessment and
migration. The appliance monitors environment changes such as adding servers,
disks, or network adapters. It also sends metadata and performance data about
them to Azure. You need to figure out how many appliances to deploy.
Planning limits
Use the limits summarized in this table for planning.
Planning Limits
Create a project
In accordance with your planning requirements, do the following:
Next steps
In this article, you:
Now, learn how assessments are calculated, and how to modify assessments
Additional resources
Documentation
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Assess large numbers of servers in VMware environment for migration to Azure with
Azure Migrate - Azure Migrate
Describes how to assess large numbers of servers in VMware environment for migration to Azure
using the Azure Migrate service.
Show 5 more
Training
Module
Discover and assess your on-premises servers with Azure Migrate - Training
Explore the Azure Migrate tools for discovering and assessing your virtual machine servers. Learn
how to install and configure a virtual machine appliance in your virtualization host infrastructure.
Assess large numbers of physical servers
for migration to Azure
Article • 05/04/2022 • 2 minutes to read
This article describes how to assess large numbers of on-premises physical servers for
migration to Azure, using the Azure Migrate: Discovery and assessment tool.
Azure Migrate provides a hub of tools that help you to discover, assess, and migrate
apps, infrastructure, and workloads to Microsoft Azure. The hub includes Azure Migrate
tools, and third-party independent software vendor (ISV) offerings.
7 Note
Plan Azure Migrate projects: Figure out how to deploy Azure Migrate projects. For
example, if your data centers are in different geographies, or you need to store
discovery, assessment, or migration-related metadata in a different geography, you
might need multiple projects.
Plan appliances: Azure Migrate uses an on-premises Azure Migrate appliance,
deployed on a Windows server, to continually discover servers for assessment and
migration. The appliance monitors environment changes such as adding servers,
disks, or network adapters. It also sends metadata and performance data about
them to Azure. You need to figure out how many appliances to deploy.
Planning limits
Use the limits summarized in this table for planning.
Planning Limits
Create a project
In accordance with your planning requirements, do the following:
Next steps
In this article, you:
Now, learn how assessments are calculated, and how to modify assessments.
Additional resources
Training
Module
Discover and assess your on-premises servers with Azure Migrate - Training
Explore the Azure Migrate tools for discovering and assessing your virtual machine servers. Learn
how to install and configure a virtual machine appliance in your virtualization host infrastructure.
Add migration tools
Article • 02/27/2023 • 2 minutes to read
If you want to add a migration tool and haven't yet set up an Azure Migrate
project, follow this article.
If you've added an ISV tool for migration, follow the steps, to prepare to work with
the tool.
If you created an Azure Migrate project using the Assess and migrate servers
option in the portal, the Migration and modernization tool is automatically
added to the project. To add additional migration tools, in Servers, next to
Migration tools, select Add more tools.
If you created a project using a different option, and don't yet have any
migration tools, in Servers > Migration tools, select Click here.
2. In Azure Migrate > Add tools, select the tools you want to add. Then select Add
tool.
Select a database migration tool
If you created an Azure Migrate project using the Assess and migrate database option
in the portal, the Database Migration tool is automatically added to the project.
1. If the Database Migration tool isn't in the project, in Databases > Assessment
tools, select Click here.
2. In Azure Migrate > Add tools, select the Database Migration tool. Then select Add
tool.
1. If the Web app migration tool isn't in the project, in Web apps > Assessment
tools, select Click here.
2. In Azure Migrate > Add tools, select the Web App Migration tool. Then select Add
tool.
Order an Azure Data Box
To migrate large amounts of data to Azure, you can order an Azure Data Box for offline
data transfer.
Next steps
Try out a migration using the Migration and modernization tool for Hyper-V or VMware
VMs.
Additional resources
Documentation
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Assess VMware servers for migration to Azure VMs in Azure Migrate - Azure Migrate
Learn how to assess VMware servers for migration to Azure VMs with Azure Migrate.
Show 5 more
Training
In this article, you'll learn how to configure the Migration and modernization tool to
replicate data over an Azure ExpressRoute circuit while you migrate servers to Azure.
This document is to be referenced if you want to use ExpressRoute for your replications
when using an Azure Migrate project with public endpoint connectivity. To use private
endpoint support, create a new Azure Migrate project with private endpoint
connectivity. See Using Azure Migrate with private endpoints.
The Migration and modernization tool helps you migrate on-premises servers and
servers from other clouds to Azure Virtual Machines. The tool sets up an ongoing
replication stream to replicate data from the servers to be migrated to managed disks in
your Azure subscription. When you're ready to migrate the servers, the replicated data
in Azure is used to migrate the servers.
You can configure the data replicated from your on-premises servers to be sent to your
Azure subscription over the internet or an ExpressRoute connection. Data sent over the
internet uses a secure encrypted connection. If you have many servers to migrate, using
ExpressRoute for replication can help you migrate more efficiently by using the
provisioned bandwidth available with your ExpressRoute circuit.
) Important
This document is to be referenced if you want to use ExpressRoute for your
replications when using an Azure Migrate project with public endpoint connectivity.
To use private endpoint support end-to-end, create a new Azure Migrate project
with private endpoint connectivity. See Using Azure Migrate with private
endpoints.
To use a private peering circuit for replication, you'll create and attach a private
endpoint to the cache storage account. Private endpoints use one or more private IP
addresses from your virtual network, which effectively brings the storage account into
your Azure virtual network. The private endpoint allows the Azure Migrate appliance to
connect to the cache storage account by using ExpressRoute private peering. Data can
then be transferred directly on the private IP address.
) Important
Prerequisites
You need the following permissions on the resource group and virtual network where
the private endpoint will be created.
Attach a Microsoft.Network/virtualNetworks/subnet/join/action
private Microsoft.Network/virtualNetworks/join/action
endpoint
to a virtual
network or
subnet.
This
permission
is required
on the
virtual
network
where the
private
endpoint
will be
created.
Create a Microsoft.Network/networkInterfaces/read
network Microsoft.Network/networkInterfaces/subnets/write
interface Microsoft.Network/networkInterfaces/subnets/read
and join it Microsoft.Network/networkSecurityGroups/join/action (optional)
to a
network
security
group.
1. Use the Azure portal to replicate one or more virtual machines in the Azure
Migrate project.
3. Locate the cache storage account by identifying the prefix lsa in the storage
account name.
Tip
If you have more than one storage account with the prefix lsa in your resource
group, you can verify the storage account by navigating to the replication settings
and target configuration menu for any of the replicating VMs in the project.
2. Select Configuration.
a. In the Create a private endpoint window, select the Subscription and Resource
group. Enter a name for your private endpoint, and select the storage account
region.
b. On the Resource tab, enter the Subscription name that the storage account is
in. Select Microsoft.Storage/storageAccounts as the Resource type. In
Resource, enter the name of the general-purpose v2 type replication storage
account. Select blob as the Target sub-resource.
c. On the Configuration tab, select the Virtual network and Subnet for the
storage account's private endpoint.
7 Note
e. After you're finished entering details, select the Review + create tab. After the
validation completes, select Create to create the private endpoint.
7 Note
If the user who created the private endpoint is also the owner of the storage
account, the private endpoint will be autoapproved. Otherwise, the owner must
approve the private endpoint for use.
Create private DNS zones and add DNS records manually (optional)
If you didn't select the option to integrate with a private DNS zone at the time of the
private endpoint creation, you need to manually create a private DNS zone.
7 Note
If you selected Yes to integrate with a private DNS zone, you can skip this section.
a. On the Private DNS zones page, select + Add to create a new zone.
b. On the Create private DNS zone page, fill in the required details. Enter the
name of the private DNS zone as privatelink.blob.core.windows.net.
c. On the Review + create tab, review and create the DNS zone.
2. Link the private DNS zone to your virtual network. The private DNS zone you
created must be linked to the virtual network that the private endpoint is attached
to.
a. Go to the private DNS zone created in the previous step, and go to virtual
network links on the left side of the page. Select + Add.
b. Fill in the required details. The Subscription and Virtual network fields must be
filled with the corresponding details of the virtual network where your private
endpoint is attached. The other fields can be left as is.
3. The next step is to add DNS records to the DNS zone. Add an entry for the storage
account's FQDN in your private DNS zone.
a. Go to your private DNS zone, and go to the Overview section on the left side of
the page. Select + Record to start adding records.
b. On the Add record set page, add an entry for the FQDN and private IP as an A
type record.
) Important
You might require additional DNS settings to resolve the private IP address of the
storage account's private endpoint from the source environment. To understand
the DNS configuration needed, see Azure private endpoint DNS configuration.
Verify network connectivity to the storage account
To validate the private link connection, perform a DNS resolution of the cache storage
account resource endpoint from the on-premises VM hosting the Azure Migrate
appliance and ensure that it resolves to a private IP address.
A private IP address of 10.1.0.5 is returned for the storage account. This address
should belong to the private endpoint of the storage account.
Tip: You can manually update your source environment DNS records by editing the
DNS hosts file on your on-premises appliance with the storage account FQDN link,
storageaccountname.blob.core.windows.net, and the associated private IP address.
This option is recommended only for testing.
If you use a custom DNS, review your custom DNS settings, and validate that the
DNS configuration is correct. For guidance, see private endpoint overview: DNS
configuration.
If you use Azure-provided DNS servers, use this guide as a reference for further
troubleshooting for further troubleshooting.
storageaccountname.blob.core.windows.net.
) Important
Even with replication data going over the Microsoft peered circuit, you still need internet
connectivity from the on-premises site for control plane traffic and other URLs that
aren't reachable over ExpressRoute. The replication appliance or Hyper-V host needs
access to the URLs to orchestrate the replication process. Review the URL requirements
based on the migration scenario, either VMware agentless migrations or agent-based
migrations.
For replication data transfer over Microsoft peering, configure route filters to advertise
routes for the Azure Storage endpoints. This would be the regional BGP communities for
the target Azure region (region for migration). To route control plane traffic over
Microsoft peering, configure route filters to advertise routes for other public endpoints
as required.
Regional BGP community for the source Azure region (Azure Migrate Project
region)
Regional BGP community for the target Azure region (region for migration)
BGP community for Azure Active Directory (12076:5060)
Learn more about route filters and the list of BGP communities for ExpressRoute.
4. After you restart, when you open the appliance configuration manager, you'll see
the proxy bypass option in the web app UI.
5. For replication traffic, you can configure a proxy bypass rule for
“.*.blob.core.windows.net”. You can configure proxy bypass rules for other control
plane endpoints as required. These endpoints include:
.*.vault.azure.net
.*.servicebus.windows.net
.*.discoverysrv.windowsazure.com
.*.migration.windowsazure.com
.*.hypervrecoverymanager.windowsazure.com
7 Note
Following URLs are not accessible over ExpressRoute and require Internet
connectivity: *.portal.azure.com, *.windows.net, *.msftauth.net, *.msauth.net,
*.microsoft.com, *.live.com, *.office.com, *.microsoftonline.com, *.microsoftonline-
p.com, *.microsoftazuread-sso.com, management.azure.com,
.services.visualstudio.com (optional), aka.ms/ (optional),
download.microsoft.com/download.
Configure proxy bypass rules ExpressRoute Microsoft peering on
the replication appliance (for agent-based migrations)
To configure the proxy bypass list on the configuration server and process servers:
2. Open Internet Explorer in system user context by running the following command
line: psexec -s -i "%programfiles%\Internet Explorer\iexplore.exe" .
4. For replication traffic, you can configure a proxy bypass rule for
".*.blob.core.windows.net". You can configure proxy bypass rules for other control
plane endpoints as required. These endpoints include:
.*.backup.windowsazure.com
.*.hypervrecoverymanager.windowsazure.com
The bypass rules for the Azure Storage endpoint will ensure that the replication traffic
can flow through ExpressRoute while the control plane communication can go through
the proxy for the internet.
7 Note
Following URLs are not accessible over ExpressRoute and require Internet
connectivity: *.portal.azure.com, *.windows.net, *.msftauth.net, *.msauth.net,
*.microsoft.com, *.live.com, *.office.com, *.microsoftonline.com, *.microsoftonline-
p.com, *.microsoftazuread-sso.com, management.azure.com,
.services.visualstudio.com (optional), aka.ms/ (optional),
download.microsoft.com/download, dev.mysql.com.
Next steps
See the following articles to learn more about:
ExpressRoute circuits
ExpressRoute routing domains
Private endpoints
Prepare on-premises machines for
migration to Azure
Article • 04/25/2023
This article describes how to prepare on-premises machines before you migrate them to
Azure using the Migration and modernization tool.
Hyper-V Discover and Discover up to 5,000 An appliance isn't used for Hyper-V
VMs assess up to Hyper-V VMs with a migration. Instead, the Hyper-V
35,000 VMs in a single Azure Migrate Replication Provider runs on each
single Azure appliance Hyper-V host.
Migrate project.
Replication capacity is influenced by
performance factors such as VM churn,
and upload bandwidth for replication
data.
Physical Discover and Discover up to 250 You can scale out the replication
machines assess up to physical servers with a appliance to replicate large numbers of
35,000 single Azure Migrate servers.
machines in a appliance for physical
single Azure servers. In the portal, you can select up to 10
Migrate project. machines at once for replication. To
replicate more machines, add in
batches of 10.
If you're migrating VMware vSphere VMs or Hyper-V VMs, verify VMware vSphere
VM requirements for agentless, and agent-based migration, and requirements for
Hyper-V VMs.
Verify Windows operating systems are supported in Azure.
Verify Linux distributions supported in Azure.
VMware Uses the Azure Migrate Review the public cloud Review the port
vSphere appliance for migration. and government URLs requirements for agentless
agentless Nothing is installed on needed for discovery, migration.
migration VMware vSphere VMs. assessment, and migration
with the appliance.
VMware Uses the replication Review the public cloud Review the ports used
vSphere appliance for migration. and Azure Government during agent-based
agent- The Mobility service URLs that the replication migration.
based agent is installed on appliance needs to access.
migration VMs.
Hyper-V Uses a Provider installed Review the public cloud The Replication Provider on
migration on Hyper-V hosts for and Azure Government the Hyper-V host uses
migration. Nothing is URLs that the Replication outbound connections on
installed on Hyper-V Provider running on the HTTPS port 443 to send VM
VMs. hosts needs to access. replication data.
Physical Uses the replication Review the public cloud Review the ports used
machines appliance for migration. and Azure Government during physical migration.
The Mobility service URLs that the replication
agent is installed on the appliance needs to access.
physical machines.
For some operating systems, Azure Migrate makes changes automatically during
the replication/migration process.
For other operating systems, you need to configure settings manually.
It's important to configure settings manually before you begin migration. Some of
the changes may affect VM boot up, or connectivity to the VM may not be
established. If you migrate the VM before you make the change, the VM might not
boot up in Azure.
Configure
manually for
earlier
operating
systems.
Learn more on the changes performed on Windows servers for agentless VMware
vSphere migrations.
This drive assignment causes all other attached storage drive assignments to
increment by one letter.
For example, if your on-premises installation uses a data disk that is assigned to
drive D: for application installations, the assignment for this drive increments to
drive E: after you migrate the VM to Azure.
To prevent this automatic assignment, and to ensure that Azure assigns the next
free drive letter to its temporary volume, set the storage area network (SAN) policy
to OnlineAll:
1. On the on-premises machine (not the host server), open an elevated command
prompt.
2. Enter diskpart.
3. Enter SAN. If the drive letter of the guest operating system isn't maintained,
Offline All or Offline Shared is returned.
4. At the DISKPART prompt, enter SAN Policy=OnlineAll. This setting ensures that
disks are brought online, and it ensures that you can read and write to both disks.
5. During the test migration, you can verify that the drive letters are preserved.
Linux machines
Azure Migrate completes these actions automatically for these versions
Red Hat Enterprise Linux 8.x, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.3, 7.2, 7.1, 7.0, 6.x (Azure
Linux VM agent is also installed automatically during migration)
Cent OS 8.x, 7.7, 7.6, 7.5, 7.4, 6.x (Azure Linux VM agent is also installed
automatically during migration)
SUSE Linux Enterprise Server 15 SP0, 15 SP1, 12, 11 SP4, 11 SP3
Ubuntu 20.04, 19.04, 19.10, 18.04LTS, 16.04LTS, 14.04LTS (Azure Linux VM agent is
also installed automatically during migration)
Debian 10, 9, 8, 7
Oracle Linux 8, 7.7-CI, 7.7, 6
7 Note
Some changes may affect the VM boot up, or connectivity to the VM may not be
established.
Install Rebuild the Linux init image so it contains the Most new versions of Linux
Hyper-V necessary Hyper-V drivers. Rebuilding the init distributions have this included
Linux image ensures that the VM will boot in Azure. by default.
Integration
Services If not included, install manually
for all versions except those
called out above.
Update Update the device map file with the device Install manually for all versions
device name-to-volume associations, so you use except those called out above.
map file persistent device identifiers. (Only applicable in agent-based
VMware scenario)
Update Update entries to use persistent volume Update manually for all versions
fstab identifiers. except those called out above.
entries
Remove Remove any udev rules that reserves interface Remove manually for all versions
udev rule names based on mac address etc. except those called out above.
Update Update network interfaces to receive IP address Update manually for all versions
network based on DHCP.nst except those called out above.
interfaces
Enable ssh Ensure ssh is enabled and the sshd service is set Enable manually for all versions
to start automatically on reboot. except those called out above.
Install the The Microsoft Azure Linux Agent (waagent) is a Enable manually for all versions
Linux secure, lightweight process that manages Linux except those called out above.
Azure & FreeBSD provisioning, and VM interaction Follow instructions to install the
Guest with the Azure Fabric Controller. Linux Agent manually for other
Agent OS versions. Review the list of
required packages to install Linux
VM agent.
Learn more on the changes performed on Linux servers for agentless VMware vSphere
migrations.
The following table summarizes the steps performed automatically for the operating
systems listed above.
Enable ssh No No No
Learn more about steps for running a Linux VM on Azure, and get instructions for some
of the popular Linux distributions.
Review the list of required packages to install Linux VM agent. Azure Migrate installs the
Linux VM agent automatically for RHEL 8.x/7.x/6.x, CentOS 8.x/7.x/6.x, Ubuntu
14.04/16.04/18.04/19.04/19.10/20.04, SUSE 15 SP0/15 SP1/12/11 SP4/11 SP3, Debian
9/8/7, and Oracle 7 when using the agentless method of VMware migration.
Before migrating, review the Azure VMs requirements for VMware, Hyper-V, and
physical server migration.
1. Check that the Secure Shell service is set to start automatically on system boot.
2. Check that firewall rules allow an SSH connection.
1. To connect to the VM over the internet, assign a public IP address to the VM. You
must use a different public IP address for the Azure VM than you used for your on-
premises machine. Learn more.
2. Check that network security group (NSG) rules on the VM allow incoming
connections to the RDP or SSH port.
3. Check boot diagnostics to view the VM.
Next steps
Decide which method you want to use to migrate VMware vSphere VMs to Azure, or
begin migrating Hyper-V VMs or physical servers or virtualized or cloud VMs.
VMware vSphere VMs: Verify migration requirements and support for VMware
vSphere VMs.
Hyper-V VMs: Verify migration requirements and support for Hyper-V VMs.
Physical machines: Verify migration requirements and support for on-premises
physical machines and other virtualized servers.
Learn more
Prepare for VMware vSphere agentless migration with Azure Migrate.
Prepare Windows Server 2003 machines
for migration
Article • 12/12/2022 • 2 minutes to read
This article describes how to prepare machines running Windows Server 2003 for
migration to Azure.
7 Note
Windows Server 2003 extended support ended on July 14, 2015. The Azure
support team continues to help in troubleshooting issues that concern running
Windows Server 2003 on Azure. However, this support is limited to issues that don't
require OS-level troubleshooting or patches. Migrating your applications to Azure
instances running a newer version of Windows Server is the recommended
approach to ensure that you are effectively leveraging the flexibility and reliability
of the Azure cloud. However, if you still choose to migrate your Windows Server
2003 to Azure, you can use the Migration and modernization tool if your Windows
Server is a VM running on VMware or Hyper-V.
You can use agentless migration to migrate Hyper-V VMs and VMware VMs to
Azure.
In order to connect to Azure VMs after migration, Hyper-V Integration Services
must be installed on the Azure VM. Windows Server 2003 machines don't have this
installed by default.
There's no direct download link to install Hyper-V Integration Services, so you
need to do the following:
For Hyper-V VMs that don't have it installed, you extract installation files for
Integration Services on a machine running Windows Server 2012 R2/Windows
Server 2012 with the Hyper-V role, and then copy the installer to the Windows
Server 2003 machine. The installation files aren't available on machines running
Windows Server 2016.
For VMware VMs, you create a startup task that installs Integration Services
when the Azure VM starts after migration.
Next steps
Review migration requirements for VMware and Hyper-V VMs.
Migrate VMware and Hyper-V VMs.
Migrate VMware VMs to Azure VMs enabled with
server-side encryption and customer-managed
keys
Article • 03/20/2023 • 8 minutes to read
This article describes how to migrate VMware VMs to Azure virtual machines with disks encrypted using
server-side encryption(SSE) with customer-managed keys(CMK), using Migration and modernization
(agentless replication).
