AWS related

What does the AWS Application Migration Service Machine Conversion Server do?

The machine conversion server converts the disks to boot and run on AWS.

Specifically, the machine conversion server makes bootloader changes, injects hypervisor drivers and installs cloud tools.

What boot modes are supported by the AWS Application Migration Service?

The agent supports systems using either BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) boot modes. BIOS is the traditional boot mode that initializes hardware and bootstraps the operating system. UEFI is a more modern boot firmware that provides additional boot configurations and security features over BIOS. Both boot modes are fully supported by the agent, giving users flexibility to choose the mode that best fits their systems and requirements. Users can install the agent on servers using either UEFI or legacy BIOS firmware.

How can we encrypt an unencrypted AWS Application Migration Service base snapshot?

The encryption status of AWS Application Migration Service base snapshots is determined by the default EBS (Elastic Block Store) encryption setting for the respective AWS region. Encryption Scenarios:

How do I change the server AMI on AWS after Migration?

After the machine has been launched by AWS Application Migration Service switching the AMI can be done by launching a vanilla machine from the required AMI, stopping that machine, detaching all the disks (including the root) and then attaching the disks from the test or cutover instance created by AWS Application Migration Service.

Which AWS services are automatically installed when launching a test or cutover instance?

AWS Application Migration Service automatically installs EC2Config. After installation, EC2Config automatically installs the SSM EC2 Configuration Service.

CloudWatch, AWS Powershell or CLI are not automatically installed. This can be done by the combining the AWS Application Migration Service APIs and the AWS APIs – you can use the AWS Application Migration Service APIs to determine the EC2 instance IDs of the machines and then use AWS API/CLI to turn on the detailed monitoring. An alternative approach would be to do it via AWS API only based on the tags you associate with the machine. A third approach would be to do so from the post-launch script.

AWS Application Migration Service installs EC2Launch (Windows 2016 only). You will need to configure EC2Launch based on these specific requirements. This configuration step needs to be performed post Migration using the wizard in C:\Program Data\Amazon\EC2-Windows\Launch\Settings\Ec2LaunchSettings.exe on the test or cutover instance.

How long does it take to copy a disk from the AWS Application Migration Service staging area to production?

AWS Application Migration Service uses internal cloud provider snapshots. This process typically takes less than a minute and the size of the volume does not impact the time.

What are the differences between conversion servers and replication servers?

Replication servers run on Linux and conversion servers (for Windows machines) run on Windows.

The conversion is done by AWS Application Migration Service (AWS MGN) automatically bringing up a vanilla Windows conversion server machines in the same subnet with the replication servers as part of the launch job.

Both conversion and replication servers have public IPs.

The conversion servers will use the same security groups as the Replication Server.

The conversion server must be able to access the AWS MGN's service manager.

The conversion server machines, just like the Replication servers are managed automatically by AWS Application Migration Service. Any attempt to disrupt their automated functionality will result in failed conversions.

Can I prevent AWS Application Migration Service from cleaning up test instance resources in AWS?

AWS Application Migration Service will, by default, removes any resources created during the test process either when requested by the user or when a new Test instance is launched.

To prevent this in AWS, you can activate Termination Protection for the test or cutover instance, and the resources will not be removed upon a new instance launch.

Why are my Windows server disks read-only after launching the test or cutover instance?

When launching test or cutover instances Windows Server may boot with all the disks as read-only.

This a common issue that occurs when detaching and attaching data disks. This issue can be resolved using steps in this Microsoft TechNet article.

What impacts the conversion and boot time of test and cutover instances?

Prior to launching the test or cutover instance, AWS Application Migration Service goes through a machine conversion server process on the boot volume. The conversion process is fairly quick.

While the actual conversion process itself is quick, the time to boot the test or cutover instance varies depending on many factors unrelated to any AWS Application Migration Service processes. Some of these are controllable and should be taken into account when recovery or cutover times are of importance.

How is the AWS Licensing Model Tenancy chosen for AWS Application Migration Service?

AWS Application Migration Service conforms to the Microsoft Licensing on AWS guidelines.

How does AWS Application Migration Service interact with Interface VPC Endpoints?

If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a private connection between your VPC and AWS Application Migration Service. You can use this connection to allow AWS Application Migration Service to communicate with your resources on your VPC without going through the public internet.

Amazon VPC is an AWS service that you can use to launch AWS resources in a virtual network that you define. With a VPC, you have control over your network settings, such the IP address range, subnets, route tables, and network gateways. With VPC endpoints, the routing between the VPC and AWS services is handled by the AWS network, and you can use IAM policies to control access to service resources.

To connect your VPC to AWS Application Migration Service, you define an interface VPC endpoint for AWS Application Migration Service. An interface endpoint is an elastic network interface with a private IP address that serves as an entry point for traffic destined to a supported AWS service. The endpoint provides reliable, scalable connectivity to AWS Application Migration Service without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. For more information, see What is Amazon VPC in the Amazon VPC User Guide.

Interface VPC endpoints are powered by AWS PrivateLink, an AWS technology that allows private communication between AWS services using an elastic network interface with private IP addresses. For more information, see AWS PrivateLink.

For more information, see Getting Started in the Amazon VPC User Guide.

How do I use MGN with CloudWatch and EventBridge dashboards?

You can monitor AWS Application Migration Service using CloudWatch, which collects raw data and processes it into readable, near real-time metrics. AWS Application Migration Service sends events to Amazon EventBridge whenever a source server launch has completed, a source server reaches the READY_FOR_TEST lifecycle state for the first time, and when the data replication state becomes stalled or when the data replication state is no longer Stalled. You can use EventBridge and these events to write rules that take actions, such as notifying you, when a relevant event occurs.

You can see MGN in CloudWatch automatic dashboards:

MGN events can be selected when defining a rule from the EventBridge console:

Learn more about monitoring MGN.