Microsoft Workloads on AWS

Mastering Windows Server migration to Amazon EC2: Key tactics for success – Part 2

Introduction

This two-part series equips you with essential knowledge for a successful Windows Server migration to Amazon Elastic Compute Cloud (Amazon EC2). Part 1 laid the groundwork by exploring critical licensing decisions and Active Directory integration strategies. Building on that foundation, this post delves into the technical intricacies of preparing your Windows Server instances for the cloud.

Solution overview

Part 2 focuses on preparing your instances for migration by examining key considerations that will ensure a smooth transition to Amazon EC2. We will explore how to:

  • Choose the right Amazon EC2 instance type by understanding virtualization technologies like the Xen hypervisor and AWS Nitro System.
  • Verify your Windows Server instance’s boot configuration (BIOS or Unified Extensible Firmware Interface (UEFI)) and understand its impact on the Amazon EC2 deployment.
  • Run the validation tool to validate boot mode compatibility, confirm driver requirements, and check other prerequisites before migration

By understanding and implementing these practical steps, you’ll be better equipped to migrate, minimize errors, and speed up your transition to Amazon EC2.

Walkthrough

Choosing the right hypervisor between Xen hypervisor and AWS Nitro System

It is important to understand the Xen hypervisor and AWS Nitro System while migrating Windows Servers. Knowing these technologies will dictate the use of different drivers on different platforms and determine if an operating system (OS) version is only able to run on specific instance types. Here are a few key differences between the Xen hypervisor and AWS Nitro System for running Amazon EC2 instances:

Xen hypervisor

The Xen hypervisor is the traditional virtualization technology used in earlier Amazon EC2 instance types like M4 and C4. Instances running under Xen boot from an emulated IDE hard drive, and switch to the Xen paravirtualized block device drivers.

To get details on specific Xen-based instance types using the AWS CLI, use the describe-instance-types command. For example:

aws ec2 describe-instance-types \
	--filters Name=hypervisor,Values=xen \
	Name=processor-info.supported-architecture,Values=x86_64 \
	--query 'sort_by(InstanceTypes, &InstanceType)[*].{InstanceType:InstanceType}' \
	--output table

An alternative is using the Amazon EC2 console (Figure 1) to filter specific Xen-based instance types:

Figure 1: Screenshot of the AWS console filtering by instance types based on XEN

AWS Nitro System

The AWS Nitro System is the underlying platform for our next generation of Amazon EC2 instances that enables AWS to innovate faster, further reduce cost for our customers, and deliver added benefits like increased security and new instance types. Instances running under the Nitro Hypervisor boot from Amazon Elastic Block Storage (EBS) volumes using an NVMe interface. Some instance types like M5 and C5 use the AWS Nitro technology.

To get details on specific Nitro-based instance types using the AWS CLI, use the describe-instance-types command.

For example:

aws ec2 describe-instance-types \
	--filters Name=hypervisor,Values=nitro \
	Name=processor-info.supported-architecture,Values=x86_64 \
	--query 'sort_by(InstanceTypes, &InstanceType)[*].{InstanceType:InstanceType}' \
	--output table

An alternative is using the Amazon EC2 console (Figure 2) to filter specific Nitro-based instance types:

Figure 2: A screenshot of the AWS console filtering by instance types based on Nitro

Choose the correct driver version and platform according to different Windows operating system versions

Based on Table 1, we recommend prioritizing Xen-based instances when migrating Windows Server 2008 R2 and earlier operating systems. These instances offer superior compatibility and increase the likelihood of successful migration. However, it’s crucial to note that regional availability of Xen-based instances varies across the AWS infrastructure.

Operating System (OS) version Support Platform EC2Config EC2Launch v1 EC2Launch v2 PV driver AWS NVMe AWS ENA
2003 Xen 4.9.4326 X X Citrix PV 5.9 X X
2003 R2 Xen 4.9.4326 X X Citrix PV 5.9 X X
2008 Xen 4.9.4326 X X Citrix PV 5.9 X X
2008 R2 Xen&Nitro latest X X AWS PV 8.3.5 1.3.2 2.2.3
2012 Xen&Nitro latest X 2.0.1643 AWS PV 8.4.3 1.5.1 2.6.0
2012 R2 Xen&Nitro latest X 2.0.1643 AWS PV 8.4.3 1.5.1 2.6.0
2016 Xen&Nitro X latest latest AWS PV latest latest latest
2019 Xen&Nitro X latest latest AWS PV latest latest latest
2022 Xen&Nitro X latest latest AWS PV latest latest latest
2025 Nitro X X latest X latest latest

Table 1: The comparison table of Windows Server support platform, Amazon EC2 launch agents and drivers.

For example in Figure 3, Asia Pacific regions, Singapore, Tokyo, and Seoul offer a wider range of Xen-based instances, while Hong Kong and Jakarta provide limited support for Xen-based instance types. Most notably, newer regions including Kuala Lumpur, Bangkok, and Taipei do not support Xen-based instances at all. This regional variation in instance availability makes the selection of target AWS region a critical consideration in your Windows Server migration strategy to Amazon EC2.

Figure 3: AWS region supports Xen-based instances type.

