Azure Migrate VMware Discovery Checklist

Dr Migrate

Prerequisites

Requirements Overview

	Requirement	Learn More
✅	A user with Contributor or Owner permissions over the Subscription	Learn More
✅	A user with Application Developer or Higher in Entra ID	Learn More
✅	Prepare Azure Migrate appliance, ensure RDP and authenticate.	Learn More
✅	All required Public or Private endpoint URLs are enabled.	Learn More
✅	All required Ports are allowed through required Firewalls/Proxies.	Learn More
✅	All required credentials are in place, validated and tested.	Learn More
✅	Environment scope is understood and agreed.	Learn More

VMware Discovery Data Flow Diagram

Advanced Chevron <

VMware Discovery Reference

Microsoft provides detailed reference documentation for deploying Azure Migrate against your Vmware estate, please see here for more information.

💡

If you are unable to implement the VMware appliance in your environment due to restrictions, consider using the Physical Appliance to collect assessment data.

VMware Discovery Checklist

Minimum Software Requirements

vCenter Server version 8.0, 7.0, 6.7, 6.5, 6.0, 5.5; ESXi version 5.5 or later, are supported
Software inventory requires VMware Tools 10.2.1 or later on each server endpoint
Windows servers must have PowerShell version 2.0 or later installed
SQL Server 2008 or later is supported for instance and database discovery, and PaaS pricing
All Windows and Linux operating system versions are supported; however, dependency analysis is limited to these operating systems
It is recommended that the Azure Migrate appliance is joined to your Active Directory domain, this helps with authentication steps.

Minimum Appliance System Requirements

32-GB RAM
8 vCPUs
80 GB disk
Windows Server 2019 or later
A static or dynamic IP address, with internet access, either directly or through a proxy.

Minimum Azure Permissions

In order to successfully deploy Azure Migrate, you will need:

At the Subscription level, a User with Contributor or Owner permissions
Entra apps: Ability to register an Application: Application Developer role or higher

ℹ️

If you are familiar with Azure Migrate and want to connect the discovery appliance in advance of our joint configuration meeting, be sure to:

Choose defaults for the Azure Migrate project; make no changes in Advanced options
Connect all appliances to the same project

Required URLs

ℹ️

Public Endpoint Connectivity Method to is recommended for the smoothest experience.

Public Endpoint Deployment

Allow Public URLs using TCP 443
Turn on SSL bypass

Private Endpoint Deployment

Allow Private URLs using TCP 443
Turn on SSL bypass

For more information on deploying Azure Migrate with Private endpoints see here

Minimum Port Requirements

For successful Azure Migrate data collection the following ports need to be open between the Azure Migrate Appliance, and the devices being scanned:

Source	Destination	Port
Appliance	vCenter	TCP 443
Appliance	Azure URL’s	TCP 443
Appliance	VMware ESXi hosts	TCP 443
Appliance	Windows Server targets	TCP 5985
Appliance	SQL Servers	TCP 1433
Appliance	Linux Servers	TCP 22

Appliance Download Options

Option 1 – VMware Open Virtual Appliance (OVA)

The OVA can be prepared in advance of our configuration meeting; ensure you can RDP and authenticate.

VMware Appliance OVA

Option 2 – PowerShell Script

The VMware discovery stack can also be installed using a PowerShell Script on your VM that you provision.

Powershell Installer Script

If you are familiar with Azure Migrate, you are welcome to download the Powershell, and run it choosing options 1,1,1,1,Y

Credentials

Required Server Credentials

To scan endpoints with Azure Migrate, the below credentials are required:

Scenario	Details
Windows Servers	Local Admin access on Windows devices you want to scan.
Linux Servers	For Linux machines, create a user account with sudo privileges or least-privileged access account
vCenter Access	Read only user with Guest operations Role
SQL Server Access	Azure Migrate requires a Windows user account that is member of the sysadmin server role or least-privileged account

ℹ️

For vCenter Server 7.x and above you must

Clone the Read Only system role
Add the Guest Operations Privileges to the cloned role.
Assign the cloned role to the vCenter Account.

Learn how to create a custom role in VMware vCenter.

Environment Considerations

You can discover and assess up to 50,000 servers in a VMware environment in a single project. A project can include physical servers and servers from a Hyper-V environment.
The Azure Migrate VMware appliance can discover up to 10,000 servers running across multiple vCenter Servers.
The appliance supports adding multiple vCenter Servers. You can add up to 10 vCenter Servers per appliance.

1 Azure Migrate project can perform dependency data collection concurrently for 1000 servers per appliance.

If you have more then 1000 devices being discovered, it is recommended to evenly spread the discovery of the estate across additional appliances, ensuring that no more then 1000 devices are being discovered by 1 appliance.

Adjusting Discovery Scope

You can scope the vCenter Server account to limit discovery to specific vCenter Server datacentres, folders of clusters or hosts, or individual servers. Learn how to scope the vCenter Server user account

It is recommended to perform a complete discovery of a device estate. Assessment scope can be decided using Dr Migrate, as part of a Rapid or Advanced Assessment.

Azure Migrate HyperV Discovery Checklist