General Requirements
Network Pre-requisites
Network is the key component to the IBM Live Migration Service platform. In this section, you will find the ingress(inbound) and egress(outbound) between several endpoints involved in the IBM Live migration Service. This will also include all the required ports and the description for the ports.
Network Diagram
The below figure shows the network topology of the IBM Live Migration Service product.
The below table shows the ports used by IBM Live Migration Service.
| Client | Egress | Ingress | Traffic Type | Endpoints | Description |
|---|---|---|---|---|---|
| Agent | Egress: TCP-1500 |
Replication Servers (Private/ Public Network) | Ingress: TCP 1500 |
Production instance and data (The actual data Staging stream) | NA |
| Agent | TCP-1500 | TCP 1500 | Data Traffic (Private/ Public Network) | Between Source Machines and Staging Area | Production instance and data (The actual data replication stream) |
| Agent | Egress: TCP-443 |
Management (Public Network) |
NA | Rest API’s used during agent installation Agent Monitoring Statistics for agent |
NA |
| Agent | TCP-443 | NA | Management Traffic (Public Network) |
Between Source Machines and IBM Live Migration Service Manager | Rest API’s used during agent installation Agent Monitoring Statistics for agent |
| Replication Server | Egress: TCP- 443 |
Management (Public Network) |
NA | Statistics for Replication Servers Staging server logs Staging Server API |
NA |
| Replication Server | TCP- 443 | NA | Management Traffic (Public Network) |
Between Staging Area and IBM Live Migration Service Manager | Statistics for Replication Servers Staging server logs Staging Server API |
The following lists the three contact points for IBM Live Migration Service components with the external network:
- The migration agent needs to communicate with the IBM Live Migration Service Manager.
- The migration agent needs to communicate with the Replication Servers.
- Replication Server need to communicate with the IBM Live Migration Service Manager and S3.
Guidance for setting up Management Traffic over TCP Port 443
Add the following IP addresses and URLs to your firewall network:
 |
 |
 |
 |
|---|---|---|---|
| IBM Live Migration Service Manager IP Address requires for utilizing IBM Live Migration Service. 50.19.144.132 13.52.54.28 Amazon S3 Buckets are required for downloading Migration agent. http://s3.amazonaws.com http://s3.us-east-2.amazonaws.com |
The Replication Server requires outbound access to the EC2 endpoint of its AWS region. | login.microsoftonline.com management.azure.com blob.core.windows.net 52.72.172.158 52.53.92.136 54.86.81.247 34.226.185.103 34.195.63.160 54.152.211.146 54.208.187.240 54.209.28.61 Note: If you have a Firewall enabled on their Storage Account and only allow access from selected networks must add the IBM Live Migration Service Manager IPs (50.19.144.132 and 13.52.54.28) and the Replication Server subnets above to the Rules by navigating to Firewalls and virtual networks in their Storage Account and adding the values under the Firewall category |
52.53.64.125 |
Communication Between Source Machines and IBM Live Migration Service Manager over TCP Port 443
Each Source machine that is a part of the IBM Live Migration Service must continuously interact with both the IBM Live Migration Service Manager and IBM Live Migration Service's Console over TCP port 443.
The following are the main operations performed through TCP port 443:
- Downloading the Migration Agent through the IBM Live Migration Service Agent Installer onto the Source machines.
- Upgrading installed Agents.
- Connecting the Source machines to the Console and displaying the replication status.
- Monitoring the Source machines for internal troubleshooting and use of resource consumption metrics(CPU, RAM).
- Reporting replication-related events. For instance, replication started, replication stopped, and replication reached X%).
Configuring Communication over TCP Port 443 between the Source Machines and the IBM Live Migration Service Manager.
You can establish communication between the Source machines and the IBM Live Migration Service Manager over TCP Port 443 in two ways:
- Direct communication between the Source machines and the Service Manager
- Indirect communication by using a proxy
Communication Between the Staging Area and IBM Live Migration Service Manager over TCP Port 443
The Replication Servers on the Staging Area must continuously communicate between the IBM Live Migration Service Manager over TCP Port 443.
The main operations that are performed through this path are:
- Downloading the Replication Software by the Replication Server.
- Connecting the Replication Servers to the IBM Live Migration Service Manager and displaying the Replication status.
- Monitoring the Replication Servers for internal troubleshooting and resource consumption metrics (CPU, RAM).
- Reporting replication-related events.
Configuring Communication over TCP Port 443 between the Staging Area and the IBM Live Migration Service Manager
Communication between the Staging Area and IBM Live Migration Service Manager can be established over TCP Port 443 in the following ways:
- Direct
- Indirect
1.Direct communication between the Staging area and the service manager:
- GCP - The following are two ways to establish direct connectivity to the Internet for the VPC of the Staging area:
- Public IP address
- Private IP address + NAT instance
- AWS – there are 2 ways to establish direct connectivity to the Internet for the VPC of the Staging Area, as described in the VCP FAQ.https://aws.amazon.com/vpc/faqs/
- Azure
- Public IP address
- Private IP address + NAT instance
2.Indirect communication using a proxy
To use a proxy:
Click on Open > IBM Live Migration Service > User Console and navigate to Setup & Info > Replication Settings.
On the Define whether to route communication between the Replica Server via a proxy field, enter the proxy details after https://
You can modify outbound traffic in the following ways:
AWS: Modify the Security Group
Azure: Modify the Network
Verifying the Communication over TCP Port 443 between the Staging Network and the IBM Live Migration Service Manager
For more information on how to check the communication over TCP Port 443 between the replication Network and the IBM Live Migration Service Manager see Chapter 9.2.3, “Verifying communication over Port 443” on page 120.
- Communication Between the Source Machines and the Staging Area over TCP Port 1500
Each Source machine with an installed Agent must communicate continuously with IBM Live Migration Service Replication Servers in the Staging Area over TCP Port 1500. To transfer replicated data from the source machines to the Staging Area, TCP Port 1500 is required. The replicated data is encrypted and compressed when transferred over TCP Port 1500. The data encrypted on the source infrastructure using the Advanced Encryption Standard(AES)-256 bit and SSL are also transferred to the Staging Area. The data is decrypted when it reaches the Staging Area and is written to the disks.
TCP Port 1500 is primarily used for the Replication Server Data Replication stream.
- Establishing Communication over TCP Port 1500
- Verifying the Communication over TCP Port 1500
For more information on how to verify communication over TCP Port 1500 see "Verifying communication over Port 1500".
- Calculating the Required Bandwidth for TCP Port 1500
For more information on how to calculate the required bandwidth for TCP Port 1500 "Calculating the bandwidth needed for Port 1500".
- Solving Communication Problems over TCP Port 1500
For more information on how to solve common communication problems see "Solving communication problems over Port 1500".