The Migration and modernization portal experience lets you migrate VMware VMs to Azure with agentless
replication. The portal experience currently doesn't offer the ability to turn on SSE with CMK for your
replicated disks in Azure. The ability to turn on SSE with CMK for the replicated disks is currently available
only through REST API. In this article, you'll see how to create and deploy an Azure Resource Manager
template to replicate a VMware VM and configure the replicated disks in Azure to use SSE with CMK.
The examples in this article use Azure PowerShell to perform the tasks needed to create and deploy the
Resource Manager template.
Learn more about server-side encryption (SSE) with customer managed keys(CMK) for managed disks.
Prerequisites
Review the tutorial on migration of VMware VMs to Azure with agentless replication to understand tool
requirements.
Follow these instructions to create an Azure Migrate project and add the Migration and
modernization tool to the project.
Follow these instructions to set up the Azure Migrate appliance for VMware in your on-premises
environment and complete discovery.
Before you can start replicating VMs, the replication infrastructure needs to be prepared.
1. Create a Service Bus instance in the target region. The Service Bus is used by the on-premises Azure
Migrate appliance to communicate with the Migration and modernization service to coordinate
replication and migration.
2. Create a storage account for transfer of operation logs from replication.
3. Create a storage account that the Azure Migrate appliance uploads replication data to.
4. Create a Key Vault and configure the Key Vault to manage shared access signature tokens for blob
access on the storage accounts created in step 3 and 4.
5. Generate a shared access signature token for the service bus created in step 1 and create a secret for
the token in the Key Vault created in the previous step.
6. Create a Key Vault access policy to give the on-premises Azure Migrate appliance (using the appliance
AAD app) and the Migration and modernization Service access to the Key Vault.
7. Create a replication policy and configure the Migration and modernization service with details of the
replication infrastructure created in the previous step.
The replication infrastructure must be created in the target Azure region for the migration and in the target
Azure subscription that the VMs are being migrated to.
The Migration and modernization portal experience simplifies preparation of the replication infrastructure by
automatically doing this for you when you replicate a VM for the first time in a project. In this article, we'll
assume that you've already replicated one or more VMs using the portal experience and that the replication
infrastructure is already created. We'll look at how to discover details of the existing replication infrastructure
and how to use these details as inputs to the Resource Manager template that will be used to set up
replication with CMK.
Follow the example here to create a disk encryption set using Azure PowerShell. Ensure that the disk
encryption set is created in the target subscription that VMs are being migrated to, and in the target Azure
region for the migration.
The disk encryption set can be configured to encrypt managed disks with a customer-managed key, or for
double encryption with both a customer-managed key and a platform key. To use the double encryption at
rest option configure the disk encryption set as described here.
In the example shown below the disk encryption set is configured to use a customer-managed key.
Azure PowerShell
Azure PowerShell
# Displays one entry for each appliance in the project mapping the appliance to the VMware
sites discovered through the appliance.
$solution.Properties.details.extendedDetails.applianceNameToSiteIdMapV2 | ConvertFrom-Json |
select ApplianceName, SiteId
Output
ApplianceName SiteId
------------- ------
VMwareApplianc /subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAp
plianca8basite
Copy the value of the SiteId string corresponding to the Azure Migrate appliance that the VM is discovered
through. In the example shown above, the SiteId is "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAppli
anca8basite"
Azure PowerShell
#Replace value with SiteId from the previous step
$SiteId = "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAp
plianca8basite"
$SiteName = Get-AzResource -ResourceId $SiteId -ExpandProperties | Select-Object -
ExpandProperty Name
$DiscoveredMachines = Get-AzResource -ResourceGroupName $ProjectResourceGroup -ResourceType
Microsoft.OffAzure/VMwareSites/machines -ExpandProperties -ResourceName $SiteName
Copy the ResourceId, name and disk uuid values for the machine to be migrated.
Output
PS > $machine.Name
10-150-8-52-b090bef3-b733-5e34-bc8f-eb6f2701432a_50098f99-f949-22ca-642b-724ec6595210
PS > $machine.ResourceId
/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAp
plianca8basite/machines/10-150-8-52-b090bef3-b733-5e34-bc8f-eb6f2701432a_50098f99-f949-22ca-
642b-724ec6595210
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type":
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicat
ionMigrationItems",
"apiVersion": "2018-01-10",
"name":
"ContosoMigration7371rsvault/VMware104e4replicationfabric/VMware104e4replicationcontainer/10-
150-8-52-b090bef3-b733-5e34-bc8f-eb6f2701432a_500937f3-805e-9414-11b1-f22923456e08",
"properties": {
"policyId": "/Subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/ContosoMigration/providers/Microsoft.RecoveryServices/vaults/Conto
soMigration7371rsvault/replicationPolicies/migrateVMware104e4sitepolicy",
"providerSpecificDetails": {
"instanceType": "VMwareCbt",
"vmwareMachineId": "/subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/ContosoMigration/providers/Microsoft.OffAzure/VMwareSites/VMware10
4e4site/machines/10-150-8-52-b090bef3-b733-5e34-bc8f-eb6f2701432a_500937f3-805e-9414-11b1-
f22923456e08",
"targetResourceGroupId": "/subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/PayrollRG",
"targetNetworkId": "/subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/PayrollRG/providers/Microsoft.Network/virtualNetworks/PayrollNW",
"targetSubnetName": "PayrollSubnet",
"licenseType": "NoLicenseType",
"disksToInclude": [
{
"diskId": "6000C295-dafe-a0eb-906e-d47cb5b05a1d",
"isOSDisk": "true",
"logStorageAccountId": "/subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/ContosoMigration/providers/Microsoft.Storage/storageAccounts/migra
telsa1432469187",
"logStorageAccountSasSecretName": "migratelsa1432469187-cacheSas",
"diskType": "Standard_LRS"
}
],
"dataMoverRunAsAccountId": "/subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/ContosoMigration/providers/Microsoft.OffAzure/VMwareSites/VMware10
4e4site/runasaccounts/b090bef3-b733-5e34-bc8f-eb6f2701432a",
"snapshotRunAsAccountId": "/subscriptions/6785ea1f-ac40-4244-a9ce-
94b12fd832ca/resourceGroups/ContosoMigration/providers/Microsoft.OffAzure/VMwareSites/VMware10
4e4site/runasaccounts/b090bef3-b733-5e34-bc8f-eb6f2701432a",
"targetBootDiagnosticsStorageAccountId": "/subscriptions/6785ea1f-ac40-
4244-a9ce-
94b12fd832ca/resourceGroups/ContosoMigration/providers/Microsoft.Storage/storageAccounts/migra
telsa1432469187",
"targetVmName": "PayrollWeb04"
}
}
}
]
}
Edit the name property in the resource definition. Replace the string that follows the last "/" in the
name property with the value of $machine.Name( from the previous step).
Change the value of the properties.providerSpecificDetails.vmwareMachineId property with value of
$machine.ResourceId( from the previous step).
Set the values for targetResourceGroupId, targetNetworkId, targetSubnetName to the target
resource group ID, target virtual network resource ID, and target subnet name respectively.
Set the value of licenseType to "WindowsServer" to apply Azure Hybrid Benefit for this VM. If this VM
is not eligible for Azure Hybrid Benefit, set the value of licenseType to NoLicenseType.
Change the value of the targetVmName property to the desired Azure virtual machine name for the
migrated VM.
Optionally add a property named targetVmSize below the targetVmName property. Set the value of
the targetVmSize property to the desired Azure virtual machine size for the migrated VM.
The disksToInclude property is a list of disk inputs for replication with each list item representing one
on-premises disk. Create as many list items as the number of disks on the on-premises VM. Replace the
diskId property in the list item to the uuid of the disks identified in the previous step. Set the isOSDisk
value to "true" for the OS disk of the VM and "false" for all other disks. Leave the logStorageAccountId
and the logStorageAccountSasSecretName properties unchanged. Set the diskType value to the Azure
Managed Disk type (Standard_LRS, Premium_LRS, StandardSSD_LRS) to use for the disk. For the disks
that need to be encrypted with CMK, add a property named diskEncryptionSetId and set the value to
the resource ID of the disk encryption set created($des.Id) in the Create a Disk Encryption Set step
Save the edited template file. For the example above, the edited template file looks as follows:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type":
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicat
ionMigrationItems",
"apiVersion": "2018-01-10",
"name":
"ContosoVMwareCMK00ddrsvault/VMwareApplianca8bareplicationfabric/VMwareApplianca8bareplication
container/10-150-8-52-b090bef3-b733-5e34-bc8f-eb6f2701432a_50098f99-f949-22ca-642b-
724ec6595210",
"properties": {
"policyId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.RecoveryServices/vaults/Conto
soVMwareCMK00ddrsvault/replicationPolicies/migrateVMwareApplianca8basitepolicy",
"providerSpecificDetails": {
"instanceType": "VMwareCbt",
"vmwareMachineId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAp
plianca8basite/machines/10-150-8-52-b090bef3-b733-5e34-bc8f-eb6f2701432a_50098f99-f949-22ca-
642b-724ec6595210",
"targetResourceGroupId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoMigrationTarget",
"targetNetworkId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/cmkRTest/providers/Microsoft.Network/virtualNetworks/cmkvm1_vnet",
"targetSubnetName": "cmkvm1_subnet",
"licenseType": "NoLicenseType",
"disksToInclude": [
{
"diskId": "6000C291-5106-2aac-7a74-4f33c3ddb78c",
"isOSDisk": "true",
"logStorageAccountId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.Storage/storageAccounts/migra
telsa1671875959",
"logStorageAccountSasSecretName": "migratelsa1671875959-cacheSas",
"diskEncryptionSetId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/CONTOSOMIGRATIONTARGET/providers/Microsoft.Compute/diskEncryptionS
ets/ContosoCMKDES",
"diskType": "Standard_LRS"
},
{
"diskId": "6000C293-39a1-bd70-7b24-735f0eeb79c4",
"isOSDisk": "false",
"logStorageAccountId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.Storage/storageAccounts/migra
telsa1671875959",
"logStorageAccountSasSecretName": "migratelsa1671875959-cacheSas",
"diskEncryptionSetId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/CONTOSOMIGRATIONTARGET/providers/Microsoft.Compute/diskEncryptionS
ets/ContosoCMKDES",
"diskType": "Standard_LRS"
},
{
"diskId": "6000C29e-cbee-4d79-39c7-d00dd0208aa9",
"isOSDisk": "false",
"logStorageAccountId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.Storage/storageAccounts/migra
telsa1671875959",
"logStorageAccountSasSecretName": "migratelsa1671875959-cacheSas",
"diskEncryptionSetId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/CONTOSOMIGRATIONTARGET/providers/Microsoft.Compute/diskEncryptionS
ets/ContosoCMKDES",
"diskType": "Standard_LRS"
}
],
"dataMoverRunAsAccountId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAp
plianca8basite/runasaccounts/b090bef3-b733-5e34-bc8f-eb6f2701432a",
"snapshotRunAsAccountId": "/subscriptions/509099b2-9d2c-4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.OffAzure/VMwareSites/VMwareAp
plianca8basite/runasaccounts/b090bef3-b733-5e34-bc8f-eb6f2701432a",
"targetBootDiagnosticsStorageAccountId": "/subscriptions/509099b2-9d2c-
4636-b43e-
bd5cafb6be69/resourceGroups/ContosoVMwareCMK/providers/Microsoft.Storage/storageAccounts/migra
telsa1671875959",
"performAutoResync": "true",
"targetVmName": "FPL-W19-09"
}
}
}
]
}
Set up replication
You can now deploy the edited Resource Manager template to the project resource group to set up
replication for the VM. Learn how to deploy resource with Azure Resource Manager templates and Azure
PowerShell
Azure PowerShell
Output
DeploymentName : template
ResourceGroupName : ContosoVMwareCMK
ProvisioningState : Succeeded
Timestamp : 3/11/2020 8:52:00 PM
Mode : Incremental
TemplateLink :
Parameters :
Outputs :
DeploymentDebugLogLevel :
Next steps
Monitor replication status through the portal experience and perform Test migrations and migration.
Test migrate replicating virtual
machines
Article • 10/19/2022 • 3 minutes to read
This article helps you understand how to test replicating virtual machines. Test migration
provides a way to test and validate migrations prior to the actual migration.
Prerequisites
Before you get started, perform the following steps:
) Important
You'll need at least one replicating virtual machine in the project before you can
test the migration.
Furthermore, you can create 1:1 mapping between subnets of the VNet and Network
Interface Cards (NICs) on VM, which gives more flexibility in creating the test
environment.
7 Note
Currently, the subnet selection feature is available only for agentless VMware
migration scenario.
The following logic is used for subnet selection for other scenarios (Migration from
Hyper-V environment and physical server migration).
If a target subnet (other than default) was specified as an input while enabling
replication. Azure Migrate prioritizes using a subnet with the same name in the
Virtual Network selected for the test migration.
If the subnet with the same name ins't found, then Azure Migrate selects the first
subnet available alphabetically that isn't a Gateway/Application
Gateway/Firewall/Bastion subnet. For example,
Suppose the target VNet is VNet-alpha and target subnet is Subnet-alpha for a
replicating VM. VNet-beta is selected during test migration for this VM, then -
If VNet-beta has a subnet named Subnet-alpha, that subnet would be chosen
for test migration.
If VNet-beta doesn't have a Subnet-alpha, then the next alphabetically available
subnet, suppose Subnet-beta, would be chosen if it isn't Gateway / Application
Gateway / Firewall / Bastion subnet.
1. Select the virtual machine from the list of currently replicating virtual machines
2. Select Compute and Network option under General.
3. Select the virtual network from the Test migration column. It's important to select
the VNet in this drop down for test migration to be able to select subnet for each
Network Interface Card (NIC) in the following steps.
4. Select the NIC's name to check its settings. You can select the subnet for each of
the NICs of the VM.
5. To change the settings, select edit. Change the setting for the NIC in the new form.
Select OK.
6. Select Save. Changes aren't saved until you can see the colored square next to the
NIC's name.
Scale agentless migration of VMware
virtual machines to Azure
Article • 03/16/2023 • 8 minutes to read
This article helps you understand how to use a scale-out appliance to migrate a large
number of VMware virtual machines (VMs) to Azure using the Migration and
modernization tool's agentless method for migration of VMware VMs.
Using the agentless migration method for VMware virtual machines you can:
Replicate up to 300 VMs from a single vCenter server concurrently using one Azure
Migrate appliance.
Replicate up to 500 VMs from a single vCenter server concurrently by deploying a
second scale-out appliance for migration.
Prerequisites
Before you get started, you need to perform the following steps:
) Important
You'll need to have at least one replicating virtual machine in the project before you
can add a scale-out appliance for migration.
To learn how to perform the above, review the tutorial on migrating VMware virtual
machines to Azure with the agentless migration method.
4. Select Scale-out an existing primary appliance in the select the type of appliance
menu.
5. Select the primary appliance (the appliance using which discovery was performed)
that you wish to scale out.
You can validate the checksum of the downloaded zip file using these steps:
3. Download the latest version of the scale-out appliance installer from the
portal if the computed hash value doesn't match this string:
CE63463B3CE07D7500F0A34F9CAFF0AB939368E5DB320F9F05EE45A386A49C
DC
3. Change the PowerShell directory to the folder where the contents have been
extracted from the downloaded zipped file.
PS C:\Users\administrator\Desktop\AzureMigrateInstaller>
.\AzureMigrateInstaller.ps1
5. Select from the scenario, cloud, configuration and connectivity options to deploy
the desired appliance. For instance, the selection shown below sets up a scale-out
appliance to initiate concurrent replications on servers running in your VMware
environment to an Azure Migrate project with default (public endpoint)
connectivity on Azure public cloud.
After the script has executed successfully, the appliance configuration manager will be
launched automatically.
7 Note
If you come across any issues, you can access the script logs at
C:\ProgramData\Microsoft
Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
Open a browser on any machine that can connect to the scale-out appliance
server, and open the URL of the appliance configuration manager: https://scale-
out appliance name or IP address: 44368.
Alternately, you can open the configuration manager from the scale-out appliance
server's desktop using the shortcut to the configuration manager.
1. Connectivity: The appliance checks that the server has internet access. If the server
uses a proxy:
Select Setup proxy to specify the proxy address (in the form
http://ProxyIPAddress or http://ProxyFQDN , where FQDN refers to a fully
2. Time sync: Check that the time on the appliance is in sync with internet time for
discovery to work properly.
3. Install updates and register appliance: To run auto-update and register the
appliance, follow these steps:
7 Note
a. For the appliance to run auto-update, paste the project key that you copied
from the portal. If you don't have the key, go to Azure Migrate: Discovery and
assessment > Overview > Manage existing appliances. Select the appliance
name you provided when you generated the project key, and then copy the key
that's shown.
b. The appliance will verify the key and start the auto-update service, which
updates all the services on the appliance to their latest versions. When the auto-
update has run, you can select View appliance services to see the status and
versions of the services running on the appliance server.
c. To register the appliance, you need to select Login. In Continue with Azure
Login, select Copy code & Login to copy the device code (you must have a
device code to authenticate with Azure) and open an Azure Login prompt in a
new browser tab. Make sure you've disabled the pop-up blocker in the browser
to see the prompt.
d. In a new tab in your browser, paste the device code and sign in by using your
Azure username and password. Signing in with a PIN isn't supported.
7 Note
If you close the login tab accidentally without logging in, refresh the
browser tab of the appliance configuration manager to display the device
code and Copy code & Login button.
e. After you successfully log in, return to the browser tab that displays the
appliance configuration manager. If the Azure user account that you used to log
in has the required permissions for the Azure resources that were created
during key generation, appliance registration starts.
PS .\ExportConfigFiles.ps1
iii. Copy the zip file created by running the above commands to the scale-out
appliance. The zip file contains configuration files needed to register the
scale-out appliance.
iv. In the pop-up window opened in the previous step, select the location of the
copied configuration zip file and click Save.
Once the files have been successfully imported, the registration of the scale-out
appliance will complete and it will show you the timestamp of the last successful
import. You can also see the registration details by clicking View details.
4. Install the VDDK: The appliance checks that VMware vSphere Virtual Disk
Development Kit (VDDK) is installed. If the VDDK isn't installed, download VDDK
6.7 from VMware. Extract the downloaded zip file contents to the specified location
on the appliance, as indicated in the Installation instructions.
The Migration and modernization tool uses the VDDK to replicate servers during
migration to Azure.
You can rerun prerequisites at any time during appliance configuration to check whether
the appliance meets all the prerequisites.
At this point, you should revalidate that the scale-out appliance is able to connect to
your vCenter server. Click revalidate to validate vCenter Server connectivity from scale-
out appliance.
) Important
If you edit the vCenter Server credentials on the primary appliance, ensure that you
import the configuration files again to the scale-out appliance to get the latest
configuration and continue any ongoing replications.
If you do not need the scale-out appliance any longer, make sure that you disable
the scale-out appliance. Learn more on how to disable the scale-out appliance
when not needed.
Replicate
1. After the scale-out appliance is registered, on the Migration and modernization
tile, select Replicate.
2. Follow the steps on the screen to start replicating more virtual machines.
With the scale-out appliance in place, you can now replicate 500 VMs concurrently. You
can also migrate VMs in batches of 200 through the Azure portal.
The Migration and modernization tool will take care of distributing the virtual machines
between the primary and scale-out appliance for replication. Once the replication is
done, you can migrate the virtual machines.
Tip
Next steps
In this article, you learned:
Learn more about migrating servers to Azure using the Migration and modernization
tool.
Scale migration of VMs
Article • 02/27/2023 • 3 minutes to read
This article helps you understand how to use scripts to migrate large number of virtual
machines (VMs). To scale migration, you use Azure Site Recovery.
Site Recovery scripts are available for your download at Azure PowerShell Samples
repo on GitHub. The scripts can be used to migrate VMware, AWS, GCP VMs, and
physical servers to managed disks in Azure. You can also use these scripts to migrate
Hyper-V VMs if you migrate the VMs as physical servers. The scripts that leverage Azure
Site Recovery PowerShell are documented here.
Current limitations
Supports specifying the static IP address only for the primary NIC of the target VM.
The scripts do not take Azure Hybrid Benefit related inputs; you need to manually
update the properties of the replicated VM in the portal.
Prerequisites
Before you get started, you need to do the following steps:
Ensure that the Site Recovery vault is created in your Azure subscription.
Ensure that the Configuration Server and Process Server are installed in the source
environment and the vault can discover the environment.
Ensure that a Replication Policy is created and associated with the Configuration
Server.
Ensure that you have added the VM admin account to the config server (that will
be used to replicate the on premises VMs).
Ensure that the following target artifacts in Azure are created:
Target Resource Group
Target Storage Account (and its Resource Group) - Create a premium storage
account if you plan to migrate to premium-managed disks
Cache Storage Account (and its Resource Group) - Create a standard storage
account in the same region as the vault
Target Virtual Network for failover (and its Resource Group)
Target Subnet
Target Virtual Network for Test failover (and its Resource Group)
Availability Set (if needed)
Target Network Security Group and its Resource Group
Ensure that you have decided on the following properties of the target VM
Target VM name
Target VM size in Azure (can be decided using Azure Migrate assessment)
Private IP Address of the primary NIC in the VM
Download the scripts from Azure PowerShell Samples repo on GitHub
Script execution
Once the CSV is ready, you can execute the following steps to perform migration of the
on-premises VMs:
1 asr_startmigration.ps1 Enable replication for all the VMs listed in the csv, the
script creates a CSV output with the job details for each
VM
2 asr_replicationstatus.ps1 Check the status of replication, the script creates a csv with
the status for each VM
5 asr_testmigration.ps1 Start the test failover of the VMs listed in the csv, the script
creates a CSV output with the job details for each VM
6 asr_cleanuptestmigration.ps1 Once you manually validate the VMs that were test failed-
over, you can use this script to clean up the test failover
VMs
Step Script Name Description
#
7 asr_migration.ps1 Perform an unplanned failover for the VMs listed in the csv,
the script creates a CSV output with the job details for
each VM. The script does not shut down the on premises
VMs before triggering the failover, for application
consistency, it is recommended that you manually shut
down the VMs before executing the script.
