Tutorial: Discover physical servers with Azure Migrate: Discovery and assessment

As part of your migration journey to Azure, you discover your servers for assessment and migration.

This tutorial shows you how to discover on-premises physical servers with the Azure Migrate: Discovery and assessment tool, using a lightweight Azure Migrate appliance. You deploy the appliance as a physical server, to continuously discover servers and performance metadata.

In this tutorial, you learn how to:

  • Set up an Azure account.
  • Prepare physical servers for discovery.
  • Create a project.
  • Set up the Azure Migrate appliance.
  • Start continuous discovery.

Note

Tutorials show the quickest path for trying out a scenario, and use default options.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

Before you start this tutorial, check you have these prerequisites in place.

Requirement Details
Appliance You need a server on which to run the Azure Migrate appliance. The server should have:

- Windows Server 2016 installed.
(Currently the deployment of appliance is only supported on Windows Server 2016.)

- 16-GB RAM, 8 vCPUs, around 80 GB of disk storage

- A static or dynamic IP address, with internet access, either directly or through a proxy.

- Outbound internet connectivity to the required URLs from the appliance.
Windows servers Allow inbound connections on WinRM port 5985 (HTTP), so that the appliance can pull configuration and performance metadata.
Linux servers Allow inbound connections on port 22 (TCP).

Note

It is unsupported to install the Azure Migrate Appliance on a server that has the replication appliance or mobility service agent installed. Ensure that the appliance server has not been previously used to set up the replication appliance or has the mobility service agent installed on the server.

Prepare an Azure user account

To create a project and register the Azure Migrate appliance, you need an account with:

  • Contributor or Owner permissions on an Azure subscription.
  • Permissions to register Azure Active Directory (AAD) apps.

If you just created a free Azure account, you're the owner of your subscription. If you're not the subscription owner, work with the owner to assign the permissions as follows:

  1. In the Azure portal, search for "subscriptions", and under Services, select Subscriptions.

    Search box to search for the Azure subscription

  2. In the Subscriptions page, select the subscription in which you want to create project.

  3. In the subscription, select Access control (IAM) > Check access.

  4. In Check access, search for the relevant user account.

  5. In Add a role assignment, click Add.

    Search for a user account to check access and assign a role

  6. In Add role assignment, select the Contributor or Owner role, and select the account (azmigrateuser in our example). Then click Save.

    Opens the Add Role assignment page to assign a role to the account

  7. To register the appliance, your Azure account needs permissions to register AAD apps.

  8. In Azure portal, navigate to Azure Active Directory > Users > User Settings.

  9. In User settings, verify that Azure AD users can register applications (set to Yes by default).

    Verify in User Settings that users can register Active Directory apps

  10. In case the 'App registrations' settings is set to 'No', request the tenant/global admin to assign the required permission. Alternately, the tenant/global admin can assign the Application Developer role to an account to allow the registration of AAD App. Learn more.

Prepare physical servers

Set up an account that the appliance can use to access the physical servers.

Windows servers

  • For Windows servers, use a domain account for domain-joined servers, and a local account for servers that are not domain-joined.

  • The user account should be added to these groups: Remote Management Users, Performance Monitor Users, and Performance Log Users.

  • If Remote management Users group isn't present, then add user account to the group: WinRMRemoteWMIUsers_.

  • The account needs these permissions for appliance to create a CIM connection with the server and pull the required configuration and performance metadata from the WMI classes listed here.

  • In some cases, adding the account to these groups may not return the required data from WMI classes as the account might be filtered by UAC. To overcome the UAC filtering, user account needs to have necessary permissions on CIMV2 Namespace and sub-namespaces on the target server. You can follow the steps here to enable the required permissions.

    Note

    For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on the servers.

Linux servers

  • You need a root account on the servers that you want to discover. Alternately, you can provide a user account with sudo permissions.

  • The support to add a user account with sudo access is provided by default with the new appliance installer script downloaded from portal after July 20,2021.

  • For older appliances, you can enable the capability by following these steps:

    1. On the server running the appliance, open the Registry Editor.
    2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance.
    3. Create a registry key ‘isSudo’ with DWORD value of 1.

    Screenshot that shows how to enable sudo support.

  • To discover the configuration and performance metadata from target server, you need to enable sudo access for the commands listed here. Make sure that you have enabled 'NOPASSWD' for the account to run the required commands without prompting for a password every time sudo command is invoked.

