Migration to AWS sandbox
Strategies
6 R https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-migration/welcome.html
Rehosting
Lift and shift
Homogeneous (made of same things before/after) No changes to the applications, simply move the location from on-prem to cloud.
Tools = VM Import/Export, [[#Application Migration Service (MGN)]]
Replatforming
Lift, tinker and shift
Homogeneous (made of same things before/after) No big changes to the applications, simply move the location from on-prem to cloud, while choosing some low hanging fruits. Like moving to a database-as-a-service offering.
Example = Migrate on-prem Oracle DB to RDS for Oracle
Tools = VM Import/Export, [[#Application Migration Service (MGN)]]
Repurchasing
Move to a different product Heterogeneous (quite different before/after) Usually a move to a SaaS platform
Example = Tools =
Refactoring
Heterogeneous (quite different before/after) Strong business need to add features, scale, or performance
Example = Move from monolith to micro-services, Migrate on-prem Oracle DB to Aurora, RDS (MySql, PostgreSql), MariaDB etc.
Tools = [[#Schema Conversion Tool (SCT)]], [[#App2container]]
Retire
No use, retire
Retain
Keep as-is, no change
Migration Evaluator
Build a business case
- Upload data from a [[CMDB]] export or gather data via an agentless collector agent.
- Agentless collector requires a Windows VM deployed on the source system like VMWare vSphere
- Provides projected costs to rehost on AWS based on resource configs and usage patterns
- Does not support Citirix XenServer
Application Discovery Service (ADS)
Discover details
Use this to discover your application’s needs prior to any planned migration. It can collect metrics (cpu/memory/disk/network), configurations (number of disks, os version etc) either via an agent (can be installed on any windows/linux host), or agentlessly by launching a collector in vSphere (reads the metrics from outside the vms).
Agentless collection does not collect data about processes! Available as an OVA file to be deployed in the VMWare environment.
Previous verions - AWS Agentless Discovery Connector (Discovery Connector) is a VMware appliance. Retired, use ADS connector instead.
Migration Hub
Plan and manage
Integrates well with ADS Presents a simplified view about all the applications on a single dashboard. You can group the servers together for migration, export the utilization stats to do cost modelling on AWS etc.
Application Migration Service (MGN)
Rehost, or lift and shift
Continuous block-level replication of on-premises source servers to a staging area in AWS Account. 2160 hrs free use period ~90d Auto converts source servers from physical, virtual, or cloud infrastructure to run natively on AWS
Previous version = CloudEndure Migration
App2container
Replatform apps to run on containers
AWS App2Container (A2C) is a tool for replatforming .NET and Java web-based applications directly into containers. A2C packages the application artifact and identified dependencies into container images, configures the network ports, and generates the needed definitions. A2C provisions the cloud infrastructure and CI/CD pipelines required to deploy the containerized application into production.
Database Migration Service (DMS)
Replatform and sync data
Migrate to RDS or EC2 hosted databases Switch DB platforms - Oracle to Postgres
Performance best practices Turn off backups and transaction logging
https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-database-migration/cut-over.html
Cutover
Flash Cut
Minimal downtime SCT DMS continuous data replication (CDC)
Offline
Major downtime SCT DMS full-load
Active/Active
No downtime Bi-directional replication
Incremental
No downtime Example = migrate one service at a time if possible, while re-factoing the application
Schema Conversion Tool (SCT)
Migrate database schema from source to destination SCT replication agent supports asynchronous data replication using [[#Snowball Edge Storage Optimized]] device. Helpful for very large scale migrations.
DataSync
Move data between storage.
Endpoints - [[efs]], [[fsx]], [[s3]]
#question When to pick [[#DataSync]] over [[#Storage Gateway]] ?
Setup a task to periodically transfer data between storage locations. The scheduled task runs with a minimal interval of 1 hr (even with a custom cron). So, if the need is to replicate/transfer data faster than 1 hr, DataSync won’t work. Ensures file integrity Handles synchronization Install as VM on-prem
Snow Family
Manage using OpsHub application, which can be installed on Mac/Linux/Windows OS.
NFS Encryption Edge compute Offline data migration Online data migration using [[#DataSync]] End to end tracking Secure erasure
Snowcone
Small form factor for maximum portability, smallest device in the family Best suited to use in harsh environments to run workloads locally on EC2 8 TB HDD or 14 TB SSD storage, use as NFS v4 mounts. Transfer data to AWS offline by shipping the device back or online by using inbuild [[#DataSync]]
Snowball Edge Compute Optimized
Best suited for edge compute needs before transferring data to AWS ~100 vCPU, 28 TB [[NVMe SSD]] storage 100 Gbps network connection IoT data analytics (think IoT Greengrass) Local compute with Lambda or EC2 instances (creatively called, SBE1) File transfer using NFS GUI GPU workloads for optimizing M/L models locally with limited connectivity (SBE-G instances)
Snowball Edge Storage Optimized
Transfer TB to PB of data to AWS IoT data aggregation and analysis 80 TB or 210 TB storage 1, 10 or 100 Gbps network connection Max duration - 360 days
Snowmobile
A 45 foot container to transfer up to 100 PB of data. It starts to make sense using this over [[#Snowball Edge Storage Optimized]] devices if most data is at a single location, and exceeds 10 PB.
Transfer Family
Transfer data directly to [[#S3]] or [[#EFS]] using protocols such as [[SFTP]], [[FTPS]], [[FTP]], [[AS2]]
For FTP, you cannot create a public endpoint, it has to be a VPC hosted endpoint. As a workaround for using FTP over internet, you can route traffic through a Network load balancer, and run the FTP server in PASV mode.
For FTPS, only explicit mode is supported.
For FTPS, and FTP only Passive mode is supported.
Can the endpoints be assigned fixed public IP addresses? Yes, create VPC hosted “internet-facing” endpoint, and assign an Elastic IP to the endpoint directly. This is not possible for Public endpoints.
Can you restrict who is able to connect to the endpoint? Yes, for VPC hosted endpoints, this can be done via security groups. For public endpoints using [[API Gateway]] for identity management, WAS can also be used.