8 asr_completemigration.ps1 Perform the commit operation on the VMs and delete the
Azure Site Recovery entities
Next steps
Learn more about migrating servers to Azure using Azure Site Recovery
Additional resources
Documentation
Questions about discovery and dependency analysis in Azure Migrate - Azure Migrate
Get answers to common questions about discovery and dependency analysis in Azure Migrate.
Set up an Azure Migrate scale-out appliance for agentless VMware migration - Azure
Migrate
Learn how to set up an Azure Migrate scale-out appliance to migrate Hyper-V VMs.
Questions about assessments in Azure Migrate - Azure Migrate
Get answers to common questions about assessments in Azure Migrate.
Replicate data over ExpressRoute for Azure Migrate projects with public endpoint
connectivity - Azure Migrate
Use Azure ExpressRoute for replication with the Migration and modernization tool.
Show 5 more
Scale migration of VMware VMs
Article • 05/11/2023
This article helps you understand how to use scripts to migrate large number of VMware
virtual machines (VMs) using the agentless method. To scale migrations, you use Azure
Migrate PowerShell module.
The Azure Migrate VMware migration automation scripts are available for download in
the Azure PowerShell Samples repo on GitHub. The scripts can be used to migrate
VMware VMs to Azure using the agentless migration method. The Azure Migrate
PowerShell commands used in these scripts are documented here.
Current limitations
These scripts support migration of VMware VMs with all its disks. You can update
the scripts if you want to selectively replicate the disks attached to a VMware VM.
The scripts support use of assessment recommendations. If assessment
recommendations aren't used, all disks attached to the VMware VM are migrated
to the same managed disk type (Standard or Premium). You can update the scripts
if you want to use multiple types of managed disks with the same VM.
Prerequisites
Complete the discovery tutorial to prepare Azure and VMware for migration.
We recommend that you complete the second tutorial to assess VMware VMs
before migrating them to Azure.
You must have the Azure PowerShell Az module. If you need to install or upgrade
Azure PowerShell, follow this guide to install and configure Azure PowerShell.
Azure PowerShell
7 Note
The same csv file can be used to migrate VMs in multiple Azure Migrate projects.
Script execution
Once the CSV is ready, you can execute the following steps to migrate your on-premises
VMware VMs.
4 AzMigrate_StartTestMigration.ps1 Start the test failover for all VMs listed in the
csv that are configured for test migration. The
script creates a CSV output with the job details
for each VM.
6 AzMigrate_StartMigration.ps1 Start the migration for all VMs listed in the csv
that are configured for migration. The script
creates a CSV output with the job details for
each VM.
The following scripts are invoked by other scripts for all Azure Migrate operations like
enabling replication, starting test migration, updating VM properties and so on. Ensure
that all the scripts are present in the same folder/path.
3 AzMigrate_Logger.ps1 Common script invoked for generating the log file for
Azure Migrate automation operations. The log file will be
of the format log.Scriptname.Datetime.txt.
In addition to the above, the folder also contains AzMigrate_Template.ps1 that contains
the skeleton framework for building custom scripts for different Azure Migrate
operations.
If you want to execute the script to start replication for VMs using the Input.csv file, use
the following syntax.
Azure PowerShell
".\AzMigrate_StartReplication.ps1" .\Input.csv
To learn more about using Azure PowerShell for migrating VMware VMs with Azure
Migrate, follow the tutorial.
Delete an Azure Migrate project
Article • 11/21/2022 • 2 minutes to read
When you delete a project, the project, and discovered machine metadata are
deleted.
If you've attached a Log Analytics workspace to the Server Assessment tool for
dependency analysis, decide whether you want to delete the workspace.
The workspace isn't automatically deleted. Delete it manually.
Verify what a workspace is used for before you delete it. The same Log Analytics
workspace can be used for multiple scenarios.
Before you delete the project, you can find a link to the workspace in Azure
Migrate - Servers > Azure Migrate - Server Assessment, under OMS
Workspace.
To delete a workspace after deleting a project, find the workspace in the
relevant resource group, and follow these instructions.
Delete a project
1. In the Azure portal, open the resource group in which the project was created.
2. In the resource group page, select Show hidden types.
3. Select the project and the associated resources that you want to delete.
Created resources
These tables summarize the resources created for discovery, assessment, and migration
in an Azure Migrate project.
7 Note
Delete the key vault with caution because it might contain security keys.
VMware/physical server
Resource Type
"Appliancename"site Microsoft.OffAzure/VMwareSites
"ProjectName" Microsoft.Migrate/migrateprojects
"ProjectName"project Microsoft.Migrate/assessmentProjects
Hyper-V VM
Resource Type
"ProjectName" Microsoft.Migrate/migrateprojects
"ProjectName"project Microsoft.Migrate/assessmentProjects
HyperV*Site Microsoft.OffAzure/HyperVSites
Resource Type
The following tables summarize the resources created by Azure Migrate to discover,
assess, and migrate servers over a private network using [Azure private link](./how-to-
use-azure-migrate-with-private-endpoints.md).
Microsoft.OffAzure/VMwareSites "ApplianceName"*site NA
Hyper-V VMs
Microsoft.OffAzure/HyperVSites "ApplianceName"*site NA
Microsoft.OffAzure/serversites "ApplianceName"*site NA
Next steps
Learn how to add additional assessment and migration tools.
Work with the previous version of Azure
Migrate
Article • 03/10/2023 • 17 minutes to read
This article provides information about working with the previous version of Azure
Migrate.
Current version: Use this version to create Azure Migrate projects, discover on-
premises machines, and orchestrate assessments and migrations. Learn more
about what's new in this version.
Previous version: If you're using the previous version of Azure Migrate (only
assessment of on-premises VMware VMs was supported), you should now use the
current version. The previous version projects are referred to as Classic projects in
this article. Classic Azure Migrate is retiring in Feb 2024. After Feb 2024, the classic
version of Azure Migrate will no longer be supported and the inventory metadata
in classic projects will be deleted. If you still need to use classic Azure Migrate
projects, this is what you can and can't do:
You can no longer create migration projects.
We recommend that you don't perform new discoveries.
You can still access existing projects.
You can still run assessments.
1. In the Azure portal > All services, search for and select Azure Migrate.
2. On the Azure Migrate dashboard, there's a notification and a link to access old
Azure Migrate projects.
3. Click the link to open Classic projects.
1. In the Azure portal > All services, search for and select Azure Migrate.
2. On the Azure Migrate dashboard, there's a notification and a link to access old
Azure Migrate projects.
3. Click the link to open Classic projects.
4. Select the project you would like to delete and delete it.
Create an assessment
After VMs are discovered in the portal, you group them and create assessments.
You can create on-premises assessments immediately after VMs are discovered in
the portal.
For performance-based assessments, we recommend you wait at least a day before
creating a performance-based assessment, to get reliable size recommendations.
If you would like to update an existing assessment with the latest performance data, you
can use the Recalculate command on the assessment to update it.
Review an assessment
An assessment has three stages:
An assessment starts with a suitability analysis to figure out whether machines are
compatible in Azure.
Sizing estimations.
Monthly cost estimation.
A machine only moves along to a later stage if it passes the previous one. For example,
if a machine fails the suitability check, it’s marked as unsuitable for Azure, and sizing and
costing isn't done.
Ready for No compatibility issues. The machine can be migrated For VMs that are ready,
Azure as-is to Azure, and it will boot in Azure with full Azure Azure Migrate
support. recommends a VM size
in Azure.
Conditionally The machine might boot in Azure, but might not have Azure Migrate explains
ready for full Azure support. For example, a machine with an the readiness issues,
Azure older version of Windows Server that isn't supported in and provides
Azure. remediation steps.
Not ready The VM won't boot in Azure. For example, if a VM has Azure Migrate explains
for Azure a disk that's more than 4 TB, it can't be hosted on the readiness issues and
Azure. provides remediation
steps.
Azure VM properties
Cores Machines core <= the maximum number of cores (128) Ready if less than
supported for an Azure VM. or equal to limits.
Memory The machine memory size <= the maximum memory (3892 GB Ready if within
on Azure M series Standard_M128m 2) for an Azure VM. Learn limits.
more.
Storage Allocated size of a disk must be 4 TB (4096 GB) or less. Ready if within
disk limits.
The number of disks attached to the machine must be 65 or
less, including the OS disk.
Networking A machine must have 32 or less NICs attached to it. Ready if within
limits.
Windows Out-of-support and need a Custom Support Conditionally ready for Azure.
Server 2003, Agreement (CSA) for support in Azure. Consider upgrading the OS
2003 R2 before migrating to Azure.
Windows Out-of-support. The machine might boot in Conditionally ready for Azure. It
2000, 98, 95, Azure, but no OS support is provided by Azure. is recommended to upgrade
NT, 3.1, MS- the OS before migrating to
DOS Azure.
Windows Azure provides support with Visual Studio Conditionally ready for Azure.
Client 7, 8 subscription only.
and 10
Windows 10 Azure provides support with Multitenant Conditionally ready for Azure.
Pro Desktop Hosting Rights.
Windows Out-of-support. The machine might boot in Conditionally ready for Azure. It
Vista, XP Azure, but no OS support is provided by Azure. is recommended to upgrade
Professional the OS before migrating to
Azure.
Operating Details Readiness
System
Linux Azure endorses these Linux operating systems. Ready for Azure if the version is
Other Linux operating systems might boot in endorsed.
Azure, but we recommend upgrading the OS
to an endorsed version, before migrating to Conditionally ready if the
Azure. version is not endorsed.
Other Azure doesn't endorse these operating Conditionally ready for Azure. It
operating systems. The machine may boot in Azure, but is recommended to install a
systems no OS support is provided by Azure. supported OS before migrating
to Azure.
For example,
Oracle
Solaris, Apple
macOS etc.,
FreeBSD, etc.
OS specified Azure Migrate cannot identify the OS in this Unknown readiness. Ensure that
as Other in case. the OS running inside the VM is
vCenter supported in Azure.
Server
32-bit The machine may boot in Azure, but Azure may Conditionally ready for Azure,
operating not provide full support. consider upgrading the OS of
systems the machine from 32-bit OS to
64-bit OS before migrating to
Azure.
Review sizing
The Azure Migrate size recommendation depends on the sizing criterion specified in the
assessment properties.
Cost estimates are calculated using the size recommendation for a VM machine,
and its disks, and the assessment properties.
Estimated monthly costs for compute and storage are aggregated for all VMs in
the group.
The cost estimation is for running the on-premises VM as Azure Infrastructure as a
service (IaaS) VMs. Azure Migrate doesn't consider costs for Platform as a service
(PaaS) or Software as a service (SaaS).
A confidence rating ranges from one-star to five-star (one-star being the lowest
and five-star the highest).
The confidence rating is assigned to an assessment, based on the availability of
data points needed to compute the assessment.
The confidence rating of an assessment helps you estimate the reliability of the
size recommendations provided by Azure Migrate.
Confidence rating isn't available for "as-is" on-premises assessments.
Depending on the percentage of data points available, the possible confidence ratings
are summarized in the table.
0%-20% 1 Star
21%-40% 2 Star
41%-60% 3 Star
Availability of data points Confidence rating
61%-80% 4 Star
81%-100% 5 Star
You didn't profile your environment for the duration of the assessment. For
example, if you create the assessment with performance duration set to one day,
you must wait for at least a day after you start the discovery, or all the data points
to be collected.
Some VMs were shut down during the period for which the assessment was
calculated. If any VMs were powered off for part of the duration, Azure Migrate
can't collect performance data for that period.
Some VMs were created in between during the assessment calculation period. For
example, if you create an assessment using the last month's performance history
but create a number of VMs in the environment a week ago, the performance
history of the new VMs won't be for the entire duration.
7 Note
If the confidence rating of any assessment is below five-stars, wait for at least a day
for the appliance to profile the environment, and then recalculate the assessment. If
you don't performance-based sizing might not be reliable. If you don't want to
recalculate, we recommended switching to as on-premises sizing, by changing the
assessment properties.
You typically use this method when you want to assess groups with higher levels of
confidence by cross-checking machine dependencies, before you run an
assessment.
Dependency visualization can help you effectively plan your migration to Azure. It
helps you ensure that nothing is left behind, and that surprise outages do not
occur when you are migrating to Azure.
You can discover all interdependent systems that need to migrate together and
identify whether a running system is still serving users or is a candidate for
decommissioning instead of migration.
Azure Migrate uses the Service Map solution in Azure Monitor to enable
dependency visualization.
7 Note
7 Note
1. In Overview, click Manage > Machines, and select the required machine.
2. In the Dependencies column, click Install agents.
3. On the Dependencies page, download and install the Microsoft Monitoring Agent
(MMA), and the Dependency agent on each VM you want to assess.
4. Copy the workspace ID and key. You need these when you install the MMA on the
on-premises machine.
7 Note
To automate the installation of agents you can use a deployment tool such as
Configuration Manager or a partner tool such as Intigua, that provides an agent
deployment solution for Azure Migrate.
You can install the agent from the command line or using an automated method such as
Configuration Manager. Learn more about using these methods to install the MMA
agent.
1. Transfer the appropriate bundle (x86 or x64) to your Linux computer using
scp/sftp.
<workspace key>
Learn more about the list of Linux operating systems support by MMA.
2. To install the Dependency agent on a Linux machine, install as root using the
following command:
sh InstallDependencyAgent-Linux64.bin
Learn more about the Dependency agent support for the Windows and Linux
operating systems.
Learn more about how you can use scripts to install the Dependency agent.
7 Note
The Azure Monitor for VMs article referenced to provide an overview of the system
prerequisites and methods to deploy the Dependency agent are also applicable to
the Service Map solution.
3. The Dependencies column for the machine should now show as View
Dependencies. Click the column to view the dependencies of the machine.
4. The dependency map for the machine shows the following details:
Inbound (Clients) and outbound (Servers) TCP connections to/from the
machine
The dependent machines that do not have the MMA and dependency
agent installed are grouped by port numbers.
The dependent machines that have the MMA and the dependency agent
installed are shown as separate boxes.
Processes running inside the machine, you can expand each machine box to
view the processes
Machine properties, including the FQDN, operating System, MAC address are
shown. You can click on each machine box to view the details.
5. You can view dependencies for different time durations by clicking on the time
duration in the time range label. By default the range is an hour. You can modify
the time range, or specify start and end dates, and the duration.
7 Note
6. After you've identified dependent machines that you want to group together, use
Ctrl+Click to select multiple machines on the map, and click Group machines.
7. Specify a group name. Verify that the dependent machines are discovered by
Azure Migrate.
7 Note
8. If you want to create an assessment for this group, select the checkbox to create a
new assessment for the group.
Once the group is created, it is recommended to install agents on all the machines of
the group and refine the group by visualizing the dependency of the entire group.
Query dependency data from Azure Monitor
logs
Dependency data captured by Service Map is available for querying in the Log Analytics
workspace associated with your Azure Migrate project. Learn more about the Service
Map data tables to query in Azure Monitor logs.
1. After you install the agents, go to the portal and click Overview.
2. In Overview, go to Essentials section of the project and click on workspace name
provided next to OMS Workspace.
3. On the Log Analytics workspace page, click General > Logs.
4. Write your query to gather dependency data using Azure Monitor logs. Find
sample queries in the next section.
5. Run your query by clicking on Run.
Next steps
Learn about the latest version of Azure Migrate.
Additional resources
Documentation
Assess VMware servers for migration to Azure VMs in Azure Migrate - Azure Migrate
Learn how to assess VMware servers for migration to Azure VMs with Azure Migrate.
Set the scope for discovery of servers on VMware vSphere with Azure Migrate - Azure
Migrate
Describes how to set the discovery scope for servers hosted on VMware vSphere assessment and
migration with Azure Migrate.
Assess physical servers for migration to Azure with Azure Migrate - Azure Migrate
Describes how to assess on-premises physical servers for migration to Azure using Azure Migrate.
Show 5 more
Training
Learning path
Migrate virtual machines and apps using Azure Migrate - Training
The Virtual machine and app migration using Azure Migrate learning path gives you a step-by-step
process to help you understand, set up, assess, and migrate virtual and physical servers, databases,
applications, and virtual desktops from on-premises to the Azure infrastructure. Azure Migrate now…
Certification
Microsoft Certified: Azure Data Fundamentals - Certifications
Azure Data Fundamentals validates foundational knowledge of core data concepts and how they are
implemented using Microsoft Azure data services.
Onboard on-premises servers in VMware
virtual environment to Azure Arc
Article • 03/31/2023 • 9 minutes to read
This article describes how to onboard on-premises VMware VMs to Azure Arc for Azure
Management using the Azure Migrate: Discovery and assessment tool.
Azure Arc allows you to manage your hybrid IT estate with a single pane of glass by extending the
Azure management experience to your on-premises servers that are not ideal candidates for
migration. Learn more about Azure Arc.
Be sure to verify the prerequisites for Azure Arc and review the following considerations:
Onboarding to Azure Arc can only be initiated after the vCenter Server discovery and
software inventory is completed. It may take up to 6 hours for software inventory to
complete after it is turned on.
The Azure Arc Hybrid Connected Machine agent will be installed on the discovered servers
during the Arc onboarding process. Make sure you provide credentials with administrator
permissions on the servers to install and configure the agent. On Linux, provide the root
account, and on Windows, provide an account that is a member of the Local Administrators
group.
Verify that the servers are running a supported operating system.
Ensure that the Azure account is granted assignment to the required Azure roles.
Make sure the required URLs are not blocked if the discovered servers connect through a
firewall or proxy server to communicate over the Internet.
Review the regions supported for Azure Arc.
Azure Arc-enabled servers support up to 5,000 machine instances in a resource group.
2. Use this article to set up a new Azure Migrate project with the Azure Migrate: Discovery and
assessment tool added to it.
7 Note
You can also use an existing Migrate project and onboard the discovered servers inventory
to Azure Arc. To do so, launch the appliance configuration manager from your appliance
server and make sure the services are updated to their latest versions. Learn more
Next,
Follow this article to set up the Azure Migrate appliance to start vCenter Server discovery. To
deploy the appliance, you can download and import an OVA template into VMware to create a
server running in your vCenter Server.
After deploying the appliance, you need to register it with the project before you initiate the
discovery. Follow these instructions to register the appliance.
After the discovery has been successfully completed, it takes around 15 minutes for discovered
servers to appear in the portal.
) Important
Software inventory must be completed before onboarding your discovered servers to Azure
Arc.
Once the vCenter Server discovery has been completed, software inventory (discovery of installed
applications) will be automatically initiated. During software inventory, the server credentials
provided will be iterated and validated against the discovered servers. You can start onboarding
after the software inventory has been completed and the credentials have been mapped. It may take
up to 6 hours for software inventory to complete after it is turned on.
3. In the Region drop-down list, select the Azure region to store the servers' metadata.
4. Provide the Azure Active Directory service principal details for onboarding at scale. Review
this article to create a service principal using the Azure portal or Azure PowerShell.
Directory (tenant) ID - The unique identifier (GUID) that represents your dedicated
instance of Azure AD.
Application (client) ID - The unique identifier (GUID) that represents the application ID of
the service principal.
Service principal secret (application secret) - The client secret for password-based
authentication.
5. Optional: Provide the proxy server IP address or the name and port number if your discovered
servers require a proxy server to connect to the Internet. Enter the value in the format
http://<proxyURL>:<proxyport> . This proxy server used by the discovered servers can be
different from the proxy server required by the appliance server to connect to the Internet
(provided in the prerequisites section in the appliance configuration manager).
7 Note
7 Note
If your login expires, select Login again. This will open a modal with the device code.
Select Copy code & Login to copy the device code and open an Azure Login prompt in a
new browser tab. If it doesn't appear, make sure you've disabled the pop-up blocker in the
browser.
7. Once the onboarding has completed, navigate to the Azure Arc home page to view and
manage your onboarded servers.
8. View the detailed onboarding report to understand the onboarding status of your servers and
take appropriate actions.
7 Note
The Azure Migrate appliance will initiate WinRM sessions to execute the Azure Arc onboarding
script. Ensure that there are no settings restricting access to the WinRM service on the target
servers.
Next steps
For more information and error details, review the detailed onboarding report. Resolve errors, if
any, to successfully onboard the servers.
You can select Start Onboarding to rerun the Azure Arc onboarding process. The onboarding
will be attempted for any newly discovered servers and servers that could not be onboarded
successfully in the previous run.
If you don't see the error code listed below or if the error code starts with AZCM, refer to this guide
for troubleshooting Azure Arc.
Error 60001 - UnableToConnectToPhysicalServer
Possible causes
Either the prerequisites to connect to the server have not been met or there are network issues in
connecting to the server, for instance some proxy settings.
Recommended actions
Ensure that the server meets the prerequisites and port access requirements.
