Migrating VMs to Compute Engine

This tutorial shows you how to use the VM Migration Service, powered by CloudEndure, to import a server that is running a supported operating system from either an on-premises machine or a VM in another public cloud platform into Google Cloud Platform. At the end of this exercise, you will have a virtual machine instantiated in your project that is a replica of a machine in another environment.

You can also read about best practices for migrating VMs to Google Compute Engine.


  • Launch the VM Migration Service from the Google Cloud Platform Console.
  • Install the replication agents and copy the virtual machines into Compute Engine.
  • Launch the newly created virtual machines.


The VM Migration Service is free to use. You will not be billed for this service either from Google or CloudEndure.

However, for VM instances you import into Compute Engine, you will be billed according to the Compute Engine price sheet for VM instances.

Before you begin

  1. Sign in to your Google account.

    If you don't already have one, sign up for a new account.

  2. Select or create a Cloud Platform project.

    Go to the Manage resources page

  3. Enable billing for your project.

    Enable billing


To use the VM migration service, the source machines from which you are migrating must be running one of the following operating systems:


  • Microsoft Windows Server 2008 R2 64 bit
  • Microsoft Windows Server 2012 R2 64 bit
  • Microsoft Windows Server 2016 64 bit

Windows desktop operating systems are not supported.


  • SUSE Linux (SLES) 11 or above
  • Debian Linux 8
  • Kali Linux 2.0
  • Ubuntu 12.04 or above
  • Red Hat Enterprise Linux (RHEL) 5.0 or above

  • CentOS 6.0 or above

  • Oracle Linux 6.0 or above

For SUSE, RHEL, and Oracle Linux, you must have an existing license to use the operating system. It is your responsibility to determine if you are properly licensed to run the OS. For Windows, any existing license will be converted to Google Cloud Platform's pay-as-you-go licensing.

Creating a service account and service account key

In order to use the CloudEndure VM Migration service, you will need to link it to your Google Cloud Platform Console project using a service account key. You will need this service account key for the CloudEndure portal.

  1. Go to the Service Accounts page in the Cloud Platform Console.

    Go to the Service Accounts page

  2. If prompted, select a project.
  3. Click Create Service Account.
  4. Choose a name for the service account and grant the service account the Project Owner role.

    Screenshot of adding a service account

  5. Check the box next to Furnish a new private key and select JSON from the Key type list.

  6. Click Create to create the service account and follow instructions to download the key.

Launching the VM migration service

  1. Go to the VM Instances page in the Cloud Platform Console.

    Go to the VM Instances page

  2. Click on Import VM to start the migration service.

    Screenshot of selecting the VM import button

  3. Click Continue to go activate the migration service.

Activating the VM migration service

The VM migration service is offered by CloudEndure, a third-party partner of Google Cloud Platform. Before you can migrate your VM instances, you must first sign up for CloudEndure. CloudEndure will not charge for this service.

  1. On the CloudEndure Sign In page, click on Sign up to sign up for the service.
  2. Fill in the required details on the Activation page.

    Screenshot of the activation window CloudEndure

  3. If you accept the terms of service, check the I agree to the CloudEndure Terms and Conditions box.

  4. Click the Activate My Account button to complete your registration. CloudEndure sends a confirmation email to the email address you used to register.
  5. Click the link the in the email to complete account activation.

You will be redirected to the VM Migration Console. You can also access the console directly at any time.

Using the VM migration service

The VM Migration service allows you to migrate your running Windows/Linux servers without any system disruption to the source infrastructure (physical/virtual/cloud-based) into a target cloud region of your choice. The replication is continuous, and is done at the block-level.

Below is a network diagram showing the networking and port requirements for the migration set up, followed by step by step guidelines and some best practices for migrating your workload.

Network diagram explaining how VM migration process works

Prepare the Cloud Platform network (replication server network) in the target region

Create a VPC network in your target cloud region that will be used as a staging network to host the CloudEndure replication servers. If you plan to use the default network, you can skip this step.

Configure your CloudEndure account

Log in to your activated CloudEndure account and provide your project ID and service account access key (the JSON key file you downloaded before).

Select replication options

Select the target region where you would like to migrate your VMs. Then, choose the replication server network you created. If you didn't create a new network, you can keep the network as default.

Install the migration agent

Install the VM migration agent on each of the source machines that you want to migrate. The VM migration agent is required to copy the machine at the block level from the source to the destination. The agent can be installed on any supported operating system.

To install the migration agent, download the agent to the machines you want to migrate using the following instructions.


