Tutorial: Discover physical servers with Azure Migrate: Discovery and assessment
As part of your migration journey to Azure, you discover your servers for assessment and migration.
This tutorial shows you how to discover on-premises physical servers with the Azure Migrate: Discovery and assessment tool, using a lightweight Azure Migrate appliance. You deploy the appliance as a physical server, to continuously discover servers and performance metadata.
In this tutorial, you learn how to:
- Set up an Azure account.
- Prepare physical servers for discovery.
- Create a project.
- Set up the Azure Migrate appliance.
- Start continuous discovery.
Tutorials show the quickest path for trying out a scenario, and use default options.
If you don't have an Azure subscription, create a free account before you begin.
Before you start this tutorial, check you have these prerequisites in place.
|Appliance||You need a server on which to run the Azure Migrate appliance. The server should have:
- Windows Server 2016 installed.
(Currently the deployment of appliance is only supported on Windows Server 2016.)
- 16-GB RAM, 8 vCPUs, around 80 GB of disk storage
- A static or dynamic IP address, with internet access, either directly or through a proxy.
- Outbound internet connectivity to the required URLs from the appliance.
|Windows servers||Allow inbound connections on WinRM port 5985 (HTTP), so that the appliance can pull configuration and performance metadata.|
|Linux servers||Allow inbound connections on port 22 (TCP).|
It is unsupported to install the Azure Migrate Appliance on a server that has the replication appliance or mobility service agent installed. Ensure that the appliance server has not been previously used to set up the replication appliance or has the mobility service agent installed on the server.
Prepare an Azure user account
To create a project and register the Azure Migrate appliance, you need an account with:
- Contributor or Owner permissions on an Azure subscription.
- Permissions to register Azure Active Directory (AAD) apps.
If you just created a free Azure account, you're the owner of your subscription. If you're not the subscription owner, work with the owner to assign the permissions as follows:
In the Azure portal, search for "subscriptions", and under Services, select Subscriptions.
In the Subscriptions page, select the subscription in which you want to create project.
In the subscription, select Access control (IAM) > Check access.
In Check access, search for the relevant user account.
In Add a role assignment, click Add.
In Add role assignment, select the Contributor or Owner role, and select the account (azmigrateuser in our example). Then click Save.
To register the appliance, your Azure account needs permissions to register AAD apps.
In Azure portal, navigate to Azure Active Directory > Users > User Settings.
In User settings, verify that Azure AD users can register applications (set to Yes by default).
In case the 'App registrations' settings is set to 'No', request the tenant/global admin to assign the required permission. Alternately, the tenant/global admin can assign the Application Developer role to an account to allow the registration of AAD App. Learn more.
Prepare physical servers
Set up an account that the appliance can use to access the physical servers.
For Windows servers, use a domain account for domain-joined servers, and a local account for servers that are not domain-joined.
The user account should be added to these groups: Remote Management Users, Performance Monitor Users, and Performance Log Users.
If Remote management Users group isn't present, then add user account to the group: WinRMRemoteWMIUsers_.
The account needs these permissions for appliance to create a CIM connection with the server and pull the required configuration and performance metadata from the WMI classes listed here.
In some cases, adding the account to these groups may not return the required data from WMI classes as the account might be filtered by UAC. To overcome the UAC filtering, user account needs to have necessary permissions on CIMV2 Namespace and sub-namespaces on the target server. You can follow the steps here to enable the required permissions.
For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on the servers.
You need a root account on the servers that you want to discover. Alternately, you can provide a user account with sudo permissions.
The support to add a user account with sudo access is provided by default with the new appliance installer script downloaded from portal after July 20,2021.
For older appliances, you can enable the capability by following these steps:
- On the server running the appliance, open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance.
- Create a registry key ‘isSudo’ with DWORD value of 1.
To discover the configuration and performance metadata from target server, you need to enable sudo access for the commands listed here. Make sure that you have enabled 'NOPASSWD' for the account to run the required commands without prompting for a password every time sudo command is invoked.