Add the IP addresses of the remote machines (discovered servers) to the WinRM TrustedHosts
list on the Azure Migrate appliance, and retry the operation. This is to allow remote inbound
connections on servers - Windows: WinRM port 5985 (HTTP) and Linux: SSH port 22 (TCP).
Ensure that you have chosen the correct authentication method on the appliance to connect to
the server.
7 Note
Azure Migrate supports both password-based and SSH key based authentication for Linux
servers.
If the issue persists, submit a Microsoft support case, providing the appliance machine ID
(available in the footer of the appliance configuration manager).
Recommended actions
Ensure that you have provided the correct credentials for the server on the appliance. You can
check that by trying to connect to the server using those credentials.
If the credentials added are incorrect or have expired, edit the credentials on the appliance and
revalidate the added servers. If the validation succeeds, the issue is resolved.
If the issue persists, submit a Microsoft support case, providing the appliance machine ID
(available in the footer of the appliance configuration manager).
The operation took longer than expected either due to network latency issues or due to the
lack of latest updates on the server.
Recommended actions
Ensure that the impacted server has the latest kernel and OS updates installed.
Ensure that there is no network latency between the appliance and the server. It is
recommended to have the appliance and source server on the same domain to avoid latency
issues.
Connect to the impacted server from the appliance and run the commands documented here
to check if they return null or empty data.
If the issue persists, submit a Microsoft support case providing the appliance machine ID
(available in the footer of the appliance configuration manager).
Recommended actions
Software inventory must be complete to start onboarding discovered servers to Azure Arc.
Learn more
Ensure that the credentials provided on the appliance configuration manager are valid and the
server is accessible using the credentials.
Go back to the appliance configuration manager to either provide another set of credentials or
edit an existing one.
The server hosts an unsupported operating system for Azure Arc onboarding.
Recommended actions
The onboarding task did not complete in time. Then execution took longer than expected.
Recommended actions
The issue should automatically resolve in some time. If the issue persists, contact Microsoft
Support.
Recommended actions
Validate the possible causes and retry the operation. If the issue persists, contact support.
Error 960/951/60009/60078 -
NullResult/UnhandledException/ServerUnknownError/UnhandledError
Possible causes
Recommended actions
Retry the operation after some time. If the issue persists, contact support and provide the
appliance machine ID (available in the footer of the appliance configuration manager).
Manage Azure Migrate projects at scale
with Azure Lighthouse
Article • 10/12/2022 • 5 minutes to read
This topic provides an overview of how Azure Lighthouse can help you use Azure
Migrate in a scalable way across multiple Azure Active Directory (Azure AD) tenants.
Azure Lighthouse allows service providers to perform operations at scale across several
tenants at once, making management tasks more efficient.
Azure Migrate provides a centralized hub to assess and migrate to Azure on-premises
servers, infrastructure, applications, and data.
Azure Lighthouse integration with Azure Migrate lets service providers discover, assess,
and migrate workloads for different customers at scale, rather than accessing each
customer subscription individually. Service providers can have a single view of all of the
Azure Migrate projects they manage across multiple customer tenants. Their customers
will have full visibility into service provider access, and they maintain control of their
own environments.
Tip
Though we refer to service providers and customers in this topic, this guidance also
applies to enterprises using Azure Lighthouse to manage multiple tenants.
Depending on your scenario, you may wish to create the Azure Migrate in the customer
tenant or in your managing tenant. Review the considerations below and determine
which model best fits your customer's migration needs.
7 Note
Via Azure Lighthouse, partners can perform discovery, assessment and migration
for on-premises VMware VMs, Hyper-V VMs, physical servers and AWS/GCP
instances. There are two options for VMware VM migration. Currently, only the
agent-based method of migration can be used when working on a migration
project in a delegated customer subscription; migration using agentless replication
is not currently supported through delegated access to the customer's scope.
Create an Azure Migrate project in the
customer tenant
One option when using Azure Lighthouse is to create the Azure Migrate project in the
customer tenant. Users in the managing tenant can then select the customer
subscription when creating a migration project. From the managing tenant, the service
provider can perform the necessary migration operations. This may include deploying
the Azure Migrate appliance to discover the workloads, assessing workloads by
grouping VMs and calculating cloud-related costs, reviewing VM readiness, and
performing the migration.
In this scenario, no resources will be created and stored in the managing tenant, even
though the discovery and assessment steps can be initiated and executed from that
tenant. All of the resources, such as migration projects, assessment reports for on-
premises workloads, and migrated resources at the target destination, will be deployed
in the customer subscription. However, the service provider can access all customer
projects from their own tenant and portal experience.
This approach minimizes context switching for service providers working across multiple
customers, while letting customers keep all of their resources in their own tenants.
2. The designated user signs into the managing tenant in the Azure portal, then goes
to Azure Migrate. This user creates an Azure Migrate project, selecting the
appropriate delegated customer subscription.
For VMware VMs, before you configure the appliance, you can limit discovery to
vCenter Server datacenters, clusters, a folder of clusters, hosts, a folder of hosts, or
individual VMs. To set the scope, assign permissions on the account that the
appliance uses to access the vCenter Server. This is useful if multiple customers'
VMs are hosted on the hypervisor. You can't limit the discovery scope of Hyper-V.
7 Note
You can discover and assess VMware virtual machines for migration using
Azure Migrate through the delegated access provided by Azure Lighthouse.
For migration of VMware virtual machines, only the agent-based method is
currently supported when working on a migration project in a delegated
customer subscription.
4. When the target customer subscription is ready, proceed with the migration
through the access granted by Azure Lighthouse. The migration project containing
assessment results and migrated resources will be created in the customer tenant
under the target subscription.
Tip
This approach enables services providers to start migration discovery and assessment
projects quickly, abstracting those initial steps from customer subscriptions and tenants.
2. The designated user signs into the managing tenant in the Azure portal, then goes
to Azure Migrate. This user creates an Azure Migrate project in a subscription
belonging to the managing tenant.
3. The user then performs steps for discovery and assessment. The on-premises VMs
will be discovered and assessed within the migration project created in the
managing tenant, then migrated from there.
If you are managing multiple customers in the same Hyper-V host, you can
discover all workloads at once. Customer-specific VMs can be selected in the same
group, then an assessment can be created, and migration can be performed by
selecting the appropriate customer's subscription as the target destination. There
is no need to limit the discovery scope, and you can maintain a full overview of all
customer workloads in one migration project.
4. When ready, proceed with the migration by selecting the delegated customer
subscription as the target destination for replicating and migrating the workloads.
The newly created resources will exist in the customer subscription, while the
assessment data and resources pertaining to the migration project will remain in
the managing tenant.
For more information, see Link your partner ID to track your impact on delegated
resources.
Next steps
Learn more about Azure Migrate.
Learn about other cross-tenant management experiences supported by Azure
Lighthouse.
Additional resources
Documentation
Assessment best practices in Azure Migrate Discovery and assessment tool - Azure
Migrate
Tips for creating assessments with Azure Migrate Discovery and assessment tool.
Assess VMware servers for migration to Azure VMware Solution (AVS) with Azure
Migrate - Azure Migrate
Learn how to assess servers in VMware environment for migration to AVS with Azure Migrate.
Show 5 more
Training
Learning path
Migrate virtual machines and apps using Azure Migrate - Training
The Virtual machine and app migration using Azure Migrate learning path gives you a step-by-step
process to help you understand, set up, assess, and migrate virtual and physical servers, databases,
applications, and virtual desktops from on-premises to the Azure infrastructure. Azure Migrate now…
Troubleshoot Azure Migrate
Article • 12/12/2022 • 2 minutes to read
Azure Migrate provides a hub of tools for assessment and migration, as well as third-
party independent software vendor (ISV) offerings. This article helps you troubleshoot
issues with Azure Migrate, Azure Migrate Server Assessment, and Migration and
modernization.
Additional resources
Documentation
Prepare machines for agentless migration with Azure Migrate - Azure Migrate
Learn how to prepare on-premises machines for agentless migration with Azure Migrate.
Show 5 more
Troubleshoot Azure Migrate projects
Article • 11/21/2022 • 2 minutes to read
This article helps you troubleshoot issues when creating and managing Azure Migrate
projects.
Try to create the project again in case it's a transient error. In Deployments, click
on Re-deploy to try again.
Check you have Contributor or Owner permissions in the subscription.
If you're deploying in a newly added geography, wait a short time and try again.
If you receive the error, "Requests must contain user identity headers", this might
indicate that you don't have access to the Azure Active Directory (Azure AD) tenant
of the organization. In this case:
When you're added to an Azure AD tenant for the first time, you receive an
email invitation to join the tenant.
Accept the invitation to be added to the tenant.
If you can't see the email, contact a user with access to the tenant, and ask them
to resend the invitation to you.
After receiving the invitation email, open it and select the link to accept the
invitation. Then, sign out of the Azure portal and sign in again. (refreshing the
browser won't work.) You can then start creating the migration project.
Next steps
Add assessment or migration tools to Azure Migrate projects.
Troubleshoot the Azure Migrate
appliance
Article • 11/21/2022 • 14 minutes to read
This article helps you troubleshoot issues when you deploy the Azure Migrate appliance
and use the appliance to discover on-premises servers.
What's supported?
Review the appliance support requirements.
Remediation
1. Verify that the Azure Migrate appliance OVA file is downloaded correctly by
checking its hash value. Learn more. If the hash value doesn't match, download the
OVA file again and retry the deployment.
2. If deployment still fails and you're using the VMware vSphere client to deploy the
OVF file, try deploying it through the vSphere web client. If deployment still fails,
try using a different web browser.
3. If you're using the vSphere web client and trying to deploy it on vCenter Server 6.5
or 6.7, try to deploy the OVA directly on the ESXi host:
Connect to the ESXi host directly (instead of vCenter Server) with the web
client (https://<host IP Address>/ui).
In Home > Inventory, select File > Deploy OVF template. Browse to the OVA
and complete the deployment.
Remediation
1. Ensure that you can connect to the required URLs from the appliance.
2. Check if there's a proxy or firewall blocking access to these URLs. If you're required
to create an allowlist, make sure that you include all of the URLs.
3. If there's a proxy server configured on-premises, enter the proxy details correctly
by selecting Setup proxy in the same step. Enter the authorization credentials if
the proxy needs them.
4. Ensure that the server hasn't been previously used to set up the replication
appliance or that you have the mobility service agent installed on the server.
Remediation
1. Ensure that you have connectivity to the internet and have added the URL-
aka.ms/* to the allowlist to download the latest versions of the services.
2. Check if there's a proxy or firewall blocking access to this URL. Ensure that you've
provided the proxy details correctly in the prerequisites step of the configuration
manager.
3. Go back to the appliance configuration manager and rerun prerequisites to initiate
auto-update.
4. If retry doesn't help, download the latestcomponents.json file from this website to
check the latest versions of the services that are failing. Manually update them
from the download links in the file.
If you've enabled the appliance for private endpoint connectivity and don't want to
allow access to this URL over the internet, disable auto-update because the aka.ms link
is required for this service.
7 Note
If you disable the auto-update service, the services running on the appliance won't
get the latest updates automatically. To get around this situation, update the
appliance services manually.
Auto-update check fails during the
prerequisites setup
You get an error in the auto-update check on the appliance.
Remediation
1. Make sure that you created an allowlist for the required URLs and that no proxy or
firewall setting is blocking them.
2. If the update of any appliance component is failing, either rerun the prerequisites
or manually update the appliance services.
Remediation
Ensure that the appliance server time is synchronized with the internet time by
checking the date and time settings from Control Panel.
You can also change the clock time on the appliance server to match the current
time by following these steps:
Remediation
1. Ensure that you've downloaded VDDK 6.7 and have copied its files to- C:\Program
Files\VMware\VMware Virtual Disk Development Kit on the appliance server.
2. Ensure that no other software or application is using another version of the VDDK
on the appliance.
Remediation
1. Ensure that you've copied the correct key from the project. On the Azure Migrate:
Discovery and Assessment card in your project, select Discover. Then select
Manage Existing appliance in step 1. Select the appliance name for which you
previously generated a key from the dropdown menu. Copy the corresponding
key.
2. Ensure that you're pasting the key to the appliance of the right cloud type
(Public/US Gov) and appliance type (VMware/Hyper-V/Physical or other). Check at
the top of the appliance configuration manager to confirm the cloud and scenario
type.
This issue happens when the Azure user account that was used to sign in from the
appliance configuration manager is different from the user account that was used to
generate the Azure Migrate project key on the portal.
Remediation
You have two options:
To complete the registration of the appliance, use the same Azure user account
that generated the Azure Migrate project key on the portal.
You can also assign the required roles and permissions to the other Azure user
account being used for appliance registration.
Remediation
Ensure that you have the required permissions to create and manage Azure Active
Directory applications in Azure. You should have the Application Developer role or the
user role with User can register applications allowed at the tenant level.
This issue usually happens when the Azure user account used to register the appliance is
different from the account used to generate the Azure Migrate project key on the portal
(that is, when the key vault was created).
Remediation
1. Ensure that the currently signed-in user account on the appliance has the required
permissions on the key vault mentioned in the error message. The user account
needs permissions as mentioned at this website.
2. Go to the key vault and ensure that your user account has an access policy with all
the Key, Secret, and Certificate permissions assigned under Key Vault Access
Policy. Learn more.
3. If you enabled the appliance for private endpoint connectivity, ensure that the
appliance is either hosted in the same virtual network where the key vault was
created or it's connected to the Azure virtual network where the key vault was
created over a private link. Make sure that the key vault private link is resolvable
from the appliance. Go to Azure Migrate: Discovery and assessment > Properties
to find the details of private endpoints for resources like the key vault created
during the Azure Migrate key creation. Learn more.
4. If you have the required permissions and connectivity, retry the registration on the
appliance after some time.
Remediation
Check whether you're running the latest version of the appliance. If you're not,
upgrade the appliance to the latest version.
If the issue still occurs in the latest version, the appliance might be unable to
resolve the specified vCenter Server name, or the specified port might be wrong.
By default, if the port isn't specified, the collector tries to connect to port number
443.
Remediation
1. Check that you've provided the correct domain name and credentials.
2. Ensure that the domain is reachable from the appliance to validate the credentials.
The appliance might be having line-of-sight issues, or the domain name might not
be resolvable from the appliance server.
3. Select Edit to update the domain name or credentials. Select Revalidate
credentials to validate the credentials again after some time.
Remediation
1. Ensure that you've met all the prerequisites for the Hyper-V hosts.
2. Check the steps on this website on how to prepare the Hyper-V hosts manually or
by using a provisioning PowerShell script.
Remediation
This error usually occurs when you've provided a proxy configuration on the appliance.
The appliance connects to the clusters by using the short name for the cluster nodes,
even if you've provided the FQDN of the node. Add the short name for the cluster
nodes to the bypass proxy list on the appliance, the issue gets resolved, and validation
of the Hyper-V cluster succeeds.
This issue usually happens when you've added the IP address of a host that can't be
resolved by DNS. You might also see this error for hosts in a cluster. It indicates that the
appliance can connect to the cluster, but the cluster returns host names that aren't
FQDNs.
Remediation
To resolve this error, update the hosts file on the appliance by adding a mapping of the
IP address and host names.
Remediation
Ensure there's connectivity from the appliance to the target server.
If it's a Linux server, ensure password-based authentication is enabled by following
these steps:
1. Sign in to the Linux server, and open the ssh configuration file by using the
command vi /etc/ssh/sshd_config.
2. Set the PasswordAuthentication option to yes. Save the file.
3. Restart the ssh service by running service sshd restart.
If it's a Windows server, ensure the port 5985 is open to allow for remote WMI
calls.
If you're discovering a GCP Linux server and using a root user, use the following
commands to change the default setting for the root login:
1. Sign in to the Linux server, and open the ssh configuration file by using the
command vi /etc/ssh/sshd_config.
2. Set the PermitRootLogin option to yes.
3. Restart the ssh service by running service sshd restart.
Remediation
Linux servers:
Connect to the target server that's failing validation. Run the following commands to see
if it returns the BIOS GUID of the server:
cat /sys/class/dmi/id/product_uuid
dmidecode | grep -i uuid | awk '{print $2}'
You can also run the commands from the command prompt on the appliance server by
making an SSH connection with the target Linux server by using the following
command:
ssh <username>@<servername>
Windows servers:
Run the following code in PowerShell from the appliance server for the target server
that's failing validation to see if it returns the BIOS GUID of the server:
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True,Position=1)]
[string]$Hostname
)
$HostNS = "root\cimv2"
$error.Clear()
$Cred = Get-Credential
$Session = New-CimSession -Credential $Cred -ComputerName $Hostname
When you run the preceding code, you need to provide the hostname of the target
server. It can be IP address/FQDN/hostname. After that, you're prompted to provide the
credentials to connect to the server.
Remediation
Ensure password-based authentication is enabled on the Linux server by following these
steps:
1. Sign in to the Linux server. Open the ssh configuration file by using the command
vi /etc/ssh/sshd_config.
2. Set the PasswordAuthentication option to yes. Save the file.
3. Restart the ssh service by running service sshd restart.
Remediation
If you get this error, make sure that the user account provided (domain/local) on
the appliance configuration manager was added to these groups: Remote
Management Users, Performance Monitor Users, and Performance Log Users.
If the Remote Management Users group isn't present, add the user account to the
group WinRMRemoteWMIUsers_.
You can also check if the WS-Management protocol is enabled on the server by
running the following command in the command prompt of the target server:
winrm qc
If you're still facing the issue, make sure that the user account has access
permissions to CIMV2 Namespace and sub-namespaces in the WMI Control Panel.
You can set the access by following these steps:
The same steps are also applicable on a local user account for non-
domain/workgroup servers. In some cases, UAC filtering might block some WMI
properties as the commands run as a standard user, so you can either use a local
administrator account or disable UAC so that the local user account isn't filtered
and instead becomes a full administrator.
Disabling Remote UAC by changing the registry entry that controls Remote UAC
isn't recommended but might be necessary in a workgroup. The registry entry is
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\s
ystem\LocalAccountTokenFilterPolicy. When the value of this entry is zero (0),
Remote UAC access token filtering is enabled. When the value is 1, remote UAC is
disabled.
Appliance is disconnected
You get an "Appliance is disconnected" error message when you try to enable
replication on a few VMware servers from the portal.
This error can occur if the appliance is in a shut-down state or the DRA service on the
appliance can't communicate with Azure.
Remediation
1. Go to the appliance configuration manager, and rerun prerequisites to see the
status of the DRA service under View appliance services.
2. If the service isn't running, stop and restart the service from the command prompt
by using the following commands:
Next steps
Set up an appliance for VMware, Hyper-V, or physical servers.
Diagnose and solve issues with Azure
Migrate appliance
Article • 08/13/2021 • 3 minutes to read
The Diagnose and solve capability on Azure Migrate appliance helps users identify and
self-assess any issues with the appliance configuration that might be blocking the
initiation of discovery or issues with an ongoing Migrate operation like discovery,
assessment and/or replication (in case of VMware appliance) from the appliance.
You can run Diagnose and solve at any time from the appliance configuration manager
to generate a diagnostics report. The report provides information about the checks
performed, their status, the issues identified and recommendation steps to solve the
issues.
) Important
Diagnose and solve capability is currently in preview for Azure Migrate appliance.
This preview is covered by customer support and can be used for production
workloads. For more information, see Supplemental Terms of Use for Microsoft
Azure Previews .
Diagnostic checks
Diagnose and solve runs some pre-validations to see if the required configuration files
are not missing or blocked by an anti-virus software on the appliance and then performs
the following checks:
Prerequisite Connectivity Checks if the appliance has connectivity to Azure either directly or
checks checks via proxy.
Time sync Checks if the appliance server time is in sync with network time.
check
Auto update Checks if auto-update is enabled and if all agents running on the
check appliance are up to date.
VDDK check Checks if the required VDDK files have been downloaded and
copied at the required location on the appliance server.
Category Diagnostics Description
check
Service Operational Checks if the agents on the appliance are in running state.
health status If not, appliance will auto-resolve by restarting the agents.
checks
Azure- AAD App Checks if the AAD App created during the appliance registration
specific availability* is available and is accessible from the appliance.
checks
Migrate Checks if the Migrate project to which the appliance has been
project registered still exists and is accessible from the appliance.
availability*
Appliance- Key Vault Checks if the certificate downloaded from Key Vault during
specific certificate appliance registration is still available on the appliance server.
checks availability* If not, appliance will auto-resolve by downloading the certificate
again, provided the Key Vault is available and accessible.
Replication Checks if the same server has also been used to install any
appliance/ASR ASR/replication appliance components. It is currently not
components supported to install both Azure Migrate and replication appliance
(for agent-based migration) on the same server.
CPU & Checks the CPU and memory utilized by the Migrate agents on
memory the appliance server.
utilization
*checked and reported only if the appliance has already been registered. These checks are
run in the context of the current Azure user logged in the appliance.
7 Note
Currently Diagnose and solve can perform checks related to appliance connectivity
to Azure, availability of required resources on appliance server and/or Azure. The
connectivity or discovery issues with the source environment like vCenter
Server/ESXi hosts/Hyper-V hosts/VMs/physical servers are currently not covered
under Diagnose and solve.
1. Select Diagnose and solve from the ribbon at the top of the configuration
manager.
After selecting Diagnose and solve, the appliance automatically starts running the
diagnostic checks. This may take around 5 minutes to complete. You would see the
timestamp of the last diagnostics report, if you ran the checks before.
