Migration to AWS

Replication Settings

Prior using the IBM Live Migration Service solution, define the replication settings for the chosen cloud. This section provides an overview for defining the replication settings for the AWS, which includes defining the target infrastructure, replication Servers, and optional cloud-specific settings such as VPN and proxy usage.

Replication settings can now be set both project-wide and individually for each machine or group of machines.

Replication Settings for AWS

The REPLICATION SETTINGS page enables you to define your source and target environments, and the replication servers in the Staging area of the target infrastructure.

After entering AWS credentials in the IBM Live Migration service user console, navigate to Setup & Info > REPLICATION SETTINGS.
Next, define the target infrastructures and regions. By default, the AWS source infrastructure is set to generic/other infrastructure.
To define the target infrastructure, select the AWS region that will serve as the target to replicate the data from the Live Migration Target drop-down menu.

After defining the Target, define the AWS Zone. Each AWS region has several zone options. Select the zone you wish to use from the drop-down menu.

NoteOnly AWS regions and zones that are allowed by your AWS account will be displayed.

NoteThe first available zone will be chosen by default if no zone is manually selected.

IMPORTANTAfter selecting your Target infrastructure and beginning replicating your source machines, you can opt to change target selection. However, you should take into consideration that your entire project will be completely reset following a change in the target infrastructure. This means that the replication will stop, the agents that are currently installed on your source machines will be uninstalled, the source machines will be disconnected from the IBM Live Migration service engine, and all the data that was replicated up to this point to the Staging area will be deleted. Therefore, it is crucial to carefully select your target infrastructure from the very start.

Defining the Replication Servers

After selecting the target infrastructure and regions, define the replication Servers.

Replication server page

Defining the Subnet

On the replication Servers section,

Set the subnet of the replication area under the Choose the subnet where the replication servers will be launched.
From the drop-down list, select the subnet to designate as the Staging area for the replication servers.

NoteYou can safely switch between subnets even after the replication has started. This switch will only cause a very short pause in the replication, minutes at the most, and will not have any long-term effect on the replication.

The default subnet is allocated by AWS. The other subnets in the drop-down menu are the subnets that are automatically allocated by AWS to the selected region.

NoteFor more information, learn more about AWS subnetworks.

Defining the Security Group

On the replication servers section, set the security group of the Staging area.

Security group option

A Security Group acts as a virtual firewall, which controls the inbound and outbound traffic of the Staging area. From the drop-down list, select the Security Group you want to apply to the Staging Area.

The list of available security groups changes according to the subnet you selected in the previous field. You can add security groups via the AWS console, and they will appear on the security group drop-down list in the IBM Live Migration service user console.

Learn more about Security Groups and AWS.

By default, IBM Live Migration Service creates a security group for each Staging area subnet. This default IBM Live Migration Service security group opens on the Staging area the following ports:

Inbound TCP Port 1500 for receiving the transferred replicated data.
Outbound TCP Port 443 for communication with the IBM Live Migration Service manager, the storage unit, and the AWS cloud APIs. (When using your own DNS server, and not an AWS server) outbound TCP port 53 for DNS resolution.

You can use the default IBM Live Migration Service security group, or you can select another security group for your purposes. However, take into consideration that any selected security group that is not the default, will be added to the default group, since the default security group is essential for the operation of your solution.

[Optional] Define VPN usage

[Optional] On the replication servers section, select either to use a public or private network for sending the replicated data from the source machines to the Staging area. Check the box to the left of the Use VPN… option to use a private network.

VPN with private network

NoteUse this option only if you already have a VPN connection. Selecting this check box will not create a new private connection. It is recommended to use this option if you want to:

Allocate a dedicated bandwidth for replication,
Use another level of encryption,
Add another layer of security by transferring the replicated data from one private IP address (source) to another private IP address (target).

NoteThe Use VPN… field will show different options based on your setup (in the screenshot above, the Direct Connect option is shown).

By default, the replicated data is sent from the source infrastructure to the Staging area over a public network, using the public IP of the Staging area. The transferred data is protected in transit. Prior moving the data to the Staging area, it is encrypted on the source infrastructure using an Advanced Encryption Standard (AES), 256-bit encryption. Once the data arrives at the Staging area, and before it is written to the disks, it is decrypted.

NoteSafely switch between a private connection and a public one by selecting or clearing the Use VPN check box, even after replication has begun. This switch will only cause a very short pause in replication and will not have any long-term effect on the replication.

Define the Proxy

Once, the Use VPN option is checked, define the URL and port of the VPN proxy server.

Enter the VPN proxy URL under the Define whether to route communication from the Replication Server via a proxy: field after the https://. Enter the port in the port field.

Host name

Encrypting Data on the Disks in the Staging Area

You can encrypt your replicated data on the disks in the Staging area. You can have your data encrypted at rest by using the EBS encryption feature.

IMPORTANTIt is highly recommended to set the encryption option before you start the replication process.

To this feature, check the box to the left of Enable volume encryption. To this feature, check the box to the left of Enable volume encryption.

Enable volume encryption option

Defining Staging Area Tags

On the Staging network Tags section, set tags by defining their keys and values. Enter a key and a value into the corresponding fields.

Click the gray plus sign (+) to add more keys.

Staging area tags page

[Optional] Enable Network bandwidth throttling

The Network bandwidth throttling option allows to regulate network traffic and minimize bandwidth congestion. Enable this option to control the transfer rate of the data that is sent from the source machine to the replication area over TCP port 1500. Once enabled, set the data transfer rate in Mbps. Uncheck the box next to Disabled to enable the option, then move the bar to set the throttling rate.

Disabling the network bandwith throttling

Saving your Settings

Once you have set all of your settings, click the SAVE REPLICATION SETTINGS button at the bottom of the page.

Disabling the network bandwith throttling