The following Linux OS distributions are supported for discovery by Azure Migrate using an account with sudo access:
Operating system Versions Red Hat Enterprise Linux 6,7,8 Cent OS 6.6, 8.2 Ubuntu 14.04,16.04,18.04 SUSE Linux 11.4, 12.4 Debian 7, 10 Amazon Linux 2.0.2021 CoreOS Container 2345.3.0
If you cannot provide root account or user account with sudo access, then you can set 'isSudo' registry key to value '0' in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAppliance registry and provide a non-root account with the required capabilities using the following commands:
|setcap CAP_DAC_READ_SEARCH+eip /usr/sbin/fdisk
setcap CAP_DAC_READ_SEARCH+eip /sbin/fdisk (if /usr/sbin/fdisk is not present)
|To collect disk configuration data|
|To collect disk performance data|
|setcap CAP_DAC_READ_SEARCH+eip /usr/sbin/dmidecode||To collect BIOS serial number|
|chmod a+r /sys/class/dmi/id/product_uuid||To collect BIOS GUID|
Set up a project
Set up a new project.
In the Azure portal > All services, search for Azure Migrate.
Under Services, select Azure Migrate.
In Overview, select Create project.
In Create project, select your Azure subscription and resource group. Create a resource group if you don't have one.
Wait a few minutes for the project to deploy. The Azure Migrate: Discovery and assessment tool is added by default to the new project.
If you have already created a project, you can use the same project to register additional appliances to discover and assess more no of servers.Learn more
Set up the appliance
Azure Migrate appliance performs server discovery and sends server configuration and performance metadata to Azure Migrate. The appliance can be set up by executing a PowerShell script that can be downloaded from the project.
To set up the appliance you:
- Provide an appliance name and generate a project key in the portal.
- Download a zipped file with Azure Migrate installer script from the Azure portal.
- Extract the contents from the zipped file. Launch the PowerShell console with administrative privileges.
- Execute the PowerShell script to launch the appliance configuration manager.
- Configure the appliance for the first time, and register it with the project using the project key.
1. Generate the project key
- In Migration Goals > Servers > Azure Migrate: Discovery and assessment, select Discover.
- In Discover servers > Are your servers virtualized?, select Physical or other (AWS, GCP, Xen, etc.).
- In 1:Generate project key, provide a name for the Azure Migrate appliance that you will set up for discovery of physical or virtual servers. The name should be alphanumeric with 14 characters or fewer.
- Click on Generate key to start the creation of the required Azure resources. Do not close the Discover servers page during the creation of resources.
- After the successful creation of the Azure resources, a project key is generated.
- Copy the key as you will need it to complete the registration of the appliance during its configuration.
2. Download the installer script
In 2: Download Azure Migrate appliance, click on Download.
Check that the zipped file is secure, before you deploy it.
On the server to which you downloaded the file, open an administrator command window.
Run the following command to generate the hash for the zipped file:
C:\>CertUtil -HashFile <file_location> [Hashing Algorithm]
- Example usage:
C:\>CertUtil -HashFile C:\Users\administrator\Desktop\AzureMigrateInstaller.zip SHA256
Verify the latest appliance version and hash value:
Download Hash value Latest version 15a94b637a39c53ac91a2d8b21cc3cca8905187e4d9fb4d895f4fa6fd2f30b9f
The same script can be used to set up Physical appliance for either Azure public or Azure Government cloud with public or private endpoint connectivity.
3. Run the Azure Migrate installer script
Extract the zipped file to a folder on the server that will host the appliance. Make sure you don't run the script on a server with an existing Azure Migrate appliance.
Launch PowerShell on the above server with administrative (elevated) privilege.
Change the PowerShell directory to the folder where the contents have been extracted from the downloaded zipped file.
Run the script named
AzureMigrateInstaller.ps1by running the following command:
PS C:\Users\administrator\Desktop\AzureMigrateInstaller> .\AzureMigrateInstaller.ps1
Select from the scenario, cloud and connectivity options to deploy an appliance with the desired configuration. For instance, the selection shown below sets up an appliance to discover and assess physical servers (or servers running on other clouds like AWS, GCP, Xen etc.) to an Azure Migrate project with default (public endpoint) connectivity on Azure public cloud.
The installer script does the following:
- Installs agents and a web application.
- Install Windows roles, including Windows Activation Service, IIS, and PowerShell ISE.
- Download and installs an IIS rewritable module.
- Updates a registry key (HKLM) with persistent setting details for Azure Migrate.
- Creates the following files under the path:
- Config Files:
- Log Files:
- Config Files:
After the script has executed successfully, the appliance configuration manager will be launched automatically.
If you come across any issues, you can access the script logs at C:\ProgramData\Microsoft Azure\Logs\AzureMigrateScenarioInstaller_Timestamp.log for troubleshooting.
Verify appliance access to Azure
4. Configure the appliance
Set up the appliance for the first time.
Open a browser on any server that can connect to the appliance, and open the URL of the appliance web app: https://appliance name or IP address: 44368.
