AWS Control Tower works both for migrations from on-premises applications to AWS and for your AWS environment with multiple AWS accounts. For both scenarios, managing different teams’ access, cloud setup, and governance can become complex and time consuming. That can slow the pace of migrations and add risks to security compliance. AWS Control Tower streamlines the migration process, enabling you to move quickly to the cloud in a secure and compliant manner.
In this lab, we will perform the steps to perform an end-to-end migration. We will see how to execute a lift and shift on a simulated on-premises environment to a new AWS account governed by AWS Control Tower. We do this by using CloudEndure’s live migration tool which uses Continuous Block Level Replication technology.
The architecture for this lab exercise is shown in the following diagram.
Fill the simple form to create a CloudEndure account and note the credentials used. Get started now with free CloudEndure Migration licenses.
*[Optional in case you already have Control Tower Managed account]*
Refer Account Factory lab Step #2 to create new managed account.
Provide a Stack name as source-simulated-onpremise-app.
Enter the following Parameters to create the stack :
When stack Status will show CREATE_COMPLETE, please go to Outputs tab and copy the DatabaseServer IP and open the WebsiteURL in new browser tab.
It will open the Web app. Enter the DatabaseServer IP copied from last step in the text box and click on Connect button as shown below. The webserver shall connect to dbserver and show the connection message. *At this stage our on-premise simulated environment is ready for the migration.
CloudEndureProjectLambdaLambda zip file from below link.
CloudEndureProjectLambda.zipfile to it
4. Deploy the CloudFormation template to create CloudEndure Service Catalog Portfolio & Product
You will see the CloudEndure Portfolio. Click on it.
Launch the Target VPC
Navigate to to AWS CloudFormation console screen AWS Console
Click on Create Stack, under Choose a template select Specify an Amazon S3 template URL and copy-paste below link and click Next.
Provide a Stack name as TargetVPC.
Click Next, review the options you select and click Next again.
Wait for the Stack Status to become CREATE_COMPLETE.
Access your CloudEndure user console. On ‘REPLICATION SETTINGS’ tab for Migration Source select Other infrastructure. For Migration Target, select the AWS region where the Target infrastructure(in previous step) is setup. Replication Servers - For this lab we will choose m5.large as a Replication server & Converter instance type. * Keep the check box Use dedicated Replication Servers unchecked. * For disks, keep default Use fast SSD data disks. * For subnet, choose Public Subnet 1 which is related to TargetVPC. * For Security Group, Keep the Default CloudEndure Security Group. * Keep remaining fields as it is, and select Save Replication Settings on the bottom right corner. * The dialog box Project Setup complete will appear.
Select SHOW ME HOW in the lower right. This opens guidelines to install CloudEndure agent on your source instances.
Go to the AWS Systems Manager Run Command console. in migration source account(Audit). Select Run Command in the upper right to start the installation process. To install CloudEndure live migration agent on the Linux instance, choose the AWS-RunShellScript Command document. For command parameters, once you selected AWS-RunShellScript copy the commands from the CloudEndure console & paste and run it. For Targets, select Choose instance manually. Then check the checkbox next to Database & Web server instances to select them, as shown in the following screenshot. From the Output options, uncheck the Enable writing to an S3 bucket box and click on Run button. Wait until the status changes to Success. Then navigate back to the CloudEndure User Console Browser Dashboard. Your instance now appears as an object in the Initial Sync phase. Wait until all instances reach Continuous Data Replication in the Data Replication Progress column.
In the CloudEndure console, select Machines from the left sidebar. 1. Select the the server named webserver. This opens the details page to configure the machine blueprint with target instance options. 2. Fill the details as below * Machine Type: t3.small * Launch Type: On demand. * Subnet: Public Subnet 1…(TargetVPC). * Security Groups: TargetVPC-sgweb-xxx * Private IP address: Select create new. (It will choose new private IP from the target subnet selected) * Keep remaining options to Default except** Disks**: select SSD * Click SAVE BLUEPRINT
In the CloudEndure console, select Machines from the left sidebar. 1. Select the the server named dbserver. This opens the details page to configure the machine blueprint with target instance options. 2. Fill the details as below * Machine Type: t3.small * Launch Type: On demand. * Subnet: Private Subnet 1A….(TargetVPC). * Security Groups: TargetVPC-sgdatabase-xxx * Private IP address: Select create new. * Public IP: No * Keep remaining the options to Default except** Disks**: select SSD * Click SAVE BLUEPRINT
In the CloudEndure console Machines page, check the boxes for both the machines. 1. In the upper right, select Launch 2 Target Machines. 2. Select Test Mode and Continue. 3. Select Job Progress to view the progress and wait until the Status shows Completed Successfully. 4. Go to Target/Managed AWS account ec2 console, and observe the instances launched by the CloudEndure. 5. Select the webserver and copy its public DNS/IP and paste it in browser. It shall show the PHP landing page.
6. Select the dbserver and copy its PrivateIP and enter it at Enter Database Host text box and select Connect. The connection shall be successful with the message “Connected to Database server xx.xx.xx.xx”. This will confirm that, our migration test is successful.
CloudEndure console Machines page, check the boxes for two machines. 1. Select the Launch 2 target machines button in the top right corner. 2. Select Cutover Mode from the drop-down menu. Select the Continue. You can see the progress by selecting Job Progress menu. 3. You can check the instance launching process by going to EC2 console of target/managed account. 4. Once the cutover process is complete, you can re-test the application by following steps mentioned in previous section. Congratulations! You have migrated your environment to AWS using CloudEndure and AWS Control Tower.
To remove all resources you added in this lab, follow these steps:
<your_alias>-ct-migration-labbucket. And delete this bucket.
*Copyright 2020, Amazon Web Services, All Rights Reserved.*