CloudEndure Lab

Overview

AWS Control Tower works both for migrations from on-premises applications to AWS and for your AWS environment with multiple AWS accounts. For both scenarios, managing different teams’ access, cloud setup, and governance can become complex and time consuming. That can slow the pace of migrations and add risks to security compliance. AWS Control Tower streamlines the migration process, enabling you to move quickly to the cloud in a secure and compliant manner.

In this lab, we will perform the steps to perform an end-to-end migration. We will see how to execute a lift and shift on a simulated on-premises environment to a new AWS account governed by AWS Control Tower. We do this by using CloudEndure’s live migration tool which uses Continuous Block Level Replication technology.

High level steps:

  1. Set up a new managed AWS account using AWS Control Tower Account Factory or use existing one.
  2. Set up the simulated migration source environment.
  3. Work with CloudEndure Live Migration Tool:
    • Set up CloudEndure project using Service Catalog product.
    • Configure the source simulated on-premises instances.
    • Perform the migration and cutover to new target environment.
    • Clean up the simulated and target environment.

Prerequisites

  1. This lab requires an account with Administrator privileges and Control Tower.
  2. A CloudEndure account - user credentials

Architecture Overview

The architecture for this lab exercise is shown in the following diagram.

Steps

Create a CloudEndure Migration Account

  1. CloudEndure migration licenses are provided at no cost for customers and partners migrating workloads into AWS for 90 days from the time of CloudEndure agent installation.

Fill the simple form to create a CloudEndure account and note the credentials used. Get started now with free CloudEndure Migration licenses.

Creating your new, managed AWS account using Account Factory

*[Optional in case you already have Control Tower Managed account]*

Refer Account Factory lab Step #2 to create new managed account.

Preparing your on-premises environment

  1. Login to Control Tower Audit account using the SSO url. This account will act as a Source of migration. Switch to the region where Control Tower is installed. Create a EC2 Key pair by following these steps.Key will be used in next steps.
  2. To create an on-premises simulated environment, go to AWS CloudFormation console AWS Console Click on Create Stack, under Choose a template select Specify an Amazon S3 template URL and copy-paste below link and click Next. https://marketplace-sa-resources.s3.amazonaws.com/ctlabs/migration/LAMP2TierApp.yml

Provide a Stack name as source-simulated-onpremise-app.

Enter the following Parameters to create the stack :

  • MyClientIP: Add your IP or CIDR to allow access via http (port 80) to the web application.
  • Click NextNextCreate Stack.
  • It creates a VPC and deploys the 2-Tier LAMP stack(webserver & dbserver) and takes ~7 minutes to complete.
  1. When stack Status will show CREATE_COMPLETE, please go to Outputs tab and copy the DatabaseServer IP and open the WebsiteURL in new browser tab.

  2. It will open the Web app. Enter the DatabaseServer IP copied from last step in the text box and click on Connect button as shown below. The webserver shall connect to dbserver and show the connection message. *At this stage our on-premise simulated environment is ready for the migration.

Preparing your Target environment

  1. Login to Control Tower managed account (Migration Target) using the SSO user & switch to the CT home region.
  2. Download the CloudEndureProjectLambda Lambda zip file from below link. https://marketplace-sa-resources.s3.amazonaws.com/ctlabs/migration/CloudEndureProjectLambda.zip
  3. Create a s3 bucket to upload the Lambda function zip file
    • Go to S3 console
    • Click on Buckets on the left menu
    • Click on + Create bucket button
    • The bucket name should be: *<your_alias>-ct-migration-lab*
    • From the drop down list, select the same region:
    • Click Next, Uncheck the box Block all public access
    • Check “I acknowledge that the current settings may result in this bucket and the objects within becoming public”
    • Accept all remaining defaults and create bucket
    • Then, upload the CloudEndureProjectLambda.zip file to it
    • Click on Upload and choose the CloudEndureProjectLambda.zip file
    • Click Next and make sure to make it public read

4. Deploy the CloudFormation template to create CloudEndure Service Catalog Portfolio & Product

  • Navigate to AWS CloudFormation console screen AWS Console
  • Click on Create Stack, under Choose a template select Specify an Amazon S3 template URL and copy-paste below link and click Next. https://marketplace-sa-resources.s3.amazonaws.com/ctlabs/migration/CloudEndureSCPortfolio.yml
  • Provide a Stack name as CloudEndureSCPortfolio.
  • Click Next, review the options you select and finally create stack.
  • Wait for the Stack Status to become CREATE_COMPLETE.
  • Navigate to Service Catalog console and from left side panel, click Administration > Portfolios
  • You will see the CloudEndure Portfolio. Click on it.

    • Then click on Groups, roles and users tab and then Add groups, roles, users button.
    • In new window, click on Roles tab and in search box type AWSAdministratorAccess. In below list, AWSReservedSSO_AWSAdministratorAccess_xxxx Role name will be visible. Check the box besides it and click on Add access button.
    • To Launch this product, click on very first Products option on left panel.
    • Click on the three dots menu of the CloudEndure Migration Product and Launch product.
    • Enter the Name CloudEndureProject. Click Next
    • Fill the launch form fields as directed
    • Click Next, Next and Launch.
    • After 5 minutes the product should be successfully launched.
  • Launch the Target VPC Navigate to to AWS CloudFormation console screen AWS Console Click on Create Stack, under Choose a template select Specify an Amazon S3 template URL and copy-paste below link and click Next. https://marketplace-sa-resources.s3.amazonaws.com/ctlabs/migration/MigrationTargetVPC.yml Provide a Stack name as TargetVPC. Click Next, review the options you select and click Next again. Wait for the Stack Status to become CREATE_COMPLETE.

