Configure your source and target network - AWS Prescriptive Guidance

Configure your source and target network

In the target environment on AWS, prepare a subnet to use as the CloudEndure staging area. Use a private subnet if you want to isolate your application. You can use an existing subnet or create a new one. This subnet is used to launch the CloudEndure replication servers, which receive replicated data from the source machines.

In general, there are three points of contact between CloudEndure components and the external network:

  • The CloudEndure Agent needs to communicate with the CloudEndure Service Manager.

  • The CloudEndure Agent needs to communicate with the CloudEndure replication servers.

  • CloudEndure replication servers need to communicate with the CloudEndure Service Manager and Amazon Simple Storage Service (Amazon S3).

              CloudEndure Migration network architecture

Network requirements

Client Server Description


Outbound: TCP 1500

Replication server(s) (private/public network)

Inbound: TCP 1500

Production instance status and data (the actual data replication stream)


Outbound: TCP 1500

Management (public network)


  • REST APIs used during Agent installation

  • Agent monitoring

  • Statistics for Agents

Replication server(s)

Outbound: TCP 443

Management (public network)


  • Statistics for replication servers

  • Replication server logs

  • Replication server API

To prepare your network for running CloudEndure's solutions, you need to set the following connectivity settings:

  • Communication over TCP port 443:

    • Between the source machines and CloudEndure Service Manager

    • Between the staging area and CloudEndure Service Manager

  • Communication over TCP port 1500:

    • Between the source machines and the staging area


For information about replication from a private subnet or server behind a NAT gateway or instance, see the CloudEndure documentation.

Communication over TCP port 443

Add the following IP addresses and URLs to your firewall:

  • CloudEndure Service Manager IP address (required for using CloudEndure software)

    • (main service of


  • Amazon S3 service URLs (required for downloading CloudEndure software)




Proxy servers

If you want to use proxy servers in your environment, follow this guidance for CloudEndure to operate effectively:

  • Make sure to set the proxy in replication settings, either as an IP address or as a fully qualified domain name (FQDN).

  • Configure the proxy allow list for the CloudEndure Agent:

    • In Windows, the CloudEndure Agent runs as a system service, so make sure that the system account is part of the proxy allow list.

    • In Linux, the CloudEndure Agent creates a Linux user (named cloudendure) to run commands, so make sure that this user is part of the proxy allow list.

  • Set the proxy:

    • In Windows, open the Command Prompt window as an administrator, and run the command:

      setx https_proxy https://<proxy-ip>:<proxy-port>/ /m
    • In Linux, change to sudo user and run the commands:

      $ export http_proxy=http://server-ip:port/ $ export http_proxy= $ export http_proxy=

      (make sure to include the trailing slash "/")

Optionally, if you want to keep the environment variables for Windows, follow these steps:

  1. In Windows Control Panel, choose System and Security, System, Advanced system settings.

  2. In the Advanced tab of the System Properties dialog box, choose Environment Variables.

  3. In the System variables section of the Environment Variables dialog box, choose New to add the https_proxy environment variable, or Edit if the variable already exists.

  4. In the Variable value field of the https_proxy variable, enter https://PROXY_ADDR:PROXY_PORT/ and then choose OK.

  5. If the CloudEndure Agent was already installed, restart the service.