  • The following Linux OS distributions are supported for discovery by Azure Migrate using an account with sudo access:

    Operating system Versions
    Red Hat Enterprise Linux 6,7,8
    Cent OS 6.6, 8.2
    Ubuntu 14.04,16.04,18.04
    SUSE Linux 11.4, 12.4
    Debian 7, 10
    Amazon Linux 2.0.2021
    CoreOS Container 2345.3.0
  • If you cannot provide root account or user account with sudo access, then you can set 'isSudo' registry key to value '0' in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance registry and provide a non-root account with the required capabilities using the following commands:

Command Purpose
setcap CAP_DAC_READ_SEARCH+eip /usr/sbin/fdisk

setcap CAP_DAC_READ_SEARCH+eip /sbin/fdisk (if /usr/sbin/fdisk is not present)
To collect disk configuration data
setcap "cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_setuid,
cap_setpcap,cap_net_bind_service,cap_net_admin,cap_sys_chroot,cap_sys_admin,
cap_sys_resource,cap_audit_control,cap_setfcap=+eip" /sbin/lvm
To collect disk performance data
setcap CAP_DAC_READ_SEARCH+eip /usr/sbin/dmidecode To collect BIOS serial number
chmod a+r /sys/class/dmi/id/product_uuid To collect BIOS GUID

Set up a project

Set up a new project.

  1. In the Azure portal > All services, search for Azure Migrate.

  2. Under Services, select Azure Migrate.

  3. In Overview, select Create project.

  4. In Create project, select your Azure subscription and resource group. Create a resource group if you don't have one.

  5. In Project Details, specify the project name and the geography in which you want to create the project. Review supported geographies for public and government clouds.

    Boxes for project name and region

  6. Select Create.

  7. Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and assessment tool is added by default to the new project.

Page showing Server Assessment tool added by default

Note

If you have already created a project, you can use the same project to register additional appliances to discover and assess more no of servers.Learn more

Set up the appliance

Azure Migrate appliance performs server discovery and sends server configuration and performance metadata to Azure Migrate. The appliance can be set up by executing a PowerShell script that can be downloaded from the project.

To set up the appliance you:

  1. Provide an appliance name and generate a project key in the portal.
  2. Download a zipped file with Azure Migrate installer script from the Azure portal.
  3. Extract the contents from the zipped file. Launch the PowerShell console with administrative privileges.
  4. Execute the PowerShell script to launch the appliance configuration manager.
  5. Configure the appliance for the first time, and register it with the project using the project key.

1. Generate the project key

  1. In Migration Goals > Servers > Azure Migrate: Discovery and assessment, select Discover.
  2. In Discover servers > Are your servers virtualized?, select Physical or other (AWS, GCP, Xen, etc.).
  3. In 1:Generate project key, provide a name for the Azure Migrate appliance that you will set up for discovery of physical or virtual servers. The name should be alphanumeric with 14 characters or fewer.
  4. Click on Generate key to start the creation of the required Azure resources. Do not close the Discover servers page during the creation of resources.
  5. After the successful creation of the Azure resources, a project key is generated.
  6. Copy the key as you will need it to complete the registration of the appliance during its configuration.

Selections for Generate Key.

2. Download the installer script

In 2: Download Azure Migrate appliance, click on Download.

Verify security

Check that the zipped file is secure, before you deploy it.

  1. On the server to which you downloaded the file, open an administrator command window.

  2. Run the following command to generate the hash for the zipped file:

    • C:\>CertUtil -HashFile <file_location> [Hashing Algorithm]
    • Example usage: C:\>CertUtil -HashFile C:\Users\administrator\Desktop\AzureMigrateInstaller.zip SHA256
  3. Verify the latest appliance version and hash value:

    Download Hash value
    Latest version 15a94b637a39c53ac91a2d8b21cc3cca8905187e4d9fb4d895f4fa6fd2f30b9f

Note

The same script can be used to set up Physical appliance for either Azure public or Azure Government cloud with public or private endpoint connectivity.

3. Run the Azure Migrate installer script

  1. Extract the zipped file to a folder on the server that will host the appliance. Make sure you don't run the script on a server with an existing Azure Migrate appliance.

  2. Launch PowerShell on the above server with administrative (elevated) privilege.

  3. Change the PowerShell directory to the folder where the contents have been extracted from the downloaded zipped file.

  4. Run the script named AzureMigrateInstaller.ps1 by running the following command:

    PS C:\Users\administrator\Desktop\AzureMigrateInstaller> .\AzureMigrateInstaller.ps1

  5. Select from the scenario, cloud and connectivity options to deploy an appliance with the desired configuration. For instance, the selection shown below sets up an appliance to discover and assess physical servers (or servers running on other clouds like AWS, GCP, Xen etc.) to an Azure Migrate project with default (public endpoint) connectivity on Azure public cloud.

    Screenshot that shows how to set up appliance with desired configuration

  6. The installer script does the following:

    • Installs agents and a web application.
    • Install Windows roles, including Windows Activation Service, IIS, and PowerShell ISE.
    • Download and installs an IIS rewritable module.
    • Updates a registry key (HKLM) with persistent setting details for Azure Migrate.
    • Creates the following files under the path:
      • Config Files: %ProgramData%\Microsoft Azure\Config
      • Log Files: %ProgramData%\Microsoft Azure\Logs

After the script has executed successfully, the appliance configuration manager will be launched automatically.

Note

If you come across any issues, you can access the script logs at C:\ProgramData\Microsoft Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.