CloudEndure configuration and agent installation

Replication configuration

Access your CloudEndure user console. On ‘REPLICATION SETTINGS’ tab for Migration Source select Other infrastructure. For Migration Target, select the AWS region where the Target infrastructure(in previous step) is setup. Replication Servers - For this lab we will choose m5.large as a Replication server & Converter instance type. * Keep the check box Use dedicated Replication Servers unchecked. * For disks, keep default Use fast SSD data disks. * For subnet, choose Public Subnet 1 which is related to TargetVPC. * For Security Group, Keep the Default CloudEndure Security Group. * Keep remaining fields as it is, and select Save Replication Settings on the bottom right corner. * The dialog box Project Setup complete will appear.

Select SHOW ME HOW in the lower right. This opens guidelines to install CloudEndure agent on your source instances.

CloudEndure Agent installation

Go to the AWS Systems Manager Run Command console. in migration source account(Audit). Select Run Command in the upper right to start the installation process. To install CloudEndure live migration agent on the Linux instance, choose the AWS-RunShellScript Command document. For command parameters, once you selected AWS-RunShellScript copy the commands from the CloudEndure console & paste and run it. For Targets, select Choose instance manually. Then check the checkbox next to Database & Web server instances to select them, as shown in the following screenshot. From the Output options, uncheck the Enable writing to an S3 bucket box and click on Run button. Wait until the status changes to Success. Then navigate back to the CloudEndure User Console Browser Dashboard. Your instance now appears as an object in the Initial Sync phase. Wait until all instances reach Continuous Data Replication in the Data Replication Progress column.

Configure Machine Blueprints

Webserver

In the CloudEndure console, select Machines from the left sidebar. 1. Select the the server named webserver. This opens the details page to configure the machine blueprint with target instance options. 2. Fill the details as below * Machine Type: t3.small * Launch Type: On demand. * Subnet: Public Subnet 1…(TargetVPC). * Security Groups: TargetVPC-sgweb-xxx * Private IP address: Select create new. (It will choose new private IP from the target subnet selected) * Keep remaining options to Default except** Disks**: select SSD * Click SAVE BLUEPRINT

dbserver

In the CloudEndure console, select Machines from the left sidebar. 1. Select the the server named dbserver. This opens the details page to configure the machine blueprint with target instance options. 2. Fill the details as below * Machine Type: t3.small * Launch Type: On demand. * Subnet: Private Subnet 1A….(TargetVPC). * Security Groups: TargetVPC-sgdatabase-xxx * Private IP address: Select create new. * Public IP: No * Keep remaining the options to Default except** Disks**: select SSD * Click SAVE BLUEPRINT

Testing replicated machines

In the CloudEndure console Machines page, check the boxes for both the machines. 1. In the upper right, select Launch 2 Target Machines. 2. Select Test Mode and Continue. 3. Select Job Progress to view the progress and wait until the Status shows Completed Successfully. 4. Go to Target/Managed AWS account ec2 console, and observe the instances launched by the CloudEndure. 5. Select the webserver and copy its public DNS/IP and paste it in browser. It shall show the PHP landing page.

6. Select the dbserver and copy its PrivateIP and enter it at Enter Database Host text box and select Connect. The connection shall be successful with the message “Connected to Database server xx.xx.xx.xx”. This will confirm that, our migration test is successful.

Migration – cutover process

CloudEndure console Machines page, check the boxes for two machines. 1. Select the Launch 2 target machines button in the top right corner. 2. Select Cutover Mode from the drop-down menu. Select the Continue. You can see the progress by selecting Job Progress menu. 3. You can check the instance launching process by going to EC2 console of target/managed account. 4. Once the cutover process is complete, you can re-test the application by following steps mentioned in previous section. Congratulations! You have migrated your environment to AWS using CloudEndure and AWS Control Tower.


Deleting AWS resources deployed in this lab

To remove all resources you added in this lab, follow these steps:

  1. On CloudEndure user console, go to Project Actions in the upper right. Choose Delete Current Project, as shown in the following screenshot.

  1. Audit account - Go CloudFormation AWS Console and delete the **source-simulated-onpremise-app **stack.
  2. Target/Managed account - Goto EC2 console and Terminate the 4 ec2 instances( 2 - CloudEndure Replication servers, webserver, dbserver)
  3. Go to Service Catalog console and from left side panel select **Provisioned products list. **On right hand side click on the three dots menu and select Terminate provisioned product.
  4. Then select the Administration > **Portfolio list **from left panel and click on the **CloudEndure Portfolio. **Click on **Groups, roles, and users **and select the role name aws-reserved/sso.amazonaws.com/xxxxx/AWSReservedSSO_AWSAdministratorAccess_xxx and click** Remove groups, roles, user** button.
  5. Go CloudFormation AWS Console and **delete the TargetVPC **stack.
  6. Also on same console, select the **CloudEndureSCPortfolio **stack and **delete **the same.
  7. Go to S3 console, and empty the <your_alias>-ct-migration-lab bucket. And delete this bucket.

*Copyright 2020, Amazon Web Services, All Rights Reserved.*