Getting started with Amazon Q Developer transformation capabilities for VMware

In this blog post, we explore how to get started with Amazon Q Developer transformation capabilities for VMware. Amazon Q Developer is an AI-powered assistant for software development that reimagines the experience of software development lifecycle, making it easier and faster to build, secure, manage and optimize applications on AWS, and now migrate and modernize on-premises VMware workloads on AWS. Based on 18 years of AWS expertise, the Amazon Q Developer transformation capabilities for VMware agent provides organizations with a simpler and faster approach to migrating and modernizing VMware workloads using natural language.

This post covers everything you need to get started, then walks you through a transformation using the new Q Developer web experience. Finally, we show you how Amazon Q Developer loads migration waves into our rehost solution: AWS Application Migration Service (MGN).

Prerequisites

1. An Amazon Q Developer Pro Tier Subscription to use Amazon Q Developer
2. A working setup of AWS Identity and Access Management (IAM) Identity Center to federate into the new web experience.
3. An AWS account that will serve as the VMware discovery AWS account. This account will contain all the discovery data.
4. An AWS account that will serve as the VMware infrastructure provisioning account. This account is where your transformed resources will be deployed. It does not have to be a different account from the discovery account, but it is suggested for a Production migration
5. A .csv formatted RVTools export from your vCenter Server (.xlsx format is not supported, just .csv)
6. If you use VMware NSX, you have the option to translate all your networks and rules. To do this, use the new Import/Export for NSX tool to export your NSX config. For details, read the blog post Exporting network configuration data with Import/Export for NSX.

Run a VMware transformation job in Amazon Q Developer

1. Create a workspace

   Once you log into the Amazon Q Developer web experience, you will be prompted to create a workspace by providing a workspace name. You can name it anything you like but should consider giving it a meaningful name that is related to your migration project. After you create a workspace, you will see your initials and a plus icon in the top right corner. To invite additional collaborators within the same Identity Center account, select the plus icon.

   

   Figure 1: Amazon Q Developer for VMware workspace

   You can assign collaborators one of the following roles. Select a role, then select Invite.

   • administrator – full control over the workspace
   • approver – can approve pending actions
   • contributor – can chat with Q Developer and perform non-critical tasks that do not require approval
   • view only – access to monitor but not change anything in the workspace
   

   Image 2: Inviting a collaborator to a workspace

2. Create a job

   Within your shared workspace, you and your collaborators can initiate transformation jobs. Proceed by selecting Ask Q to create a job:

   

   Figure 3: Ask Q Developer to create a new transformation job

   To transform VMware virtual machines to Amazon EC2, you can use natural language to create a job for the various generative AI agents available with Q Developer or you can select one of the available transformation jobs in the chat.

   Proceed by typing VMware.

   

   Figure 4: Choosing a transformation

   At this point, you can either accept the job name automatically generated or ask Q to use a name you provide. In this instance, we demonstrate changing the name by asking Q to rename the job, typing: Name it “VMW-to-EC2 Job #1”

   

   Figure 5: Asking Q to rename a new VMware transformation job

   Confirm that the name change is acceptable by typing yes, then select Create job and Q Developer will create a new job plan. A job plan is a guided step-by-step process that walks you through a migration. Q Developer updates the plan as needed while the job progresses.

   

   Figure 6: Creating a new job

   Q Developer will show you the new job plan.

   

   Figure 7: Viewing Q Developer’s job plan

   Monitor Q Actions

   After you create a job, you can go to the Worklog tab of any section to review every action that agents or humans have taken.

   

   Figure 8: Monitoring Q Developer actions in the Worklog

3. Connect a discovery account

   Now, you need to grant Q Developer access to the AWS account where discovery data will be stored and later retrieved so the agent can generate migration recommendations. This account is called the VMware discovery connector AWS account. Later in the workflow, you will be also prompted to provide the VMware infrastructure provisioning connector, also called the target account, which is the AWS account containing the deployed infrastructure. A workspace can have up to ten VMware connectors (five VMware discovery connectors and five VMware infrastructure provisioning connectors).

   In the Connect AWS account for on-premises discovery data task, you can use an existing connector for the task or create a new one. We’ll proceed to create a new connector by entering the account number for the VMware discovery connector AWS account, selecting Create Connector, then selecting Send to Q.

