Discover and assess a large VMware environment
Azure Migrate has a limit of 1500 machines per project, this article describes how to assess large numbers of on-premises virtual machines (VMs) by using Azure Migrate.
- VMware: The VMs that you plan to migrate must be managed by vCenter Server version 5.5, 6.0, or 6.5. Additionally, you need one ESXi host running version 5.0 or later to deploy the collector VM.
- vCenter account: You need a read-only account to access vCenter Server. Azure Migrate uses this account to discover the on-premises VMs.
- Permissions: In vCenter Server, you need permissions to create a VM by importing a file in OVA format.
- Statistics settings: This requirement is only applicable to the one-time discovery model. For one-time discovery model, the statistics settings for vCenter Server should be set to level 3 before you start deployment. The statistics level is to be set to 3 for each of the day, week, and month collection intervals. If the level is lower than 3 for any of the three collection intervals, the assessment will work, but the performance data for storage and network won't be collected. The size recommendations will then be based on performance data for CPU and memory, and configuration data for disk and network adapters.
Set up permissions
Azure Migrate needs access to VMware servers to automatically discover VMs for assessment. The VMware account needs the following permissions:
- User type: At least a read-only user
- Permissions: Data Center object –> Propagate to Child Object, role=Read-only
- Details: User assigned at datacenter level, and has access to all the objects in the datacenter.
- To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs, and networks).
If you're deploying in a tenant environment, here's one way to set this up:
- Create a user per tenant and using RBAC, assign read-only permissions to all the VMs belonging to a particular tenant. Then, use those credentials for discovery. RBAC ensures that the corresponding vCenter user will have access to only tenant-specific VMs.
You set up RBAC for different tenant users as described in the following example for User #1 and User #2:
- In User name and Password, specify the read-only account credentials that the collector will use to discover VMs in
Datacenter1 - give read-only permissions to User #1 and User #2. Don't propagate those permissions to all child objects, because you'll set permissions on individual VMs.
- VM1 (Tenant #1) (read-only permission to User #1)
- VM2 (Tenant #1) (read-only permission to User #1)
- VM3 (Tenant #2) (read-only permission to User #2)
- VM4 (Tenant #2) (read-only permission to User #2)
- If you perform discovery using User #1 credentials, then only VM1 and VM2 will be discovered.
Plan your migration projects and discoveries
A single Azure Migrate collector supports discovery from multiple vCenter Servers (one after another) and also supports discovery to multiple migration projects (one after another).
The collector, in case of one-time discovery, works in a fire and forget model, once a discovery is done, you can use the same collector to collect data from a different vCenter Server or send it to a different migration project. In case of continuous discovery, one appliance is connected to a single project only, so you cannot use the same collector to trigger a second discovery.
Plan your discoveries and assessments based on the following limits:
Keep these planning considerations in mind:
- When you do a discovery by using the Azure Migrate collector, you can set the discovery scope to a vCenter Server folder, datacenter, cluster, or host.
- To do more than one discovery, verify in vCenter Server that the VMs you want to discover are in folders, datacenters, clusters, or hosts that support the limitation of 1,500 machines.
- We recommend that for assessment purposes, you keep machines with interdependencies within the same project and assessment. In vCenter Server, make sure that dependent machines are in the same folder, datacenter, or cluster for the assessment.
Depending on your scenario, you can split your discoveries as prescribed below:
Multiple vCenter Servers with less than 1500 VMs
If you have multiple vCenter Servers in your environment, and the total number of virtual machines is less than 1500, you can use the following approach based on your scenario:
One-time discovery: You can use a single collector and a single migration project to discover all the virtual machines across all vCenter Servers. Since the one-time discovery collector discovers one vCenter Server at a time, you can run the same collector against all the vCenter Servers, one after another, and point the collector to the same migration project. Once all the discoveries are complete, you can then create assessments for the machines.
Continuous discovery: In case of continuous discovery, one appliance can be connected to only a single project. So you need to deploy one appliance for each of your vCenter Servers and then create one project for each appliance and trigger discoveries accordingly.
Multiple vCenter Servers with more than 1500 VMs
If you have multiple vCenter Servers with less than 1500 virtual machines per vCenter Server, but more than 1500 VMs across all vCenter Servers, you need to create multiple migration projects (one migration project can hold only 1500 VMs). You can achieve this by creating a migration project per vCenter Server and splitting the discoveries.