Identifying the Boot Mode for Windows Server Migration

It’s important to determine the Windows Server boot mode before migration. When a computer boots, the first software it runs initializes the platform and provides an interface for the OS to perform platform-specific operations.

Amazon EC2 supports two variants of the boot mode software: UEFI and Legacy BIOS. The AMI boot mode parameter signals Amazon EC2 which boot mode to use when launching an instance. Therefore, before migrating a server, it is crucial to identify whether the server’s boot mode is BIOS or UEFI. Using the incorrect boot mode will prevent the migrated server from booting up.

Launch a command prompt window as administrator and input the command “bcdedit“. In the Windows Boot Loader section, if the file extension for /Windows/System32/winload is .exe then the system uses legacy BIOS. If the extension is .efi then the system uses UEFI.

Figure 4 shows an example of a server running legacy BIOS boot mode.

Figure 4: A screenshot of the bcdedit command output showing boot loader settings for Legacy BIOS

Figure 5 for shows an example of a server using the new UEFI boot mode.

Figure 5: A screenshot of the bcdedit command output showing bootloader settings for UEFI

After migrating a virtual machine (VM) to the Amazon EC2 platform on AWS, you can choose the appropriate instance type to launch the new instance, depending on the VM’s boot mode. Intel and AMD instance types that support UEFI boot mode are built on the AWS Nitro System; however, some instance families don’t support UEFI boot mode. Refer to this article for more information on UEFI boot mode.

Validating your Windows Server environment before migration

Before migrating Windows Servers to Amazon EC2, validate the source environment with purpose-built tools to see if the servers are ready for migration. This validation helps identify issues such as unsupported OS versions, low disk space, or incompatible drivers that will disrupt the migration. Using tools like VM Import Checker or AWS Application Migration Service (MGN) Toolkit ensures the system meets requirements, thus reducing downtime and streamlining troubleshooting. This proactive approach ensures a predictable, efficient, and reliable migration to Amazon EC2.

Choose a validation tool based on the selected migration method. If using the AWS VM Import/Export service to import VM images into Amazon EC2, the tool validates your source Windows Server against service requirements. For AWS Application Migration Service (MGN), use the MGN Toolkit, which provides automated checks for the source server. Selecting the right tool ensures the validation process matches the migration approach and helps prevent unexpected issues. Please refer to the validation tool decision tree below Figure 6.

Figure 6: Validation tool decision tree

VM Import Checker

The VM Import Checker is a PowerShell-based validation tool within AWS Migration Hub Orchestrator that helps assess Windows Server machines before migration. This pre-migration validation tool identifies potential issues early, ensuring a smooth import process.

VM Import Checker Execution

Requires elevated PowerShell permissions to run the tool.
The checker.ps1 script is available from this link.
Run the following script to download and execute the tool.

#VMImportChecker
$uri = 'https://migrationhub-orchestrator-release-us-west-2.s3.amazonaws.com/aws-migrationhub-orchestrator-template-scripts/vmie/v1.0.0/windows/checker.ps1'
$destination = (Get-Location).Path
Write-host "Enable TLS 1.2 for this PowerShell session only."
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($uri, "$destination\checker.ps1")
Write-host "checker.ps1 download successfully"
.\checker.ps1
VM Import Checker Results
  • SUCCESS: Test passed successfully
  • FAIL: Configuration violates AWS VM Import/Export requirements
  • WARNING: Potential issues requiring review
  • INFO: Informational messages about configuration differences
VM Import Checker example output and analysis

The script’s output Figure 7 includes a summary section that shows the result and specific value returned by the tests.

Figure 7: Run VM Import Checker example and shows the summary of test results.

The output Figure 8 includes a section detailing the tests that need attention. The section provides more details on the test results. Each result includes an explanation of why it requires attention and possible remediation steps.

Figure 8: Run VM Import Checker example and shows the summary of the operating system’s configuration

The output Figure 9 also includes a summary of the operating system’s configuration relevant to the AWS VM Import/Export requirements, which you can use to further investigate the recommendations.

Figure 9: Run VM Import Checker example and shows the operating system, storage and filter driver details.

The script’s overall result will fail if any individual test reports a FAILED status. This indicates that the current configuration does not support a successful image import into AWS. Address any issues before attempting the process. Carefully review all test results, not just the overall pass or fail, to identify and resolve any configuration issues.

For example Figure 10, the script will report a failure if:

  1. There is less than 6GB of free disk space on the C: drive.
  2. There are over 21 disks attached to the source machine.
  3. It detects multiple bootable partitions on the source machine.
  4. The DHCP service is not enabled on the source machine.

Figure 10: Run VM Import Checker example and shows the overall checker status.

AWS Application Migration Service (MGN) Toolkit

The AWS Application Migration Service (MGN) Toolkit extends traditional validation capabilities with a comprehensive set of automation tools for AWS migrations. Available on GitHub, this open-source solution streamlines server preparation and configuration validation.