2. Once diagnostic checks have completed, you can either view the report in another
tab where you can choose it save it in a PDF format or you can go to this location-
C:\Users\Public\Desktop\DiagnosticsReport on the appliance server where the
report gets auto-saved in an HTML format.
3. The report provides information about the checks performed, their status, the
issues identified, and recommendation steps to solve the issues.
4. You can follow the remediation steps on the report to solve an issue. If you are
unable to resolve the issue, it is recommended that you attach the diagnostics
report while creating a Microsoft support case so that it helps expedite the
resolution.
Next steps
If you are getting issues not covered under Diagnose and solve, you can go to
troubleshoot the Azure Migrate appliance to find the remediation steps.
Troubleshoot ongoing server discovery,
software inventory, and SQL and web
apps discovery
Article • 04/20/2023
This article helps you troubleshoot issues with ongoing server discovery, software
inventory, and discovery of SQL Server instances and databases.
Remediation
If the servers don't appear in the portal, wait for a few minutes because it takes around
15 minutes for discovery of servers running on a vCenter server. It takes 2 minutes for
each Hyper-V host added on the appliance for discovery of servers running on the host
and 1 minute for discovery of each server added on the physical appliance.
Select Refresh on the Servers tab to see the count of the discovered servers in
Azure Migrate: Discovery and assessment and Migration and modernization.
If the preceding step doesn't work and you're discovering VMware servers:
1. Verify that the vCenter account you specified has the permissions set correctly with
access to at least one server.
2. Check on VMware if the vCenter account has access granted at the vCenter VM
folder level. Azure Migrate can't discover servers on VMware. Learn more about
scoping discovery.
1. In Windows, Linux, and SQL Servers > Azure Migrate: Discovery and assessment,
select Overview.
2. Under Manage, select Appliances.
3. Select Refresh services. Wait for the refresh operation to finish. You should now
see up-to-date information.
Remediation
If the data continues to appear, wait for 30 minutes and follow these steps:
1. In Windows, Linux, and SQL Servers > Azure Migrate: Discovery and assessment,
select Overview.
2. Under Manage, select Appliances.
3. Select Refresh services. Wait for the refresh operation to finish. You should now
see up-to-date information.
Remediation
Import the CSV again. Download the previous upload error report, and follow the file's
remediation guidance to fix the errors. Download the error report from the Import
Details section on the Discover servers page.
You don't see software inventory details after
you update guest credentials
You get this error when inventory details don't appear even after you update guest
credentials.
Remediation
The software inventory discovery runs once every 24 hours. This process might take a
few minutes depending on the number of servers discovered. If you want to see the
details immediately, refresh as follows:
1. In Windows, Linux, and SQL Servers > Azure Migrate: Discovery and assessment,
select Overview.
2. Under Manage, select Appliances.
3. Select Refresh services. Wait for the refresh operation to finish. You should now
see up-to-date information.
Remediation
Ensure the user downloading the inventory from the portal has Contributor privileges on
the subscription.
For VMware VMs, software inventory is performed by connecting to the servers via the
vCenter Server using the VMware APIs. For Hyper-V VMs and physical servers, software
inventory is performed by directly connecting to Windows servers using PowerShell
remoting on port 5985 (HTTP) and to Linux servers using SSH connectivity on port 22
(TCP).
The table below summarizes all errors encountered when gathering software inventory
data through VMware APIs or by directly connecting to servers:
7 Note
The same errors can also be encountered with agentless dependency analysis
because it follows the same methodology as software inventory to collect the
required data.
9000: VMware tools status on the server VMware tools might not be Ensure that VMware
can't be detected. installed on the server, or the tools later than
installed version is corrupted. version 10.2.1 are
installed and running
on the server.
9001: VMware tools aren't installed on VMware tools might not be Ensure that VMware
the server. installed on the server, or the tools later than
installed version is corrupted. version 10.2.1 are
installed and running
on the server.
Error Cause Action
9002: VMware tools aren't running on VMware tools might not be Ensure that VMware
the server. installed on the server, or the tools later than
installed version is corrupted. version 10.2.0 are
installed and running
on the server.
9003: Operating system type running on The operating system running Only Windows and
the server isn't supported. on the server isn't Windows or Linux OS types are
Linux. supported. If the
server is running
Windows or Linux
OS, check the
operating system
type specified in
vCenter Server.
9004: Server isn't in a running state. The server is in a powered-off Ensure that the
state. server is in a running
state.
9005: Operating system type running on The operating system running Only Windows and
the server isn't supported. on the server isn't Windows or Linux OS types are
Linux. supported. The
<FetchedParameter>
operating system
isn't supported
currently.
9006: The URL needed to download the This issue could be transient The issue should
discovery metadata file from the server because the discovery agent automatically resolve
is empty. on the appliance isn't working in the next cycle
as expected. within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9007: The process that runs the script to This issue could be transient The issue should
collect the metadata isn't found in the because the discovery agent automatically resolve
server. on the appliance isn't working in the next cycle
as expected. within 24 hours. If
the issue persists,
submit a Microsoft
support case.
Error Cause Action
9008: The status of the process running This issue could be transient The issue should
on the server to collect the metadata because of an internal error. automatically resolve
can't be retrieved. in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9009: Windows User Account Control Windows UAC settings are On the affected
(UAC) is preventing the execution of restricting the discovery of server, lower the
discovery operations on the server. installed applications from the level of the User
server. Account Control
settings in Control
Panel.
9010: The server is powered off. The server is in a powered-off Ensure that the
state. server is in a
powered-on state.
9011: The file containing the discovered This issue could be transient The issue should
metadata can't be found on the server. because of an internal error. automatically resolve
in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9012: The file containing the discovered This issue could be transient The issue should
metadata on the server is empty. because of an internal error. automatically resolve
in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9013: A new temporary user profile is A new temporary user profile Submit a Microsoft
created on logging in to the server each is created on logging in to the support case to help
time. server each time. troubleshoot this
issue.
9014: Unable to retrieve the file Encountered an error on the Ensure that port 443
containing the discovered metadata ESXi host <HostName>. Error is open on the ESXi
because of an error encountered on the code: %ErrorCode; Details: host on which the
ESXi host. Error code: %ErrorCode; %ErrorMessage server is running.
Details: %ErrorMessage
Learn more on how
to remediate the
issue.
Error Cause Action
9015: The vCenter Server user account The required privileges of Ensure that the
provided for server discovery doesn't guest operations haven't been vCenter Server user
have guest operations privileges enabled on the vCenter Server account has
enabled. user account. privileges enabled
for Virtual Machines
> Guest Operations:
to interact with the
server and pull the
required data.
9016: Unable to discover the metadata Either the VMware tools aren't Ensure that the
because the guest operations agent on installed on the server or the VMware tools are
the server is outdated. installed version isn't up to installed and running
date. up to date on the
server. The VMware
Tools version must
be version 10.2.1 or
later.
9017: The file containing the discovered This issue could be transient Submit a Microsoft
metadata can't be found on the server. because of an internal error. support case to help
troubleshoot this
issue.
9018: PowerShell isn't installed on the PowerShell can't be found on Ensure that
server. the server. PowerShell version
2.0 or later is
installed on the
server.
9019: Unable to discover the metadata VMware guest operations Ensure that the
because of guest operation failures on failed on the server. The issue server credentials
the server. was encountered when you provided on the
tried the following credentials appliance are valid
on the server: and the username
<FriendlyNameOfCredentials>. provided in the
credentials is in the
user principal name
(UPN) format. (Find
the friendly name of
the credentials tried
by Azure Migrate in
the possible causes.)
9020: Unable to create the file required The role associated to the 1. Check if the
to contain the discovered metadata on credentials provided on the credentials provided
the server. appliance or a group policy on the appliance
on-premises is restricting the have created file
creation of a file in the permission on the
required folder. The issue was folder <folder
encountered when you tried path/folder name>
the following credentials on in the server.
the server: 2. If the credentials
<FriendlyNameOfCredentials>. provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
9021: Unable to create the file required VMware tools are reporting an Ensure that VMware
to contain the discovered metadata at incorrect file path to create the tools later than
the right path on the server. file. version 10.2.0 are
installed and running
on the server.
Error Cause Action
9022: The access is denied to run the The role associated to the 1. Check if the
Get-WmiObject cmdlet on the server. credentials provided on the credentials provided
appliance or a group policy on the appliance
on-premises is restricting have created file
access to the WMI object. The administrator
issue was encountered when privileges and have
you tried the following WMI enabled.
credentials on the server: 2. If the credentials
<FriendlyNameOfCredentials>. on the appliance
don't have the
required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
9023: Unable to run PowerShell because The value of the 1. Check if the
the %SystemRoot% environment %SystemRoot% environment environment variable
variable value is empty. variable is empty for the is returning an
server. empty value by
running the echo
%systemroot%
command on the
affected server.
2. If the issue
persists, submit a
Microsoft support
case.
Error Cause Action
9024: Unable to perform discovery The value of the %TEMP% 1. Check if the
because the %TEMP% environment environment variable is empty environment variable
variable value is empty. for the server. is returning an
empty value by
running the echo
%temp% command
on the affected
server.
2. If the issue
persists, submit a
Microsoft support
case.
9026: Unable to run guest operations on The current state of the server 1. Ensure that the
the server. isn't allowing the guest affected server is up
operations to run. and running.
2. If the issue
persists, submit a
Microsoft support
case.
9027: Unable to discover the metadata Unable to contact the guest Ensure that VMware
because the guest operations agent isn't operations agent on the tools later than
running on the server. server. version 10.2.0 are
installed and running
on the server.
9028: Unable to create the file required There's a lack of sufficient Ensure that enough
to contain the discovered metadata storage space on the server space is available on
because of insufficient storage on the disk. the disk storage of
server. the affected server.
Error Cause Action
9029: The credentials provided on the The credentials provided on 1. Ensure that the
appliance don't have access permissions the appliance don't have credentials on the
to run PowerShell. access permissions to run appliance can access
PowerShell. The issue was PowerShell on the
encountered when you tried server.
the following credentials on 2. If the credentials
the server: on the appliance
<FriendlyNameOfCredentials>. don't have the
required access,
either provide
another set of
credentials or edit an
existing one. (Find
the friendly name of
the credentials tried
by Azure Migrate in
the possible causes.)
9030: Unable to gather the discovered The ESXi host on which the Ensure that the ESXi
metadata because the ESXi host where server is residing is in a host running the
the server is hosted is in a disconnected disconnected state. server is in a
state. connected state.
9031: Unable to gather the discovered The ESXi host on which the Ensure that the ESXi
metadata because the ESXi host where server is residing is in an host running the
the server is hosted isn't responding. invalid state. server is in a running
and connected state.
9032: Unable to discover because of an The issue encountered is Follow the steps on
internal error. because of an internal error. this website to
remediate the issue.
If the issue persists,
open a Microsoft
support case.
Error Cause Action
9033: Unable to discover because the The credentials provided on Ensure that the
username of the credentials provided on the appliance contain invalid credentials provided
the appliance for the server has invalid characters in the username. on the appliance
characters. The issue was encountered don't have any
when you tried the following invalid characters in
credentials on the server: the username. Go
<FriendlyNameOfCredentials>. back to the
appliance
configuration
manager to edit the
credentials. (Find the
friendly name of the
credentials tried by
Azure Migrate in the
possible causes.)
9034: Unable to discover because the The credentials on the Ensure that the
username of the credentials provided on appliance don't have the credentials on the
the appliance for the server isn't in the username in the UPN format. appliance have their
UPN format. The issue was encountered username in the
when you tried the following UPN format. Go back
credentials on the server: to the appliance
<FriendlyNameOfCredentials>. configuration
manager to edit the
credentials. (Find the
friendly name of the
credentials tried by
Azure Migrate in the
possible causes.)
9035: Unable to discover because the PowerShell language mode Ensure that the
PowerShell language mode isn't set isn't set to Full language. PowerShell language
correctly. mode is set to Full
language.
Error Cause Action
9036: Unable to discover because the The credentials on the Ensure that the
username of the credentials provided on appliance don't have the credentials on the
the appliance for the server isn't in the username in the UPN format. appliance have their
UPN format. The issue was encountered username in the
when you tried the following UPN format. Go back
credentials on the server: to the appliance
<FriendlyNameOfCredentials>. configuration
manager to edit the
credentials. (Find the
friendly name of the
credentials tried by
Azure Migrate in the
possible causes.)
9037: The metadata collection is The server is taking too long The issue should
temporarily paused because of a high to respond. automatically resolve
response time from the server. in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
10000: The operation system type The operating system running Only Windows and
running on the server isn't supported. on the server isn't Windows or Linux OS types are
Linux. supported. The
<GuestOSName>
operating system
isn't supported
currently.
10001: The script required to gather The script required to perform Submit a Microsoft
discovery metadata isn't found on the discovery might have been support case to help
server. deleted or removed from the troubleshoot this
expected location. issue.
10002: The discovery operations timed This issue could be transient The issue should
out on the server. because the discovery agent automatically resolve
on the appliance isn't working in the next cycle
as expected. within 24 hours. If it
isn't resolved, follow
the steps on this
website to remediate
the issue. If the issue
persists, open a
Microsoft support
case.
Error Cause Action
10003: The process executing the The process executing the The issue should
discovery operations exited with an discovery operations exited automatically resolve
error. abruptly because of an error. in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
10004: Credentials aren't provided on The credentials for the server 1. Ensure that you
the appliance for the server OS type. OS type weren't added on the add the credentials
appliance. for the OS type of
the affected server
on the appliance.
2. You can now add
multiple server
credentials on the
appliance.
10005: Credentials provided on the The credentials provided on 1. Ensure that the
appliance for the server are invalid. the appliance aren't valid. The credentials provided
issue was encountered when on the appliance are
you tried the following valid and the server
credentials on the server: \ is accessible by using
<FriendlyNameOfCredentials>. the credentials.
2. You can now add
multiple server
credentials on the
appliance.
3. Go back to the
appliance
configuration
manager to either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
10006: The operation system type The operating system running Only Windows and
running on the server isn't supported. on the server isn't Windows or Linux OS types are
Linux. supported. The
<GuestOSName>
operating system
isn't supported
currently.
10007: Unable to process the discovered An error occurred when Submit a Microsoft
metadata from the server. parsing the contents of the file support case to help
containing the discovered troubleshoot this
metadata. issue.
10008: Unable to create the file required The role associated to the 1. Check if the
to contain the discovered metadata on credentials provided on the credentials provided
the server. appliance or a group policy on the appliance
on-premises is restricting the have created file
creation of a file in the permissions on the
required folder. The issue was folder <folder
encountered when you tried path/folder name>
the following credentials on in the server.
the server: 2. If the credentials
<FriendlyNameOfCredentials>. provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
Error Cause Action
10009: Unable to write the discovered The role associated to the 1. Check if the
metadata in the file on the server. credentials provided on the credentials provided
appliance or a group policy on the appliance
on-premises is restricting have write file
writing in the file on the server. permissions on the
The issue was encountered folder <folder
when you tried the following path/folder name>
credentials on the server: in the server.
<FriendlyNameOfCredentials>. 2. If the credentials
provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
10010: Unable to discover because the The package containing the Ensure that the
command- %CommandName; required command %CommandName; package containing
to collect some metadata is missing on isn't installed on the server. the command
the server. %CommandName; is
installed on the
server.
10011: The credentials provided on the The interactive login and log- Use the resolution
appliance were used to log in and log off forces the registry keys to methods
off for an interactive session. be unloaded in the profile of documented on this
the account being used. This website.
condition makes the keys
unavailable for future use.
Error Cause Action
10012: Credentials haven't been Either no credentials were 1. Ensure that the
provided on the appliance for the provided for the server or you credentials are
server. provided domain credentials provided on the
with an incorrect domain appliance for the
name on the appliance. Learn server and the server
more about the cause of this is accessible by using
error. the credentials.
2. You can now add
multiple credentials
on the appliance for
servers. Go back to
the appliance
configuration
manager to provide
credentials for the
server.
Error 9014:
HTTPGetRequestToRetrieveFileFailed
Cause
The issue happens when the VMware discovery agent in the appliance tries to download
the output file containing dependency data from the server file system through the ESXi
host on which the server is hosted.
Remediation
You can test TCP connectivity to the ESXi host (name provided in the error message)
on port 443 (required to be open on ESXi hosts to pull dependency data) from the
appliance by opening PowerShell on the appliance server and running the
following command:
If the command returns successful connectivity, go to the Azure Migrate project >
Discovery and assessment > Overview > Manage > Appliances, select the
appliance name, and select Refresh services.
Cause
The error usually appears for servers running Windows Server 2008 or lower.
Remediation
Install the required PowerShell version (2.0 or later) at this location on the server:
($SYSTEMROOT)\System32\WindowsPowershell\v1.0\powershell.exe. Learn more about
how to install PowerShell in Windows Server.
After you install the required PowerShell version, verify if the error was resolved by
following the steps on this website.
Remediation
Make sure that the user account provided in the appliance has access to WMI
namespace and subnamespaces. To set the access:
Cause
There can be multiple reasons for this issue. One reason is when the username provided
(server credentials) on the appliance configuration manager has invalid XML characters.
Invalid characters cause an error in parsing the SOAP request.
Remediation
Make sure the username of the server credentials doesn't have invalid XML
characters and is in the username@domain.com format. This format is popularly
known as the UPN format.
After you edit the credentials on the appliance, verify if the error was resolved by
following the steps on this website.
Cause
This error occurs when the server is slow or unresponsive and the script executed
to pull the dependency data starts timing out.
After the discovery agent encounters this error on the server, the appliance doesn't
attempt agentless dependency analysis on the server thereafter to avoid
overloading the unresponsive server.
You'll continue to see the error until you check the issue with the server and restart
the discovery service.
Remediation
1. Sign in to the server encountering this error.
3. If the commands output the result in a few seconds, go to the Azure Migrate
project > Discovery and assessment > Overview > Manage > Appliances, select
the appliance name, and select Refresh services to restart the discovery service.
4. If the commands are timing out without giving any output, you need to:
Figure out which process is consuming high CPU or memory on the server.
Try to provide more cores or memory to that server and run the commands
again.
Remediation
Ensure the validity of credentials (friendly name provided in the error) by selecting
Revalidate credentials on the appliance configuration manager.
Ensure that you can sign in to the affected server by using the same credential
provided in the appliance.
You can try by using another user account (for the same domain, in case the server
is domain joined) for that server instead of an administrator account.
The issue can happen when Global Catalog <-> Domain Controller communication
is broken. Check for this problem by creating a new user account in the domain
controller and providing the same in the appliance. You might also need to restart
the domain controller.
After you take the remediation steps, verify if the error was resolved by following
the steps on this website.
Cause
This error occurs when you've provided a domain credential with the wrong domain
name on the appliance configuration manager. For example, if you provided a domain
credential with the username user@abc.com but provided the domain name as def.com,
those credentials won't be attempted if the server is connected to def.com and you'll
get this error message.
Remediation
Go to the appliance configuration manager to add a server credential or edit an
existing one as explained in the cause.
After you take the remediation steps, verify if the error was resolved by following
the steps on this website.
Mitigation verification
After you use the mitigation steps for the preceding errors, verify if the mitigation
worked by running a few PowerCLI commands from the appliance server. If the
commands succeed, it means that the issue is resolved. Otherwise, check and follow the
remediation steps again.
2. Connect to vCenter Server from the appliance by providing the vCenter Server IP
address in the command and credentials in the prompt:
3. Connect to the target server from the appliance by providing the server name and
server credentials (as provided on the appliance):
2. Run the following commands to validate for software inventory to see if you get a
successful output:
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
ssh username@servername
5. Run the following commands to validate for software inventory to see if you get a
successful output:
ls
After you verify that the mitigation worked, go to the Azure Migrate project >
Discovery and assessment > Overview > Manage > Appliances, select the appliance
name, and select Refresh services to start a fresh discovery cycle.
Creating assessment on top of servers containing SQL instances that weren't discovered
completely or are in a not-connected state might lead to readiness being marked as
Unknown.
30004: This error could occur because of the Grant the sysadmin role to View
Insufficient lack of permissions required to scan the credentials/ account
permissions. SQL Server instances. provided on the appliance
for discovering SQL Server
instances and databases.
Learn more.
30005: SQL Either the database itself is invalid or Use ALTER LOGIN to set the View
Server login the login lacks CONNECT permission default database to master
failed to on the database. database.
connect Grant the sysadmin role to
because of a the credentials/ account
problem with provided on the appliance
its default for discovering SQL Server
master instances and databases.
database. Learn more.
30006: SQL 1. The login might be a SQL Server If you try to connect by View
Server login login, but the server only accepts using SQL Server
can't be used Windows authentication. authentication, verify that
with Windows 2. You're trying to connect by using SQL Server is configured in
authentication. SQL Server authentication, but the Mixed authentication mode
login used doesn't exist on SQL Server. and that the SQL Server
3. The login might use Windows login exists.
authentication, but the login is an If you try to connect by
unrecognized Windows principal. An using Windows
unrecognized Windows principal authentication, verify that
means that the login can't be verified you're properly logged in to
by Windows. This issue could occur the correct domain. Learn
because the Windows login is from an more.
untrusted domain.
30007: The password of the account has The SQL Server login View
Password expired. password might have
expired. expired. Reset the password
or extend the password
expiration date. Learn more.
30008: The password of the account must be Change the password of the View
Password changed. credential provided for SQL
must be Server discovery. Learn
changed. more.
