Before migrating your applications using Google Cloud Migrate for Compute Engine (formerly Velostrata), you'll need to configure your Google Cloud organization. This configuration enables Migrate for Compute Engine to manage the migration and communicate with the other components involved.
Google Cloud configuration includes:
- Setting up a Google Cloud account, organization, and infrastructure project, including organization-level permissions and a project that Migrate for Compute Engine will use for its own infrastructure.
- Setting up networks on Google Cloud so that components that are part of your migration (such as Migrate for Compute Engine, Google Cloud, and the source environment from which you're migrating) can communicate with one another through firewalls over Google Cloud Virtual Private Cloud.
- Creating Google Cloud roles and service accounts via Cloud Shell to set permissions so that Migrate for Compute Engine can create resources and manage APIs used during the migration.
Before you begin
- You'll need to have identified the Google Cloud organization administrator account which will execute Migrate for Compute Engine scripts that configure Google Cloud.
- You'll need to have set up a Google Cloud Virtual Private Cloud. Migrate for Compute Engine uses Virtual Private Cloud to support communication between Google Cloud and your source environment.
- Your Google Cloud organization is one of several components that are part of the migration. You'll perform configuration tasks for each. For the bigger picture, be sure to read the description of the Migrate for Compute Engine architecture.
Setting up a Google Cloud account, organization, and infrastructure project
You need a Google Cloud organization to migrate into Google Cloud. Once you have an organization, you'll assign permissions that allow a Migrate for Compute Engine script to configure GCP with roles and service accounts. You'll create a Google Cloud infrastructure project that will host the Migrate for Compute Engine Manager.
- Go to the Google Cloud Console and sign in. If you don't already have an account, sign-up to create one.
- To set up an organization, see Creating and managing organizations. For more information, see Best practices for enterprise organizations.
Assign the following permissions to your administrator who runs the account and role creation script:
- Organization Role Administrator
- Organization Administrator
- Compute Admin
- (Project) Owner
For more information on IAM concepts such as Google Cloud accounts, service accounts, and roles, see the IAM Overview.
Create a Google Cloud project to host Migrate for Compute Engine infrastructure on Google Cloud. In the rest of this document, we'll call this the infrastructure project.
Setting up network
Migrate for Compute Engine uses Google Cloud Virtual Private Cloud networks and VPN connectivity to your source environment, and requires specific networking rules set up before migrations can be completed. For detailed information on firewall, routing, and network tagging for your deployment, see network access requirements.
The network configuration tasks assume that you have Google Cloud Virtual Private Cloud and that you're already familiar with Virtual Private Cloud firewall rules. For more information, see Google Cloud Virtual Private Cloud.
Creating service accounts
The service account must be created in the infrastructure project except when you'll be migrating into multiple Google Cloud projects. In that case, you create the Migrate for Compute Engine Manager role at the organization level, creating the other role and service accounts in the infrastructure project.
Create the service accounts using either:
- Configure the Migrate for Compute Engine Manager.
- For migrations from VMware, configure the Migrate for Compute Engine On-Premises Backend virtual appliance.