Migrate to Virtual Machines lets you migrate your virtual machines (VMs) running in an on-premises vSphere data center to VM instances running on Google Cloud.
Before you begin
- Enable Migrate to Virtual Machines on Google Cloud. See Enabling Migrate to Virtual Machines services .
- Enable the VM Migration APIon your host project using https://console.cloud.google.com/apis/library/vmmigration.googleapis.com .
- Review the VMware versions supported by Migrate to Virtual Machines .
- Review the operating systems that support migrating VMs from VMware as a source to Google Cloud.
- Review Migrating VMs with Migrate to Virtual Machines: Getting started documentation. This document provides insight into the overall structure of Migrate to Virtual Machines including, key terms, concepts, and reference information that'll help you migrate your workload efficiently and effectively.
Migrate your workload from an on-premises VMware source
To migrate VMs from an on-premises VMware source, you must configure a migration source that specifies the on-premises data center from which you'll be migrating the VMs. To configure a migration source, you have to install and configure the Migrate Connectoron your on-premises vSphere data center.
The following diagram shows the architecture of a typical Migrate to Virtual Machines deployment:
Follow these steps to install and configure a Migrate Connector, and create a VMware source:
-
On vSphere, you must create a vCenter user account with the permissions required by the Migrate Connector to access your vSphere environment. See Create the vCenter user for the Migrate Connector .
-
On Google Clouddefine two accounts:
-
A useraccount with the necessary permissions to perform registration. This user account is only used at registration time.
-
A serviceaccount used by the Migrate Connector for run-time data transfer to Google Cloud.
-
-
When registering the Migration Connector,you must provide the Google Cloud region used to host your migrated VMs. See Select the Google Cloud region .
-
Ensure that you have enabled network access for the Migrate Connectoras described in Configuring network access .
-
Install and register the Migrate Connectoras described in Install the Migrate Connector .
Create the vCenter user for the Migrate Connector
Create a vCenter user account with the permissions required by the Migrate Connector to access your vSphere environment. You then pass the user credentials to the Migrate Connector at install time.
The following table lists the permission names and the corresponding permissions as shown in the vSphere UI:
Global.DisableMethods
Global.EnableMethods
VirtualMachine.Config.ChangeTracking
VirtualMachine.Interact.PowerOff
VirtualMachine.Provisioning.DiskRandomRead
VirtualMachine.Provisioning.GetVmFiles
VirtualMachine.State.CreateSnapshot
VirtualMachine.State.RemoveSnapshot
Cryptographer.Access *
Define Google Cloud accounts
On Google Cloud, you need two accounts:
-
A service account in your host project used by the Migrate Connector for run-time data transfer to Google Cloud.
You can specify an existing service account, or let the Migrate Connector create a new one for you. The Migrate Connector applies all necessary permissions to the service account to configure it.
-
A user account in your host project with the necessary permissions to register the Migrate Connector. This user account is only used at registration time, not at run time.
The following diagram shows the service accounts and user accounts associated with a Migrate to Virtual Machines deployment:
Configure the user account
You can specify any user account in your host project to register the Migrate Connector. The specified user account requires the following permissions:
-
roles/iam.serviceAccountKeyAdmin -
roles/iam.serviceAccountCreator -
roles/vmmigration.admin
-
Determine the email address of the user account you want to use for registration. In the Google Cloud console , you can see all users in your project on the IAMpage:
-
Grant the
iam.serviceAccountKeyAdminrole to the user account:gcloud projects add-iam-policy-binding PROJECT_ID --member=user: USER_EMAIL_ADDRESS --role=roles/iam.serviceAccountKeyAdmin
-
Grant the
iam.serviceAccountCreatorrole to the user account:gcloud projects add-iam-policy-binding PROJECT_ID --member=user: USER_EMAIL_ADDRESS --role=roles/iam.serviceAccountCreator
-
Grant the
vmmigration.adminrole to the user account:gcloud projects add-iam-policy-binding PROJECT_ID --member=user: USER_EMAIL_ADDRESS --role=roles/vmmigration.admin
For more on assigning roles and permissions to a user account, see Granting, changing, and revoking access to resources .
Select the Google Cloud region
On the Google Cloud a region
is a specific
geographical location where you can host your resources. Regions have three or
more zones. For example, the us-west1
region denotes a region on the west
coast of the United States that has three zones: us-west1-a
, us-west1-b
, and us-west1-c
.
You choose which region hosts your resources, which controls where your data is stored and used. Distribute your resources across multiple regions to tolerate outages. Therefore, if a region experiences any disturbances, you should have backup services running in a different region.
When you install the Migrate Connector on vSphere, you select a Google Cloud region. The source VMs migrated using this connector are then associated with the chosen region.
To migrate VMs to multiple regions, you must:
-
Create a host project.
-
Install and configure a separate Migrate Connector for each supported Google Cloud region .
-
Migrate and deploy your VMs selecting the supported region for each VM or VM group.
In that way, if one region goes down, you can still perform migrations by using a migration source associated with a different region.
See Migrate to Virtual Machines locations for a list of supported regions.
Configure network access
Enable network access for the Migrate Connector by opening the required ports and by opening access to the domains required by the Google Cloud APIs:
-
Ensure that you have enabled network access for the Migrate Connector. The following table lists the network connectivity requirements for the connector:
SourceDestinationFirewall scopeProtocolPortMigrate ConnectorvCenter ServerCorp LANHTTPSTCP/443Migrate ConnectorvCenter ServerCorp LANVMW NBDTCP/902Migrate ConnectorvSphere ESXiCorp LANVMW NBDTCP/902Migrate Connector*Google Cloud APIs and Artifact Registry (*.googleapis.com, gcr.io)HTTPSTCP/443Migrate ConnectorCorp DNS ServerCorp LANDNSTCP/UDP/53* If you configure the Migrate Connector VM on vSphere or VMware Engine to use a proxy server , traffic sent to Google Cloud APIs is directed over the proxy server. Direct network connectivity to Google Cloud APIs over port 443 is then not required by the connector. -
Ensure that the firewall rules on your vSphere or VMware Engine server allow external access to the following domains required by the Google Cloud APIs:
-
*.googleapis.com -
gcr.io
-
Install the Migrate Connector
You can now install and register the Migrate Connector. For more information, see Installing the Migrate Connector .
After you've installed and registered the Migrate Connector, you can start migrating your VMs from your on-premises vSphere data center to Google Cloud. For more information, see Next steps: Start your migration .
Supported VMware Versions
Migrate to Virtual Machines supports migrations from VMware vCenter and ESXi.
The latest Migrate to Virtual Machines release is compatible with VMware versions:
- vCenter: 6.0.*, 6.5.*, 6.7.*, 7.0.*, 8.0.*
- ESXi: 5.5.*, 6.0.*, 6.5.*, 6.7.*, 7.0.*, 8.0.*
Next steps: Start your migration
Start your migration process, see Migrating individual VM .