Error Cause Action Guide
30010: No Unable to find any databases from the Grant the sysadmin role to -
databases selected server instance. the credentials/ account
found. provided on the appliance
for discovering SQL
databases.
30012: SQL 1. The firewall on the server has Use this interactive user View
connection refused the connection. guide to troubleshoot the
failed. 2. The SQL Server Browser service connectivity issue. Wait for
(sqlbrowser) isn't started. 24 hours after following the
3. SQL Server didn't respond to the guide for the data to update
client request because the server in the service. If the issue
probably isn't started. persists, contact Microsoft
4. The SQL Server client can't connect support.
to the server. This error could occur
because the server isn't configured to
accept remote connections.
5. The SQL Server client can't connect
to the server. This error could occur
because either the client can't resolve
the name of the server or the name of
the server is incorrect.
6. The TCP or named pipe protocols
aren't enabled.
7. The specified SQL Server instance
name isn't valid.
30013: An 1. The SQL Server name can't be If you can ping SQL Server View
error occurred resolved from the appliance. from the appliance, wait 24
while 2. SQL Server doesn't allow remote hours to check if this issue
establishing a connections. autoresolves. If it doesn't,
connection to contact Microsoft support.
the SQL Server Learn more.
instance.
Error Cause Action Guide
30014: This error could occur because of an Provide a credential with a View
Username or authentication failure that involves a valid username and
password is bad password or username. password. Learn more.
invalid.
30016: This problem could occur if the firewall Verify whether the firewall View
Connection to on the server refuses the connection. on the SQL server is
instance configured to accept
'%instance;' connections. If the error
failed because persists, contact Microsoft
of a timeout. support. Learn more.
30018: Internal An internal error occurred while Wait for 24 hours and -
error occurred. collecting data such as the Temp DB contact Microsoft support if
size and the file size of the SQL the issue persists.
instance.
30019: Internal An internal error occurred while Wait for 24 hours and -
error occurred. collecting performance metrics such as contact Microsoft support if
memory utilization of a database or an the issue persists.
instance.
Typical web apps discovery errors are summarized in the following table.
40001: IIS IIS web app discovery uses the Ensure that the Web Server (IIS) role
Management management API that's included including the IIS Management Console
console with the local version of IIS to read feature (part of Management Tools) is
feature isn't the IIS configuration. This API is enabled and that the server OS is
enabled. available when the IIS Management Windows Server 2008 R2 or later version.
Console feature of IIS is enabled.
Either this feature isn't enabled or
the OS isn't a supported version for
IIS web app discovery.
40002: Unable Connection to the server failed Ensure that the login credentials
to connect to because of invalid login credentials provided for the server are correct and
the server or an unavailable machine. that the server is online and accepting
from the WS-Management PowerShell remote
appliance. connections.
40003: Unable Connection to the server failed Ensure that the login credentials
to connect to because of invalid login credentials. provided for the server are correct and
the server that WS-Management PowerShell
because of remoting is enabled.
invalid
credentials.
40005: Unable Failed to complete discovery on the Confirm that the user credentials
to complete VM. This issue might occur because provided for the server are
IIS discovery. of issues with accessing administrator-level credentials and that
configuration on the server. The the user has permission to access files
error was '%detailedMessage;'. under the IIS directory
(%windir%\System32\inetsrv) and IIS
server configuration directory
(%windir%\System32\inetsrv\config).
Then contact Microsoft support with the
error details.
40007: No The web server doesn't have any Check the web server configuration.
web apps hosted applications.
found for the
web server.
Next steps
Set up an appliance for VMware, Hyper-V, or physical servers.
Troubleshoot dependency visualization
Article • 03/10/2023 • 29 minutes to read
This article helps you troubleshoot issues with agent-based and agentless dependency
analysis, which is only available for VMware servers. Learn more about the types of
dependency visualization supported in Azure Migrate.
The table below summarizes all errors encountered when gathering dependency data
through VMware APIs or by directly connecting to servers:
7 Note
The same errors can also be encountered with software inventory because it follows
the same methodology as agentless dependency analysis to collect the required
data.
9000: VMware tools status on the server VMware tools might not be Ensure that VMware
can't be detected. installed on the server or the tools later than
installed version is corrupted. version 10.2.1 are
installed and running
on the server.
9001: VMware tools aren't installed on VMware tools might not be Ensure that VMware
the server. installed on the server or the tools later than
installed version is corrupted. version 10.2.1 are
installed and running
on the server.
Error Cause Action
9002: VMware tools aren't running on VMware tools might not be Ensure that VMware
the server. installed on the server or the tools later than
installed version is corrupted. version 10.2.0 are
installed and running
on the server.
9003: Operation system type running on Operating system running on Only Windows and
the server isn't supported. the server isn't Windows or Linux OS types are
Linux. supported. If the
server is indeed
running Windows or
Linux OS, check the
operating system
type specified in
vCenter Server.
9004: Server isn't in a running state. Server is in a powered-off Ensure that the
state. server is in a running
state.
9005: Operation system type running on Operating system running on Only Windows and
the server isn't supported. the server isn't Windows or Linux OS types are
Linux. supported. The
<FetchedParameter>
operating system
isn't supported
currently.
9006: The URL needed to download the This issue could be transient The issue should
discovery metadata file from the server because of the discovery agent automatically resolve
is empty. on the appliance not working in the next cycle
as expected. within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9007: The process that runs the script to This issue could be transient The issue should
collect the metadata isn't found in the because of the discovery agent automatically resolve
server. on the appliance not working in the next cycle
as expected. within 24 hours. If
the issue persists,
submit a Microsoft
support case.
Error Cause Action
9008: The status of the process running This issue could be transient The issue should
on the server to collect the metadata because of an internal error. automatically resolve
can't be retrieved. in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9009: Windows User Account Control Windows UAC settings restrict On the affected
(UAC) prevents the execution of the discovery of installed server, lower the
discovery operations on the server. applications from the server. level of the User
Account Control
settings on the
Control Panel.
9010: The server is powered off. The server is in a powered-off Ensure that the
state. server is in a
powered-on state.
9011: The file containing the discovered This issue could be transient The issue should
metadata can't be found on the server. because of an internal error. automatically resolve
in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9012: The file containing the discovered This issue could be transient The issue should
metadata on the server is empty. because of an internal error. automatically resolve
in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
9013: A new temporary user profile is A new temporary user profile Submit a Microsoft
created on logging in to the server each is created on logging in to the support case to help
time. server each time. troubleshoot this
issue.
9014: Unable to retrieve the file Encountered an error on the Ensure that port 443
containing the discovered metadata ESXi host <HostName>. Error is open on the ESXi
because of an error encountered on the code: %ErrorCode; Details: host on which the
ESXi host. Error code: %ErrorCode; %ErrorMessage. server is running.
Details: %ErrorMessage
Learn more on how
to remediate the
issue.
Error Cause Action
9015: The vCenter Server user account The required privileges of Ensure that the
provided for server discovery doesn't guest operations haven't been vCenter Server user
have guest operations privileges enabled on the vCenter Server account has
enabled. user account. privileges enabled
for Virtual Machines
> Guest Operations
to interact with the
server and pull the
required data.
9016: Unable to discover the metadata Either the VMware tools aren't Ensure that the
because the guest operations agent on installed on the server or the VMware tools are
the server is outdated. installed version isn't up to installed and running
date. and up to date on
the server. The
VMware Tools
version must be
version 10.2.1 or
later.
9017: The file containing the discovered This could be a transient issue Submit a Microsoft
metadata can't be found on the server. because of an internal error. support case to help
troubleshoot this
issue.
9018: PowerShell isn't installed on the PowerShell can't be found on Ensure that
server. the server. PowerShell version
2.0 or later is
installed on the
server.
9019: Unable to discover the metadata VMware guest operations Ensure that the
because of guest operation failures on failed on the server. The issue server credentials on
the server. was encountered when trying the appliance are
the following credentials on valid and the
the server: username in the
<FriendlyNameOfCredentials>. credentials is in the
user principal name
(UPN) format. (Find
the friendly name of
the credentials tried
by Azure Migrate in
the possible causes.)
9020: Unable to create the file required The role associated to the 1. Check if the
to contain the discovered metadata on credentials provided on the credentials provided
the server. appliance or a group policy on the appliance
on-premises is restricting the have created file
creation of the file in the permission on the
required folder. The issue was folder <folder
encountered when trying the path/folder name>
following credentials on the in the server.
server: 2. If the credentials
<FriendlyNameOfCredentials>. provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
9021: Unable to create the file required VMware tools are reporting an Ensure that VMware
to contain the discovered metadata at incorrect file path to create the tools later than
the right path on the server. file. version 10.2.0 are
installed and running
on the server.
Error Cause Action
9022: The access is denied to run the The role associated to the 1. Check if the
Get-WmiObject cmdlet on the server. credentials provided on the credentials provided
appliance or a group policy on the appliance
on-premises is restricting have created file
access to the WMI object. The administrator
issue was encountered when privileges and have
trying the following credentials WMI enabled.
on the server: 2. If the credentials
<FriendlyNameOfCredentials>. provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
9023: Unable to run PowerShell because The value of the 1. Check if the
the %SystemRoot% environment %SystemRoot% environment environment variable
variable value is empty. variable is empty for the is returning an
server. empty value by
running echo
%systemroot%
command on the
affected server.
2. If issue persists,
submit a Microsoft
support case.
Error Cause Action
9026: Unable to run guest operations on The current state of the server 1. Ensure that the
the server. doesn't allow the guest affected server is up
operations to run. and running.
2. If the issue
persists, submit a
Microsoft support
case.
9027: Unable to discover the metadata Unable to contact the guest Ensure that VMware
because the guest operations agent isn't operations agent on the tools later than
running on the server. server. version 10.2.0 are
installed and running
on the server.
9028: Unable to create the file required There's a lack of sufficient Ensure that enough
to contain the discovered metadata storage space on the server space is available on
because of insufficient storage on the disk. the disk storage of
server. the affected server.
Error Cause Action
9029: The credentials provided on the The credentials on the 1. Ensure that the
appliance don't have access permissions appliance don't have access credentials on the
to run PowerShell. permissions to run PowerShell. appliance can access
The issue was encountered PowerShell on the
when trying the following server.
credentials on the server: 2. If the credentials
<FriendlyNameOfCredentials>. on the appliance
don't have the
required access,
either provide
another set of
credentials or edit an
existing one. (Find
the friendly name of
the credentials tried
by Azure Migrate in
the possible causes.)
9030: Unable to gather the discovered The ESXi host on which the Ensure that the ESXi
metadata because the ESXi host where server is residing is in a host running the
the server is hosted is in a disconnected disconnected state. server is in a
state. connected state.
9031: Unable to gather the discovered The ESXi host on which the Ensure that the ESXi
metadata because the ESXi host where server is residing is in an host running the
the server is hosted isn't responding. invalid state. server is in a running
and connected state.
9032: Unable to discover because of an The issue encountered is Follow the steps on
internal error. because of an internal error. this website to
remediate the issue.
If the issue persists,
open a Microsoft
support case.
Error Cause Action
9033: Unable to discover because the The credentials on the Ensure that the
username of the credentials provided on appliance contain invalid credentials on the
the appliance for the server has invalid characters in the username. appliance don't have
characters. The issue was encountered any invalid
when trying the following characters in the
credentials on the server: username. You can
<FriendlyNameOfCredentials>. go back to the
appliance
configuration
manager to edit the
credentials. (Find the
friendly name of the
credentials tried by
Azure Migrate in the
possible causes.)
9034: Unable to discover because the The credentials on the Ensure that the
username of the credentials provided on appliance don't have the credentials on the
the appliance for the server isn't in the username in the UPN format. appliance have their
UPN format. The issue was encountered username in the
when trying the following UPN format. You can
credentials on the server: go back to the
<FriendlyNameOfCredentials>. appliance
configuration
manager to edit the
credentials. (Find the
friendly name of the
credentials tried by
Azure Migrate in the
possible causes.)
9035: Unable to discover because the The PowerShell language Ensure that the
PowerShell language mode isn't set mode isn't set to Full PowerShell language
correctly. language. mode is set to Full
language.
Error Cause Action
9036: Unable to discover because the The credentials on the Ensure that the
username of the credentials provided on appliance don't have the credentials on the
the appliance for the server isn't in the username in the UPN format. appliance have their
UPN format. The issue was encountered username in the
when trying the following UPN format. You can
credentials on the server: go back to the
<FriendlyNameOfCredentials>. appliance
configuration
manager to edit the
credentials. (Find the
friendly name of the
credentials tried by
Azure Migrate in the
possible causes.)
9037: The metadata collection is The server is taking too long The issue should
temporarily paused because of high to respond. automatically resolve
response time from the server. in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
10000: The operation system type The operating system running Only Windows and
running on the server isn't supported. on the server isn't Windows or Linux OS types are
Linux. supported.
<GuestOSName>
operating system
isn't supported
currently.
10001: The script required to gather The script required to perform Submit a Microsoft
discovery metadata isn't found on the discovery might have been support case to help
server. deleted or removed from the troubleshoot this
expected location. issue.
10002: The discovery operations timed This issue could be transient The issue should
out on the server. because the discovery agent automatically resolve
on the appliance isn't working in the next cycle
as expected. within 24 hours. If it
isn't resolved, follow
the steps on this
website to remediate
the issue. If the issue
persists, open a
Microsoft support
case.
Error Cause Action
10003: The process executing the The process executing the The issue should
discovery operations exited with an discovery operations exited automatically resolve
error. abruptly because of an error. in the next cycle
within 24 hours. If
the issue persists,
submit a Microsoft
support case.
10004: Credentials aren't provided on The credentials for the server 1. Ensure that you
the appliance for the server OS type. OS type weren't added on the add the credentials
appliance. for the OS type of
the affected server
on the appliance.
2. You can now add
multiple server
credentials on the
appliance.
10005: Credentials provided on the The credentials provided on 1. Ensure that the
appliance for the server are invalid. the appliance aren't valid. The credentials provided
issue was encountered when on the appliance are
trying the following credentials valid and the server
on the server: is accessible by using
<FriendlyNameOfCredentials>. the credentials.
2. You can now add
multiple server
credentials on the
appliance.
3. Go back to the
appliance
configuration
manager to either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
10006: The operation system type The operating system running Only Windows and
running on the server isn't supported. on the server isn't Windows or Linux OS types are
Linux. supported.
<GuestOSName>
operating system
isn't supported
currently.
10007: Unable to process the discovered An error occurred when Submit a Microsoft
metadata from the server. parsing the contents of the file support case to help
containing the discovered troubleshoot this
metadata. issue.
10008: Unable to create the file required The role associated to the 1. Check if the
to contain the discovered metadata on credentials provided on the credentials provided
the server. appliance or a group policy on the appliance
on-premises is restricting the have created file
creation of file in the required permission on the
folder. The issue was folder <folder
encountered when trying the path/folder name>
following credentials on the in the server.
server: 2. If the credentials
<FriendlyNameOfCredentials>. provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
Error Cause Action
10009: Unable to write the discovered The role associated to the 1. Check if the
metadata in the file on the server. credentials provided on the credentials provided
appliance or a group policy on the appliance
on-premises is restricting have write file
writing in the file on the server. permission on the
The issue was encountered folder <folder
when trying the following path/folder name>
credentials on the server: in the server.
<FriendlyNameOfCredentials>. 2. If the credentials
provided on the
appliance don't have
the required
permissions, either
provide another set
of credentials or edit
an existing one.
(Find the friendly
name of the
credentials tried by
Azure Migrate in the
possible causes.)
10010: Unable to discover because the The package containing the Ensure that the
command- %CommandName; required command %CommandName; package that
to collect some metadata is missing on isn't installed on the server. contains the
the server. command
%CommandName; is
installed on the
server.
10011: The credentials provided on the The interactive login and Use the resolution
appliance were used to log in and log logout forces the registry keys methods
out for an interactive session. to be unloaded in the profile documented on this
of the account being used. website.
This condition makes the keys
unavailable for future use.
Error Cause Action
10012: Credentials haven't been Either no credentials have 1. Ensure that the
provided on the appliance for the been provided for the server credentials are
server. or you've provided domain provided on the
credentials with an incorrect appliance for the
domain name on the server and the server
appliance. Learn more about is accessible by using
the cause of this error. the credentials.
2. You can now add
multiple credentials
on the appliance for
servers. Go back to
the appliance
configuration
manager to provide
credentials for the
server.
Error 970:
DependencyMapInsufficientPrivilegesException
Cause
The error usually appears for Linux servers when you haven't provided credentials with
the required privileges on the appliance.
Remediation
You have two options:
To check if the user account provided on the appliance has the required privileges:
1. Log in to the server where you encountered this error with the same user account
as mentioned in the error message.
2. Run the following commands in Azure Shell. You'll get errors if you don't have the
required privileges for agentless dependency analysis.
ps -o pid,cmd | grep -v ]$
netstat -atnp | awk '{print $4,$5,$7}'
3. Set the required permissions on /bin/netstat and /bin/ls files by running the
following commands:
4. You can validate if the preceding commands assigned the required permissions to
the user account or not.
getcap /usr/bin/ls
getcap /usr/bin/netstat
Error 9014:
HTTPGetRequestToRetrieveFileFailed
Cause
The issue happens when the VMware discovery agent in appliance tries to download the
output file containing dependency data from the server file system through the ESXi
host on which the server is hosted.
Remediation
You can test TCP connectivity to the ESXi host (name provided in the error message)
on port 443 (required to be open on ESXi hosts to pull dependency data) from the
appliance. Open PowerShell on the appliance server and run the following
command:
Test -NetConnection -ComputeName <Ip address of the ESXi host> -Port
443
If the command returns successful connectivity, go to the Azure Migrate project >
Discovery and assessment > Overview > Manage > Appliances, select the
appliance name, and select Refresh services.
Cause
The error usually appears for servers running Windows Server 2008 or lower.
Remediation
Install the required PowerShell version (2.0 or later) at this location on the server:
($SYSTEMROOT)\System32\WindowsPowershell\v1.0\powershell.exe. Learn more about
how to install PowerShell in Windows Server.
After you install the required PowerShell version, verify if the error was resolved by
following the steps on this website.
Remediation
Make sure that the user account provided in the appliance has access to the WMI
namespace and subnamespaces. To set the access:
After you get the required access, verify if the error was resolved by following the steps
on this website.
Cause
There can be multiple reasons for this issue. One reason is when the username provided
(server credentials) on the appliance configuration manager has invalid XML characters.
Invalid characters cause an error in parsing the SOAP request.
Remediation
Make sure the username of the server credentials doesn't have invalid XML
characters and is in the username@domain.com format. This format is popularly
known as the UPN format.
After you edit the credentials on the appliance, verify if the error was resolved by
following the steps on this website.
Cause
This error occurs when the server is slow or unresponsive and the script executed
to pull the dependency data starts timing out.
After the discovery agent encounters this error on the server, the appliance doesn't
attempt agentless dependency analysis on the server thereafter to avoid
overloading the unresponsive server.
You'll continue to see the error until you check the issue with the server and restart
the discovery service.
Remediation
1. Log in to the server that's encountering this error.
Get-WMIObject win32_operatingsystem;
Get-WindowsFeature | Where-Object {$_.InstallState -eq 'Installed' -or
($_.InstallState -eq $null -and $_.Installed -eq 'True')};
Get-WmiObject Win32_Process;
netstat -ano -p tcp | select -Skip 4;
3. If commands output the result in a few seconds, go to the Azure Migrate project
> Discovery and assessment > Overview > Manage > Appliances, select the
appliance name, and select Refresh services to restart the discovery service.
4. If the commands are timing out without giving any output, you need to:
Figure out which processes are consuming high CPU or memory on the
server.
Try to provide more cores or memory to that server and run the commands
again.
Remediation
Ensure the validity of credentials (friendly name provided in the error) by selecting
Revalidate credentials on the appliance configuration manager.
Ensure that you can log in to the affected server by using the same credential
provided in the appliance.
You can try using another user account (for the same domain, in case the server is
domain joined) for that server instead of the administrator account.
The issue can happen when Global Catalog <-> Domain Controller communication
is broken. Check for this problem by creating a new user account in the domain
controller and providing the same in the appliance. You might also need to restart
the domain controller.
After you take the remediation steps, verify if the error was resolved by following
the steps on this website.
Error 10012: CredentialNotProvided
Cause
This error occurs when you've provided a domain credential with the wrong domain
name on the appliance configuration manager. For example, if you've provided domain
credentials with the username user@abc.com but provided the domain name as
def.com, those credentials won't be attempted if the server is connected to def.com and
you'll get this error message.
Remediation
Go to the appliance configuration manager to add a server credential or edit an
existing one as explained in the cause.
After you take the remediation steps, verify if the error was resolved by following
the steps on this website.
Mitigation verification
After you use the mitigation steps for the preceding errors, verify if the mitigation
worked by running a few PowerCLI commands from the appliance server. If the
commands succeed, it means that the issue is resolved. Otherwise, check and follow the
remediation steps again.
2. Connect to the vCenter server from the appliance by providing the vCenter server
IP address in the command and credentials in the prompt:
4. For agentless dependency analysis, run the following commands to see if you get a
successful output.
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
ssh username@servername
5. Run the following commands to validate for agentless dependency analysis to see
if you get a successful output:
ps -o pid,cmd | grep -v ]$
netstat -atnp | awk '{print $4,$5,$7}'
After you verify that the mitigation worked, go to the Azure Migrate project >
Discovery and assessment > Overview > Manage > Appliances, select the appliance
name, and select Refresh services to start a fresh discovery cycle.
