Installing the Application Migration Service vCenter Client - Application Migration Service
Application Migration Service vCenter Client requirements

Installing the Application Migration Service vCenter Client

The first step to deploying the agentless solution is installing the Application Migration Service vCenter Client on your vCenter environment.

Note

If you have multiple vCenter environments, you will need to install multiple clients. You may not have more than one Application Migration Service vCenter Client installed per AWS account. If you have multiple vCenter environments, you can either use a different AWS account for each environment or you can migrate your VMs serially, environment by environment, into the same AWS account.

After the Application Migration Service vCenter Client has been installed, it will discover all of the VMs in your vCenter environment and add them to Application Migration Service.

Application Migration Service vCenter Client requirements

Ensure that you review the notes below prior to installing the Application Migration Service vCenter Client. Once you have read the notes, proceed to install the client.

vCenter Client requirements

  • You must install the Application Migration Service vCenter Client on a VM that has outbound and inbound network connectivity to the AWS Application Migration Service API endpoints and outbound and inbound network connectivity to the vCenter endpoint. Customers who want to use PrivateLink can use VPN or AWS Direct Connect to connect to AWS.

  • The Application Migration Service vCenter Client currently only supports VirtualDiskFlatVer2BackingInfo VMDK on CBT. Learn more about this in the VMware knowledgebase.

  • You must download this VDDK version to the VM on which the Application Migration Service vCenter Client is installed. VDDK 7.0.3.3 must be used, regardless of the vCenter version used.

  • The Application Migration Service vCenter Client requires the following vCenter user permissions for agentless deployment. It is a best practice to create a dedicated role with these permissions and a dedicated user group with which the role will be associated. Every new user created for the Application Migration Service vCenter Client will need to be a member of that group in order to obtain the required permissions. The vCenter predefined role: “ Consolidated Backup user (sample) ” provides most of these permissions. If that role is used, the following additional permission must be provided: Toggle disk change tracking.

    • Change configuration

      • Acquire disk lease

      • Toggle disk change tracking

    • Provisioning

      • Allow read-only disk access

      • Allow virtual machine download

    • Snapshot management

      • Create snapshot

      • Remove snapshot

  • The VM on which the Application Migration Service vCenter Client is installed should meet the following RAM, CPU, and memory requirements:

    • Minimal requirements (these requirements will allow the replication of up to 5 servers in parallel) – 2 GiB RAM, 1 core, 10 GiB of free disk space

    • Optional performance requirements (these requirements will allow the replication of the maximum number of 50 servers in parallel) – 16 GiB RAM, 8 cores, 10 GiB of free disk space

  • VMs that are being replicated into AWS should have at least 2 GiB of free disk space.

  • The VM on which the Application Migration Service vCenter Client is installed should not allow any incoming (ingress) traffic.

  • The VM on which the Application Migration Service vCenter Client is installed should only allow outgoing traffic as following:

    • Egress TCP on the port on which the vCenter API is ran.

    • Egress TCP on port 443 for communication with the Application Migration Service API.

    • Egress TCP on port 1500 – for the replication server.

  • Patching of guest OS running AWS vCenter client should be handled by the customer as part of shared responsibility.

  • IAM credentials used by the vCenter Client should be rotated on a regular schedule. Learn more about how to rotate access keys for IAM users in this IAM blog post. IAM credentials can be regenerated by reinstalling the AWS Replication Agent.

  • The VM that hosts the Application Migration Service vCenter Client should only be used for client hosting and should not be used for any other purposes.

  • Only a trusted administrator should have access to the VM on which the Application Migration Service vCenter Client is installed.

  • The Application Migration Service vCenter Client should be located in an isolated and dedicated network and considered a sensitive segment.

  • You can deactivate the vCenter Client auto-update mechanism by running the following command: touch /var/lib/aws-vcenter-client/.disable_auto_updates Once auto-updates are deactivated, you will need to reinstall the client to perform a manual update. If you deactivate the auto-update mechanism, you will be responsible for ensuring that all security updates are performed on the client. After a manual update, you should validate the new hash against the installer hash.

vCenter Client installer notes

  • The Application Migration Service vCenter Client installer only supports vCenter 6.7, 7.0 and 8.0.

  • The Application Migration Service vCenter Client can be installed on the following 64 bit Linux versions:

    • Ubuntu 18.x+ (64 bit) - 22.04

    • Amazon Linux 2

    • RHEL 8.x

  • If you are using a RHEL 8.x environment, ensure that you run the sudo yum install python3 command to install python prior to launching the client installer.

  • The following flags are used by the installer:

    • usage: aws-vcenter-client-installer-init.py [-h]

    • [--aws-access-key-id AWS_ACCESS_KEY_ID]

    • [--aws-access-key-id AWS_ACCESS_KEY_ID]

    • [--aws-secret-access-key AWS_SECRET_ACCESS_KEY]

    • [--region REGION]

    • [--endpoint ENDPOINT]

    • [--s3-endpoint S3_ENDPOINT]

    • [--vcenter-host VCENTER_HOST]

    • [--vcenter-port VCENTER_PORT]

    • [--vcenter-user VCENTER_USER]

    • [--vcenter-password VCENTER_PASSWORD]

    • [--vcenter-ca-path VCENTER_CA_PATH]

    • [--vddk-path VDDK_PATH]

    • [--vcenter-client-tags KEY=VALUE [KEY=VALUE ...]]

    • [--source-server-tags KEY=VALUE [KEY=VALUE ...]]

    • [--disable-ssl-cert-validation]

    • [--no-prompt]

    • Use this flag for an unattended installation. If you are using this flag, you must also use the --force-delete-existing client flag.

      [--force-delete-existing-client]

    • Use this flag to delete an existing version of the vCenter Client from your VM. You must use this flag if you've previously installed the vCenter Client on the VM. If you use the --no-prompt flag, you must also use this flag.

      [--version]

      Optional arguments:

      -h, --help show this help message and exit

vCenter environment requirements

  • AWS Application Migration Service supports VM hardware version 7 and higher with CBT activated. Ensure that you upgrade any VMs you have to hardware version 7 or higher. Ensure that CBT support is activated in your vSphere deployment. Application Migration Service activates CBT on replicating VMs. You can deactivate CBT after cutover.

  • The VM being replicated into Application Migration Service must not contain any existing VMware snapshots.

  • Once added to Application Migration Service, snapshot-based replication will create snapshots on the replicated VM, which may result in slower disk performance.

  • VMs with independent disks, Raw Device Mappings (RDM), or direct-attach disks (iSCSI, NBD) are not supported for replication into Application Migration Service.

  • The VM being replicated into Application Migration Service can be either stopped or running. Changing the VM state during data replication will not affect data replication and will cause no data corruption.