The Migrate for Compute Engine On-Premises Backend virtual appliance connects to VM disks in your on-premises data center and streams or migrates them to Google Cloud using Cloud Extensions.
The Migrate for Compute Engine Backend is distributed as an Open Virtualization Format (OVF) package.
Sizing a VM for the Migrate for Compute Engine Backend
The Migrate for Compute Engine Backend requires the following, based on the number of VMs to be migrated concurrently:
Migration Size | Resources |
---|---|
<=100 concurrent migrating VMs | 2 vCPU, 4GB RAM |
>100 concurrent migrating VMs | 4 vCPU, 8GB RAM |
Deploying and configuring the Migrate for Compute Engine Backend
- Download the Migrate for Compute Engine Backend OVA file, available from the Downloads page. You can verify the integrity of the files using the Migrate for Compute Engine Backend sha256 available from the Downloads page.
Sign in to vSphere via the Flash Web Client.
Right-click a parent object of one of the VMs to be migrated (such as a datacenter) and select Deploy OVF Template.
Select the Migrate for Compute Engine OVA file.
Choose the Host/ Cluster in your vSphere datacenter where you want to run the Migrate for Compute Engine Backend.
Select a Disk Format, and click Next.
Select the Network information that will host the Migrate for Compute Engine Backend. Click Next.
Expand the Migrate for Compute Engine Backend Configuration section.
Paste the token you copied from the Migrate for Compute Engine Manager on Google Cloud into Velostrata Backend Token.
To obtain an access token using Google Cloud console, follow these steps:
Navigate to Google Cloud console.
Click the Activate Cloud Shell
button in the top-right of the Google Cloud console. The Cloud Shell Terminal appears.In the Cloud Shell Terminal, run the following command:
gcloud auth print-access-token
Copy the access token from Cloud Shell and paste it into the Migrate for Compute Engine CLI.
Enter and confirm a Password for the
admin
user on the Migrate for Compute Engine Backend. After installation, the password should be changed by connecting to the Migrate for Compute Engine Backend using SSH asadmin
and using thepasswd
command.Expand the Networking Properties section. Enter the Hostname for the Virtual Appliance. Enter a static IP Address, Netmask, Default Gateway, and DNS server for the Migrate for Compute Engine Backend. You can change these properties at any time later, but you must reboot the Virtual Appliance afterward in order for the changes to take effect.
If you want to use an HTTP proxy for metrics and log uploads to Google Cloud Observability, fill in the HTTP Proxy parameter.
If your VPN to Google Cloud is not configured with dynamic routing, you can enter the Static network route to reach subnets on Google Cloud. The address is in the form
x.x.x.x/x
y.y.y.y
, wherex.x.x.x/x
is the Google Cloud VPC network address in CIDR format andy.y.y.y
is the on-premises VPN Gateway IP address.Click Next and review the Ready to complete page.
Click Finish. The Deploy OVF template task appears.
Configuring the Migrate for Compute Engine Service Role and Permissions in vCenter
This procedure describes how to manually add a service role to the vCenter Server for Migrate for Compute Engine. A PowerShell script is also available for creating this Role. Download the vSphere Service Role configuration from the Downloads page.
Configuring the Migrate for Compute Engine service role and permissions in vCenter
- Log in to the vCenter Web Client.
- Select Home > Administration > Roles.
- Click + to create a new role.
- Check the boxes for the following privileges:
- Alarms
- Create alarm
- Modify alarm
- Remove alarm
- Set alarm status
- Datastore
- Low level file operations
- Extension
- Register extension
- Unregister extension
- Update extension
- Global
- Cancel task
- Enable methods
- Disable methods
- Licenses
- Log event
- Task
- Create task
- Update task
- Virtual Machine
- Provisioning > Allow disk access
- Provisioning > Allow disk read-only access
- Provisioning > Allow virtual machine download
- Snapshot management > Create snapshot
- Snapshot management > Remove snapshot
- Snapshot management > Revert to Snapshot
- Snapshot management > Rename Snapshot
- Configuration > Configure managedBy
- Interaction > Power On
- Interaction > Power Off
- Alarms
To configure permissions for the Migrate for Compute Engine Service user in vCenter:
- Select Home > Global Inventory Lists > vCenter Servers.
- Right-click on the required vCenter server, and select Add Permission.
- Select a user in the left pane, and assign the Velostrata Service Role (in the right pane) to the user.
- Select Propagate to children, and click OK.
Deploying the Migrate for Compute Engine VMware vCenter Plugin
Once the Migrate for Compute Engine Backend has successfully connected and registered with the Migrate for Compute Engine Manager on Google Cloud, you need to register and deploy the Migrate for Compute Engine VMware vCenter Web Client Plugin. This enables Migrate for Compute Engine management operations and monitoring in the vCenter UI.
- Make sure that a Migrate for Compute Engine vCenter Service Account (user) and Role have been created before proceeding.
- Sign in to your Migrate for Compute Engine Manager.
- Click the System Settings icon.
- If the Migrate for Compute Engine Backend is able to connect to the Migrate for Compute Engine Manager, the IP for the backend appears with a status of Registered and Connected.
- On the top bar of the page, click vCenter Plugin and then click Register vCenter Plugin.
- Enter the vCenter address or DNS name, user, password
Click Register to register the plugin.
To confirm that Migrate for Google Compute Engine Operations is present in the context menu, log out of vCenter, log in, then right-click Datacenter.
Finding your vCenter server's fingerprint.
The manager registration process displays the SHA-1 SSL fingerprint of the vCenter server used for HTTPS connections. You can find the fingerprint from your browser. The following instructions explain the process using Google Chrome.
- Open the vCenter vSphere URL in Chrome
- Click on either the Lock icon or Not Secure to the left of the URL bar. Your HTTPS connection status is displayed.
- Click Certificate
- Expand the Details section.
- Scroll down to the SHA-1 fingerprint.