On Linux, download the installer with the following command:

wget -O ./installer_linux.py https://gcp.cloudendure.com/installer_linux.py

Then run the installer and follow the instructions:

sudo python ./installer_linux.py

The Linux installer will require Python 2.4 or greater installed on the machine. Other Python versions won't be able to run the installer.


Download the Windows installer, then launch it and follow the instructions.

Once the agent installation completes successfully, you can track the progress of the migration in the VM Migration Console, in the Live Migration tab.

The progress of the data copy into Google Cloud Platform can be tracked under the Data Replication Progress column in the console.

If the Status column shows a red stop sign icon, please confirm that:

  • The source server (with the installed agent) can communicate with VM Migration management server (console.cloudendure.com) over TCP port 443. Linux servers may require access to repositories during installation.

  • The replication servers in the target region in the staging area (replication server network) can communicate with the VM Migration Service management server (console.cloudendure.com) over TCP port 443 and outbound Internet connectivity over TCP port 443 for downloading installation packages. By default, CloudEndure’s service automatically adds a firewall rule to allow this access to the project.

  • The source server (with the installed agent) can communicate with the replication servers in the target region's replication server network over TCP port 1500. This firewall rule is also added by CloudEndure.

Configure the target blueprint

Next, for each VM instance you are migrating, you can modify the virtual machine properties by clicking on that server in the VM Migration Console, which takes you to the Blueprint tab.

The Blueprint tab lets you set the properties of your target VM instance. For example, you can change the target network the VM is created in, or the internal IP, and so on. You can change these properties at any time after the agent is installed. You don’t have to wait for replication to complete to modify these settings. These properties include:

  • The VM instance's machine type
  • The target VPC network/subnet
  • The internal IP
  • The type of each persistent disk used by the VM instance

Verify initial sync completion

Wait until the replicated machines shows Continuous Data Protection in the Data Replication Progress column, indicating that the initial sync is complete. A purple launch icon should appear in the Status column, indicating you can spin up the target machine in the target location.

Screenshot of initial sync progress

Test the creation of target VM instances

When ready to test the creation of the servers in the target cloud location, select the relevant machines and click Test.

Screenshot of selected instances for testing

You can follow the progress of the target machine launch process in the Log tab, which will also show if any errors were experienced during this process.

Test the availability of the target VMs

Verify that you can log into the target machines (using RDP for Windows target machines and SSH for Linux target machines). Go to the VM instances page to see the target VMs that were created. The target VMs will be prefixed with their original names.

Go to the VM Instances page

Use the source machine’s credentials for logging into its target machine. Please use external SSH and RDP clients rather than trying to connect through the web interface of the Cloud Platform Console.

Test your application in preparation for cut over

After creating test target machines for your application, you should test the entire application to see if it works correctly.

If anything needs to be adjusted, make adjustments in the Blueprint tab or on the source machine. Repeat this testing process until everything works as expected.

Cutting over

After testing your machines, you are ready to cut over to Google Cloud Platform.

  1. Plan for a short downtime window (you can estimate its duration based on your experience during the testing phase). During the window, you will create the latest target test machines and confirm that the target workload works correctly.
  2. Stop or disable access to your source server in order to prevent user access and potential last minute changes that may not replicate to the target VMs.
  3. Once you are certain that no changes can be made to your source servers, select the servers on the VM Migration Console and click on Cutover to launch a final copy of the target VMs most up-to-date application state.

Once the target machines have been successfully created, repeat your sanity tests to ensure everything works as expected, and then configure your DNS servers to point all users to the new target machines.

Post-migration steps

Install guest environment packages

If you are experiencing problems logging into the VM instance, you might need to install the Compute Engine guest packages on the instance. The guest packages will set up things like user accounts, the instance hostname, support for shutdown and startup scripts, and so on.

To install the guest agent:

Remove agent from source servers

When you are certain that the live migrated machines in the target region are now in use, and you no longer need to create additional target machines, remove the agent from the source servers:

  1. In the VM Migration Console, check the boxes next to the machines you want to remove the migration agent from.
  2. Click the More... button.
  3. Click on Disconnect machines from CloudEndure.

This will stop continuous replication and uninstall the VM Migration agent from the source machine.

Known issues

My service account was deleted and the VM migration service cannot move forward in the replication process.

If you deleted the service account that was originally being used for migration, follow the steps to create a new account and add the new JSON key to the Cloud Endure account.

If you changed the permissions of the service account or otherwise modified the account, reconfigure your account according to the steps to create a new account.

What's next

Try out other Google Cloud Platform features for yourself. Have a look at our tutorials.

Send feedback about...

Compute Engine Documentation