One-time discovery: You can use a single collector to discover each vCenter Server (one after another). If you want the discoveries to start at the same time, you can also deploy multiple appliances and run the discoveries in parallel.
Continuous discovery: You need to create multiple collector appliances (one for each vCenter Server) and connect each appliance to a project and trigger discovery accordingly.
More than 1500 machines in a single vCenter Server
If you have more than 1500 virtual machines in a single vCenter Server, you need to split the discovery into multiple migration projects. To split discoveries, you can leverage the Scope field in the appliance and specify the host, cluster, folder, or datacenter that you want to discover. For example, if you have two folders in vCenter Server, one with 1000 VMs (Folder1) and other with 800 VMs (Folder2), you can use the scope field to split the discoveries between these folders.
One-time discovery: You can use the same collector to trigger both the discoveries. In the first discovery, you can specify Folder1 as the scope and point it to the first migration project, once the first discovery is complete, you can use the same collector, change its scope to Folder2 and migration project details to the second migration project and do the second discovery.
Continuous discovery: In this case, you need to create two collector appliances, for the first collector, specify the scope as Folder1 and connect it to the first migration project. You can in parallel start the discovery of Folder2 using the second collector appliance and connect it to the second migration project.
If you have an environment that is shared across tenants and you do not want to discover the VMs of one tenant in another tenant's subscription, you can use the Scope field in the collector appliance to scope the discovery. If the tenants are sharing hosts, create a credential that has read-only access to only the VMs belonging to the specific tenant and then use this credential in the collector appliance and specify the Scope as the host to do the discovery.
Discover on-premises environment
Once you are ready with your plan, you can then start discovery of the on-premises virtual machines:
Create a project
Create an Azure Migrate project in accordance with your requirements:
- In the Azure portal, select Create a resource.
- Search for Azure Migrate, and select the service Azure Migrate in the search results. Then select Create.
- Specify a project name and the Azure subscription for the project.
- Create a new resource group.
- Specify the location in which you want to create the project, and then select Create. Note that you can still assess your VMs for a different target location. The location specified for the project is used to store the metadata gathered from on-premises VMs.
Set up the collector appliance
Azure Migrate creates an on-premises VM known as the collector appliance. This VM discovers on-premises VMware VMs, and it sends metadata about them to the Azure Migrate service. To set up the collector appliance, you download an OVA file and import it to the on-premises vCenter Server instance.
Download the collector appliance
If you have multiple projects, you need to download the collector appliance only once to vCenter Server. After you download and set up the appliance, you run it for each project, and you specify the unique project ID and key.
- In the Azure Migrate project, click Getting Started > Discover & Assess > Discover Machines.
In Discover machines, there are two options available for the appliance, click Download to download the appropriate appliance based on your preference.
a. One-time discovery: The appliance for this model, communicates with vCenter Server to gather metadata about the VMs. For performance data collection of the VMs, it relies on the historical performance data stored in vCenter Server and collects the performance history of last one month. In this model, Azure Migrate collects average counter (vs. peak counter) for each metric, learn more. Since its a one-time discovery, changes in the on-premises environment are not reflected once the discovery is complete. If you want the changes to reflect, you have to do a rediscovery of the same environment to the same project.
b. Continuous discovery: The appliance for this model, continuously profiles the on-premises environment to gather real-time utilization data for each VM. In this model, peak counters are collected for each metric (CPU utilization, memory utilization etc.). This model does not depend on the statistics settings of vCenter Server for performance data collection. You can stop the continuous profiling anytime from the appliance.
The continuous discovery functionality is in preview.
In Copy project credentials, copy the ID and key for the project. You need these when you configure the collector.
Verify the collector appliance
Check that the OVA file is secure before you deploy it:
On the machine to which you downloaded the file, open an administrator command window.
Run the following command to generate the hash for the OVA:
C:\>CertUtil -HashFile <file_location> [Hashing Algorithm]
C:\>CertUtil -HashFile C:\AzureMigrate\AzureMigrate.ova SHA256
Make sure that the generated hash matches the following settings.
For OVA version 22.214.171.124
For OVA version 126.96.36.199
For OVA version 188.8.131.52
For OVA version 184.108.40.206
For OVA version 220.127.116.11
Create the collector VM
Import the downloaded file to vCenter Server:
In the vSphere Client console, select File > Deploy OVF Template.
In the Deploy OVF Template Wizard > Source, specify the location of the OVA file.