Verify appliance access to Azure

Make sure that the appliance can connect to Azure URLs for public and government clouds.

4. Configure the appliance

Set up the appliance for the first time.

  1. Open a browser on any server that can connect to the appliance, and open the URL of the appliance web app: https://appliance name or IP address: 44368.

    Alternately, you can open the app from the desktop by clicking the app shortcut.

  2. Accept the license terms, and read the third-party information.

  3. In the web app > Set up prerequisites, do the following:

    • Connectivity: The app checks that the server has internet access. If the server uses a proxy:
      • Click on Set up proxy to and specify the proxy address (in the form http://ProxyIPAddress or http://ProxyFQDN) and listening port.
      • Specify credentials if the proxy needs authentication.
      • Only HTTP proxy is supported.
      • If you have added proxy details or disabled the proxy and/or authentication, click on Save to trigger connectivity check again.
    • Time sync: Time is verified. The time on the appliance should be in sync with internet time for server discovery to work properly.
    • Install updates: Azure Migrate: Discovery and assessment checks that the appliance has the latest updates installed. After the check completes, you can click on View appliance services to see the status and versions of the components running on the appliance.

Register the appliance with Azure Migrate

  1. Paste the project key copied from the portal. If you do not have the key, go to Azure Migrate: Discovery and assessment> Discover> Manage existing appliances, select the appliance name you provided at the time of key generation and copy the corresponding key.

  2. You will need a device code to authenticate with Azure. Clicking on Login will open a modal with the device code as shown below.

    Modal showing the device code

  3. Click on Copy code & Login to copy the device code and open an Azure Login prompt in a new browser tab. If it doesn't appear, make sure you've disabled the pop-up blocker in the browser.

  4. On the new tab, paste the device code and sign-in by using your Azure username and password. Sign-in with a PIN isn't supported.

  5. In case you close the login tab accidentally without logging in, you need to refresh the browser tab of the appliance configuration manager to enable the Login button again.

  6. After you successfully logged in, go back to the previous tab with the appliance configuration manager.

  7. If the Azure user account used for logging has the right permissions on the Azure resources created during key generation, the appliance registration will be initiated.

  8. After appliance is successfully registered, you can see the registration details by clicking on View details.

Start continuous discovery

Now, connect from the appliance to the physical servers to be discovered, and start the discovery.

  1. In Step 1: Provide credentials for discovery of Windows and Linux physical or virtual servers​, click on Add credentials.

  2. For Windows server, select the source type as Windows Server, specify a friendly name for credentials, add the username and password. Click on Save.

  3. If you are using password-based authentication for Linux server, select the source type as Linux Server (Password-based), specify a friendly name for credentials, add the username and password. Click on Save.

  4. If you are using SSH key-based authentication for Linux server, you can select source type as Linux Server (SSH key-based), specify a friendly name for credentials, add the username, browse and select the SSH private key file. Click on Save.

    • Azure Migrate supports the SSH private key generated by ssh-keygen command using RSA, DSA, ECDSA, and ed25519 algorithms.
    • Currently Azure Migrate does not support passphrase-based SSH key. Use an SSH key without a passphrase.
    • Currently Azure Migrate does not support SSH private key file generated by PuTTY.
    • Azure Migrate supports OpenSSH format of the SSH private key file as shown below:

    SSH private key supported format

  5. If you want to add multiple credentials at once, click on Add more to save and add more credentials. Multiple credentials are supported for physical servers discovery.

  6. In Step 2:Provide physical or virtual server details​, click on Add discovery source to specify the server IP address/FQDN and the friendly name for credentials to connect to the server.

  7. You can either Add single item at a time or Add multiple items in one go. There is also an option to provide server details through Import CSV.

    • If you choose Add single item, you can choose the OS type, specify friendly name for credentials, add server IP address/FQDN and click on Save.
    • If you choose Add multiple items, you can add multiple records at once by specifying server IP address/FQDN with the friendly name for credentials in the text box. Verify** the added records and click on Save.
    • If you choose Import CSV (selected by default), you can download a CSV template file, populate the file with the server IP address/FQDN and friendly name for credentials. You then import the file into the appliance, verify the records in the file and click on Save.
  8. On clicking Save, appliance will try validating the connection to the servers added and show the Validation status in the table against each server.

    • If validation fails for a server, review the error by clicking on Validation failed in the Status column of the table. Fix the issue, and validate again.
    • To remove a server, click on Delete.
  9. You can revalidate the connectivity to servers anytime before starting the discovery.

  10. Click on Start discovery, to kick off discovery of the successfully validated servers. After the discovery has been successfully initiated, you can check the discovery status against each server in the table.

This starts discovery. It takes approximately 2 minutes per server for metadata of discovered server to appear in the Azure portal.

Verify servers in the portal

After discovery finishes, you can verify that the servers appear in the portal.

  1. Open the Azure Migrate dashboard.
  2. In Azure Migrate - Servers > Azure Migrate: Discovery and assessment page, click the icon that displays the count for Discovered servers.

Next steps