Create an Azure source

Migrate to Virtual Machines lets you migrate your Azure virtual machines (VMs) from your Azure account to Compute Engine instances.

Prerequisites

Migrate your workload from an Azure source

Before initiating your migration with Azure as a source, set up your Azure environment by completing the following tasks:

  1. Register your app in the Azure portal.
  2. Create a custom role to be accessed by the Migrate to Virtual Machines service.
  3. Assign the custom role to an app.
  4. Create an Azure source using Google Cloud.

Register your app

To register your app, follow these steps:

  1. In the Azure portal, go to the App Registration page, and click New registration.
  2. To add new client credentials, click Add a certificate or secret.
  3. To add a new client secret, click + New client secret and enter a description and expiry date for the client secret.
  4. Click Add.

Your client secret is now ready. Ensure that you copy your client secret value. You will need it later when you set up the source.

Create a custom role

To migrate your Azure workload, create a custom role and assign it to the app you registered in the Register your app step.

To create a custom role, use the following steps:

  1. In the Azure portal, go to the Subscriptions page and select your Azure subscription.
  2. Copy the Subscription ID by clicking on it.
  3. Save following JSON template and replace SUBSCRIPTION_ID with the Subscription ID you copied in Step 2:

      {
      "properties": {
            "roleName": "Minimum M2VM permissions role",
            "description": "This role contains the bare minimum of Azure IAM permissions to support M2VM flow",
            "assignableScopes": [
                  "/subscriptions/SUBSCRIPTION_ID"
            ],
      "permissions": [
                  {
                  "actions": [
                        "Microsoft.Resources/subscriptions/resourceGroups/write",
                        "Microsoft.Resources/subscriptions/resourceGroups/read",
                        "Microsoft.Resources/subscriptions/resourceGroups/delete",
                        "Microsoft.Compute/virtualMachines/read",
                        "Microsoft.Compute/virtualMachines/write",
                        "Microsoft.Compute/virtualMachines/deallocate/action",
                        "Microsoft.Compute/disks/read",
                        "Microsoft.Compute/snapshots/delete",
                        "Microsoft.Compute/snapshots/write",
                        "Microsoft.Compute/snapshots/beginGetAccess/action",
                        "Microsoft.Compute/snapshots/read",
                        "Microsoft.Compute/snapshots/endGetAccess/action"
                  ],
                  "notActions": [],
                  "dataActions": [],
                  "notDataActions": []
                  }
            ]
      }
      }
      

    For more information about the permission details, see permission details.

  4. In the Azure portal, go to the Access control (IAM) page.

  5. To add a custom role, click + Add.

  6. Click Start from JSON and then click Select file to upload the JSON file you created in Step 3.

  7. To review your inputs click Review + Create, and then to create the custom role click Create.

Assign the custom role to an app

To assign a custom role to an app, follow these steps:

  1. In the Azure portal, go to the Access control (IAM) page.
  2. Click + Add and then click Add role assignment.
  3. Search for the custom role you created in Create a custom role by typing m2vm, and select it.
  4. Click Next.
  5. Click + Select members and search for the app name you registered in Register your app and click Select.
  6. To review and assign the custom role to your app, click Review + Assign.

Create an Azure source

After you have registered your app, added your secret, and set its permissions, create an Azure source in the Migrate to Virtual Machines service.

To create an Azure source, follow these steps:

  1. In the Google Cloud console, go to the Migrate to Virtual Machines page.
  2. Select the Sources tab.
  3. From the Add source list, select + Add Azure source.
  4. Enter your source details on the Create Azure source panel.

    The following table describes the parameters for Azure source details.

    Parameter Description
    Name (mandatory) A string that identifies the source. The string must conform to Compute Engine naming conventions. You cannot update this field after creating your source.
    Google Cloud region (mandatory) The region in Google Cloud that you want to migrate your instances to. You cannot update this field after creating your source.

    For more information, see locations documentation.
    Azure location (mandatory) The region in Azure (for example, centralus) from which you want to migrate VMs. The inventory displayed in the Migrate to Virtual Machines console only includes VMs from this Azure location. You cannot update this field after creating your source.

    Note: It is recommended that you choose the region from the drop-down list options, or copy the region from your Azure console JSON View and paste it into the source detail field to avoid typos. If there is a typo in the region, the source doesn't become active, and you have to create a new source. You can see the status of the source in the console.
    Subscription ID (mandatory) Part of the user credentials. You cannot update this field after creating your source.
    Client ID (mandatory) Part of the user credentials.
    Tenant ID (mandatory) Part of the user credentials. You cannot update this field after creating your source.
    Client Secret (mandatory) This is the value which you saved when you created the client secret.

    Note: You cannot retrieve this value from the Azure portal or the Google Cloud console once it is set. You can update this value with a new secret in case you update the credentials.
    Customer managed encryption key The key you want to use to protect your data in Google Cloud. By default, Google Cloud automatically encrypts data when it is at rest using encryption keys managed by Google. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK) to encrypt and decrypt your data at rest. These encryption keys are created, managed, and owned by you.
    Optional: User tags for migration resource The Migrate to Virtual Machines service creates snapshots of your VM disks to migrate them to Google Cloud.
    If you would like to have a custom tag associated with these resources, specify them here. This can help you identify all resources created by Migrate to Virtual Machines in your Azure environment. Snapshots also already have tags as detailed in Snapshots.

    All snapshots are automatically created under one resource group when the source is created. The resource group name can be seen on the Source Details page.
  5. Click Create. A notice detailing your new source appears.

  6. Wait (up to 15 minutes but usually less) until the Source status is indicated as Active.

Verify your inventory to ensure that there are instances that correspond to the tags (and/or security groups) that you specified when you created your source.

As part of source creation, your project is automatically added as a target project.

Cloud sources limitations

You can host a maximum of 15 cloud sources (AWS sources, Azure sources, or both the sources combined) on a host project at a time. For example, you can host 10 AWS sources and 5 Azure sources on a host project at a time. Conversely, you can host 7 AWS sources and 8 Azure sources on a host project at a time. If you want to add a new cloud source to a project that already hosts 15 cloud sources, you must delete an existing source, and then add the new source. You can also try using a different project to host the new cloud source if you don't want to delete any existing sources.

Next steps: Start your migration

After you've created an Azure source, you are ready to start your migration. The rest of the process for migrating your workload from an Azure source matches the process for other sources for Migrate to Virtual Machines.

For details on how to start your migration process, see Migrating individual VMs.

Differences from using VMware as a source

There are several unique aspects about using Azure as a source for your migrations:

  • You can create and edit an Azure source from the UI.
  • There is no utilization report for an Azure source.

Differences from using AWS as a source

The usage is almost identical to the usage of AWS as a source.