Solution components - AWS CloudEndure Migration Factory Solution

Solution components

Migration execution server

This solution leverages a migration execution server to run migrations using RestAPIs. This server isn’t automatically deployed with the solution and must be built manually. For more information, refer to Build a Migration Execution Server. You can build the server on-premises in your network environment or in your AWS Cloud environment. The server must meet the following requirements:

  • Windows Server 2012 R2 or later versions

  • Minimum 4 CPUs with 8 GB RAM

  • Deployed as a new virtual machine with no additional applications installed

Once installed, the server requires internet access and non-restrictive internal network connectivity to the in-scope source servers (source servers)—the on-prem servers to be migrated to AWS—that will be migrated by CloudEndure.

If port restriction is required from the migration execution server to the source servers, the following ports must be open from the migration execution server to the source servers:

  • SMB port (TCP 445)

  • SSH port (TCP 22)

  • WinRM port (TCP 5985, 5986)

The migration execution server must be in the same domain as the source servers. If the source servers reside in multiple domains, the security configuration for domain trust in each domain determines whether you need more than one migration execution server.

  • If domain trust exists in all the domains with source servers, a single migration execution server will be able to connect to and run automation scripts for all domains.

  • If domain trust doesn’t exist in all the domains, you will need to create an additional migration execution server for each untrusted domain.

Migration services RestAPIs

The AWS CloudEndure Migration Factory Solution automates the migration process using RestAPIs that are processed through AWS Lambda functions, an Amazon API Gateway, AWS Managed Services, and CloudEndure Migration. When you make a request or initiate a transaction, such as adding a server or viewing a list of servers or applications, RestAPI calls are made to Amazon API Gateway which initiates an AWS Lambda function to run the request. The following services detail the components for the automated migration process.

Log in services

Log in services include the login Lambda functions and Amazon Cognito. Once you log in to the solution using the login API via the API Gateway. The login Lambda functions then validates the credentials, retrieves an authentication token from Amazon Cognito, and returns the token details back to you. You can use this authentication token to connect to the other services in this solution.

Admin services

Admin services include the Amazon API Gateway, admin Lambda functions, and Amazon DynamoDB. Administrators for the solution can use the admin Lambda function to define the migration metadata schema, which are the application and server attributes. The admin services API provides the schema definition for the DynamoDB table. User data including application and server attributes must adhere to this schema definition. Typical attributes include the app_name, wave_id, server_name, and other fields as identified in Automated migration activities. By default, the AWS CloudFormation template deploys a common schema automatically, but this can be customized after deployment.

Administrators can also use admin services to define migration roles for the members of their migration team. The administrator has granular control to map specific user roles to specific attributes and migration stages. A migration stage is a period of time to run certain migration tasks, for example, a build stage, a testing stage, and a cutover stage.

User services

User services include the Amazon API Gateway, user Lambda functions, and Amazon DynamoDB. Users can manage the migration metadata, allowing them to read, create, update, and delete the wave, application, and server data in the migration metadata pipeline.


A migration wave is a concept of application grouping with a start and an end or cutover date. Wave data includes the migrate candidate applications and application groupings scheduled for a particular migration wave.

User services offer an API for the migration team to manipulate the data in the solution: create, update, and delete the data using the Python script and source CSV files. For detailed steps, refer to Automated migration activities.

Tools services

Tool services include the Amazon API Gateway, tools Lambda functions, Amazon DynamoDB, AWS Managed Services, and CloudEndure. You can use these services to connect to third-party APIs and automate the migration process. Using CloudEndure, the migration team can orchestrate the server launch process with a single button press to launch all servers in the same wave consisting of a group of applications and servers that have the same cutover date. Using AWS Managed Services, AWS CloudEndure Migration Factory Solution automates the workload ingestion RFC process, and reduces the manual effort needed during the migration process.

Migration Factory web interface

The solution includes a Migration Factory web interface hosted in an Amazon Simple Storage Service (Amazon S3) bucket which allows you to complete the following tasks using a web browser:

  • Update wave, application, and server metadata from your web browser

  • Manage application and server schema definitions

  • Connect to third-party services such as CloudEndure and AWS Managed Services to automate the migration process