- In Name and Location, specify a friendly name for the collector VM, and the inventory object in which the VM will be hosted.
- In Host/Cluster, specify the host or cluster on which the collector VM will run.
- In storage, specify the storage destination for the collector VM.
- In Disk Format, specify the disk type and size.
- In Network Mapping, specify the network to which the collector VM will connect. The network needs internet connectivity to send metadata to Azure.
- Review and confirm the settings, and then select Finish.
Identify the ID and key for each project
If you have multiple projects, be sure to identify the ID and key for each one. You need the key when you run the collector to discover the VMs.
- In the project, select Getting Started > Discover & Assess > Discover Machines.
- In Copy project credentials, copy the ID and key for the project.
Set the vCenter statistics level
The collector appliance discovers the following static metadata about the selected virtual machines.
- VM Display name (on vCenter)
- VM’s inventory path (host/folder in vCenter)
- IP address
- MAC address
- Operating system
- Number of cores, disks, NICs
- Memory size, Disk sizes
- And performance counters of the VM, disk and network as listed in the table below.
For one-time discovery, the following table lists the exact performance counters that are collected, and also lists the assessment results that are impacted if a particular counter is not collected.
For continuous discovery, the same counters are collected at real time (20-seconds interval), so there is no dependency on vCenter statistics level. The appliance then rolls-up the 20-second samples to create a single data point for every 15 minutes by selecting the peak value from the 20-second samples and sends it to Azure.
|Counter||Level||Per-device level||Assessment impact|
|cpu.usage.average||1||NA||Recommended VM size and cost|
|mem.usage.average||1||NA||Recommended VM size and cost|
|virtualDisk.read.average||2||2||Disk size, storage cost, and VM size|
|virtualDisk.write.average||2||2||Disk size, storage cost, and VM size|
|virtualDisk.numberReadAveraged.average||1||3||Disk size, storage cost, and VM size|
|virtualDisk.numberWriteAveraged.average||1||3||Disk size, storage cost, and VM size|
|net.received.average||2||3||VM size and network cost|
|net.transmitted.average||2||3||VM size and network cost|
For one-time discovery, if you have just set a higher statistics level, it will take up to a day to generate the performance counters. So, we recommend that you run the discovery after one day. For the continuous discovery model, wait for at least a day after starting discovery for the appliance to profile the environment and then create assessments.
Run the collector to discover VMs
For each discovery that you need to perform, you run the collector to discover VMs in the required scope. Run the discoveries one after the other. Concurrent discoveries aren't supported, and each discovery must have a different scope.
- In the vSphere Client console, right-click the VM > Open Console.
- Provide the language, time zone, and password preferences for the appliance.
- On the desktop, select the Run collector shortcut.
In the Azure Migrate collector, open Set up prerequisites and then:
a. Accept the license terms, and read the third-party information.
The collector checks that the VM has internet access.
b. If the VM accesses the internet via a proxy, select Proxy settings, and specify the proxy address and listening port. Specify credentials if the proxy needs authentication.
The collector checks that the collector service is running. The service is installed by default on the collector VM.
c. Download and install VMware PowerCLI.
In Specify vCenter Server details, do the following:
- Specify the name (FQDN) or IP address of vCenter Server.
- In User name and Password, specify the read-only account credentials that the collector will use to discover VMs in vCenter Server.
- In Select scope, select a scope for VM discovery. The collector can discover only VMs within the specified scope. Scope can be set to a specific folder, datacenter, or cluster. It shouldn't contain more than 1,000 VMs.
In Specify migration project, specify the ID and key for the project. If you didn't copy them, open the Azure portal from the collector VM. On the project's Overview page, select Discover Machines and copy the values.
- In View collection progress, monitor the discovery process and check that metadata collected from the VMs is in scope. The collector provides an approximate discovery time.
Verify VMs in the portal
For one-time discovery, the discovery time depends on how many VMs you are discovering. Typically, for 100 VMs, after the collector finishes running it takes around an hour for configuration and performance data collection to complete. You can create assessments (both performance-based and as on-premises assessments) immediately after the discovery is done.
For continuous discovery (in preview), the collector will continuously profile the on-premises environment and will keep sending the performance data at an hour interval. You can review the machines in the portal after an hour of kicking off the discovery. It is strongly recommended to wait for at least a day before creating any performance-based assessments for the VMs.
- In the migration project, click Manage > Machines.
- Check that the VMs you want to discover appear in the portal.