   

   Figure 9: Creating a new connector

   Now that you have configured a connector, you can proceed with the job plan and select Perform discovery.

   

   Figure 10: Next step – Perform discovery

   Select Choose ZIP file, then upload an RVTools export ZIP file. You need to upload a RV Tools ZIP file that contains .csv files, .xlsx files are not supported.
   After the upload succeeds, select Send to Q

   

   Figure 11: Upload RVTools

   After importing the ZIP file, the Amazon Q Developer transformation capabilities for VMware agents will provide a quick summary with the total amount of servers discovered. This data is stored in the VMware discovery connector AWS account. You will have the chance to review the discovered data and export the server list if you want to compare the servers that were discovered against the source RVTools file.

   You can proceed and select Continue with existing data and then select Send to Q. If Q Developer is not able to generate application groupings for all servers, it informs you and provides you options to collect more data for re-evaluation.

   

   Figure 12: Summary of discovery data

4. Review discovery data

   Q Developer is able to group applications automatically when you use the optional AWS Application Discovery Service (ADS) Agentless Collector. Amazon Q Developer transformation capabilities for VMware then creates a corresponding migration plan with application grouping and waves. To use this feature, you need to install and configure the ADS Agentless Collector on the VMware discovery connector AWS account and then Q Developer will automatically identify discovered data provided by ADS.

   

   Figure 13: ADS Agentless Collector and AWS Discovery Agents can be integrated with Q

   If you don’t use the ADS Agentless Collector, you can still group VMs and map applications by using a manual import capability. However, complex dependency mapping won’t be available, as TCP network data is required to map interdependencies between components of your application.

   Q Developer also allows you to import RVTools inventory files to discover on-premises server data. In this case, you will need to feed Q Developer with application grouping and migration waves by modifying and importing a pre-configured file provided by the service. You will learn how the process works later in this post.

5. Plan migration waves

   Now it is time to identify applications and group them in migration waves. This process links discovered servers to an application and to a migration wave. Amazon Q Developer transformation capabilities for VMware provides a wave plan template file you can modify it by adding the name of the applications and their according migration waves. If you used the ADS Agentless Collector, the file will be pre-populated with application names and suggested waves. If you did not, you must manually fill in the application name and wave for each VM. As part of the migration planning, you may find a need to remove servers from the migration scope. These can be deleted manually from the file. Even if you don’t intend to make changes, Q Developer will only act on the file that you upload – you must upload a file to proceed.

   Select Download file to download the wave planning file.

   

   Figure 14: Downloading wave plan template

   Once the wave planning file is updated you can upload it back to Q Developer by selecting Choose file. When the upload is complete, select Send to Q. This will finalize the Review application groupings and waves task.

   

   Figure 15: Uploading the wave plan template

6.  Connect target account

   Now that migration waves are set, you can proceed and grant the Q Developer agents access to the AWS account that will be the target of your migration. The target AWS account, also known as the VMware infrastructure provisioning connector, will host the resources.

   To create a new provisioning connector, enter the AWS account ID and select Create connector, then Send to Q:

   

   Figure 16: Configuring the VMware infrastructure provisioning account

7. Network Migration: import NSX or RVTools network data

   Q Developer analyzes data collected from VMware NSX or RVTools to understand the current virtual network constructs. It then uses Large Language Models (LLMs) to convert these objects to the corresponding AWS constructs as AWS VPCs, subnets, security groups, NAT gateways, transit gateways, internet gateways, elastic IPs, routes, and route tables. If you are running VMware NSX, you can use Import/Export for NSX to export a copy of the network configuration to be imported by Q Developer. For details, read the blog post Exporting network configuration data with Import/Export for NSX. The export tool will output a ZIP file, which you can upload at this stage. If you are using VMware NSX, Q Developer will be unable to create subnets and security groups without the NSX export. If you are not using VMware NSX, you can use the RVTools file that you uploaded in the discovery phase.

   After connecting your provisioning AWS account, Q Developer detects existing VPCs. If any are found, it provides users with the flexibility to either utilize these existing VPCs or opt for the creation and deployment of new ones.

