Streamlining AWS Application Migration Service Replication Agent deployment using MGN connector
AWS Application Migration Service (AWS MGN) is AWS’s recommended service for migrations to AWS. It simplifies and expedites migrating your source servers from physical, virtual, or cloud infrastructure platforms to run natively on AWS.
Over the last year, we’ve shared with you several major updates to the MGN service, focusing on offering customers more ways to move and improve on their journey. This includes features like “Import and export”, used to populate and enrich MGN’s source environment inventory list in bulk. Today, we are happy to introduce the MGN connector, a complementing feature to Import & Export.
MGN connector saves you time by automating the manual process involved in deploying MGN Replication Agents to source servers. It rapidly deploys the agents to your source servers, and prepares them for migration in bulk.
Figure 1 below provides an architectural overview of how an AWS MGN replication agent deployment looks like, using the MGN connector.
Figure 1. High Level Architectural Diagram required for MGN replication agent deployment.
Normally, when we deploy the MGN Replication Agent on a source server, it registers itself with the MGN endpoint, and the source server is added to the MGN inventory. When using MGN connector to deploy MGN Replication Agents, we first populate MGN’s inventory with a list of source servers, using the Import & Export feature as shown in Figure 2 below. We do that by downloading the inventory import template from the MGN service console, populating it with source server data, and importing it back using the console. You can follow this blog post to learn more about Import & Export, and how to use it.
Figure 2. Import and Export console view.
To use MGN connector, you must configure your AWS account with a set of permissions consisting of AWS Identity and Access Management (IAM) roles and policies.
Additionally, you’ll have to obtain appropriate IAM credentials and AWS Systems Manager (SSM) hybrid activation parameters for deploying the MGN connector.
If you’re using MGN’s Global View feature, the feature we introduced earlier this year for managing migration operations across multiple AWS accounts by integrating with AWS Organizations, you can have MGN connector deploy replication agents to multiple accounts for you, by following these steps.
MGN connector needs to be installed on a server that is running a supported Linux version in your source environment. This server should only be used for running MGN connector.
The MGN connector uses the following protocols to communicate with source servers and deploy the replication agent:
- WinRM (Remote PowerShell, TCP ports 5895-5896) for Windows servers,
- SSH (TCP port 22) for Linux servers.
Once the source server inventory is populated, permissions configured, and firewall rules are in place, we will add an MGN connector as shown in Figure 3 below. We navigate to the AWS MGN service console and choose Add MGN connector.
Figure 3. Adding MGN connector.
We then provide the details required for registering the MGN connector, such as the connector’s name, and the SSM hybrid activation and IAM credentials that we previously obtained, as shown in Figure 4 below. The console uses this information to generate shell commands that we can copy and paste into our Linux server’s shell user interface, for downloading and installing the MGN connector software.
Figure 4. Adding details for registering the MGN connector.
The newly created MGN connector automatically begins communicating with the MGN service, and is now listed in the AWS MGN service console, as shown in Figure 5 below.
Figure 5. MGN connector registered and listed successfully in the console.
Once MGN connector is installed, the next step is registering source servers with it.
We select the newly deployed MGN connector from the console, and proceed by choosing Register servers, as shown in Figure 6 below.
Figure 6. Register source servers with the MGN connector
We select the source servers from MGN’s inventory and choose Register servers with the MGN connector as shown in Figure 7 below.
Figure 7. Select source servers for registration with the MGN connector.
MGN connector requires credentials for deploying replication agents to source servers, which are created and stored as secrets in AWS Secrets Manager.
We configure the credentials by selecting a subset or all servers from the list as shown in Figure 8 below, and choosing Register server credentials from the Actions dropdown menu.
Figure 8. Register server credentials.
We create a new secret, using admin credentials for facilitating the deployment of the replication agent, as shown in Figure 9 below. Alternatively, when multiple source servers are sharing the same credentials, we can use an existing secret by providing the secret’s ARN.
Figure 9. Adding server credentials to the AWS secret manager.
The registration process of the source servers with MGN connector is now completed, and we’re one step closer to moving and improving.
We then proceed with deploying the MGN replication agent to source servers, by selecting the source servers and choosing Install replication agent from the Actions dropdown menu, as shown in Figure 10 below. MGN connector verifies that sufficient CPU, RAM, and disk space resources are available for the deployment to complete successfully.
Figure 10. Replication agent installation on the source servers.
MGN connector now deploys the replication agents on the source servers for us, so we can focus our attention on other aspects of the migration process.
Once the process of deploying replication agents completes, we can track the lifecycle state of the source servers from the MGN console, and plan our next steps in the migration journey.
We can’t wait to share more news about exciting new MGN features in the coming months, but for now – we invite you to learn more by reviewing the Application Migration Service User Guide, trying out MGN connector and other new service features, and sharing feedback with the team through AWS re:Post for Application Migration Service, or through your AWS contacts.