My Log Analytics workspace isn't listed when
you try to configure the workspace in Azure
Migrate for agent-based dependency analysis
Azure Migrate currently supports creation of OMS workspace in East US, Southeast Asia,
and West Europe regions. If the workspace is created outside of Azure Migrate in any
other region, it currently can't be associated with a project.
2. In Microsoft Monitoring Agent properties > Azure Log Analytics (OMS), make
sure that the Status for the workspace is green.
3. If the status isn't green, try removing the workspace and adding it again to MMA.
For Linux VMs, make sure that the installation commands for MMA and the dependency
agent succeeded. Refer to more troubleshooting guidance on this website.
After migration to Azure, on-premises servers are turned off and equivalent VMs
are spun up in Azure. These servers acquire a different MAC address.
Servers might also have a different IP address, based on whether you've retained
the on-premises IP address or not.
If both MAC and IP addresses are different from on-premises, Azure Migrate
doesn't associate the on-premises servers with any Service Map dependency data.
In this case, it shows the option to install the agent rather than to view
dependencies.
After a test migration to Azure, on-premises servers remain turned on as expected.
Equivalent servers spun up in Azure acquire different MAC addresses and might
acquire different IP addresses. Unless you block outgoing Azure Monitor log traffic
from these servers, Azure Migrate won't associate the on-premises servers with
any Service Map dependency data. In this case, it shows the option to install
agents rather than to view dependencies.
In Chrome, right-click and select Save as HAR with content. This action
compresses and exports the logs as an HTTP Archive (har) file.
In Microsoft Edge or Internet Explorer, select the Export captured traffic
option. This action compresses and exports the log.
6. Select the Console tab to check for any warnings or errors. To save the console log:
Next steps
Create or customize an assessment.
Additional resources
Documentation
Set the scope for discovery of servers on VMware vSphere with Azure Migrate - Azure
Migrate
Describes how to set the discovery scope for servers hosted on VMware vSphere assessment and
migration with Azure Migrate.
Support for physical discovery and assessment in Azure Migrate - Azure Migrate
Learn about support for physical discovery and assessment with Azure Migrate Discovery and
assessment
Set up a scale-out process server during disaster recovery of VMware VMs and
physical servers with Azure Site Recovery - Azure Site Recovery
This article describes how to set up scale-out process server during disaster recovery of VMware VMs
and physical servers.
Show 5 more
Troubleshoot assessment
Article • 05/09/2023
This article helps you troubleshoot issues with assessment and dependency visualization
with Azure Migrate: Discovery and assessment.
Issue Fix
Unsupported boot Azure does not support UEFI boot type for VMs with the Windows Server
type 2003/Windows Server 2003 R2/Windows Server 2008/Windows Server
2008 R2 operating systems. Check the list of operating systems that
support UEFI-based machines here.
Conditionally The operating system has passed its end-of-support date and needs a
supported Windows Custom Support Agreement for support in Azure. Consider upgrading
operating system before you migrate to Azure. Review information about preparing servers
running Windows Server 2003 for migration to Azure.
Conditionally Azure endorses only selected Linux OS versions. Consider upgrading the
endorsed Linux OS server before you migrate to Azure. Learn more.
Unendorsed Linux The server might start in Azure, but Azure provides no operating system
OS support. Consider upgrading to an endorsed Linux version before you
migrate to Azure.
Unknown operating The operating system of the VM was specified as Other in vCenter Server
system or could not be identified as a known OS in Azure Migrate. This behavior
blocks Azure Migrate from verifying the Azure readiness of the VM.
Ensure that the operating system is supported by Azure before you
migrate the server.
Unsupported bit VMs with a 32-bit operating system might boot in Azure, but we
version recommend that you upgrade to 64-bit before you migrate to Azure.
Requires a Microsoft The server is running a Windows client operating system, which is
Visual Studio supported only through a Visual Studio subscription.
subscription
Issue Fix
VM not found for The storage performance (input/output operations per second (IOPS) and
the required storage throughput) required for the server exceeds Azure VM support. Reduce
performance storage requirements for the server before migration.
VM not found for The network performance (in/out) required for the server exceeds Azure
the required network VM support. Reduce the networking requirements for the server.
performance
One or more One or more disks attached to the VM don't meet Azure requirements.
unsuitable disks
Azure Migrate: Discovery and assessment assesses the disks based on the
disk limits for Ultra disks (64 TB).
For each disk attached to the VM, make sure that the size of the disk is <
64 TB (supported by Ultra SSD disks).
If it isn't, reduce the disk size before you migrate to Azure, or use multiple
disks in Azure and stripe them together to get higher storage limits. Make
sure that the performance (IOPS and throughput) needed by each disk is
supported by Azure managed virtual machine disks.
One or more Remove unused network adapters from the server before migration.
unsuitable network
adapters
Disk count exceeds Remove unused disks from the server before migration.
limit
Disk size exceeds Azure Migrate: Discovery and assessment supports disks with up to 64 TB
limit size (Ultra disks). Shrink disks to less than 64 TB before migration, or use
multiple disks in Azure and stripe them together to get higher storage
limits.
Disk unavailable in Make sure the disk is in your target location before you migrate.
the specified
location
Disk unavailable for The disk should use the redundancy storage type defined in the
the specified assessment settings (LRS by default).
redundancy
VM with required Azure couldn't find a suitable VM type. Reduce the memory and number
cores and memory of cores of the on-premises server before you migrate.
not found
No VM size found Server marked not suitable because the VM size wasn't found for the
for offer currency selected combination of RI, offer, and currency. Edit the assessment
Reserved Instance properties to choose the valid combinations and recalculate the
(RI) assessment.
Issue Fix
Unsupported Only applicable to Azure VMware Solution assessments. Azure VMware Solution
IPv6 doesn't support IPv6 internet addresses. Contact the Azure VMware Solution team
for remediation guidance if your server is detected with IPv6.
Unsupported Support for certain Operating System versions has been deprecated by VMware
OS and the assessment recommends you to upgrade the operating system before
migrating to Azure VMware Solution. Learn more .
The gap prevents it from detecting the minor version of the Linux OS installed on
the on-premises VMs.
For example, for RHEL 6.10, currently an Azure VM assessment detects only RHEL 6
as the OS version. This behavior occurs because the vCenter Server and the Hyper-
V host don't provide the kernel version for Linux VM operating systems.
Since Azure endorses only specific versions of Linux, the Linux VMs are currently
marked as conditionally ready in an Azure VM assessment.
You can determine whether the Linux OS running on the on-premises VM is
endorsed in Azure by reviewing Azure Linux support.
After you've verified the endorsed distribution, you can ignore this warning.
This gap can be addressed by enabling application discovery on the VMware VMs. An
Azure VM assessment uses the operating system detected from the VM by using the
guest credentials provided. This Operating System data identifies the right OS
information in the case of both Windows and Linux VMs.
We have an on-premises VM with 4 cores and 8 GB of memory, with 50% CPU utilization
and 50% memory utilization, and a specified comfort factor of 1.3.
Disk sizing depends on two assessment properties: sizing criteria and storage type.
If the sizing criteria is Performance-based and the storage type is set to
Automatic, the IOPS and throughput values of the disk are considered when
identifying the target disk type (Standard HDD, Standard SSD, Premium, or Ultra
disk). A disk SKU from the disk type is then recommended, and the
recommendation considers the size requirements of the on-premises disk.
If the sizing criteria is Performance-based and the storage type is Premium, a
premium disk SKU in Azure is recommended based on the IOPS, throughput, and
size requirements of the on-premises disk. The same logic is used to perform disk
sizing when the sizing criteria is As on-premises and the storage type is Standard
HDD, Standard SSD, Premium, or Ultra disk.
For example, say you have an on-premises disk with 32 GB of memory, but the
aggregated read and write IOPS for the disk is 800 IOPS. The Azure VM assessment
recommends a premium disk because of the higher IOPS requirements. It also
recommends a disk SKU that can support the required IOPS and size. The nearest match
in this example would be P15 (256 GB, 1100 IOPS). Even though the size required by the
on-premises disk was 32 GB, the Azure VM assessment recommended a larger disk
because of the high IOPS requirement of the on-premises disk.
If the VMs are powered on for the duration for which you're creating the
assessment.
If only memory counters are missing and you're trying to assess Hyper-V VMs,
check if you have dynamic memory enabled on these VMs. Because of a known
issue, currently the Azure Migrate appliance can't collect memory utilization for
such VMs.
If all of the performance counters are missing, ensure the port access requirements
for assessment are met. Learn more about the port access requirements for
VMware, Hyper-V, and physical assessments. If any of the performance counters
are missing, Azure Migrate: Discovery and assessment falls back to the allocated
cores/memory on-premises and recommends a VM size accordingly.
If only memory counters are missing and you're trying to assess servers in a Hyper-
V environment. In this scenario, enable dynamic memory on the servers and
recalculate the assessment to reflect the latest changes. The appliance can collect
memory utilization values for servers in a Hyper-V environment only when the
server has dynamic memory enabled.
If all of the performance counters are missing, ensure that outbound connections
on ports 443 (HTTPS) are allowed.
7 Note
If any of the performance counters are missing, Azure Migrate: Discovery and
assessment falls back to the allocated cores/memory on-premises and
recommends a VM size accordingly.
If the SQL servers are powered on for the duration for which you're creating the
assessment.
If the connection status of the SQL agent in Azure Migrate is Connected, and also
check the last heartbeat.
If the Azure Migrate connection status for all SQL instances is Connected in the
discovered SQL instance pane.
If all of the performance counters are missing, ensure that outbound connections
on port 443 (HTTPS) are allowed.
If any of the performance counters are missing, the Azure SQL assessment recommends
the smallest Azure SQL configuration for that instance or database.
You didn't profile your environment for the duration for which you're creating the
assessment. For example, if you're creating an assessment with performance
duration set to one week, you need to wait for at least a week after you start the
discovery for all the data points to get collected. If you can't wait for the duration,
change the performance duration to a shorter period and recalculate the
assessment.
The assessment isn't able to collect the performance data for some or all the
servers in the assessment period. For a high confidence rating, ensure that:
Servers are powered on for the duration of the assessment.
Outbound connections on ports 443 are allowed.
For Hyper-V Servers, dynamic memory is enabled.
The connection status of agents in Azure Migrate is Connected. Also check the
last heartbeat.
For Azure SQL assessments, Azure Migrate connection status for all SQL
instances is Connected in the discovered SQL instance pane.
For Azure VM and Azure VMware Solution assessments, few servers were created
after discovery had started. For example, say you're creating an assessment for the
performance history of the past month, but a few servers were created in the
environment only a week ago. In this case, the performance data for the new
servers won't be available for the entire duration and the confidence rating would
be low. Learn more.
For Azure SQL assessments, few SQL instances or databases were created after
discovery had started. For example, say you're creating an assessment for the
performance history of the past month, but a few SQL instances or databases were
created in the environment only a week ago. In this case, the performance data for
the new servers won't be available for the entire duration and the confidence
rating would be low. Learn more.
In Chrome, right-click and select Save as HAR with content. This action
compresses and exports the logs as a .har file.
In Microsoft Edge or Internet Explorer, select the Export captured traffic
option. This action compresses and exports the log.
6. Select the Console tab to check for any warnings or errors. To save the console log:
Application The IIS site is using Azure App Service doesn't support more than one
pool check the following application pool configuration per App Service
application pools: {0}. application. Move the workloads to a single application
pool and remove other application pools.
Error Cause Recommended action
Application The site's application App Service doesn't support using the LocalSystem or
pool identity pool is running as an SpecificUser application pool identity types. Set the
check unsupported user application pool to run as ApplicationPoolIdentity.
identity type: {0}.
Content size The site content For successful migration, site content should be less
check appears to be greater than 2 GB. Evaluate if the site could switch to using
than the maximum non-file-system-based storage options for static
allowed of 2 GB for content, such as Azure Storage.
successful migration.
Content size File content size Content must be accessible to migrate the site. Confirm
check couldn't be that the site isn't using UNC shares for content and that
unknown determined, which all site content locations are accessible to the
usually indicates an administrators group.
access issue.
Global The following App Service supports limited global modules. Remove
module check unsupported global the unsupported modules from the GlobalModules
modules were section, along with all associated configuration.
detected: {0}.
ISAPI filter The following Automatic configuration of custom ISAPI filters isn't
check unsupported ISAPI supported. Remove the unsupported ISAPI filters.
filters were detected:
{0}.
Error Cause Recommended action
ISAPI filter Unable to determine Automatic configuration of custom ISAPI filters isn't
check ISAPI filters present supported. Fix all configuration errors and confirm that
unknown for all of the site all site content locations are accessible to the
configuration. administrators group.
Location tag The following location The migration method doesn't support moving location
check paths were found in path configuration in applicationHost.config. Move the
the location path configuration to either the site's root
applicationHost.config web.config file or to a web.config file associated with
file: {0}. the specific application to which it applies.
Protocol Bindings were found App Service only supports the HTTP and HTTPS
check by using the following protocols. Remove the bindings with protocols that
unsupported aren't HTTP or HTTPS.
protocols: {0}.
Virtual The following virtual Migration doesn't support migrating site content
directory directories are hosted hosted on UNC shares. Move content to a local file path
check on UNC shares: {0}. or consider changing to a non-file-system-based
storage option, such as Azure Storage. If you use shared
configuration, disable shared configuration for the
server before you modify the content paths.
HTTPS The application uses More manual steps are required for HTTPS
binding check HTTPS. configuration in App Service. Other post-migration
steps are required to associate certificates with the App
Service site.
TCP port Bindings were found App Service supports only ports 80 and 443. Clients
check on the following making requests to the site should update the port in
unsupported ports: their requests to use 80 or 443.
{0}.
Framework The following Migration doesn't validate the framework for non-.NET
check non-.NET frameworks sites. App Service supports multiple frameworks, but
or unsupported .NET these have different migration options. Confirm that the
framework versions non-.NET frameworks aren't being used by the site, or
were detected as consider using an alternate migration option.
possibly in use by this
site: {0}.
Next steps
Create or customize an assessment.
Troubleshooting replication issues in
agentless VMware VM migration
Article • 04/24/2023
This article describes some common issues and specific errors that you might encounter
when you replicate on-premises VMware VMs using the Migration and modernization
agentless method.
When you replicate a VMware virtual machine using the agentless replication method,
data from the virtual machine's disks (vmdks) are replicated to replica managed disks in
your Azure subscription. When replication starts for a VM, an initial replication cycle
occurs, in which full copies of the disks are replicated. After the initial replication
completes, incremental replication cycles are scheduled periodically to transfer any
changes that have occurred since the previous replication cycle.
You may occasionally see replication cycles failing for a VM. These failures can happen
due to reasons ranging from issues in on-premises network configuration to issues at
the Azure Migrate Cloud Service backend. In this article, we will:
Show you how you can monitor replication status and resolve errors.
List some of the commonly occurring replication errors and suggest steps to
remediate them.
1. Go to the Servers, databases and web apps page in Azure Migrate on the Azure
portal.
2. In the Migration and modernization tile, under Replications, select the number
next to Azure VM .
3. You'll see a list of replicating servers along with additional information such as
status, health, last sync time, etc. The Replication health column indicates the
current replication health of the VM. A Critical or Warning value typically indicates
that the previous replication cycle for the VM failed. To get more details, right-click
on the VM, and select Health error Details. The Error Details page contains
information on the error and additional details on how to troubleshoot.
4. Select Recent Events to see the previous replication cycle failures for the VM. In
the events page, look for the most recent event of type Replication cycle failed or
Replication cycle failed for disk" for the VM.
5. Select the event to understand the possible causes of the error and recommended
remediation steps. Use the information provided to troubleshoot and remediate
the error.
Error: “Key Vault operation failed. Operation: Generate shared access signature
definition, Key Vault: Key-vault-name, Storage Account: storage account name failed
with the error:”
This error typically occurs because the User Access Policy for the Key Vault doesn't give
the currently logged in user the necessary permissions to configure storage accounts to
be Key Vault managed. To check for user access policy on the key vault, go to the Key
vault page on the portal for the Key vault and select Access policies.
When the portal creates the key vault, it also adds a user access policy granting the
currently logged in user permissions to configure storage accounts to be Key Vault
managed. This can fail for two reasons:
The logged in user is a remote principal on the customer's Azure tenant (CSP
subscription - and the logged in user is the partner admin). The work-around in
this case is to delete the key vault, sign out from the portal, and then sign in with a
user account from the customer's tenant (not a remote principal) and retry the
operation. The CSP partner will typically have a user account in the customers
Azure Active Directory tenant that they can use. If not, they can create a new user
account for themselves in the customers Azure Active Directory tenant, sign in to
the portal as the new user, and then retry the replicate operation. The account
used must have either Owner or Contributor+User Access Administrator
permissions granted to the account on the resource group (Migrate project
resource group).
The other case where this may happen is when one user (user1) attempted to set
up replication initially and encountered a failure, but the key vault has already
been created (and user access policy appropriately assigned to this user). Now at a
later point a different user (user2) tries to set up replication, but the Configure
Managed Storage Account or Generate SAS definition operation fails as there's no
user access policy corresponding to user2 in the key vault.
Resolution: To work around this issue, create a user access policy for user2 in the key
vault granting user2 permission to configure managed storage account and generate
SAS definitions. User2 can do this from Azure PowerShell using the below cmdlets:
DisposeArtefactsTimedOut
Error ID: 181008
Possible Causes:
The component trying to replicate data to Azure is either down or not responding. The
possible causes include:
b. Open the Microsoft services MMC snap-in (run > services.msc), and check if the
Microsoft Azure Gateway Service is running. If the service is stopped or not
running, start the service. Alternatively, you can open command prompt or
PowerShell and enter 'Net Start asrgwy'.
3. Check for connectivity issues between Azure Migrate appliance and Appliance
Storage Account:
Run the following command after downloading azcopy in the Azure Migrate
appliance:
a. Download azcopy.
b. Look for the appliance Storage Account in the Resource Group. The Storage
Account has a name that resembles migrategwsa**********. This is the value of
parameter [account] in the above command.
c. Search for your storage account in the Azure portal. Ensure that the subscription
you use to search is the same subscription (target subscription) in which the
storage account is created. Go to Containers in the Blob Service section. Select
+Container and create a Container. Retain Public Access Level to the default
selected value.
e. Select Generate SAS and connection string and copy the SAS token. If you're
using PowerShell, ensure you enclose the URL with single quotation marks (' ').
Alternatively, download the Azure Storage Explore on to the appliance and try to
upload 10 blobs of ~64 MB into the storage accounts. If there's no issue, the
upload should be successful.
Resolution: If this test fails, there's a networking issue. Engage your local
networking team to check connectivity issues. Typically, there can be some firewall
settings that are causing the failures.
4. Check for connectivity issues between Azure Migrate appliance and Service Bus:
7 Note
This is applicable only for the projects that are set up with public endpoint.
A Service bus refers to the ServiceBusNamespace type resource in the
resource group for a Migrate project. The name of the Service Bus is of the
format migratelsa(keyvaultsuffix). The Migrate key vault suffix is available in
the gateway.json file on the appliance.
For example, if the gateway.json contains:
"AzureKeyVaultArmId":
"/subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/migratekv
1329610309",
the service bus namespace resource will be migratelsa1329610309.
This test checks if the Azure Migrate appliance can communicate to the Azure
Migrate Cloud Service backend. The appliance communicates to the service
backend through Service Bus and Event Hubs message queues. To validate
connectivity from the appliance to the Service Bus, download the Service Bus
Explorer, try to connect to the appliance Service Bus and perform the send
message/receive message operations. If there's no issue, this should be successful.
Resolution: If this test fails, there's a networking issue. Engage your local
networking team to check connectivity issues. Typically, there can be some firewall
settings that are causing the failures.
5. Connectivity issues between Azure Migrate appliance and Azure Key Vault:
This test checks for connectivity issues between the Azure Migrate appliance and
the Azure Key Vault. The Key Vault is used to manage Storage Account access used
for replication.
a. Fetch the Key Vault URI from the list of resources in the Resource Group
corresponding to Azure Migrate Project.
b. Open PowerShell in the Azure Migrate appliance and run the following
command:
In the output, check the field "TcpTestSucceeded". If the value is "True", there's
no connectivity issue between the Azure Migrate Appliance and the Azure
Key Vault. If the value is "False", there's a connectivity issue.
Resolution: If this test fails, there's a connectivity issue between the Azure Migrate
appliance and the Azure Key Vault. Engage your local networking team to check
connectivity issues. Typically, there can be some firewall settings that are causing
the failures.
DiskUploadTimedOut
Error ID: 1011
Error Message: The upload of data for disk DiskPath, DiskId of virtual machine VMName;
VMId didn't complete within the expected time.
This error typically indicates either that the Azure Migrate appliance performing the
replication is unable to connect to the Azure Cloud Services, or that replication is
progressing slowly causing the replication cycle to time out.
a. Sign in to the Azure Migrate appliance using remote desktop and do the
following.
b. Open the Microsoft services MMC snap-in (run > services.msc), and check if the
"Microsoft Azure Gateway Service" is running. If the service is stopped or not
running, start the service. Alternatively, you can open command prompt or
PowerShell and enter 'Net Start asrgwy'.