   Once your on-premises network is converted to AWS equivalent network constructs, Q Developer generates Infrastructure-as-Code files (CloudFormation and CDK) with the appropriate AWS network constructs. Once the network components are deployed, the agents validate the infrastructure is properly deployed. You also have the option to download the generated network configuration to review, edit, and deploy the updated version to your provisioning AWS account directly. The agents validate its network deployment using AWS Reachability Analyzer, a feature in AWS VPC that verifies connectivity between network resources on AWS.

   Select Upload ZIP file to start the upload. After uploading network data, you can select the newly uploaded ZIP file, whether it’s from Import/Export for NSX or RVTools. Then select Send to Q:

   

   Figure 17: Importing network configurations

8. Deploy VPCs

   After network analysis is complete, you can use the agents to automatically deploy VPCs in the provisioning AWS account. To do this, select Use Q to deploy the VPCs. If you want to deploy it manually, you can also review the generated network. The Generated CDK link will take you to an S3 bucket in your provisioning AWS account, which will contain AWS CDK and AWS CloudFormation code for generating your VPC configuration.

   

   Figure 18: Reviewing VPCs generated by Q Developer

   Q Developer provides additional VPC configuration options for target provisioning AWS accounts. Users can integrate third-party firewalls from AWS Marketplace for advanced security monitoring and third-party IPAM appliances to manage IP address space efficiently. It also allows setup of inbound and outbound traffic by modifying route tables and security groups.

   

   Figure 19: Additional VPC configurations for target AWS accounts

   Q Developer deploys AWS networking constructs using CloudFormation Stacks. To view progress, you can log into the CloudFormation console of the provisioning AWS account and watch CloudFormation stacks progress; this step will take time to complete.

   

   Figure 20: AWS networking constructs deployed by Q Developer

9. Examine the provisioned infrastructure in the target AWS provisioning account

   If you deployed the AWS CloudFormation Stacks, they will contain all of the code to create the AWS network constructs identified as part of the on-premises to Amazon EC2 migration. These include:

   • VMware subnets organized into supernets, assigned as VPC CIDR blocks. You will have as many VPCs as required to cover all supernets.
   • VPC CIDR blocks will be carved into VPC subnets.
   • VPC security groups, which control traffic allowed to reach and leave resources.
   • All VPCs are peered with an AWS Transit Gateway, enabling VMs to communicate.

10. Migrate workloads

    After the AWS networking components are provisioned, you will move to the final phase – migrating workloads. When you are at this stage, you will be prompted to initialize the AWS Application Migration Service (MGN). An account with full administrator privileges is required to initialize MGN. Select Go to AWS Application Migration Service console, which will bring you to the AWS Console.

    

    Figure 21: Go to MGN Service console

    Once you log into the AWS Console, select Get started.

    

    Figure 22: Get started with AWS Application Migration Service (MGN)

    Then, select Set up service. This step is required to allow AWS Application Migration Service (MGN) to create the IAM roles necessary to create AWS resources on your behalf.

    

    Figure 23: Set up AWS Application Migration Service (MGN)

    Finally, return to Q Developer, and select Send to Q.

11. Workload waves

    Next, you can begin migrating the on-premises workloads. For each wave, you will select what sizing method to use for sizing your target Amazon EC2 instances:

    • Maximum utilization – Highest recorded utilization of the source VM
    • Current server specs – Keep RAM and vCPU the same way that the source VM is configured inside vCenter Server
    • Average utilization – Average recorded utilization of the source VM
    • Percentile of utilization – Specify a percentage i.e. 20% lower than the current server specs

    You can choose Shared (default) or Dedicated tenancy. You can also optionally remove specific EC2 instance types from the recommendations.

Cleanup

Provisioning account – If you executed a production migration, you would not clean up the provisioning account as it contains all the generated objects needed to run your workloads. However, if you are just testing, perform the following:

•  Stop the migration job in the Q Developer web experience
•  Delete CloudFormation stacks in the provisioning account

Conclusion

This blog walked you through the process of using Amazon Q Developer transformation capabilities for VMware to migrate your VMware workloads to AWS. We hope this helped you test the new migration capabilities in your own environment. At Amazon we work backwards from our customers, so we’re eager to hear your feedback as you test this new offering. Your insights will help us continue to iterate and improve, ensuring we’re always delivering the best possible experience to our customers.