Dr. Migrate Documentation
Dr Migrate
Deployment Guide
Prerequisites
Azure Migrate Checklist

Azure Migrate Checklist

Microsoft has robust and detailed guides on how to deploy and configured Azure Migrate [here][L1]. However there are a number of key items that need to be taken into account when deploying Azure Migrate, in order to insure that it your assessment is a success.

Deployment Checklist

Networking

💡 Do you have an Azure Migrate Appliance present within each network security boundary?

A security boundary is defined as a separate part of the environment, where traffic is managed separately, for example Prod vs a DMZ environment.

Appliances should be deployed within those environment, and should be configured to discover that segment.

ℹ️
Appliances should be joined to the domain, where possible, as this helps with authentication to devices being assessed.
💡 Have you checked that required ports are open between the Azure Migrate Appliance and the estate?

Depending on your appliance there are a number of requirements that need to be met. They are detailed below

  • Inbound connections on TCP port 3389 to allow remote desktop connections to the appliance.

  • Ensure that 443 and 5985 (HTTP) is open between the appliances and the servers being discovered, (Linux servers require port 22 (TCP) to be open along side 443)

  • Windows servers must have PowerShell remoting enabled and PowerShell version 2.0 or later installed.

  • WMI must be enabled and available on Windows servers to gather the details of the roles and features installed on the servers.

  • Linux servers must have Secure Shell (SSH) connectivity enabled and ensure that the following commands can be executed on the Linux servers to pull the application data:

    list
    tail
    awk
    grep
    locate
    head
    sed
    ps
    print
    sort
    uniq

<button class=“hextra-code-copy-btn hx-group/copybtn hx-transition-all active:hx-opacity-50 hx-bg-primary-700/5 hx-border hx-border-black/5 hx-text-gray-600 hover:hx-text-gray-900 hx-rounded-md hx-p-1.5 dark:hx-bg-primary-300/10 dark:hx-border-white/10 dark:hx-text-gray-400 dark:hover:hx-text-gray-50” title=“Copy code”

<div class="copy-icon group-[.copied]/copybtn:hx-hidden hx-pointer-events-none hx-h-4 hx-w-4"></div>
<div class="success-icon hx-hidden group-[.copied]/copybtn:hx-block hx-pointer-events-none hx-h-4 hx-w-4"></div>

Based on OS type and the type of package manager being used, here are some more commands: rpm/snap/dpkg, yum/apt-cache, mssql-server.

Required Credentials

💡
Top Tip: the same account should be used for Hypervisor, OS and SQL discovery

Hypervisor Credentials

💡 Have you provided credentials to the Azure Migrate Appliance for the hypervisor fabric?

For Vmware Appliance

The VMware appliance requires Guest Operations rights to be able to collect details from Vmware environments. Click here to learn how to assign Vmware Guest Operations Access

ℹ️
For VMWare environments, Guest Operation rights are required to collect performance data.

For HyperV Appliance

Option 1: Prepare an account with Administrator access to the Hyper-V host machine.

Option 2: Prepare a Local Admin account, or Domain Admin account, and add the account to these groups: Remote Management Users, Hyper-V Administrators, and Performance Monitor Users.

OS Level

💡 Have you provided credentials to the Azure Migrate Appliance for the servers being assessed?

Is the account provided a member of the Local Admins group on all servers?

💡
Top Tip: Using a existing Service account is a great way to ensure coverage across the estate (e.g. a monitoring account)

For Windows servers and web apps discovery

Create an account (local or domain) that has administrator permissions on the servers. This can either be an account that is a Domain Admin or Member of Local Admins group. This account should be present on all servers that you want to assess.

For Linux servers, provide a sudo user account with permissions to execute ls and netstat commands or create a user account that has the CAP_DAC_READ_SEARCH and CAP_SYS_PTRACE permissions on /bin/netstat and /bin/ls files. If you’re providing a sudo user account, ensure that you have enabled NOPASSWD for the account to run the required commands without prompting for a password every time sudo command is invoked.

SQL Level

💡 Have you provided credentials to the Azure Migrate Appliance for the SQL Servers being assessed?

To discover SQL Server instances and databases, the Windows or SQL Server account must be a member of the sysadmin server role or have these permissions for each SQL Server instance.

Top Tip: While SQL SysAdmin Access is preferred, a Lest privilege account mask is available here SQL Custom Login

Performance Data

💡 Check the Resolve Issues section of Azure Migrate, and review outstanding issues with discovery
Focus on Software Inventory and Performance Errors.