Alternately, you can open the app from the desktop by clicking the app shortcut.
Accept the license terms, and read the third-party information.
In the web app > Set up prerequisites, do the following:
- Connectivity: The app checks that the server has internet access. If the server uses a proxy:
- Click on Set up proxy to and specify the proxy address (in the form http://ProxyIPAddress or http://ProxyFQDN) and listening port.
- Specify credentials if the proxy needs authentication.
- Only HTTP proxy is supported.
- If you have added proxy details or disabled the proxy and/or authentication, click on Save to trigger connectivity check again.
- Time sync: Time is verified. The time on the appliance should be in sync with internet time for server discovery to work properly.
- Install updates: Azure Migrate: Discovery and assessment checks that the appliance has the latest updates installed. After the check completes, you can click on View appliance services to see the status and versions of the components running on the appliance.
- Connectivity: The app checks that the server has internet access. If the server uses a proxy:
Register the appliance with Azure Migrate
Paste the project key copied from the portal. If you do not have the key, go to Azure Migrate: Discovery and assessment> Discover> Manage existing appliances, select the appliance name you provided at the time of key generation and copy the corresponding key.
You will need a device code to authenticate with Azure. Clicking on Login will open a modal with the device code as shown below.
Click on Copy code & Login to copy the device code and open an Azure Login prompt in a new browser tab. If it doesn't appear, make sure you've disabled the pop-up blocker in the browser.
On the new tab, paste the device code and sign-in by using your Azure username and password. Sign-in with a PIN isn't supported.
In case you close the login tab accidentally without logging in, you need to refresh the browser tab of the appliance configuration manager to enable the Login button again.
After you successfully logged in, go back to the previous tab with the appliance configuration manager.
If the Azure user account used for logging has the right permissions on the Azure resources created during key generation, the appliance registration will be initiated.
After appliance is successfully registered, you can see the registration details by clicking on View details.
Start continuous discovery
Now, connect from the appliance to the physical servers to be discovered, and start the discovery.
In Step 1: Provide credentials for discovery of Windows and Linux physical or virtual servers, click on Add credentials.
For Windows server, select the source type as Windows Server, specify a friendly name for credentials, add the username and password. Click on Save.
If you are using password-based authentication for Linux server, select the source type as Linux Server (Password-based), specify a friendly name for credentials, add the username and password. Click on Save.
If you are using SSH key-based authentication for Linux server, you can select source type as Linux Server (SSH key-based), specify a friendly name for credentials, add the username, browse and select the SSH private key file. Click on Save.
- Azure Migrate supports the SSH private key generated by ssh-keygen command using RSA, DSA, ECDSA, and ed25519 algorithms.
- Currently Azure Migrate does not support passphrase-based SSH key. Use an SSH key without a passphrase.
- Currently Azure Migrate does not support SSH private key file generated by PuTTY.
- Azure Migrate supports OpenSSH format of the SSH private key file as shown below:
If you want to add multiple credentials at once, click on Add more to save and add more credentials. Multiple credentials are supported for physical servers discovery.
In Step 2:Provide physical or virtual server details, click on Add discovery source to specify the server IP address/FQDN and the friendly name for credentials to connect to the server.
You can either Add single item at a time or Add multiple items in one go. There is also an option to provide server details through Import CSV.
- If you choose Add single item, you can choose the OS type, specify friendly name for credentials, add server IP address/FQDN and click on Save.
- If you choose Add multiple items, you can add multiple records at once by specifying server IP address/FQDN with the friendly name for credentials in the text box. Verify** the added records and click on Save.
- If you choose Import CSV (selected by default), you can download a CSV template file, populate the file with the server IP address/FQDN and friendly name for credentials. You then import the file into the appliance, verify the records in the file and click on Save.
On clicking Save, appliance will try validating the connection to the servers added and show the Validation status in the table against each server.
- If validation fails for a server, review the error by clicking on Validation failed in the Status column of the table. Fix the issue, and validate again.
- To remove a server, click on Delete.
You can revalidate the connectivity to servers anytime before starting the discovery.
Click on Start discovery, to kick off discovery of the successfully validated servers. After the discovery has been successfully initiated, you can check the discovery status against each server in the table.
This starts discovery. It takes approximately 2 minutes per server for metadata of discovered server to appear in the Azure portal.
Verify servers in the portal
After discovery finishes, you can verify that the servers appear in the portal.
- Open the Azure Migrate dashboard.
- In Azure Migrate - Servers > Azure Migrate: Discovery and assessment page, click the icon that displays the count for Discovered servers.