MGN Toolkit Execution
  • Requires elevated PowerShell permissions to run the tool.
  • Visit the MGN Toolkit repository on GitHub.
  • Clone or download the toolkit by following script to your local environment
#MGN-Toolkit
$uri = 'https://github.com/awslabs/mgn-toolkit/archive/refs/heads/main.zip'
$destination = (Get-Location).Path
if ((Test-Path -Path "$destination\mgn-toolkit.zip" -PathType Leaf) -or (Test-Path -Path "$destination\mgn-toolkit-main")) {
    write-host "File $destination\mgn-toolkit.zip or folder $destination\mgn-toolkit-main found, exiting"
}else {
    Write-host "Enable TLS 1.2 for this PowerShell session only."
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $webClient = New-Object System.Net.WebClient
    Write-host "Downloading mgn-toolkit.zip"
    $webClient.DownloadFile($uri, "$destination\mgn-toolkit.zip")
    Write-host "mgn-toolkit.zip download successfully"
    Add-Type -Assembly "system.io.compression.filesystem"
    [System.IO.Compression.ZipFile]::ExtractToDirectory("$destination\mgn-toolkit.zip","$destination")
    Write-host "Extracting mgn-toolkit.zip complete successfully"
    Import-Module "$destination\mgn-toolkit-main\MGN-Toolkit.psm1"; Invoke-MGNToolkit
}
MGN Toolkit Results
  • GREEN: No issues detected
  • YELLOW: Items requiring review before migration
  • RED: Critical issues blocking migration
MGN Toolkit example output and analysis

This section Figure 11 validates the fundamental system requirements and configurations necessary before starting the migration process. It ensures the source system meets the basic technical requirements for AWS MGN, including system resources, security settings, and network connectivity.

Figure 11: Run MGN Toolkit example and shows the summary of the operating system’s configuration and status.

These validations Figure 12 focus on identifying potential challenges that might arise after the migration is complete. The checks examine system configurations that will impact the server’s functionality in AWS, such as authentication methods, boot configurations, and network settings that might need changes in the cloud environment.

Figure 12: Run MGN Toolkit example and shows the validations focus on identifying potential challenges.

The replication section Figure 13 assesses the system’s capability to perform efficient data replication to AWS. It primarily evaluates disk performance metrics and writes activities to ensure the source system can maintain a stable and efficient data transfer during the migration process, helping prevent replication delays or failures.

Figure 13: Run MGN Toolkit example and shows the system’s capability to perform efficient data replication to AWS.

If you encounter any difficulties interpreting the results or determining the appropriate remediation steps, we recommend reaching out to AWS solutions architect, support or partners for assistance.

Conclusion

A successful migration of Windows Servers to Amazon EC2 requires careful planning beyond simple lift-and-shift strategies. We began in Part 1 by exploring essential foundation elements such as licensing requirements and Active Directory integration. This blog post builds on that foundation by diving into critical technical preparations at the instance level. We showed how to choose between Xen and Nitro virtualization platforms, verify boot mode configurations (BIOS or UEFI), and leverage the validation tool to ensure system compatibility.

By incorporating these steps into your migration strategy, you can now confidently migrate Windows Server workloads on Amazon EC2, minimize deployment risks, and accelerate your time to value, efficient operations in the AWS cloud.

To accelerate your Windows Server migration journey, start by validating your environment before you move workloads. If you are using the VM Import/Export service to bring virtual machine images into Amazon EC2, run the VM Import Checker to confirm compatibility. If you are migrating with AWS Application Migration Service (MGN), leverage the MGN Toolkit to perform automated checks and align with best practices. By pairing the right validation tool with your chosen migration service, you can reduce risk, streamline execution, and lay a stronger foundation for modernization on Amazon EC2.

George Chang

George Chang

George Chang is a Cloud Support Engineer with over 10 years of Windows expertise. He specializes in Microsoft Windows workloads, Active Directory integration, and enterprise cloud operations. With extensive experience in cloud platform support, he excels in optimizing cloud infrastructures and resolving complex technical challenges.

Ali Alzand

Ali Alzand

Ali is a Microsoft Specialist Solutions Architect at Amazon Web Services who helps global customers unlock the power of the cloud by migrating, modernizing, and optimizing their Microsoft workloads. He specializes in cloud operations - leveraging AWS services like Systems Manager, Amazon EC2 Windows, and EC2 Image Builder to drive cloud transformation. Outside of work, Ali enjoys exploring the outdoors, firing up the grill on weekends for barbecue with friends, and sampling all the eclectic food has to offer.

Andrea Soria

Andrea Soria

Andrea Soria is a Senior Engineer at AWS Support who specializes in Microsoft Windows and VM Import. He’s passionate about helping customers solve complex problems through creative troubleshooting. Outside of work, Andrea enjoys spending time with his family, diving into narrative-rich adventure games, and science fiction.

Sharon Chien

Sharon Chien

Sharon Chien is a Senior Solutions Architect in AWS. She has worked with clients across diverse industries including manufacturing, retail, media, government, healthcare, and enterprise IT to plan and implement AWS cloud solutions for digital transformations. A lifelong learner and avid sharer, Sharon is passionate about understanding customer needs and building end-to-end cloud architectures that drive innovation and growth. Through her work, she continues to help organizations stay at the forefront of technology by embracing the power of the cloud.