3. Check for connectivity issues between Azure Migrate appliance and cache
Storage Account:
Run the following command after downloading azcopy in the Azure Migrate
appliance:
a. Download azcopy
b. Look for the Appliance Storage Account in the Resource Group. The Storage
Account has a name that resembles migratelsa**********. This is the value of
parameter [account] in the above command.
c. Search for your storage account in the Azure portal. Ensure that the subscription
you use to search is the same subscription (target subscription) in which the
storage account is created. Go to Containers in the Blob Service section. Select
+Container and create a Container. Leave Public Access Level to default
selected value.
Alternatively, download the Azure Storage Explore on to the appliance and try to
upload 10 blobs of ~64 MB into the storage accounts. If there's no issue, the
upload should be successful.
Resolution: If this test fails, there's a networking issue. Engage your local
networking team to check connectivity issues. Typically, there can be some firewall
settings that are causing the failures.
4. Connectivity issues between Azure Migrate appliance and Azure Service Bus:
This test will check whether the Azure Migrate appliance can communicate to the
Azure Migrate Cloud Service backend. The appliance communicates to the service
backend through Service Bus and Event Hubs message queues. To validate
connectivity from the appliance to the Service Bus, download the Service Bus
Explorer, try to connect to the appliance Service Bus and perform the send
message/receive message operations. If there's no issue, this should be successful.
a. Copy the connection string from the Service Bus that got created in the
Resource Group corresponding to Azure Migrate Project.
d. Paste the connection string you copied in step 1, and select Connect.
If the connection is successful, you'll see "[x] messages received" on the console
output. If the connection isn't successful, you'll see a message stating that the
connection failed.
Resolution: If this test fails, there's a connectivity issue between the Azure Migrate
appliance and Service Bus. Engage your local networking team to check these
connectivity issues. Typically, there can be some firewall settings that are causing
the failures.
5. Connectivity issues between Azure Migrate appliance and Azure Key Vault:
This test checks for connectivity issues between the Azure Migrate appliance and
the Azure Key Vault. The Key Vault is used to manage Storage Account access used
for replication.
a. Fetch the Key Vault URI from the list of resources in the Resource Group
corresponding to Azure Migrate Project.
b. Open PowerShell in the Azure Migrate appliance and run the following
command:
_test-netconnection Key Vault URI -P 443_
This command will attempt a TCP connection and will return an output.
a. In the output, check the field "TcpTestSucceeded". If the value is "True", there's no
connectivity issue between the Azure Migrate Appliance and the Azure Key
Vault. If the value is "False", there's a connectivity issue.
Resolution: If this test fails, there's a connectivity issue between the Azure Migrate
appliance and the Azure Key Vault. Engage your local networking team to check
connectivity issues. Typically, there can be some firewall settings that are causing
the failures.
The agentless replication method uses VMware's changed block tracking technology
(CBT) to replicate data to Azure. CBT lets the Migration and modernization tool track
and replicate only the blocks that have changed since the last replication cycle. This
error occurs if changed block tracking for a replicating virtual machine is reset or if the
changed block tracking file is corrupt.
If you had opted for Automatically repair replication by selecting "Yes" when you
triggered replication of VM, the tool will try to repair it for you. Right-click on the
VM, and select Repair Replication.
If you didn't opt for Automatically repair replication or the above step didn't work
for you, then stop replication for the virtual machine, reset changed block
tracking on the virtual machine, and then reconfigure replication.
One such known issue that may cause a CBT reset of virtual machine on VMware
vSphere 5.5 is described in VMware KB 1020128: Changed Block Tracking is reset after
a storage vMotion operation in vSphere 5.x. If you are on VMware vSphere 5.5, ensure
that you apply the updates described in this KB.
Alternatively, you can reset VMware changed block tracking on a virtual machine using
VMware PowerCLI.
An internal error occurred
Sometimes you may hit an error that occurs due to issues in the VMware
environment/API. We've identified the following set of errors as VMware environment-
related errors. These errors have a fixed format.
For example: Error Message: An internal error occurred. [An Invalid snapshot
configuration was detected].
The following section lists some of the commonly seen VMware errors and how you can
mitigate them.
The following errors occur when VMware snapshot-related operations – create, delete,
or consolidate disks fail. Follow the guidance in the next section to remediate the errors:
Error Message: VM: 'VMName'. Error: No disksnapshots were found for the snapshot
replication with snapshot ID: 'SnapshotID'.
Possible Causes:
Recommendation:
Restore the included disks to the original path using storage vMotion and try
replication again.
Error Message: The Azure Migrate appliance is unable to connect to the vSphere host
'%HostName;'
Possible Causes:
1. The Azure Migrate appliance is unable to resolve the hostname of the vSphere
host.
2. The Azure Migrate appliance is unable to connect to the vSphere host on port 902
(default port used by VMware vSphere Virtual Disk Development Kit), because TCP
port 902 is being blocked on the vSphere host or by a network firewall.
Recommendations:
Ensure that the hostname of the vSphere host is resolvable from the Azure Migrate
appliance.
Ensure the vSphere host is accepting connections on port 902 and that the endpoint
is reachable from the appliance.
If the tcp test doesn't succeed, the connection is being blocked by a firewall or isn't
being accepted by the vSphere host. Resolve the network issues to allow
replication to proceed.
Next Steps
Continue VM replication, and perform test migration.
Troubleshoot slow replication or stuck
migration issues in agentless VMware
migration
Article • 12/29/2022 • 4 minutes to read
This article helps you troubleshoot slow replication or stuck migration issues that you
may encounter when you replicate on-premises VMware VMs using the Azure Migrate:
Server Migration agentless method.
Following are some reasons that generally cause this issue and remediations.
Remediation
You can increase the NFC buffer size beyond 32 MB to increase concurrency. The setting
needs to be done on both the ESXi host and on the appliance. If not, the replication may
perform even worse.
U Caution
Increasing the size to more than 32 MB might cause resource constraints in the
environment. Before proceeding, consult with the System Administrator to
understand the implications.
<nfcsvc>
<enabled>true</enabled>
<maxMemory>134217728</maxMemory>
<maxStreamMemory>10485760</maxStreamMemory>
<path>libnfcsvc.so</path>
</nfcsvc>
4. Edit the value of maxMemory to the value (in Bytes) that you’d like to configure for
the NFC buffer. In this example, it's set to 128 MB (128 * 1024 * 1024).
6. Restart the management agents from the shell using the following commands:
/etc/init.d/hostd restart
/etc/init.d/vpxa restart
Changes in Appliance
{
"HostBufferSizeInMB": "32",
}
4. Change the value of HostBufferSizeInMB to the value that you set in the ESXi host.
5. Save and exit.
6. Restart the Azure Migrate gateway service that is running on the appliance. Open
PowerShell and execute the following:
Remediation
Use VMotion to move the VM with slow replication to an ESXi host, which isn't too busy.
Network bandwidth
Replications might be slow because of low network bandwidth available to the Azure
Migrate appliance. Low bandwidth might be due to other applications using up the
bandwidth or presence of bandwidth throttling applications or a proxy setting
restricting the bandwidth use of replication appliance.
Remediation
In case of low bandwidth, you can first reduce the number of applications using network
bandwidth. Check with your network administrator if any throttling application or proxy
setting is present.
Disk I/O
Replications can be slow because the server that is being replicated has too much load
on it and this is causing high I/O operations on disks attached to it. It's advised to
reduce the load on the server to increase the replication speed. You may also encounter
the following error:
The last replication cycle for the virtual machine ‘VM Name’ failed. Encountered timeout
event.
If no action is taken, the replication will proceed and be completed with a delay.
U Caution
The disk type recommended during Assessment might not be Premium for a
particular VM. In this case, switching to Premium disk to improve replication speeds
isn't advisable since it might not be required post migration to have a Premium
disk attached to this VM.
Next steps
Learn more about migrating VMware VMs.
Troubleshooting web apps migration
issues
Article • 03/31/2023 • 5 minutes to read
This article describes some common issues and specific errors you might encounter when
trying to migrate web apps using Azure Migrate.
AccessDenied Access denied. Check error details. This may be due to a change
since last web app discovery. Confirm that the
web app discovery is still successful and/or
troubleshoot web app discovery access issues
first.
AddConflict The role This may be due to AKS 1.23+ version. If you're
assignment using AKS 1.23+, edit the script as mentioned in
already exists. Build container image before building the
docker image.
IISWebAppMigrationError Error occurred Check the error message for additional details.
during app
content copy
operation.
IISWebServerPowerShellError Error occurred Check the error message for more details.
during Remote PowerShell is used to package the site
PowerShell content from the web server without requiring
operation. the installation of any products or machine
changes on the web server.
IISWebServerZeroWebAppsFound No web apps This may indicate that the web server was
were found on modified after the last web app discovery was
the target IIS completed. Confirm that web app discovery was
server. recently completed and that web apps weren't
removed from the web server.
Error code Error message Troubleshooting steps
Next steps
Continue to perform at-scale agentless migration of ASP.NET web apps to Azure App
Service.
Once you have successfully completed migration, you may explore the following steps
based on web app specific requirement(s):
Map existing custom DNS name.
Secure a custom DNS with a TLS/SSL binding.
Securely connect to Azure resources.
Deployment best practices.
Security recommendations.
Networking features.
Monitor App Service with Azure Monitor.
Configure Azure AD authentication.
Review best practices for deploying to Azure App service.
az offazure
Reference
7 Note
This reference is part of the offazure extension for the Azure CLI (version 2.15.0 or
higher). The extension will automatically install the first time you run an az offazure
command. Learn more about extensions.
Commands
az offazure hyperv Manage Hyper-V on-premise resources.
az offazure hyperv cluster list Get all clusters on the on-premise site.
az offazure hyperv host list Get all hosts on the on-premise site.
Migrate
Get-AzMigrateDiscoveredServer Get All discovered servers in a migrate
project.
This page is an index of Azure Policy built-in policy definitions for Azure Migrate. For
additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure
portal. Use the link in the Version column to view the source on the Azure Policy GitHub
repo .
Azure Migrate
Name Description Effect(s) Version
(Azure portal) (GitHub)
Configure Use private DNS zones to override the DNS DeployIfNotExists, 1.0.0
Azure resolution for a private endpoint. A private DNS Disabled
Migrate zone links to your virtual network to resolve to
resources to your Azure Migrate project. Learn more at:
use private https://aka.ms/privatednszone .
DNS zones
Next steps
See the built-ins on the Azure Policy GitHub repo .
Review the Azure Policy definition structure.
Review Understanding policy effects.
Additional resources
Training
Learning certificate
Microsoft Certified: Azure Data Fundamentals - Certifications
Azure Data Fundamentals validates foundational knowledge of core data concepts and how they are
implemented using Microsoft Azure data services.
Cloud migration in the Cloud Adoption
Framework
Article • 12/01/2022 • 4 minutes to read
Any enterprise-scale cloud adoption plan includes workloads that don't deserve
significant investments in the creation of new business logic. Those workloads could be
moved to the cloud through any number of approaches: lift and shift, lift and optimize,
or modernize. Each approach is considered a migration.
Watch the following video to get a quick overview of the lift and shift approach.
https://www.microsoft.com/en-us/videoplayer/embed/RWDup6?postJsllMsg=true
The following exercises help establish the iterative processes to assess, migrate,
optimize, secure, and manage those workloads.
To prepare you for this phase of the cloud adoption lifecycle, we recommend the
following steps:
Migrate your first workload: Use the Azure migration guide to become familiar with the
Azure native tools and approach to migration.
Migration scenarios: Use other migration tools and approaches to act on other migration
scenarios.
Best practices: Address common migration needs through the application of consistent
best practices.
The Migrate methodology and the steps above build on the following assumptions:
The methodology that migration sprints fit within migration waves or releases. You
define migration waves or releases by using the Plan, Ready, and Adopt
methodologies. Within each migration sprint, a batch of workloads is migrated to
the cloud.
Before migrating workloads, you've identified, configured, and deployed at least
one landing zone to meet the needs of the near-term cloud adoption plan.
Migration is commonly associated with the terms lift and shift or rehost. This
methodology and the steps above are built on the belief that no datacenter and
few workloads should be migrated using a pure rehost approach. While you can
rehost many workloads, customers more often choose to modernize specific assets
within each workload. During this iterative process, the balance between speed
and modernization is a common discussion point.
Migration effort
The actions required to migrate workloads generally falls into three efforts, or phases,
for each workload: assess workloads, deploy workloads, and release workloads. This
section of the Cloud Adoption Framework teaches readers how to maximize the return
from each phase required to migrate a workload to production.
The following bullets provide an overview of the phases of this process (pictured above):
Deploy workloads: After you assess workloads, the existing workload functionality
is replicated or improved in the cloud. This replication could involve a lift and shift
or rehost to the cloud. But, more commonly during this phase, many of the assets
supporting these workloads will be modernized to capitalize on the benefits of the
cloud.
7 Note
In some early iterations of the migration effort, it's common to limit scope to a
single workload. This approach maximizes skills retention and provides the team
with more time to experiment and learn.
7 Note
When building a migration factory, some teams may choose to disperse each of the
above phases across multiple teams and multiple sprints. This approach can
improve repeatability and accelerate migration efforts.
Next steps
The steps outlined above and further methodology guidance can help you improve
processes within each migration sprint. The Azure migration guide includes articles that
outline the most common tools and approaches needed during your first migration
wave.
This section of the Cloud Adoption Framework provides examples of several common
migration scenarios and demonstrates how you can migrate on-premises infrastructure
to Microsoft Azure .
Introduction
Azure provides access to a comprehensive set of cloud services. As developers and IT
professionals, you can use these services to build, deploy, and manage applications on a
range of tools and frameworks through a global network of datacenters. As your
business faces challenges associated with the digital shift, the Azure platform helps you
to determine how to:
The cloud provides advantages for speed and flexibility, minimized costs, performance,
and reliability. However, many organizations might need to continue to run on-premises
datacenters. In response to cloud adoption barriers, Azure provides a hybrid cloud
strategy that builds bridges between your on-premises datacenters and the Azure public
cloud. An example is using Azure cloud resources like Azure Backup to protect on-
premises resources or Azure analytics to gain insights into on-premises workloads.
As part of the hybrid cloud strategy, Azure provides growing solutions for migrating on-
premises applications and workloads to the cloud. With simple steps, you can
comprehensively assess your on-premises resources to determine how they'll run in the
Azure platform. With a deep assessment in hand, you can confidently migrate resources
to Azure. When resources are up and running in Azure, you can optimize them to retain
and improve access, flexibility, security, and reliability.
Migration patterns
Strategies for migration to the cloud fall into four broad patterns: rehost, refactor,
rearchitect, or rebuild. The strategy you adopt depends on your business drivers and
migration goals. You might adopt multiple patterns. For example, you could choose to
rehost noncritical applications while rearchitecting applications that are more complex
and business-critical. Let's look at these patterns.
Rehost Often referred to as a lift-and-shift migration, this - When you need to move
option doesn't require code changes. You can use applications quickly to the
it to migrate your existing applications to Azure cloud
quickly. Each application is migrated as is to reap - When you want to move an
the benefits of the cloud without the risk and cost application without modifying
associated with code changes. it
- When your applications are
designed to take advantage of
Azure infrastructure as a
service (IaaS) scalability after
migration.
- When applications are
important to your business, but
you don't need to immediately
change application capabilities.
Rebuild Rebuild takes things a step further by rebuilding - When you want rapid
an application from scratch using Azure cloud development, and existing
technologies. applications have limited
functionality and lifespan
For example, you could build greenfield - When you're ready to
applications with cloud-native technologies like expedite business innovation
Azure Functions, AI, SQL Managed Instance, and (including DevOps practices
Azure Cosmos DB. provided by Azure), build new
applications using cloud-native
technologies, and take
advantage of advancements in
AI, blockchain, and IoT.
This series focuses on each migration scenario, which is driven by slightly different
business goals to determine the migration strategy. For each deployment scenario, we
provide information about:
Assessment
Article Details
Assess on- This article in the Plan methodology discusses how to run an assessment of an
premises on-premises application running on VMware. In the article, an example
resources for organization assesses application VMs by using Azure Migrate and the application
migration to SQL Server database by using Data Migration Assistant.
Azure
Infrastructure
Article Details
Deploy This article shows how an organization can prepare its on-premises infrastructure
Azure and its Azure infrastructure for migration. The infrastructure example established
infrastructure in this article is referenced in the other samples provided in this section.
Article Details
Article Details
Migrate SQL Server This article demonstrates how the fictional company Contoso assessed,
databases to Azure planned, and migrated its various on-premises SQL Server databases to
Azure.
Rehost an This example shows how to migrate an application and data by using
application on Azure-hosted SQL Server VMs. It uses Azure Migrate to migrate the
Azure VMs using application VMs and Database Migration Service to migrate the application
SQL Server Always database to a SQL Server cluster that's protected by an Always On
On availability availability group.
groups
Article Details
Migrate open-source This article demonstrates how the fictional company Contoso assessed,
databases to Azure planned, and migrated its various on-premises open-source databases
to Azure.
Migrate MySQL to This article demonstrates how the fictional company Contoso planned
Azure and migrated its on-premises MySQL open-source database platform to
Azure.
Migrate PostgreSQL to This article demonstrates how the fictional company Contoso planned
Azure and migrated its on-premises PostgreSQL open-source database
platform to Azure.
Migrate MariaDB to This article demonstrates how the fictional company Contoso planned
Azure and migrated its on-premises MariaDB open-source database platform
to Azure.
Dev/test workloads
Article Details
Migrate dev/test This article demonstrates how Contoso rehosts its dev/test environment
environments to for two applications running on VMware VMs by migrating to Azure VMs.
Azure IaaS
Article Details
Migrate to Azure This article discusses how Contoso moves its dev/test workloads to Azure
DevTest Labs by using DevTest Labs.
Article Details
Refactor a Linux application This example shows how to migrate an on-premises Linux-based
to multiple regions by using application to an Azure web app on multiple Azure regions by
App Service, Azure Traffic using Traffic Manager to integrate with GitHub for continuous
Manager, and Azure delivery. The application database is migrated to an Azure
Database for MySQL Database for MySQL instance.
Refactor Team Foundation This article shows an example migration of an on-premises Team
Server to Azure DevOps Foundation Server deployment to Azure DevOps Services in Azure.
Services
SAP
Article Details
SAP migration guide Get practical guidance to move your on-premises SAP
workloads to the cloud.
Migrate SAP applications to White paper and roadmap for your SAP journey to the
Azure cloud.
Migration methodologies for SAP Overview of various migration options to move SAP
on Azure applications to Azure.
Specialized workloads
Article Details
Move on-premises VMware This article provides an example of moving on-premises VMware
infrastructure to Azure VMs to Azure by using Azure VMware Solution.
Azure NetApp Files Enterprise file storage powered by NetApp. Run Linux and
Windows file workloads in Azure.
Oracle on Azure Run your Oracle databases and enterprise applications in Azure
and Oracle Cloud Infrastructure.
VDI
Article Details
Move on-premises Remote Desktop This article shows how to migrate on-premises Remote
Services to Azure Virtual Desktop Desktop Services to Azure Virtual Desktop.
Migration scaling
Article Details
Scale a migration to This article shows how an example organization prepares to scale to a full
Azure migration to Azure.
Demo applications
The example articles provided in this section use two demo applications: SmartHotel360
and osTicket.
SmartHotel360: This test application was developed by Microsoft to use when you work
with Azure. It's provided under an open-source license, and you can download it from
GitHub . It's an ASP.NET application connected to a SQL Server database. In the
scenarios discussed in these articles, the current version of this application is deployed
to two VMware VMs running Windows Server 2008 R2 and SQL Server 2008 R2. These
application VMs are hosted on-premises and managed by vCenter Server.
osTicket: This open-source service desk ticketing application runs on Linux. You can
download it from GitHub . In the scenarios discussed in these articles, the current
version of this application is deployed on-premises to two VMware VMs running Ubuntu
16.04 LTS using Apache 2, PHP 7.0, and MySQL 5.7.
Azure Migrate REST API
Article • 05/10/2022 • 2 minutes to read
Azure Migrate helps you to migrate to Azure. Azure Migrate provides a centralized hub
to track discovery, assessment, and migration of on-premises infrastructure,
applications, and data to Azure. The hub provides Azure tools for assessment and
migration, as well as third-party independent software vendor (ISV) offerings. To learn
more about Azure Migrate, see the Azure Migrate documentation.
Microsoft.Migrate resource types
Article • 12/28/2022 • 2 minutes to read
This article lists the available versions for each resource type.
assessmentProjects 2019-10-01
assessmentProjects/assessmentOptions 2019-10-01
assessmentProjects/groups 2019-10-01
assessmentProjects/groups/assessments 2019-10-01
assessmentProjects/groups/assessments/assessedMachines 2019-10-01
assessmentProjects/hypervcollectors 2019-10-01
assessmentProjects/importcollectors 2019-10-01
assessmentProjects/machines 2019-10-01
assessmentProjects/privateEndpointConnections 2019-10-01
assessmentProjects/privateLinkResources 2019-10-01
assessmentProjects/servercollectors 2019-10-01
assessmentProjects/vmwarecollectors 2019-10-01
migrateProjects 2020-05-01
migrateProjects/privateEndpointConnections 2020-05-01
projects 2018-02-02
projects/groups 2018-02-02
projects/groups/assessments 2018-02-02
projects/groups/assessments/assessedMachines 2018-02-02
projects/machines 2018-02-02